Long Live Non-Profits

Despite its fair share of flashy marketing, enough IPOs and acquisitions to make your head spin, and the emergence of a thought leader army sprouting generic LinkedIn posts, it would be easy to forget just how immature the infosec industry really is. Despite all the progress being made in a…

SIGINT Emeges From the Shadows, Part Five: Emerging Challenges

In addition to the ongoing challenges I have discussed in previous blogs, there are also two future challenges that remain largely neglected although critical to address in the long-term. Iā€™m Not RunningSIGINT agencies are under increased pressure to avoid the perception that they have become politicised or act in…

SIGINT Emerges From the Shadows Part Four: Recruitment

Intelligence agencies have turned to social media and advertising campaigns as recruitment tools in an increasingly competitive job market. The limited supply of those with skills in computer science and cyber security means that university graduates can earn significant sums in the private sector that government agencies have struggled to…

SIGINT Emerges From the Shadows, Part Two: Cyber Security

SIGINT agencies face a paradox in confronting the cyber security challenge. One the one hand, they possess some of the rare pockets of cyber security expertise that sit within government. The traditional mission of SIGINT agencies has involved intercepting electronic and telephone communications ā€” an experience that has also given them…

SIGINT Emerges From the Shadows, Part One: From Top Secret to Twitter

Signals intelligence (SIGINT) agencies sit at an inflection point. Historically clandestine organisations, they are now adopting a more publicly facing outlook. Through conference appearances, media statements and their use of social media, SIGINT agencies now regularly interact in full public view. This transition has largely come out of necessity with…

APT, Simplistic as 123

The cyber security community has a lopsided understanding of threats. On the one hand, the industry has excelled at breaking down and understanding campaigns. First through the Kill Chain and Diamond Model, and more recently with MITRE ATT&CK, there is now plenty of nuance and structure baked into…

Leadership in Cyber Security

Issues of leadership are rarely considered or dealt with in a serious way in the context of cyber security. Technological problems are met with technological solutions in a way that often trumps consideration of interpersonal relationships, character and leadership. In many ways this makes sense ā€“ we want people with real…