Cybersecurity professionals have many essential tasks that are repetitive, time-consuming, and prone to human error. These often include drafting routine communications, scheduling security awareness sessions, and performing basic data entry to maintain compliance and inventory. While dedicated Security Orchestration, Automation, and Response (SOAR) platforms are powerful, they are often cost-prohibitive for smaller teams or individual…
Category: Uncategorized
The Identity Crisis of AI – Why Traditional Security Fails Agentic Systems
The rise of autonomous AI agents is transforming business and also exposing a critical flaw in our digital security ecosystem. Our identity and access management systems are reaching their limitations. Protocols like OAuth and SAML were built for human users and static applications. They rely on one-time authentication and fixed permissions, a model that simply…
Who Owns Security? Insights from a panellist at DTX London 2025
“Whose responsibility is security?” This question dominated the conversation at DTX London 2025’s Agile stage. I was a panellist discussing this topic at DTX this week. The unanimous answer: security is everyone’s responsibility—not just the CISO’s or the security team’s. Speed vs. Security As development cycles shrink to days or hours, security vulnerabilities are becoming…
Communication in Cybersecurity
This week, I attended a Toastmasters event and witnessed what is arguably the best public speaking I have heard this year. This was an interesting session; it caused me to reflect on my communication style and the broader cybersecurity fraternity. Are we communicating clearly? There has been a few interesting cybersecurity articles that have either…
Who doesn’t want to write secure code?
Software engineers typically make hundreds of decisions every day and in my experience no one sets out to write insecure code, so everyone is well meaning however in those decisions some have a bearing on security outcomes and some don’t. It is vital that developers spot security-relevant decisions as they are encountered, and have a clear…
Effective security monitoring
This week, I stumbled across the NCSC blog post on how to keep your security monitoring effective. This is a topic that is definitely worth revisiting on a regular basis. Far too often I come across instances where security activities sound good but are implemented in a way that causes them to lack the effectiveness…
The Internet and its building blocks
This weekend I was working on a project with my children who wanted to understand how the internet started and I thought would post part of the answers on here as well. The Internet protocol suite resulted from research and development conducted by the Defense Advanced Research Projects Agency (DARPA) in the late 1960s. It’s…
A look at the effectiveness of quantitative risk assessment methods in current literature
It systems have become very complex due to the prevalence of interconnected systems. As systems have evolved, most enterprise environments have leveraged on the many advantages offered by interconnected systems. This has meant that most businesses are heavily dependent on IT systems to remain operational. The majority of businesses now rely on their IT systems…
Survey
A big thank you to everyone who completed the survey. I will share results in due course.
first post
Hello, world! This is my first blog post in a while and will aim to post on a regular basis. Hope everyone had a good Christmas mine was pretty good and looking forward to the new year.