top of page


Cyber Security is a holistic approach that combines: identifying information, protecting that information, but also educating the consumers on why and how to carry on those secure practices. As technical experts we are the first line of defence for consumers. Being trusted to take temporary ownership of someone's intimate life details, we must learn to treat this information with the respect that it deserves.




Keeper Security: Security is People First

Bora IT Security Marketing 

Security is people, process, and technology; but it's people first for a reason. If you want workflows to change, if you want the culture to align with security by design - you have to work with and communicate effectively to the people you're expecting this from. 


Five Things Security and Development Teams Should Focus on in 2021

Tripwire: The State of Security 

After considering the top challenges I saw with development teams and security teams within development environments, I came up with a list of ways to focus our security improvements for 2021.


The 8 Benefits of Highly Effective vCISOs 

Ampcus Cyber

Over the last few years, we have watched the continuous transition from on-premises solutions to virtualisation, cloud services, and the introduction to ‘as-a-Service’ offerings. These solutions are reducing the administrative workload and freeing up the team’s capacity for more granular and focused work. 


Secure Foundations: an interview with cyber security specialist Zoë Rose

PrivSec Report

With the UK government's focus on retraining and attracting people from less "typical" backgrounds to fill the cyber security skills gap, they might be intrigued to hear that, over in Dublin, botany's loss has been cyber security's gain. When would-be plan scientist Zoë Rose discovered she was allergic to plants, she couldn't have known that as the lab door closed, another door into the security world would open. 


5 Lessons Learnt from BJJ that are Applicable to Cyber Security 

Tripwire: The State of Security 

Over the last decade, I have focused quite heavily on technology and the cyber security space. I have been motivated to create a world that is more inclusive and safer. In 2019, I began a bit of a different journey. Whilst still motivated in a security point of view, this time, I focused on the physical side by beginning to train in Brazilian Jiu-Jitsu. Whilst not the goal from the start, I found many lessons that directly apply to the cyber security world as well. 


Taking Care of Your Data Responsibilities in a Shared Responsibility Model in the Cloud

TripWire: The State of Security 

"Send it to the cloud" has been an increasingly common response over the years for dealing with the issue of how to handle massive amounts of data. On one side, I understand it - there are benefits! However, that doesn't remove your responsibility for ensuring security of this data and validating regularly. 


4R and 4D Threat Modelling 


You may be familiar with the qualitative risk equation: consequences multiplied by likelihood. Consider a similar approach here. We will assess the consequence of the 4 R's: Revenue, Reputation, Regulation, and Resiliency. Comparing these against the likelihood of the 4 D's: Disruption, Destruction, Degradation, and Deception. 


Recovering From Backup: the Cost of Delay

Gestalt IT

As you know from part one, ransomware can come into our systems in a variety of ways. Consider each way you access and use systems or devices daily – these can all be used maliciously unless protections and limitations are in place. Reading thus far, you might be thinking, “Wait we already have a backup and recovery plan.” Maybe restoration speeds and frequency of backups were considered when implementing – and it’s likely out of all of the organisations out there, some of them have considered this. However, remember, backups are attractive to more than just disaster recover/business continuity planners..


Cisco Live 2020: A Celebration of the People Behind the Networks

Bora IT Security Marketing 

Cisco Live 2020 gathered the best and the brightest IT minds to connect, explore, and learn during the virtual event. Like many, Cisco Live shifted to a virtual only conference this year - but that wasn't their only massive scheduling change. Hearing and listening to the world events at the time, Chuck Robbins made the difficult decision to respectfully delay two weeks, and donate $5 million to charities associated with the Black Lives Matter movement. Which goes to show their commitment to the shared business purpose "to power an inclusive future for all." 


What Makes Ransomware Such a Terrifying Attack?

Gestalt IT

To understand how to protect yourself, we need to realise how ransomware ‘gets in’ or infects our machines. Computers were created by humans for humans. They are designed to trust by default to support us in our actions. You plug in a keyboard, and your computer recognises the device and allows you to use it almost instantly. At the core of it, all ransomware is made up of is code. All software, applications, and websites are lines of code that tell the computer what actions need to happen to satisfy what the human requires. Ransomware is no different. It tells the computer, “I want this action to take place” – such as encrypt this file – and that action is done. 


The Importance of Implementing an Information Security Policy That Everyone Understands

Tripwire: The State of Security 

Information Security (IS) / Cyber Security are more than just technical terms. They’re the processes, practices and policy that involve people, services, hardware, and data. In particular, IS covers how people approach situations and whether they are considering the “what if’s” of malicious actors, accidental misuse. I’m not sure about your operations teams, but no one in any of mine, myself included, were able to read minds. Therefore, in order to maintain the secure practices built into our policies and procedures, people from other teams needed to be able to read and understand the why of these practices.


Building Effective Cyber Security Budgets 

Tripwire: The State of Security 

Building an effective and resilient organisation on a budget isn't a small task. When it comes to cyber security budgets, there are many different aspects that need to be considered. Thankfully alignment with industry best practice and security frameworks adds a small amount of clarity to this challenge. 


OSINT - Using Threat Intelligence to Secure Your Organisation

Tripwire: The State of Security 

This article we discuss how to make use of a CTI Analyst  to bring unique benefits to your organisation by enhancing: strategy and planning of IT and security by taking a holistic view, intelligence on cyber security landscape and industry trends, and collaboration with the recognised bodies and regulations. 


Winning with Cyber Threat Intelligence: Taking a more Personal View

Tripwire: The State of Security 

"The price of greatness is responsibility" this quote by Winston Churchill goes to the core of  a Cyber Security Threat Intelligence (CTI) programme, do no harm is the mantra. The value of the CTI programmes insights is reflected in the wins, enhanced awareness in order to outmanoeuvre malicious actor(s). However, actions taken must be carefully considered and only in the most serious situation.


Lighten Your Lockdown: Surviving at home 

Bora IT Security Marketing

Having worked remotely before, I was under the inaccurate belief that this quarantine style work from home structure would prove just as sustainable. I was wrong. Whilst there has been many working from home securely articles, the one I I was looking for right now is reducing stress in uncertain times. Having asked someone to write it, I somehow ended up doing just that.


The Cyber Threat Intelligence Analyst - Speaking your Language

Tripwire: The State of Security

Focusing on transparent planning, holistic solutions, and the inclusion of senior leadership was better in the long-term in that ultimately reduced cost. Focusing on the communication of risks, requirements, and restrictions help create a solution that can continue to improve.


8 Tips for Communicating Cyber Security to the Board


Focusing on transparent planning, holistic solutions, and the inclusion of senior leadership was better in the long-term in that ultimately reduced cost. Focusing on the communication of risks, requirements, and restrictions help create a solution that can continue to improve. 


What is Multi-Factor Authentication, and What Does it Have to do with You? 

Tripwire: The State of Security 

Security isn't a simple matter of caring or spending time reading manuals or being told what you can or cannot do. Security is understanding how to view the world from a different perspective. It's a skill that people build over time, and it's completely appropriate to start out small. If you can do nothing else, consider the access to your accounts: professional, banking, and social media.


Rules and Regulations like EU Cyber Security Act are a Sign of a Maturing Industry 

BH Consulting 

The older and more mature an industry gets, the more standards it needs to align with. For example, financial services has been around for a long time and is heavily regulated. Cyber security is quite young in comparison, but it's going in the same direction. This is a natural progression, because of the impact that the industry has on a country's economy and ultimately its citizens. The EU Cyber Security Act is the latest move in establishing industry-wide foundation of security by design and by default, which has been applied since 21 June 2019, and will be implemented as law across the EU as of 28 June 2021.


What is PIPEDA? And How Does it Protect You and Your Privacy? 

Tripwire: The State of Security 

You have likely heard of the General Data Protection Regulation (GDPR), and you probably refer to this standard whenever the topic of privacy and data processing arises. But what about outside of the EU? Canada has addressed this through the Personal Information Protection and Electronic Documents Act (PIPEDA) or “Loi sur la protection des reseignements personnels et les documents électroniques, which entered into law on 13 April 2000. Not only was this act implemented for Canadian consumers to trust e-commerce, but it was also enacted to reassure the EU that Canadian privacy laws protect the personal information of their citizens.


Creating a Business Case for Cyber Security Budget 


Budgets are not infinite and organisations must align to their spending to focus on core competencies. As a result, priorities do not always favour cyber security. My team's job is to help develop a strong investment business case and create an influential package that helps empower senior leadership to truly understand the need for this investment, which includes revamping communications practices to make them more effective.


A Guide to Digital Privacy for You and Your Family

Tripwire: The State of Security 

Having worked with many individuals responding to incidents where their digital private images were shared without consent, social media or email accounts had unauthorised access, and even physical safety was a concern, it is all too familiar how terrifying the unknown can be. As someone who has been on both the victim’s and later the responder’s side, I am qualified to express both the terror and knowledge of things you can do to take back control.


Navigating ICS Security: Having Your Action Plan Ready

Tripwire: The State of Security 

Trust, respect, understanding. These are all two-way relationships that must be earned over time. Whilst someone being hired in a senior position will likely already have a certain level of each, part of your job is to continuously cultivate all three of these elements with colleagues no matter your grade. When working within a cybersecurity practice, it is critically important to have this level of understanding across large swaths of the workforce, from the senior level to operations teams.


The ABC’s of Public Speaking from Inside Cyber Security

Bora IT & Security Marketing 

There are many benefits to public speaking, is it rewarding to share your passion with a variety of attendees. Being able to empower others to protect themselves and their loved ones is the entire point of my career. Public speaking is one facet of this, but it was not easy to start. 


Creating a Cyber Security Culture in Your Organisation 


It was only a few years ago when many viewed cyber security as a compliance-based checkbox exercise. Thankfully, cyber security has since matured into a threat- and risk-based collaborative process that is ongoing for many organisations. Unfortunately, a major piece of this cultural shift, the very cyber security culture of the organisation, hasn’t always followed suit. 


Cyber Hygiene Habits for the New Year


New Year’s resolutions of eating healthier, going to the gym, and re-balancing our priorities are commonplace in January for our personal lives. However, what about one of the places where every weekday is spent? Why not build in resolutions for our professional lives, as well?  One such resolution could be to enhance your organisation’s cyber hygiene.


Navigating ICS Security: Best Practices for ICS Decision-Makers

Tripwire: The State of Security 

Often, we have heard the basics of security—more recently, security foundations because honestly, the word basic gives the illusion of simplicity, which it is not. Instead, I prefer discussing it as the resilience foundations of IT/OT infrastructure. 


60% of Canadians Fear Falling Victim to Fraud this Holiday Season, Scotiabank Survey Reveals

Tripwire: The State of Security 

How likely is it to fall victim to fraud? Years ago, while attempting to find a flat, I found a ‘rental company’ who turned out to be one person attempting to rent out flat 13 that, due to superstition, didn’t actually exist. In the case of the 13th flat, I asked to view it, and it was easy to identify the scam due to the lack of a physical location. However, when purchasing online, it’s not that easy to spot a scam. 


Navigating ICS Security: The Threat Landscape

Tripwire: The State of Security 

Whilst working for a management consultancy, I learned a lot more about industrial control systems (ICS) than I ever imagined I would. In many cases, this wasn’t from working on them directly; it was from simply speaking to the technicians and reading documentation. Oftentimes, we have the false belief that our systems are safe from compromise because no one really knows how they work. It’s like security through obscurity. However, what I have also learned over time is that humans are the architects of these solutions. Whilst they may vary slightly, these solutions are not so innovative that one can’t uncover their nuances in a bit of time. Therefore, relying on obscurity to keep things safe is one of the poorest excuses to not take action.


Navigating ICS Security: Knowing the Basics 

Tripwire: The State of Security 

As we begin our new decade of 2020s, we can look back at the last 30 odd years and examine the collaboration between technology and our daily lives. If you think of your day-to-day, it’s easy to see how much our society relies on technology. Consider our smart devices such as mobile phones, watches, even homes. However, what about the technology that we don’t see, that gives us clean drinking water, removes wastewater, and keeps our homes warm? 


Discovering Security Needs for Small and Medium Organisations

Octopi Managed Services

The scene opens with a nervous owner looking to the IT manager, "are we secure?", "I'm not sure" is the response... 

Throughout my career I have watched this scene play out across multiple companies, industries, and even across continents. The reality is, there is no perfect solution, no ability  to remove all risk, no 'unhackable' technology...[however] there are ways to manage privacy and improve security in a way that works for the individual, right up to large organisations. 


Cyber Awareness Learning - Motivate and Empower Your Employees


Organisations want to feel their efforts have made a difference to answering the question “are we secure?” However, there is no perfect solution or ability to be 100% secure; the real aim is to lower the risk – it’s a balancing act.


The 50 Most Influential Women in Cyber Security 

SC Magazine UK 

SC is delighted to honour & recognise the 50 women who, in our opinion, have had the most influence in the UK Cyber Security sector over the past year as role models or campaigners.


PrivSec 200


The PrivSec200 sponsored by OneTrust recognises and celebrates those individuals who have made significant contributions to the privacy and security sectors. Our editorial team considered several factors in compiling this list, including; social media impact, knowledge sharing and community support.


Who's Home? Know Who is on Your Network

Aruba Networks

Security isn't simply having the sexiest controls or the most exciting rock stars — it's knowing what happens when those packets flow, and who's accessing them. Over the years, security has become more complex. We have hundreds, in some cases thousands, of devices in the office at once — and each device has a variety of settings and operating systems. All of these devices make the jobs of the system administration and security teams more complex and causes not just frustration, but also leads to an increased threat landscape and increased vulnerabilities. 


Technology that Just Works is the Key to Cyber Security Effectiveness

Aruba Networks 

As an ethical hacker or cyber security specialist, I am often asked what is the most important thing when it comes to an organisation’s cyber security programme, and what can we do to make sure our security culture is focused effectively? To the surprise of most, I say user experience. I couldn’t tell you the number of cyber security teams I have come across throughout my career who are absolutely exhausted trying to keep up. The issues aren’t solely about available analysts, budget, controls. Often, there is a major concern that cyber security teams are rarely equipped to handle: user acceptance. 


Yellow Capes and Safe Escapes - The Journey of Zoë Rose

Gestalt IT

Author Tom Hollingsworth. Working with Tom through the Tech Field Day, I got to know one of the most encouraging and supportive people in technology. Being surprised with an article like this is just another reminder of how brilliant, kind, and committed Tom is to changing the world of technology - creating an inclusive, positive, and safe atmosphere to help our society grow.


The Infamous Password 

Tripwire: The State of Security 

There seems to have always been this debate on the use and actual benefit of passwords. How do we make them secure without being impossible to remember, and what is the best expiry plan?


Seminar round-up: Cyber Security and the Internet in International Investment Arbitration 

Hogan Lovells

On 11 April 2019 the Hogan Lovells International Arbitration team hosted a seminar on cybersecurity and the internet in International Investment Arbitration. It was a thoroughly interesting and informative session. Our twin panels of preeminent lawyers and industry experts delivered an insightful discussion, followed by a lively Q&A session. 


Staying Calm During a Security Incident: Is it Utopia or Is It Good Design? 

Aruba Networks

Picture this: the latest security breach hits the media. Front page, it is the most invasive breach yet. You decide to scan the first few sentences, bored now of all these announcements. Suddenly your stomach drops–this breach affects you. What do you do? 


Live Blog by Tom Hollingsworth at Gestalt IT Ltd. 

Gestalt IT 

Live blogging of Discovering Security, keynote of the H.E.R. session at Aruba Atmosphere. 


Meet the #ATM19 Influencers: Zoë Rose

Aruba Networks

Interview by Jamie Easley and what to expect from Aruba’s Atmosphere conference. 


Consumer Awareness: be Vigilant Online, says Ethical Hacker

The Edge Malaysia - The Wall 

While it may be hard to stop a cyber-attack, individuals can take some steps to protect themselves online, says Zoë Rose, an ethical hacker and consultant at Baringa Partners. “What they can do is maintain their awareness..."


The 50 Most Influential Women in Cyber Security in the UK 

SC Magazine UK 

From high-level, hard-tech, senior leadership and management, our 50 women list exemplifies women contributing to the cyber security sector at every level, despite representing just 10% of the workforce. 


Cyber Star: Ethical Hacker is a Top-Flight Security Expert

Red River College

Cyber security specialist Zoë Rose’s career has really taken flight since she graduated in 2015 from Red River College’s Business Information Technology (BIT) program. The 28-year-old globetrotter has plane-hopped around the world, speaking at conferences on four continents and, since March 2016, plying her trade from a home base in London, England, where she is currently a security consultant with technology firm Baringa Partners.


Wywiad z prelegentką InfoShare 2018: Zoë Rose

Kobiety do kodu

We don’t write in English too often on this blog, but this time we will make an exception. As partners of InfoShare 2018, we got the possibility to interview one of their speakers: Zoë Rose.


18 Expert Tips for Effective and Secure Code Migration 

Tripwire: The State of Security 

To help organisations with these tasks, Tripwire spoke with 18 experts on how enterprises can secure their cloud environments. Their comments provide key guidance on best practices for effective and secure cloud migration. 



Gone Phishing

British Vogue

Simon Usborne meets the new wave of cyber detectives who guard the elite against blackmail, ransom, and theft. Available in physical print and online.


Cyber Security Heroes

Tripwire: The State of Security 

Five different techs who have played a part in my current professional experience: Dr. Jessica Barker, David Prince, Holly Williams, Per Thorshiem, and Scott Helme.


Ransomware and the Internet of Things 

Schillings Partners 

In 2016, malicious emails containing Ransomware skyrocketed 6,000% compared with 2015, according to research carried out by IBM. Cyber criminals are nothing if not imaginative. That is why Ransomware is constantly evolving to keep up with the changes in technology. 


Starting your Career in Cyber Security 

Tripwire: The State of Security 

As your career goes on, you may find yourself traveling down different routes than you originally planned. This article is a follow-up to Starting Your Career In Information Technology, designed to give an idea of what cyber security has become for me after I transitioned from strictly networking. 


Plugging the Gap: Why are Fewer Women Getting into Cyber Security?

SC Magazine UK 

The latest figures show the number of female cyber security professionals is reducing compared with previous years. What, SC's Kate O'Flaherty asks, is the industry doing wrong? 


IT Security Horror Stories: Where Foundational Security Controls went Overlooked

Tripwire: The State of Security 

As a colleague calls it, the Brilliant Basics are often forgotten when designing or maintaining our cyber security systems. Unfortunately, this is one of the most important areas we need to lock down because if you can’t get the foundations right you better believe that will carry into the more complex situations. 


Implementing a Password Security Policy at the Workplace for NCSAM

Tripwire: The State of Security 

Positive user experience is lacking when dealing with passwords, never mind with multi-factor authentication. The culture surrounding authentication is confusion. Users aren’t aware of why they need to care, and therefore they don’t.


Threat  Hunting 

Schillings Partners 

Many organisations are still lacking the adequate tools, processes and procedures to identify cyber-attacks against their organisations. Consequently, customers are often the first to learn that their data has been compromised. Not only does this cause immediate and sustained corporate embarrassment, but with little control over how the news is communicated and disseminated, this can have a devastating impact on any strategies put in place to mitigate the reputation impact of a cyber-attack and data loss. 


My Time at Cisco Live 2015

Tripwire: The State of Security 

As anyone who has attended a Cisco Live event knows, it is huge! Last year, there were over 25k attendees spanning across the bayside Hilton, the San Diego Convention Centre, and the Hyatt. Armed with the resources of the Cisco NOC team, as well as a whole lot of tape and cables, we met amazing people like Adam, Carlo and Remco, who mentored us in the black arts of conference network architecture. 


Time to get Ransom Aware

Schillings Partners 

Late last year, Joseph Bonavolonta, Assistant Special Agent in charge of Cyber and Counter Intelligence at the FBI made the following statement about Ransomware: "The Ransomware is that good... To be honest, we often advise people just to pay the ransom.” While your default position may be to pay the ransom in line with this advice, it’s worth bearing in mind that paying a ransom is not a guaranteed to result in the release of your data. 


Starting Your Career in Information Technology 

Tripwire: The State of Security 

Beginning a new career can be an intimidating and frustrating endeavour. You begin by looking for entry-level and junior positions; even those jobs require some level of experience! This is the chicken and the egg question or a catch-22. What differentiates you from the next candidate? 


Cisco Live Dream Team Announcement 

Red River College

Zoë, a term 6 BIT Network Management student, has been selected as Cisco Live Dream Team Canadian Representative for this year. 

bottom of page