It's all the fault of developers... right? Afterall, we face a world of fail by design, security becoming more an afterthought. All the while technology continues to play a bigger and bigger role in society. From our personal lives, the operations of businesses and governments, to transportation; the list goes on.

​

In fact, it's difficult to think of any aspect where technology does not have an influence or impact. In this talk, we will cover a developer’s role in security, the value of embedding security and privacy from the conception of the idea, to protect consumers. Additionally, we will talk through some real-life examples of where things didn't go to plan.

The struggle of embedding effective security programmes within enterprise organisations, in a way that changes behaviours can become an overwhelmed monster. Disjointed approaches, missing foundations, inability to properly measure success or failure, and limited collaboration can lead to failure before they even begin. 

Reaching the height of your career is no simple feat. It often requires a combination of pursuing the right education, building the right professional network and being bold enough to take the right chances. It takes time and effort. It takes taking yourself out of your comfort zone. 

​

IN the third part of our three-part series, Cisco Champions explore what it means to be an expert - in particular, they discuss tips on becoming an expert, what servces as motivation and how to deal with imposter syndrome, and even share their own personal stories. 

Have you ever had a client who constantly clicks the links, a CEO who opens all the attachments, or a receptionist who reuses every single USB that comes across their desk? Do you blame them for the lack of security mindfulness? If you do, stope. Simply blaming the users is so 2020. 

​

Instead, lets create security programmes that not only sound cool, but actually work for the humans they are supposed to be training. 

As technology continues to play a massive role in our society, this ever growing demand on developers to build functional and secure solutions will only increase. What role do developers play in securing our society, and how can they begin the journey to security by design - instead of fail by design? 

There's monkey business involving cryptocurrency thieves and MailChimp, a stalker exploits his ex-partner's CCTV cameras, and what are the naughty words Amazon doesn't want its staff using?

Organisations small and large struggle with the same idea, how to embed security by design and by default - in a way that actually changes behaviour. Throughout my career I have seen time and again organisations attempt to address this concern, without foundations and ineffective metrics, causing failure before they have even begun... 

The leading voices of this interactive panel discussion will exchange insights on to how to transition from global IT strategy to the next-gen digital innovation; and what developments lead CISOs to identify business areas that are vital for continued growth and development. 

In cyber security, as in virtually every field, prevention is always better than cure. But in a landscape abundant with zero-day attacks and emerging threats, how can organisations protect themselves from the unknown? 

Joining the team at CyberNB and Cisco Toronto Innovation Lab, we presented different perspectives of a cyber career for January's student body. 

Having been the victim and then the responder when it comes to investigating domestic abuse and violence, cyber bullying, and further incidents - this talk is designed to cover investigating safely from real-life experiences. Top down we will talk about policies and procedures, failures in process, levels of anonymity, and cyber security for the investigator. 

APIClarity is an open-source, cloud-native visability tool for APIs. It utilizes a service mesh framework to capture and analyse API traffic and identify potential risks. Tune into this episode to learn more. 

All organisations need to ensure their employees have quick and easy access to data so they can be productive as possible. Sadly, this this approach often increases the risk of data breaches occurring, particularly among hybrid workforce's operating outside of corporate buildings... 

Organisations often lack mature roadmaps, creating point-in-time roadmaps but not actively managing or working from them over time. In other cases, organisations lack a roadmap at all...

In this episode, Cisco Champions bring their collective experiences to discuss the complexities of breach notifications - sharing when breaches should be communicated, how, and more.

What is the current state of cybercrime and what are common times of incidents being reported? We explore the true extent and cost of security breaches, developments in the attacker ecosystem and how businesses can protect and defend against these. Our panelists will also look to future trends, outlining what new risks businesses should expect in 2021 and beyond. 

What is the current state of cybercrime and what are common times of incidents being reported? We explore the true extent and cost of security breaches, developments in the attacker ecosystem and how businesses can protect and defend against these. Our panelists will also look to future trends, outlining what new risks businesses should expect in 2021 and beyond. 

"You are given temporary access to someone's intimate life details, your job, is to protect it." In this lighting talk we cover the reality of a developer's role in society, the importance of embedding security and privacy controls from the conception of the idea, and throughout the life cycle. Along with enforcing by default, to protect your consumers. 

Chat between Sean Wright, Mike Thompson, Scott McGready, Ian Thornton-Trump, and Zoë Rose - discussing the cyber security industry, trends, BeerCon2, what the future holds, and the critical importance of understanding motivations.

Office 365 suites is no fully integrated with many businesses - large and small - and used to store and share massive amounts of important and potentially sensitive corporate data. Therefore, the security risks of implementing such services must be at the forefront of organisation's minds. 

​

In this Webinar, a panel of experts will discuss the security risks surrounding the use of Office 365 and outline best practice suggestions for ensuring data remains safe whilst using complex cloud-based services. 

Speaking with W. Curtis Preston (@wcpreston), we discuss lessons learnt from the ransomware attack on Honda, and "common sense" things organisations can do to protect data.  

The Many Hats Club presents a full day of talks live streamed from a variety of perspectives in order to raise funds for Médecins Sans Frontières UK and Médecins Sans Frontières. Joining Lisa Forte, Ian Murphy, Kevin Fielder, and Scott McGready 

This week Zoë Rose joins me to discuss solutions for stalking victims, an update on the census show last week, the latest privacy news, and  and OSINT tip for obtaining archived interior images of homes. 

In collaboration with The Beer Farmers & The Many Hats Club, hosting a 24-hour virtual conference in order to raise money for two charities our community holds close to its heart; the Electronic Frontier Foundation (EFF) as well as Mental Health Hackers. 

Have you ever had a client who constantly clicks on the links, a CEO who opens all the attachments, or receptionists who reuse every single USB they've found? Do you blame them for the lack of security mindfulness?

​

If you do, stop. Blaming the users is so 2018. Reviewing the last 10 years of my professional career, I will walk through the hardest lessons I have learned regarding human behaviour. At the end of the day, being a cyber security expert is not bullying users into submission, it's understanding who they are as beings, and creating a safe, inclusive environment for them to learn.

Ever wonder why technology seems to be more fail by design than security and privacy based? Also, how is it we can have so many training programmes and awareness budgets, but people keep clicking the links and opening the attachments.

​

In this talk, I will highlight the way we approach security today, and how we can adjust this to be effective. We will look at why technology often isn't built with security or privacy as default, and how we can be a part of the shift to embedding security.

Society is changing. Consumers value their personal data and will actively avoid organisations that do not treat cyber security seriously. Words alone, are no longer enough. So how, when things feel more like they fail by design, can you improve your ability to protect your critical data.

​

We often say that effective cyber security cannot exist without strong human firewalls. The same holds true for cyber security teams. The most effective cyber security functions hold one thing in common, and it is not cutting-edge technology. It's high performing teams with a diverse set of skills. 

Welcome to a special edition of Breaking Badness. In this bonus episode, you’ll hear from cyber security specialist and ethical hacker, Zoë Rose. Co-hosts Tarik Saleh and I sat down with Zoë (and her ferrets) to discuss her life as a cyber security consultant, experience in the industry, and advice for fellow practitioners.

In the last 10+ years of experience in industry, I have realised the number one problem is simply humans. We create solutions without considering by design and by default of privacy and security; we often forget the malicious user and the not-so-malicious, but ever-present, human error.

​

Whilst overlapping, the concepts of security and privacy are distinctly different. How do you design resilience for lasting solutions that works in a variety of environments that encourages use, growth and adoption? This talk explores the human response to environments and solutions, the value of diverse teams, and understanding the by design and by default controls between privacy and security

Hackers: the who, what, where, when, and why of offensive security. Along with what financial institutions can do to embed resilience within their organisation. 

Society is changing. Consumers value their personal data and will actively avoid organisations that do not treat cyber security seriously. Words alone, are no longer enough. So how, when things feel more like they fail by design, can you improve your ability to protect your critical data.

​

We often say that effective cyber security cannot exist without strong human firewalls. The same holds true for cyber security teams. The most effective cyber security functions hold one thing in common, and it is not cutting-edge technology. It's high performing teams with a diverse set of skills

Have you ever had a client who constantly clicks on the links, a CEO who opens all the attachments, or receptionists who reuse every single USB they've found? Do you blame them for the lack of security mindfulness? If you do, stop. Blaming the users is so 2018. 

​

Taking a deep dive into the last 10 years of my professional career, we will walk through the hardest lessons I have learned regarding human behaviour. At the end of the day, being a cyber security expert is not bullying users into submission, it's understanding who they are as beings, and creating safe, inclusive environment for them to learn. 

Maintaining an in-house SOC can be challenging and expensive, so organisations rightly reach out to third-parties to provide this service - however, the responsibilities don’t stop there. This talk covers the wins and losses I’ve seen regarding third-party SOCs, how organisations can properly manage this, and ways to make sure you’ve found the right match.

Hackers, the ever mischievous, malicious beings, that seem to be able to simply look at something and break it. Who are they, how do they become to be, should I be worried? This talk is designed to open your eyes to the world of cyber security through my eyes, what it means to 'be secure' and how you as an individual can make a difference in your personal and professional lives. 

What makes Phishing so resilient to security controls and awareness training? This talk we will identify, understand, and learn to use the methodology of Phishing and social engineering for our benefit. 

Paying it forward: Zoë Rose and Paul Holland are putting in the work to help educate peers and colleagues on hacking and protecting data integrity. 

Ever wonder what it's like to be an Ethical Hacker? Zoë Rose walks us through a typical day in her life as an ethical hacker / cyber security consultant at Baringa Partners. 

Vulnerabilities are everywhere - and they're not going anywhere soon. Zoë Rose, cyber security consultant at Baringa Partners, tells us why effective vulnerability management should be a vital part of your overall security posture. 

The biggest cyber threat is not the latest zero-day or fast-spreading malware. Cyber security consultant Zoë Rose explains what affects our industry the most and what security professionals can do about it now. 

Somewhere in your network, there's at least one exploitable vulnerability. Maybe it's a really bad one. Maybe it's not that bad. Do you know? 

How do you get from Student to professional, what variety of roles exist out there, and how do my skills outside of tech relate to my potential roles?

Red, blue, and purple too - what do these colours mean when it comes to embedding security in our systems? This keynote was created to demystify and excite the audience in security by design. Covering both simplified, starter pack like exercises, to full hands on validation - we talked through penetration testing, red teaming, tabletop, and more.

On 11 April 2019 the Hogan Lovells International Arbitration team hosted a seminar on cyber security and the Internet in International Investment Arbitration. It was a throughly interesting and informative session. Our twin panels of preeminent lawyers and industry experts delivered an insightful discussion, followed by a lively Q&A session. 

Looking at a autopsy view of my career, alignment with general life, failures, and lessons learnt along the way.

Listen to the panel of Mobile Field Day Extra (#MFDx) at Aruba Atmosphere 2019 (#ATM19). 

Listen to the panel of Mobile Field Day Extra (#MFDx) at Aruba Atmosphere 2019 (#ATM19). 

Holistic walk through of what Cyber Security is and means to us in our personal and professional lives. Looking through different career options, and my personal journey into security, the young coders learned to investigate their curiosities, failure can be beneficial, and working towards their dream career.

Have you ever had a client who constantly clicks the links, a CEO who opens all the attachments, or a receptionist who reuses every single USB that comes across their desk? Do you blame them for the lack of security mindfulness? If you do, stop. Simply blaming the users is so 2018.

​

This year, let us create security programmes that no only sound cool, but actually work for the humans they are supposed to be training. 

Lighting talk: how to become a privacy advocate and empower others to take back control.

Considering that most cyber attacks are financially motivated, banks are choice targets for malicious actors. Hence, implementing a holistic cyber security strategy must be a key part of their risk management strategy. Marc Roussot explores. 

Taking a deeper look into these malicious actors threatening our environments, jobs, our very lives. We will talk through common organisational pitfalls, realise how our world got to this place. Finishing off where how to take actual steps to a more secure and safer world.

Who are these "hackers" the media keeps referring too? How do they think, operate, and most importantly, should I be worried? 

This talk is focused on understanding the malicious user and the not-so-malicious, but ever-present, human error. We will review how to embed stress testing throughout the development life cycle, and more importantly how to know if you have an effective tester. We will talk about common issues found in my experience, along with different approaches you can take to change the behaviours of your development team. 

Have you ever found yourself lost in a server room, or more often a closet, no idea where to start and confused if you are ever going to find the right port? Have you logged into the gateway router, when you're pretty sure you were supposed to be on a switch, and all of the sudden everything stops working, but you are 99% confident you didn't actually do anything? Then this talk is for you! 

How many times have you heard 'we need a penetration test' and thought to yourself, what actually is a penetration test?! This talk is aimed at clarifying different forms of validation, and how to effectively approach implementation at your organisation.

This talk looks at what is an ethical hack, how do you choose if that is the most effective validation test for your situation, and how to find the right person(s) to hire.

We no longer live in a world where ignorance on security is even remotely ok, you can't breach a data protection act with the defence that 'oops we didn't realise'. Not only will you owe major fines, but your representational damage will be extravagant. Why is it then, in the media seemingly every day, an insane breach is reported? The reality is, more often it's fail by design than security by design. 

Empowering survivors to take back control of their lives through operational security online, building and maintaining a secure communications system with family and shelters. Along with safe steps you can take right from the start, to build awareness of your environment.

Organisations know that cyber security is a huge concern, each year they budget for and insure against cyber incidents. However, if you follow any news, we know this fails consistently. Cyber security is confusing, and that confusion often brings negativity, shame, and embarrassment; leading to a lack of effective communication. In this talk, we will identify how to effectively approach a holistic security programme, through awareness, culture, and understanding on how to approach Security by Design.

Ever wonder why technology seems to be more fail by design than security by design? How is it, we can have so many training programmes and awareness budgets, but people keep clicking the links and opening the attachments?

In this talk, I will highlight the way we approach security today, and how we can adjust this to be effective. We will look at why technology often isn't built with security in mind, and how we can be a part of the shift to embedding security

Open-Source Intelligence is a major piece to the hacker puzzle - to target someone or something, you need to understand it. However, it's also a great tool in our personal security. In this two-hour session I have the privilege of investigating the audience, presenting the findings, and sharing my expertise on how to protect yourself and your company.

Humans are social beings, we have an intrinsic need to come together; whether to celebrate our  achievements or support those in need. The Internet has been fundamental in helping societies connect, allowing our communities grow throughout the world, but this has come at a cost. In this talk, we will look at how we ensure cyber security is seen as a business imperative and not an unnecessary bolt-on, and how we can embed security by design into our business processes.  

Speaking to the next generation of cyber security I will be demystifying the broad term "hackers", the role of ethical hackers in our society, and discussing the life skills of an ethical hacker.

The conversation with Zoë Rose, cyber security consultant and Ethical Hacker at InfoShare 2018.

Panel with Amber Baldet, Stephanie Edwards, Ade Adewunmi, and me - discussing security in the world of Big Data, AI, Blockchain, and IoT.

Humans are social beings; we are collaborative and want to build out communities. This is natural. As we advance, technology has been created to enable us to build these bigger communities around the world. Unfortunately, not all of our 'Facebook friends' or 'LinkedIn connections' have our best interests at heart.

In order to understand this, Nationwide surveyed more than 1,000 British young people aged 16 - 25. As their spokesperson, I presented these statistics to over 306 million citizens. 

This workshop will help to develop your understanding and practical application of awareness training with the intention of making awareness training far more relevant, effective and memorable by applying a combination of communication, motivation and metrics.  

In this workshop we will teach the participants what it takes to develop a strong foundation in which to roll-out organisational wide awareness training.

Society is changing. Consumers value their personal data and will actively avoid organisations that do not take cyber security seriously. Words alone, are no longer enough. So how, when things feel more like they fail by design, can you improve your ability to protect your critical data? In this talk Zoë Rose is going to talk about the importance of varied skills and expertise when it comes to effective cyber resilience, incident response and innovation.

As an experienced Ethical Hacker I have worked on both the offensive and the defensive side of cyber security to help my clients become more resilient to cyber attack. I have designed and executed various simulated attacks, and incident response exercises based on feasible scenarios and from actual experiences in helping clients respond to data breaches. The one question, asked consistently throughout much of my career has been: “how much does it cost?”

​

We see in the media, organisations who’ve suffered a breach costing thousands, millions, even hundreds of millions – but where do these values come from? 

Season 4 episode 5, Scott Helme, Matt Hull, and I investigate the audience – revealing how much information they may have unwittingly revealed.

Just as developers are getting to grips with effective DevSecOps as a means to minimise cyber security vulnerabilities, Zoë Rose covers the next big challenge facing the developer community; privacy.

​

Whilst overlapping, the concepts of security and privacy are distinctly different. As developers, we should be challenging ourselves to consider not just technical implications of our work, but also the why and how we can remain ethical in our goal to innovate. This talk is going to explore how we balance the exploitation of personal data vs. our shared responsibility to protect our right to privacy.

Scott Helme and I highlight the importance of understanding the information we put online in our ever connected world. By investigating the audience via their social media accounts, 'psychic Joe' presents findings in a new, and a bit silly, way. 

What happens when you take non-technical users and show them how to hack? Speaking from first-hand experience, absolutely wonderful things! This talk discusses our little Offensive Security experiment - training hackers, ethically.

Panel on Security and Trust – How do we get a safe internet for business? 

Originally a military term, OpSec has become an important part of business processes and even our personal safety online. Practicing OpSec is important to protecting intellectual property and employee's personal information. In this episode of the InSecurity Podcast, how Shaun Walsh is joined by special guest Zoë Rose who explains how to protect critical information and determine threats to your personal security, and how practicing OpSec when posting on social media and elsewhere online can help keep you and your family safe.

The media likes to portray “hackers” as these hoodied beings, that magically find a way into systems through advanced tactics often described as being indistinguishable from witchcraft. However, the majority of cases reveal that these “hackers” are simply normal but innovative people. Taking legitimate services and features and exploiting them because of, often, simple bugs in the code. 

Zoë Rose focuses her attention on the people who are involved in day-to-day operations and how their mobility is a factor that must be considered in protecting networks. She also digs into the notion of teaching your entire organisation how to hack so they know how to avoid being compromised.

When users and clients ask for "secure comms" they often get excited about shinny new equipment that makes them feel like spies, forgetting the true reason for the request. Speaking from direct experience I will walk through how to build a supporting secure culture, usable secure systems, and maintaining participation that works for your life.

When asked for "Secure Comms" my first question is always: Why? What data are you protecting, and whom are you protecting this from? Without addressing this first major question, any "Secure Comms" system you implement will surely fail - and fail they have! I walk through overlooked requirements, threat mapping lifecycles, and situations where we have failed grandly.

Starting your career in any field can be intimidating. You're expected to have a numbers of year's experience for entry level positions, but where do you actually start? Speaking from personal experience, I cover how I approached starting out; successes and the failures.

Any changes made can have a huge impact on your network, having visibility of these changes may not seem important until Monday morning when the whole office is offline. The goal is to give more visibility into large networks with automated tasks. Zoë has created a demo script for auditing logins, daily configuration changes, and snapshots.

Today we will be talking about getting started in IT with Cisco Champions Rowell Dionicio and Justin Parisi. Our guest hosts this week are Networking Academy members Tim Harmon, and Nick Saylor. Along with Network Academy guests: Jason Lachowsky, Sergio Salas, Nathan Pan, Ben Shirer, and Zoë Rose.