by Security Centric, on 03/12/2018 12:56:00 PM

What Brush Turkeys Have Taught Me About Information Security It is that time of year again when a male brush turkey has made my backyard his home, tearing apart vegetation …

Read Story
Topics:InsiderRed TeamingRisk Assessment

by Security Centric, on 29/11/2018 3:02:00 PM

As information security has become more important across organisations, so has the role of an information security leader within organisations. As an information security leader in an organisation, several questions …

Read Story
Topics:InsiderPentestingRed TeamingPhishing

by Security Centric, on 26/11/2018 3:54:00 PM

In part 1, the importance of knowing your system was discussed, in this article, the importance of properly managing and auditing these assets will be discussed. Proper management of ICT …

Read Story
Topics:Fundamentals

by Security Centric, on 22/11/2018 8:11:09 PM

There is no one size fits all when it comes to cyber security – you cannot uncover your potential risks purely through comparison to another business. That’s where risk profiles …

Read Story
Topics:Risk Assessment

by Kristian, on 22/11/2018 11:42:00 AM

Passwords are obviously required to keep your online accounts and data safe, but how strong is your password? The idea of a strong password can be hard to quantify and …

Read Story
Topics:FundamentalsAuthentication

by Security Centric, on 17/10/2018 7:30:00 AM

Cyber security is a comprehensive multi-faceted approach to identifying, understanding, and then mitigating risks to information systems. In the past cyber security has largely been seen as a technology issue, …

Read Story
Topics:Risk Assessment

by Sash, on 25/05/2018 2:58:00 PM

I have been in Europe for a couple of weeks now working on some longer-term strategic initiatives for Security Centric. My work brought me into a larger number of organisations …

Read Story

by Nigel, on 15/02/2018 5:45:00 PM

A big part of my job is conducting security audits or assessments of clients. In one assessment, I asked a client for some documentation, in this case a system design …

Read Story
Topics:Compliance

by Nat, on 19/09/2017 11:15:00 AM

Multi-factor, or two-factor, authentication (MFA, 2FA) has seen increasing adoption and public awareness. What is it? What benefits does it provide? Is it really worth all that hassle? And how …

Read Story
Topics:AuthenticationPhishing

by Sash, on 17/05/2017 1:17:00 PM

Even the catchy name is not particularly innovative (Heartbleed has to take that prize over others such as BEAST and POODLE). As someone intimately involved in cyber security on a …

Read Story

by Tim, on 24/11/2016 8:50:00 AM

A common theme amongst many engagements and discussions are “we are having issues maintaining control over our environment what products can solve this problem for us”. Questions like this are …

Read Story
Topics:Fundamentals

by Eddie, on 05/02/2016 1:59:00 PM

As organisations continue to adopt advancements in information technology and work towards an interconnected world, malicious attackers have not fallen short. The cyber threat landscape has never been more intense, …

Read Story
Topics:PentestingRed TeamingRisk Assessment

by Security Centric, on 26/05/2015 9:40:00 AM

The recent compromise and subsequent theft of personal information from eBay has reinforced one aspect of any mature information security approach – adequate application of defence in depth. The fact …

Read Story

by Sash, on 14/05/2015 2:05:00 PM

QSA organisations and individual assessors usually complete the final phase of a PCI DSS compliance program – that is, a final audit. Whilst Security Centric is a QSA organisation, only …

Read Story

by Sash, on 14/04/2014 4:20:00 PM

Much has been written about the OpenSSL Heartbleed vulnerability, which affects the TLS heartbeat mechanism used by some versions of the OpenSSL library. Numerous open source and commercial products use …

Read Story

Finally, an actionable blog

The purpose of this blog is to make available the real-world lessons, experience, observations and mistakes that are part of the daily life of a group of cyber security professionals.

Read about:

  • What mistakes organisations are making (anonymously of course!)
  • What effective actions are available to quickly and economically achieve effective protection (without buying new kit)
  • Trends we're seeing, via our incident response and forensic investigation capabilities
  • And sometimes, just frustrations about what is wrong with cyber :|

Subscribe to Updates