The Disabled CISO

I’ve been asked why I’m here and anonymous. I’m just a small ripple in a big #infosec ocean, trying to change things for the better with experiences from 22+ years of trying to keep people safe... you may not always agree with me, but that’s ok, just please #bekind to each other!

Morning @SW_Help this is parked in 2 disabled bays at #surbiton station. No blue badge on display.

Wishing you all a HAPPY NEW YEAR! Hope 2025 brings you all you wish for! As ever thankful to those working over this period to keep us safe - emergency services, armed forces and of course our #infosec teams.

Wishing everyone an enjoyable festive 🎄 break! I am very grateful to those who are working during the holidays to keep us all safe - emergency 👮 👩‍⚕️ 🧑‍🚒 services, armed forces, and of course our #infosec teams!

Yes I’m that person who has 16 people coming for Christmas 🎄 dinner and I forgot to order the Christmas pudding 🤦‍♂️ And I am out trying to find one… No one really likes it anyway, do they?

One of our sector specific business apps has just put up its renewal price by 30% stating: “We have seen a need to strengthen our product due to the evolving cyber threat landscape, as such our costs have increased” Erm, shouldn’t you be providing secure products anyway?

Some form of MFA is better than NO MFA! My mother is never going to get a smart phone 📱 so I am quite comfortable that she has SMS as a second factor, than no second factor at all!

@LisaForteUK But we were always told Macs don’t get viruses 🤣

Best AV for Macs if you need to check for potential naughty stuff fast? I don’t have a Mac so have no clue about their ins and outs

I attended a small #infosec event last week (circa 150 attendees). I was there for the talks only but in the networking area they had 10 vendors which I did NOT visit. Got 6 calls yesterday from vendors exhibiting, all opening with “thanks for speaking with us at our stand…” 🤔

@StuHirstInfoSec So true! When I joined my current org the #infosec team were feared! Colleagues took time off to avoid seeing / talking to them. We have engaged colleagues properly in a respectful manner. We average 10+ unique contacts a day coming into #infosec team. Culture improves daily

A good way to understand if your org-wide Security culture is improving..... create an "ask-security" Slack channel and watch the contact go from zero to many queries a week.....

The worst part of my job is when we have to investigate colleagues. Please don’t steal data from your employers. It will never end well for anyone involved!

Anyone else’s org have a habit of allowing their staff to resign and come back as “consultants” on attractive day rates, working 2 days a week? It’s like they never left the building…

@Teddybreath Maybe introduce them to retro gaming with one of those all in one consoles. All the classic consoles like SNES, Megadrive, 2600, Neo Geo, PlayStation 1 etc… and loads of games. This review video might help youtu.be/rZF14f8sTmM?si…

Hello gaming friends. My eldest is really hard to buy for, but he is into gaming. I’m not, but would welcome ideas for presents in this space please?

Non exec directors are rightly concerned about #infosec & need assurances the org is doing all it can to protect itself against cyber attacks. But, do they have the right knowledge / skills to: 1. Ask the right questions. 2. Understand the answers. How do we upskill the NEDs?

I am only going to say this once. If you do not have MFA on your solution you are trying to sell me, we are NOT buying it!

What’s the most bizarre vendor approach you have received? I got sent a bunch of flowers by a vendor with a card attached asking for an intro meeting. Shame it got sent to the office - I’m a home worker 🤣

@StuHirstInfoSec When I joined my org they had a 200+ questions form that got sent to vendors. I binned it. We now have 8 questions such as do you have MFA enforced on all accounts. If they can’t meet the requirements we don’t use that vendor. Let’s keep this simple and reasonable.

I've had an incredible brainwave about how to solve the Security Questionnaire problem. . . . . . . . . We could just stop doing them.

Don’t you just love a passive aggressive email from a #infosec vendor first thing in the morning with your coffee. All because I would not PoC their technology. Apparently because of “lack of care for my organisation” the org will suffer a major cyber breach…

Another day and another SaaS vendor who doesn’t want to implement MFA on their solution. Sorry, you won’t be getting our business then!

@quentynblog Back to the future is probably the best show I have seen in the west end.

I fancied cheesecake but had none in so found some mature cheddar and shortbread biscuits! Wow - tastes so good 😋