2018-08-10 -  It only took me half a year since its UK release, but I’ve finally finished reading InfoSec Rock Star, a book written by one of my old SANS instructors that touches on everything from dress codes to negotiation tactics for cyber security professionals. Disclaimer: Just so you’re aware before you read...

2018-07-22 -  Splunk is a powerful tool, but with so many available functions and hit-and-miss coverage on forums it can sometimes take some trial and error to get queries right. Here’s what I pieced together to perform a count on a subset of events and group the data by two fields… As...

2018-07-13 -  I had big expectations for Muse: Drones World Tour after 2013’s excellent Live at Rome Olympic Stadium. I wasn’t expecting a Hullabaloo beater, but I would have been happy with a solid rendition of the album’s tracks and older singles against the unique backdrop of the arena tour’s “in the round” setup and 360-degree Drones-themed experience....

2018-06-23 -  We all use passwords every day, but how exactly do they work? It would be easy to assume that the services we use all hold huge databases with our usernames and passwords side by side, but the reality is much more interesting – and, of course, much more secure. It’s...

2018-06-09 -  When it first came out eight years ago, I assumed The Social Network would be a fairly dull retelling of the origin story of what was then everyone’s favourite social network. I finally caught it the other day, and it turns out I’d been missing out on a great movie....

2018-06-01 -  The security operations centre (SOC) is the heart of a firm’s cyber defences. Here are the basic elements and processes that a SOC uses to monitor for and respond to security incidents. Cyber security has a staffing problem. With so many roles out there and so few people with the...

2018-05-13 -  A while ago I wrote a post about using Python to parse tcpdump output for domains and URLs. Recently, I started to wonder if I could take that a step further. What if the DNS requests I saw could be checked against a blacklist in real time? And what if...

2018-05-07 -  Welcome to what might be a new regular post series, which I’m going to nickname “Stuff I only posted to Instagram and haven’t had a chance to write about yet”. Basically, I’m making an effort to make more of my weekends, and if I start writing about it I’m probably...

2018-04-29 -  The life of a SOC analyst – as is the case with many other jobs – can involve a lot of repetitive tasks, including the process of writing tens of similar emails each day. But what if this could be automated, saving time and reducing the potential for error? The...

2018-04-08 -  Part of my time at the SANS Cyber Retraining Academy covered the incident response methodology and how to identify what’s wrong and how to fix it. But theory is quite different to the real thing, so I thought it would be useful to make a cheat sheet with a few...