Pete Maynard, Ph.D.

After years of work, we have decent security standards, but we'll continue to struggle until we adopt security by default. Take the relationship between TLS 1.2 and 1.3, for example. Both protocols can provide reasonable security, but TLS 1.2 supports a kitchen sink of options, and you need to know what you're doing to configure it correctly. TLS 1.3, on the other hand, just works, no further work needed. This is just one example; there are dozens of standards and situations for everyone to consider when it comes to their network infrastructure. Until we get security by default, the only way to stay ahead is to have comprehensive configuration monitoring to catch problems and drift. I created Hardenize to solve exactly this problem. Our free test is still available at hardenize.com, and the commercial product has been rolled into Red Sift's. Now that Mail Check and Web Check are being retired, I am very happy that there is still a way for Hardenize to continue to serve.

13

1 Comment

Important announcement from Ciaran Martin, ex-CEO of the National Cyber Security Centre (NCSC) re: the accusations that China had access to state secrets in the alleged 2020 breach: 1. China is a significant threat. 2. But this did not happen. 1: "For many years China has been, and continues to be, a significant cyber security threat to Britain and British interests. Chinese state actors target British government, commercial and other networks for espionage purposes." 2: "But it is categorically untrue that in 2020 briefings were given to the effect that the Chinese state had compromised the bespoke systems used for circulating Strap and other highly classified state secrets."

5

2 Comments

Giltar Information Security Ltd are delighted to be supporting the early discovery and development work for the UK military's Digital Targeting Web. The DTW is a £1bn game changing capability which featured as a key recommendation in the recent Strategic Defence Review and it will transform the speed and precision of the sense/decide/effect chain leveraging AI along with a shift from network and application centricity to data centric operations. It will align with NATO standards enabling alliance interoperability and position the UK as the blue force leader in the digital targeting space. Giltar Information Security Ltd will lead the early security work developing guidance, principles and architecture that will lay the foundations for compliance with #SecureByDesign principles. We will also enable dynamic and proportionate security assurance of early minimum viable product demonstrations. #DigitalTransformation

28

2 Comments

The UK’s National Cyber Security Centre (NCSC) has published pragmatic guidance to help organisations, especially those responsible for Critical National Infrastructure (CNI), plan, prepare and respond effectively to severe cyber threats. It’s a timely reminder that cyber resilience goes beyond technology. It requires strategic planning, operational readiness and organisational alignment. Key takeaways include: - Plan early and proactively: Embed severe threat response into enterprise risk planning and leadership decision-making. - Enhance situational awareness: Build threat intelligence and monitoring capabilities to detect and understand emerging risks quickly. - Harden and rehearse defences: Identify tactical measures to reduce exposure, document response actions, and regularly test them through exercises. - Integrate recovery planning: Connect response plans with wider business continuity and organisational objectives to ensure swift restoration. - Build long-term resilience: Plan not just for immediate threats but for adaptability and recovery across the threat lifecycle. In an increasingly hostile cyber landscape, this guidance reinforces the importance of preparedness, coordination and resilience at every level of the organisation. https://lnkd.in/gNYRiSJj #CyberSecurity #CyberResilience #CriticalNationalInfrastructure #CNI #IncidentResponse #BusinessContinuity #RiskManagement #OperationalResilience #NCSC #Leadership #SecurityStrategy

5

A good bit of analysis by Tony of the consequences of over reliance and acceptance of AI output when, as he quite nicely puts it, organisations forgo methodology for buttonology. Fire and forget may work in some circumstances, but not when organisations that should know better deliver critical evidence on the basis that OSINT is assumed but not embraced.

3

1 Comment

Preemptive cyber defence is no longer optional. Shifting from reactive to proactive security using Indicators of Future Attack (IOFA) lets organisations stay ahead of campaigns and reduce risk at scale. This is the mindset CISOs need to protect their digital estates effectively. 💪 Our latest blog explores how the UK’s Active Cyber Defence strategy demonstrates the value of identifying attacker infrastructure before it hits. Read the short piece here: https://hubs.ly/Q03Z9SfC0 #cybersecurity #cyberdefense #ciso #infosec #proactivesecurity

20

SEPA, West Lothian Council, SAMH: don’t join the list of cyber breached Scottish organisations Cyber resilience failure is potentially career and organisation ending. Criminals used to be largely local and visible. That has changed. Scotland’s cyber criminal threats are invisible, literally global and trying to probe and attack 24 hours a day. This half-day will help you to know the cyber threat landscape, develop incident response planning, ensure reputation and assurance response and develop and embed a cyber resilience culture. Can you afford not to? For more information or to book a place👉 https://ow.ly/8N1250WAEGm #CyberResilience #Governance #BusinessContinuity #Scotland

1

📣New bulletin out now: https://lnkd.in/emYXfcPM CyberScotland and SCVO (Scottish Council for Voluntary Organisations) supporting Scotland's voluntary sector in the journey to becoming more cyber resilient.

5

One implication of the UK’s Cyber Security and Resilience Bill that isn’t getting enough attention yet is how application security testing will need to evolve Most modern organisations ship software continuously. Applications are shaped by a constant stream of - Feature releases - Bug fixes - Dependency updates - Config changes - New integrations - APIs modifications But security assurance for applications is still often based on periodic penetration tests In a resilience-focused regulatory model, that creates a gap. A pentest is a snapshot of the application at a moment in time, while the application might change hundreds of times before the next assessment For organisations falling within the scope of the bill, the more relevant question becomes "how do you validate the security impact of dev changes as they happen?" One approach we’re seeing increasing interest in is change-driven AppSec testing Instead of testing the whole application periodically, security validation is aligned with specific development changes. This is at the heart of what Cytix does... - Automatically reviewing development changes to identify security-relevant modifications - Generating micro-pentest scopes based on the threat model for each ticket or pull request - Delivering targeted penetration testing continuously as changes are introduced The goal isn’t to replace traditional testing entirely, but to close the assurance gap created by continuous software delivery As regulatory expectations shift to demonstrating resilience, organisations will increasingly need to answer a simple question "What security validation occurs when your application changes?" For teams operating modern development environments, the answer will need to move beyond periodic testing toward continuous, change-driven security assurance

11

3 Comments

Zortrex ADE Multi-Agent Threat Containment (Demo) This demo shows the Agent Defence Engine (ADE) operating across a simulated multi-agent environment under mixed conditions, valid behaviour, misconfiguration, spoofing, and drift. Multiple agent types (sensors, actuators, drones, comms) issue intents concurrently across platoons, and each action is independently verified at the decision boundary using ephemeral presence-derived prefixes. What’s important here is not throughput, but selective containment. Agents with matching expected and observed prefixes are accepted and allowed to proceed. Actions that show presence mismatch or drift are blocked immediately, without impacting other agents in the system. There is no global shutdown and no cascading failure containment is local, precise, and auditable. The audit view intentionally records execution truth rather than assumptions, who acted, what intent was expressed, what presence condition applied, and why an action was accepted or blocked. This enables post-incident forensics without leaking operational payloads or embedding long-lived authority. Replay and escalation signals are visible, but execution power remains bound to live conditions, not stored credentials. This is a defensive simulation only. The purpose of the demo is to show how ephemeral validation and containment can interrupt drift, spoofing, and off-platoon behaviour in real time even in dense, asynchronous agent swarms without relying on static keys, shared secrets, or centralised trust anchors.

7

📊 Securing Trust Boundaries: Cross Domain in the Scottish Public Sector Sam Black is demonstrating how Cross Domain Solutions (CDS) were positioned as a critical enabler to secure collaboration across Scotland’s public sector — protecting sensitive systems while allowing controlled data flow across trust boundaries. 🔹 CDS provides a controlled, risk-managed pipeline to transfer information between distinct trust zones — enforcing segregation and preventing unauthorised or unsafe data flow. 🔹 Designed to protect against unauthorised export, protocol attacks, persistent compromise, and unsafe content ingestion. ➤ High-impact risks — disruption, loss of trust, and safety implications — arise when higher trust zones are compromised. ➤ Protective controls include protocol break, sandboxing, session isolation, data-in-transit and at-rest protection, and strict authentication enforcement. The message is clear: cross-domain capability is no longer optional. It is foundational to enabling secure analytics, operational resilience, and trusted digital collaboration across complex public sector ecosystems. #CrossDomain #CyberResilience #PublicSectorSecurity Sam Black

8

Newly published independent research from the Department for Science, Innovation & Technology (DSIT) highlights the economic impact of cyber attacks in the UK. Key findings include: • The average cost of a “significant” cyber attack for a UK business is £195,000, with an estimated total impact on the economy of around £14.7 billion annually (approximately 0.5% of GDP). • The theft of intellectual property and knowledge assets via cyber attacks is projected to range from £1 billion to £8.5 billion in 2024. • Consumer-facing consequences are significant; for instance, a three-day outage of online banking services could result in costs between £5.5 million and £231 million. • In a worst-case scenario, a systemic cyber incident in the rail network could lead to costs of up to £1.8 billion from just one week’s disruption. Recommendations include: • Elevating cyber discussions to board level, given the clear financial stakes. • Strengthening foundational controls by implementing frameworks like Cyber Essentials and other best-practice governance. • Viewing cyber as integral to business continuity, innovation, and growth, rather than merely a cost centre. Link in comments 👇

21

6 Comments

"Agents force a reckoning with a problem we've been half-solving for years. When deterministic code calls APIs, we have decent permissions systems. When humans predictably use tools, we have decent permissions systems. But when autonomous and non-deterministic systems that make decisions based on unstructured inputs call APIs … we're still figuring that out ... The solution probably looks like “permissions,” but not the kind we're used to (cough: RBAC). We need permissions that understand context and intent, not just identity and resource. We need monitoring, alerting, and audit trails so security teams can run agents in production without relying on "trust the model" assumptions. When something goes wrong, we need to trace what happened, why it happened, and what to change to prevent a repeat."

3

OSINT is more than just "Googling" - it’s about connecting the dots. As an OSINT Practitioner, I am frequently asked: "What is the most important tool for digital investigations?" The answer isn't a specific software or a script. It is critical thinking. In the world of Open-Source Intelligence, the challenge isn't finding information - it is verifying it. Whether investigating a security breach or analyzing digital footprints, I follow three core principles: • Pivot Point Analysis: A single data point - like an old username or a unique CSS class on a website - is just the starting point used to pivot into larger data sets. • Verification (The Rule of Three): Never trust a single source. An investigation is only as strong as its verified evidence from multiple independent origins. • Digital Hygiene: A professional investigator must ensure they do not leave their own digital footprints behind during the process. Tools like Shodan, Maltego, and custom Python scripts are essential, but they only serve to support a solid investigative mindset. What is your most effective OSINT pivot point? Let’s discuss in the comments. #OSINT #CyberSecurity #DigitalInvestigations #EthicalHacking #Infosec #SocialEngineering #ThreatIntelligence

5