Methodology

An image depicting two contrasting approaches to IT change management, tailored to the themes of your blog post. On one side, it illustrates traditional IT change management with a formal, structured setting, and on the other, it shows a dynamic DevOps approach. This visual captures their shared goal of risk reduction.

Change Management in Development and Operations

While looking into IT Service Change Management, and primarily in accordance with ITIL, there was one thing that stood out. There seems to be a disconnect between the the development point of view and how change management is implemented by operations. With that I mean that the implementations I have seems to be more applicable for finished product than with software developed in house. The change management processes works when a change is either adding a new product or installing a new version....

A mysterious hooded person on a busy night street lit by mostly pink neon signs.

Threat Modelling and Threat Actors

As security professionals working with software components it is not always easy to prioritise what security raising actions should be prioritised. According to most security standards (such as ISO27000) require a risk based security approach. Regardless if we are building our own applications, or we are installing third party software in our network we need to understand what threats there are to our environment. After understanding what threats there are, we prioritise them and thereby also prioritise what actions we should take to minimise the risk....

Learning (Security) by Communication

Anyone working in Cybersecurity can tell you that there are endless fields of specialisation. For example, helping R&D through AppSec, hacking companies through red-teaming, or responding to incidents in a CyberSecurity Incident Response Team (CSIRT). Regardless of speciality, there are skills you will have mastered, and ones you haven’t. In addition to the skills there are knowledge, ways of working etc. connected to each field. We as cybersecurity professionals need to be better at leveraging this diversity of skills and knowledge to our advantage....

An Overview of Security Champions

Security Champions is a concept that gets more and more attraction. The function might go under another name, such as Security Masters, but the concepts are the same. In this post I will dig into what this role contains and how it can be applied to improve the security posture of an organisation. My experience with Security Champions is in Research and Development organisations, so my views are anchored in RnD....