It has now come to an end of an era. The time has come to move on from from my previous way of building this blog (with Jekyll) to something new. For a while now I’ve been looking for a reason to dig some more into golang, so when i began looking for a new theme for my blog the choice to migrate to Hugo came quite easy. At first glance it does exactly the same thing as Jekyll, but for someone who from time to time make changes to the theme it makes more sense (my personal opinion). ...

In todays internet based world, phishing has become a great nuisance. We all know about the emails trying to trick the receiver to perform an action that is to the senders gain. This could be to install malware, send money, or something else. Either way, this is just the newest variant of the con (aka confidence game) to trick someone for gains. After reading The Confidence Game by Maria Konnikova I got to thinking. Where goes the line between a con and business? ...

Anyone working in Cybersecurity can tell you that there are endless fields of specialisation. For example, helping R&D through AppSec, hacking companies through red-teaming, or responding to incidents in a CyberSecurity Incident Response Team (CSIRT). Regardless of speciality, there are skills you will have mastered, and ones you haven’t. In addition to the skills there are knowledge, ways of working etc. connected to each field. ...

Security Champions is a concept that gets more and more attraction. The function might go under another name, such as Security Masters, but the concepts are the same. In this post I will dig into what this role contains and how it can be applied to improve the security posture of an organisation. My experience with Security Champions is in Research and Development organisations, so my views are anchored in RnD. However I see no reason why Security Champions could not be applied in other kinds of organisations as well. ...

I’ve previously written about the difficulties of keeping up to date with the current privacy policies of products one is using. Not only are they updated regularly, they are also long and complex. Here Mozilla, the non profit organisation behind Firefox among other things, have created Privacy not Included to help. Privacy not included is a tool where experts investigates the privacy of different products, and gives clear information both what is said in the policy and what data it collects (permissions, sensors on the device etc.). In addition to pure privacy related analysis, information about the basic security of the product as well as the use of AI is investigated. Even though Privacy not Included does not contain all products around the world, there are lots of them and some of the results are surprising. Enough so to get me to get stuck just reading the analysis while reading up for this post. And if there is a product missing that you would love to see investigated, there is an easy form to request products to be analysed in the future. ...