There are endless ways to divide vulnerabilities into different classifications. Each more granular than the other. However, there is also a need to for a simple divide, targeted to the business. That is the problem this post will solve. By using the same categories as in the post Security for Any Development Team I will break down security vulnerabilities into three categories. After reading this post, you will get an insight into why vulnerabilities may arise, and what can be done to minimise the risk. ...

It has now come to an end of an era. The time has come to move on from from my previous way of building this blog (with Jekyll) to something new. For a while now I’ve been looking for a reason to dig some more into golang, so when i began looking for a new theme for my blog the choice to migrate to Hugo came quite easy. At first glance it does exactly the same thing as Jekyll, but for someone who from time to time make changes to the theme it makes more sense (my personal opinion). ...

In todays internet based world, phishing has become a great nuisance. We all know about the emails trying to trick the receiver to perform an action that is to the senders gain. This could be to install malware, send money, or something else. Either way, this is just the newest variant of the con (aka confidence game) to trick someone for gains. After reading The Confidence Game by Maria Konnikova I got to thinking. Where goes the line between a con and business? ...

Anyone working in Cybersecurity can tell you that there are endless fields of specialisation. For example, helping R&D through AppSec, hacking companies through red-teaming, or responding to incidents in a CyberSecurity Incident Response Team (CSIRT). Regardless of speciality, there are skills you will have mastered, and ones you haven’t. In addition to the skills there are knowledge, ways of working etc. connected to each field. ...

Security Champions is a concept that gets more and more attraction. The function might go under another name, such as Security Masters, but the concepts are the same. In this post I will dig into what this role contains and how it can be applied to improve the security posture of an organisation. My experience with Security Champions is in Research and Development organisations, so my views are anchored in RnD. However I see no reason why Security Champions could not be applied in other kinds of organisations as well. ...