A few weeks ago I learnt that my application to attend the HutZero cyber entrepreneur bootcamp had been successful. I am excited to start the programme next week and will keep you posted!
Whether you are just finishing your studies on cyber security, or have worked in the corporate world for a number of years, HutZero supports individuals at the very start of their entrepreneurial journey.
My book has been nominated for the Cybersecurity Cannon, a list of must-read books for all cybersecurity practitioners.
Review by Guest Contributor Nicola Burr, Cybersecurity Consultant
“So often information security is viewed as a technical discipline – a world of firewalls, anti-virus software, access controls and encryption. An opaque and enigmatic discipline which defies understanding, with a priesthood who often protect their profession with complex concepts, language and most of all secrecy.
Leron takes a practical, pragmatic and no-holds barred approach to demystifying the topic. He reminds us that ultimately security depends on people – and that we all act in what we see as our rational self-interest – sometimes ill-informed, ill-judged, even downright perverse.
No approach to security can ever succeed without considering people – and as a profession we need to look beyond our computers to understand the business, the culture of the organisation – and most of all, how we can create a security environment which helps people feel free to actually do their job.”
David Ferbrache OBE, FBCS
Technical Director, Cyber Security
“This is an easy-to-read, accessible and simple introduction to information security. The style is straightforward, and calls on a range of anecdotes to help the reader through what is often a complicated and hard to penetrate subject. Leron approaches the subject from a psychological angle and will be appealing to both those of a non-technical and a technical background.”
Dr David King
Visiting Fellow of Kellogg College
University of Oxford
The UCLU Technology Society invited me to deliver a talk on information security to UCL students. Together with my colleague, I discussed various aspects of information security focusing on both technical and non-technical topics.
We talked about Advanced Persistent Threats and common misconceptions people have about them. When referring to protection measures, I emphasised the importance of considering human aspects of security. I described typical causes of a poor security culture in companies, along with providing some recommendations on improving it.
I concluded the evening with a discussion on managing and communicating the necessary changes within the organisation and the skills required to successfully do that.
I was recently asked to develop a two-day tabletop cyber wargaming exercise. Here’s the agenda.
Please get in touch if you would like to know more.
Module 1: What is Business Wargaming?
How Does Business Wargaming Work?
Module 2 Cyber Fundamentals
- Practical Risk Management
- Problems with risk management
- Human aspects of security
- Conversion of physical and information security
- Attacker types and motivations
- Security Incident management
- Security incident handling and response
- Crisis management and business continuity
- Cyber security trends to consider
Module 3: Introducing a Case Study
- Company and organisational structure
- Processes and architecture
Module 4 Case study exercises
- Case study exercise 1: Risk Management
- Case study exercise 2: Infrastructure and Application Security
Introducing a wagaming scenario
Roles and responsibilities
Simulated exercise to stress response capabilities
The scenario will be testing:
- How organisations responded from a business perspective
- How organisations responded to the attacks technically
- How affected organisations were by the scenario
- How they shared information amongst relevant parties
Feedback to the participants
Course wrap up
Image courtesy zirconicusso / FreeDigitalPhotos.net
Implementing cutting-edge technology solutions is not the only way to combat cyber threats. Seemingly mundane administrative tasks such as network infrastructure hardening could yield greater results in terms of risk reduction.
I ran a remediation project for a major blue chip company, which successfully removed over 8,000 unused firewall rules.
Such projects can be complex and require a rigorous process to be designed to ensure that no active rules are removed. For example, a period of monitoring and subsequent hypercare ensured that only a few rules were reverted back to production after being indicated as “unused”. Proactive stakeholder engagement was key in completing the work ahead of schedule and under budget.
As a result, the project improved network security by eliminating the chance an attacker can exploit a weak unused firewall rule. Moreover, the number of rules on the firewalls was cut by half, which made it easier and cheaper to monitor and manage.
Image courtesy renjith krishnan / FreeDigitalPhotos.net