2025: A Different Direction

Welcome back, my friend. Writing to you again in 2025 feels like coming home after a year of twists, turns, and a lot of learning. Life, like technology, evolves constantly, and sometimes, the best way to understand where you’re headed is to reflect on where you’ve been. This post is a little different from my usual fare. It’s part reflection, part resolution, and a look back at how the challenges and lessons of the past 12 months have shaped my perspective and future direction. ...

January 30, 2025 · 6 min · 1110 words

Software Supply Chain Security in the SDLC: Design Phase

In the wake of high-profile security breaches like Log4Shell, CodeCov, and OrionGate, software supply chain security has surged to the forefront of industry concerns. These incidents have driven remarkable advancements in technology aimed at fortifying our supply chains. Yet, despite these leaps forward, some critical areas remain under-addressed, often because they require a more holistic and integrated approach rather than standalone solutions. Discussions about software supply chain security often center on topics like SBOMs, dependency management, and open-source risks. While these concepts are fundamental and addressing them offers substantial benefits, they don’t cover the entire landscape. There are other crucial facets of the Software Delivery Lifecycle that frequently go unnoticed when it comes to supply chain security. ...

August 30, 2024 · 8 min · 1523 words

Embrace Risk Awareness: Strengthen Your Cybersecurity and Everyday Decisions

Introduction As cybersecurity professionals, enthusiasts, and leaders, we navigate the complex web of threats, vulnerabilities, and mitigation strategies daily. This involves not just the technology we use but also the people and processes that underpin our operations. However, one practice that holds significant value beyond our professional domain is risk awareness. Adopting a risk awareness doctrine—a decision-making framework rooted in identifying and assessing risks—can profoundly enhance both our professional and personal lives. By fostering a culture of risk awareness, we ensure that our people are better equipped, our processes are more robust, and our technology is more resilient. ...

June 28, 2024 · 9 min · 1795 words

Software Supply Chain Security: A Holistic Approach to People, Processes, and Technology in a Secure SDLC

Introduction When we look at the fabric of modern digital systems, the concept of the software supply chain extends far beyond third-party libraries and open-source components. It encompasses the people, processes, and technologies that collectively contribute to the development and deployment of modern systems and applications. This includes not only external dependencies but also the intricate interactions between various teams within an organisation — developers, testers, security and operations — and the systems they use, such as Continuous Integration/Continuous Deployment (CI/CD) pipelines and cloud services. ...

May 31, 2024 · 15 min · 3089 words

Securing the Lifecycle of Secrets: Best Practices for Robust System and Supply Chain Security

Introduction Among the many complexities of computer systems security, the management of secrets holds a pivotal role, influencing not only individual components but also the overarching supply chain integrity. Secrets, in this context, refer to any sensitive information that must be kept confidential to maintain the security of a system. This includes, but is not limited to, passwords, API keys, cryptographic keys, and access tokens. Efficiently managing these secrets poses significant technical and operational challenges. From the initial creation and secure storage to the controlled access and eventual retirement, each phase in the life cycle of a secret demands rigorous oversight and sophisticated strategies to mitigate risks. The failure to properly manage these secrets can lead to vulnerabilities that compromise not just individual assets but can cascade through the supply chain, affecting numerous systems and services. ...

April 30, 2024 · 14 min · 2824 words

Welcome to the World of Cybersecurity: Uncover Your Place in the Digital Defense

Have you ever imagined yourself as a guardian of the digital universe, a detective unraveling mysteries, a creative hacker, an innovative tech genius, or a wise teacher sharing knowledge? Welcome to the exciting world of cybersecurity, where heroes come in all forms, bringing their unique powers to fight against digital threats! Cybersecurity isn’t just for the tech-savvy. It’s a vibrant, inclusive community where everyone has a role to play. Whether you’re curious about starting a career in cybersecurity or looking to switch lanes, there’s a spot for you. And guess what? Your previous experience, whatever it may be, holds the key to unlocking your potential in this dynamic field. ...

March 29, 2024 · 14 min · 2877 words

Tradecraft for Security Contractors

The Lifestyle In the initial chapters of my career saga, I was a bit of a digital nomad, hopping from one client to the next, crafting, securing, and sprucing up a diverse array of systems and workflows. Trust me when I say, the thrill of the variety ensured that boredom was a concept as foreign to me as a glitch-free software release. As time marched on, though, life’s other scripts—family, obligations, and a dwindling patience for certain legislative quirks in the UK—prompted a pivot from the freewheeling contractor lifestyle to a more anchored existence in a permanent position. Yet, the nomadic phase left its fingerprints all over my professional DNA—the way I think, interact, and present myself in the security sphere. These imprints, or let’s call them the “Tradecraft of a Contractor,” are the pearls of wisdom I’m eager to pass along to you today. ...

February 24, 2024 · 12 min · 2381 words

Starting a new role in Cybersecurity

Hello there dear reader! Just landed a new gig in the buzzing world of cybersecurity? Awesome! I’m right there with you, having recently started a new role myself. Let me share some insider tips that have really helped me get my bearings in these first few days. First things first, make day one count. Whether you’re a veteran in the field or fresh-faced and eager, the way you kick things off can set the tone for your entire journey. Here’s how I’ve been navigating the early days at my new company, and trust me, it’s been a game-changer. Let’s jump right in! ...

January 31, 2024 · 7 min · 1328 words

Relaunch

Hello, Cybersecurity Enthusiasts and Software Engineering Wizards! 🌐🔐 After a brief hiatus, I’m thrilled to reignite our blog with fresh, insightful content tailored for the ever-evolving world of cybersecurity and software engineering. We’re navigating through tumultuous times, with the economy and international politics in a state of flux. It’s a period where job security isn’t guaranteed, and the spectre of layoffs and company insolvencies looms large across industries. A Glimpse into Today’s World The current economic landscape is challenging, to say the least. We’re witnessing significant shifts in the market, influenced by global events and political decisions. These changes directly impact our careers and the cybersecurity sector. With companies tightening their belts, no job, career, or industry is immune to the threat of downsizing or closure. ...

January 14, 2024 · 3 min · 431 words