security¶

July 8, 2025
in security
4 min read

Zero Trust for Applications

The Zero Trust methodology has been around for a while, and many organisations have been implementing Zero Trust principles. When considering applications deployed in an enterprise, organisations typically implement zero trust at the infrastructure layer, protecting access to and from applications and securing network communications.

Infrastructure-level protection is essential, but there's another threat vector: the application itself. While SDLC processes and security tools help secure code, there's an opportunity to implement Zero Trust principles directly within applications.

April 12, 2025
in security, dashboard
4 min read

The Metric Library: Practical Security Metrics for Real Dashboards

"Build my cyber security dashboard, and put metrics on the board" - A statement I have heard all too often, and when you go into the design phase to choose the metrics, there are blank stares all around the room. We want to measure something, but we don't know what.

April 6, 2025
in security, compliance
4 min read

Security is not Compliance

Some companies like to combine their Security and Compliance teams into one entity. I've worked in environments like that before, and I can tell you from experience that it is usually a bad idea to mix the two. Let's dig into it.

October 11, 2024
in security
12 min read

Security for Engineers

Many of us have the need to develop code, code that may have access to very sensitive data, or code that has the ability to wreck havoc on an environment. Whatever the development requirement is, there is a need to be vigilant with the code you develop, and ensuring that you do not inadvertently introduce security issues that could otherwise have been avoided.

September 24, 2024
in security
4 min read

Involuntary Data Breaches

An involuntary data breach is a data breach where you information got compromised without your direct involvement. This is typically where your information is stored in a data location that you're unaware of, or have no control over. In a recent security incident, my own contact details have been exposed, through a friend's compromised phone. This is the story of that event.

June 14, 2024
in security
5 min read

Security Breach Transparency

Another security breach has made the news. This time the folks at Ticketek are having a hard time explaining why ...customers' names, emails and dates of birth may have been accessed in cyber security breach.

May 23, 2024
in security, dashboard
4 min read

Automated Security Reporting

Having some form of automated security reporting platform will help organisations to have real-time visibility of the security posture across their environment. By tailoring the dashboards to different audiences (or personas), CISOs and CIOs can leverage data for decision-making, giving visibility to all levels within the organisation.

February 16, 2024
in security
10 min read

Vulnerability Management

Vulnerability management is a continuous, proactive, and often automated process that keeps your computer systems, networks, and enterprise applications safe from cyber-attacks and data breaches by ensuring any weaknesses in the underlying software are updated.

November 25, 2023
in security
4 min read

Why HTTP is bad

We've become accustomed to seeing HTTPS on our websites, yet there are still some that simply refuse to use HTTPS. Our favourite Bureau of Meteorology is exactly one such case.

November 18, 2023
in security, list
3 min read

Strange password policies

We all have passwords, and the volume of passwords we need to manage is not slowing down. Most of the sites we interact with have some sort of a password policy that forces you to go through a process of trying to create them. I have written about this before.