Business Excellence (Part 4): The art of operationalisation
Edward Farrell The following “business excellence” series of articles are focused on the day to day operations and non-technical considerations of modern day cyber security practices. I wanted to share my own insights and observations of the cyber security industry away from a facade that is often presented to us in marketing, or from the […]
For the Lulz: Getting certified as a dolphin trainer (and why decent certification and qualifications matter)
Edward Farrell Our “for the lulz” series focuses on entertaining anecdotes with hopefully a serious lesson at the end. I’ve been entertaining the occasional LinkedIn message from multiple individuals if I wanted to get certified. My response has gone through a number of iterations but thanks to the inspiration of a colleague I have been […]
Insights: Audits are useless, but the act of auditing is invaluable
Edward Farrell Late last week I was empathising with a client about the fact they were about to undergo yet another cyber security audit. Lamenting at the constant product generated from this process and ongoing questioning, it had sparked two trains of thought: The title of this article is adulterated from a phrase often attributed […]
Business Excellence (Part 3): Roles, skills shortages, intermediaries and disparities
Edward Farrell Several weeks ago a job advertisement for a role that we’re also on a government panel for came out. A job was advertised with a $130–160K for a salaried role by a company that sounded as a copy-paste of the very role presented. Given our own access to the panel, familiarity of the […]
Business Excellence (Part 2): Selling a cyber security business
Edward Farrell The following “business excellence” series of articles are focused on the day to day operations and non-technical considerations of modern day cyber security practices. I wanted to share my own insights and observations of the cyber security industry away from a facade that is often presented to us in marketing, or from the […]
Business Excellence (Part 1): The economics of professional service practices in the Australian Cyber Security Market
Edward Farrell The following “business excellence” series of articles are focused on the day to day operations and non-technical considerations of modern day cyber security practices. I wanted to share my own insights and observations of the cyber security industry away from a facade that is often presented to us in marketing, or from the […]
The do’s and don’ts of writing in cybersecurity
As a lecturer at university and director of a cyber security practice, I read a fair amount of written material above and beyond the latest news article. As a result, I see a lot of good and bad writing, and I wanted to share a few do’s and don’ts in this space. Im sure theres […]
Afghanistan, and cyberspace- a few thoughts…
Edward Farrell The events in Afghanistan over the past few days have been heart breaking to watch. The loss of life and the social impact are substantial however the events of the next few weeks will be equally upsetting. I was running through my head what this might mean from the standpoint of digital infrastructure, […]
The internet caught fire: Hunting CVE2021–26855
Edward Farrell Whilst I had allocated this weekend to the report writing and content review from the team, the recent events with Microsoft Exchange had led me a little astray. In addition to having to conduct some administration and follow up on two incident responses, I’d also elected to measure how vulnerable Australian infrastructure is […]
Do the numbers add up? revisiting the mathemetactics of a cyber security practice
Edward Farrell A pure cyber security practice (or any services practice) is the science of applying time and space relative to staff in order to achieve an effect. This could be as part of a governance strategy, penetration testing, gap reviews, managed security services or any other number of services that come up. The simple […]