Surviving Sheffield

Saturday saw a major milestone for me: I managed to get myself accepted to speak at the prestigious conference SteelCon in the steel city. I delivered a talk that had previously been delivered at the Scottish conference SecuriTay in February, a talk that was written in four days so a bit “rough around the edges”.


This time, had several months to prepare for the hour long talk. I’ve done some recommendations in the past about how to prepare for a conference talk, and essentially what I can pass on (and I got from other speakers ahead of SteelCon) is that if you prepare enough, have enough content that you know that you can use to fill your time and you’re satisfied will address the point that you originally submitted, then you should be able to relax into the talk you’ve prepared and deliver it with style.


Well I say “should be”, yes I was nervous to the point that I barely slept the previous night and found myself up against two respected speakers – one of whom reportedly gave a ground-breaking talk. However I delivered it, most people didn’t walk out (I just assuime that anyone who did were off to get a guaranteed seat for Ken Munro!)


What advice can I pass on having delivered at 2 major security conferences in six months? Well research and prepare and research some more, get the content you need to deliver your point and fill the time you are allotted. Yes it’s very daunting to speak somewhere, but the audience have a choice and if they chose you, they are on your side. As I said to someone, this isn’t the Education Secretary speaking at the NUT conference!


So if you have an idea, write it up and submit it. There’s enough trusted people around who will tell you what works and what doesn’t, and don’t lose heart upon a rejection.


I’ll take on board the comments I got afterwards, go and edit this and hopefully I’ll be speaking on the glory of ransomware some time soon.


2017 Resolutions

1 – Read a book a month – my commute is filled with podcasts, and while I read at home (usually old copies of the Guardian Weekend magazine) I’ve been bought many books in the past year for Christmas and birthday that I am yet to pick up. So first is to get through one book a month – Tim Dowling and Hadley Freeman’s excellent columns will have to wait.


2 – Listen to a new album a week – Vicky and I have become buyers of vinyl, and just this week picked up the recent releases by Public Sector Broadcasting, Metallica and Radiohead. However we rarely listen to these. So in 2017 I/we will listen to one of these masterpieces a week.


3 – Listen to a new band a week – I’ve read so much about bands like The 1975, Catfish and the Bottlemen and Cabbage (mainly because of this but rarely hear their music, so in 2017 I’ll make the effort to listen to the hype so all recommendations are welcome.


4 – Probably try and exercise more, especially as I turned 40 last year and I’ve run 2 half marathons in the past five years. Knowing I can do it and actually doing it are not that far apart.slide-13-1024

It was 20 years ago this year

Back in the summer I attended a conference in Sheffield, and it was very good. With it taking place on a Saturday and at Hallam University, which for those of you not in the know is next to Sheffield train station, I had deliberately booked a late train back home on the Sunday to allow me time to do something on the Sunday.

That “something” was to be determined on the day: do something in Sheffield, visit Meadowhall, sleep….or visit a town I’ve not been to for 18 years. Between the years of September 1996-June 1998 I did my HND in journalism at Barnsley College, and it set me on the way to the career I am enjoying now. Since then, I’ve not had the opportunity to get back to Barnsley so with a free day and only a 30 minute train ride from the town, I decided to make a visit.

There were numerous reasons for going, and one of the main ones was would I still remember my way around. The simple answer was yes, and for the most part, the town was a lot more green and pleasant than I had recalled. The areas around the college, court, and streets where I and friends lived were quiet, leafy and with some lovely brickwork that I guess I never really appreciated at the time.

I realise for the majority of people this will have no interest, but for me and the people I shared my education and socialising with in that time, the town will always have good memories. So let’s start with leaving (a massively improved) train station:

I spent about an hour in Barnsley. The town centre looks like the recession had hit it hard and a number of high st chains had gone, which is a shame as it was always pretty good during the week. On the Sunday I visited there was a street market going on, but it did feel like the town had seen better days.

Overall it was great to revisit, and while I didn’t get to the other end of town where I lived in the first year, it was a good trip down S71 Memory Lane.

Let’s keep Krebs writing

In the past eight years that I have been writing about IT security as a day job across four different websites, one figure has loomed large over IT security journalism and that is Brian Krebs.


I’ve been at the same events as him, and seen him in press rooms, on stage but yet to meet him in person. Despite that, his efforts in investigative journalism have changed the face of IT security journalism. Without his work the breaches at Target and Adobe (to name two) would not have been as well publicised, the actions of nefarious individuals would have been revealed to a much lesser extent, and the concept of going the extra mile not have had a benchmark.


News emerged this week that his website came under an unprecedented 620 Gpbs attack, and after his pro bono protection service was no longer able to sustain the attack, his website appears to have gone offline. For me this is one of the worst pieces of news to happen to the industry. Having written for 4 websites as a day job, and contributed to many others, I’d like to think that my work exists online as a way for me to mark my own improvements as a writer, but also to refer back to those stories that dominated my time – Conficker, Stuxnet, Flame, Snowden, ebay breach, LulzSec, Anonymous. The list is pretty endless, and at the centre of it not bowing to what the marketeers wanted him to write was Brian Krebs.


His tweet from last night suggested that he was taking time out, I assume this is temporary as he sets up a new domain and transfers some of that excellent content over. I really want to use this blog to get someone to keep Krebs speaking, investigating and writing – the security industry is the better off for people like him and his work, and to have it removed due to a phenomenal attack is a great shame.


Infosec16 – from my view

Now in my most senior IT journalism position, this week I got to attend my eighth (sheesh, where did the time go?) Infosecurity Europe. Of course because of my current position I was part of the organising team which allowed me to get on site two days before the public hit the floor.


As I’ve said before, this blog is about me and my views and I’m not talking about my day job, but to give some little insights: I now have a new appreciation of the amount of work that goes into producing and staging a content. Having worked with Steve, Adrian, Nik and Jamie at 44CON in the past and partnering with B-Sides London in 2014, I am no stranger to the task, but the “all hands in” effort of the crew that put together was totally admirable.


I’ve known most of the team at Infosec for all of my time in this industry and this year there were several new faces, including in our editorial team, and the buy-in to make a great show paid off with busy floors, a fantastic speaking track and more new vendors than I had the time to talk to. This was also the 21st anniversary of the show, in which it continues to  expand in all ways -in fact people have emailed me after the show to comment on how  much busier the show felt. Sadly this was the first time since 2012 that I didn’t make it to B-Sides London, so I’ll be  on the look out for the official T-shirt at a future conference.


Some highlights? Well I was impressed with Mikko Hypponen’s keynote where he talked about the repeated hacking tactics and “fog of cyber war”, I was honoured to induct Brian Honan into the Infosecurity Europe’s Hall of Fame – essentially a lifetime achievement award with a keynote session and endless press calls for the big Irishman.


I was also delighted to catch up with some vendors I had not spoken to for some time (albeit on the record), including Akamai, Rapid7, Tripwire, Egress, Bromium, Cyber Ark and ThreatConnect. In some stream crossing, some vendors informed me that we had met whilst I was an analyst, leading to me draining my brain for a clear memory of what they do.


The middle day saw the fifth annual European Security Blogger Awards, where again some familiar names were among the winners, but there was some new names represented which is always good for the research and speaker community.


I’ve always been a strong supporter of start-ups as these are the companies without the big marketing and PR budgets, who find it hard to approach someone like a journalist with an idea. After all most start-ups are built by techy types so would not know who to talk to, what to propose as a way of starting a conversation with a journalist, or how not to present it as a sales pitch. I met several companies in their infancy at the Cyber Innovation Zone who are on this path, and a live blog from their pitch fest is available on . As keynote speaker William Hague said, the show floor has so much innovation on display that it’s hard to avoid the bigger booths to get to the companies with the ideas that will shake the industry up. Remember, FireEye founder Ashar Aziz started in a living room with some invested money and an idea.


Ok so Infosec has its critics, but so does Defcon, and so do B-Sides events. The reason we need these shows to happen – be it with a big show floor and professionally organised, or run by a community of volunteers – is to bring people together in one place and get the industry to communicate. If it were not for Infosec I would not have met a lot of people over the years who have gone on to be great contacts, and heck, some of them are still in the same job as they were in 2009.


One thing I didn’t get out of Infosecurity Europe 2016 was a decent swag collection, after a previous blog about needing a new rucksack I had hoped to get one and if they were on offer, I sadly missed out.


For me, this week I also realised that I had done four Infosec’s in four different jobs: 2013 for SC Magazine UK, 2014 for IT Security Guru, 2015 for 451 Research, and 2016 for Infosecurity Magazine. All great experiences, all worthwhile. As for me now, well I’m delighted to be in my job until mid-August to enable me to get to the Vegas conferences and hopefully I’ll have some good news about the future in the coming weeks, but once again – Europe got together to talk security, and Infosecurity week was awesome. Same again next year please.

Borrell was right

An article lit up the internet recently, regarding the music scene of 10 years ago. Now I’ll admit to not being particularly with it in terms of the latest pop-rock combos in fear of being too like Hugh Dennis’ Mart Whitehouse Experience dad dancing, instead fill my ears with music from the likes of Pink Floyd, Wedding Present and Queen at the moment, however this article addresses something confining to plague all forms and genres of music – the term landfill.


In the article, Razorlight frontman Johnny Borrell talked of the concept of landfill music – where a band appears and has a level of success, be it on the charts, stage or radio plays. Borrell was quick to throw some of his own music into the mix, particularly from his band’s average second album. In the mid-2000s we were presented with a bunch of great new bands with terrific debuts – Bloc Party, Hope of the States, Arctic Monkeys, Libertines, Kaiser Chiefs, Futureheads and Razorlight too.


I followed this scene closely, primarily as the music was great, but also to keep ahead of the game and discover the next big artist. What Borrell pointed out though was that the music industry is also doing this, aiming to make an easy pound following the coat tails of other acts.


He said: “I think the second Razorlight album definitely opened the way for a flood of mediocrity in UK music.


“This whole period was kind of important for bands, but it was a fucking revolution for A&R. Back in the day, A&R meant going out to gigs and watching bands, but in this era, it became sitting at your computer trawling Myspace, then Facebook and Youtube, for the freshest, youngest thing going. Bands weren’t allowed to develop on their own before they were swept up in the machine.”


You can see landfill music following every major movement – for The Beatles see Freddie and the Dreamers, for The Clash see The Alarm, for Duran Duran and Spandau Ballet see ABC, for Bros see Brother Beyond, for Nirvana and Pearl Jam see Jesus Lizard and Atom Seed, for Oasis and Blur see Montrose Avenue and Northern Uproar. All RIP, but if it were not for that lead band, the other would not exist.


Borrell listed a bunch of songs he rated as landfill, including The Libertines, The Kooks, The Ordinary Boys and Kings of Leon.


Some of these bands started out with the best intentions; I saw Kings of Leon when they were unfashionably bearded swamp rockers, and The Kooks felt that they could have been the new Mr Big (google them) or even a predecessor to The Feeling, but instead were two hit wonders with the credibility of Peter from Fame Academy.


At the heart of this is the music press, an industry I once beloved and now see being given away for free. About to be given a copy of the NME at Vauxhall station, I’ll save a critique for another blog. It was the NME that reported on The Cribs saying from the Glastonbury Other Stage that “the biggest challenge we face is mediocrity”. Well NME, in your desperation to break and feature the next big band, you featured a hell of a lot of mediocrity.


There was landfill and will continue to be landfill as long as there is money in music. For the record, I bought the first two Razorlight albums, album two was below average but “Up All Night” was a masterpiece.johnny-borrell-e1375178041965

This sort of thing ain’t my bag baby

It’s been with me for a number of years and after an incident at the weekend, I’m sorry to be saying goodbye to something which has served me well. Not a car, device or something else practical – but a bag.

A simple Ogio rucksack that I got some 4-5 years ago from Rackspace. It did contain a cowboy hat and a Texas flag at the time; they exist somewhere in our house.

However this bag has been around the world due to its capability to hold plenty of items, it has been on multiple press trips and holidays to the USA, across Europe, to India and Morocco, been up and down the UK and once carried multiple copies of SC Magazine to Irisscon in Dublin.

My wife did once comment “I’ve heard of Rackspace”, I pointed out that she had seen me wear this bag many times. I had the opportunity to replace it with new rucksacks from RSA Conference, Symantec conferences and the replacement from Varonis, and even at Black Hat Conference who sold the same “model” at its USA conference.

As for the incident, well a bottle of beer broke (the bag fell off the table) in it and due to it being so damn efficient, it didn’t exactly drain out. So I left it in the garden to dry out, and on Monday there was a torrential downpour which it was stuck out in. Did I feel guilty? Yes, although it was due a clean. Could I have saved it? Maybe, but after the amount of travels there has been a lot of wear and tear and it may not survive the washing machine cycle.

No, sadly this practical giveaway has reached its end of life and it’s time to say goodbye.