The Demise of Norse

The weekend saw news that no person in information security wanted to read or write – that a vendor had apparently closed down in a similar fashion to which it had arrived in a blaze of glory.


The company in question is San Mateo’s Norse, who according to reports fired its CEO last week. The initial story was published by investigative journalist Brian Krebs, who followed up on suspicions that the company was in trouble with comments from insiders that employees were instructed that they may not be paid anymore.


I first came across Norse in 2014 at the Black Hat conference, where it gave away Viking helmets and had models playing the part of the Nordic warriors. The company threw big parties and giveaways were spotted across Las Vegas, but there seemed to be some confusion on what the company actually did.


Last year I spent six months covering threat intelligence providers for 451 Research and struggled to get any briefing time with Norse; they failed to show to a briefing at the 2015 Black Hat with me and email conversations seemed to be with uninterested people (whereas a missed meeting usually gets a keenness to rearrange).


Between working for 451 and becoming acting editor of Infosecurity, I talked to Norse about writing for its DarkMatters blog, and had half an eye on working for them after my time here at Infosecurity comes to an end. Sadly the people I had been dealing with left the company in the new year, which The Register confirmed.


The company arrived in a blaze of glory, picked up $24.5M in four funding rounds, develop a strong social media profile, and described themselves as “dedicated to delivering live, accurate and unique attack intelligence that helps our customers block attacks, uncover hidden breaches and track threats emerging around the globe”.


It picked up senior security professionals – Mary Landesman arrived from Cisco, Rob Rachwald from FireEye and Brian Contos from Blue Coat. It seems that monetising the data that it collected has apparently been the dilemma. Since Krebs’s blog was published, the attack map and homepages are now offline and there have been pledges on social media to get the staff new jobs.


Those of us with long memories will remember the mistrust and closure of DigiNotar, while the attack on CodeSpaces showed how vulnerable a company can be to attack. So it is a surprise that Norse has apparently been the latest victim of a cult of FUD, and as a result it has apparently seen the end far too prematurely.


As for that Norse hat, I’ll file it alongside the other swag that I collected from now extinct companies. In many of those cases though, the companies were acquired and memories are cherished. The IT security industry may not give Norse such a happy history.


Cyber Security Challenge #6

Since my last full blog, my work life has taken a few turns, and I briefly left the world of journalism and my specialist subject of IT security. In that time journalists were kept busy by big stories such as the data breaches by Ashley Madison and TalkTalk, the ability to remotely hack a Jeep and the return of ransoms in the form of malware or “stand and deliver” style denial of service attacks.

After leaving the awesome IT Security Guru at the end of RSA Conference week (late April to the uninitiated) I joined analyst firm 451 Research.

Those six months have passed and upon leaving there and my return to journalism, I was delighted to attend another masterclass of the Cyber Security Challenge. The sixth winner since the programme began in 2010, 38 year old Peter Clarke won after completing a 48-hour cyber defence battle investigating and averting a simulated cyber attack involving a biological attack on Church House in the grounds of Westminster Abbey.

The final saw 42 (with 41 making it to the final day) combatants compete in the two-day Masterclass final, developed by a team from QinetiQ and supported by experts from Bank of England, GCHQ, National Crime Agency, BT, Cisco, Falanx Group, Roke Manor Research, Simudyne, and CyberCENTS Solutions.


The Challenge was set up to try and remove the major skills shortage in UK cyber security, by getting more people interested in it and aiming to draw contestants from across UK industry. This year’s winner was an engineer for a car manufacturer, and around half of last year’s finalists are already in their first cyber security jobs.

One statistic that I did find interesting was that more than 50 per cent of the final 42 were involved in online gaming. I talked with Jess, the only female finalist who is studying in her final year of an BsC in Computer Gaming Programming at Leicester De Montfort University.

She told me that she first heard of the challenge through a presentation at the university, where a camp was also held with a capture the flag style challenge. I asked her if she was interested in a career in IT security, and she said she was as “it seems fun and people in security are all from industry and they are a lot more laid back”. Take from that what you will, but the next generation see this job as something enjoyable then it has got to be a positive.

Speaking to Bob Nowill, chairman of the Cyber Security Challenge UK, said that it was about making the challenge accessible. One addition was the online gaming experience Cyphinx which was designed as a Second Life-style environment. “Everything is solely online, this year we removed the face to face and used hacking labs and added to the techologies online,” he said.

I also spoke to Matt Anderson, EMEA director at the SANS Institute, who continued its sponsorship of the challenge. He said that as well as providing prizes, it is working with the challenge to bring unspotted talent through its own cyber academy.

What I’ve always admired about the Cyber Security Challenge is its willingness to talk to those who are not in the sector at a level that they understand. It isn’t about the gender balance and ensuring that the final year of university students win so that they are given jobs at GCHQ, it’s about presenting IT security as a career in a positive light.

As I said, there have now been six winners of the challenge and I’m fortunate to have met and interviewed several of them. This year’s winner said he only entered the Cyber Challenge eight or nine weeks ago without many qualifications, so to be the winner “is unbelievable”.

He said: “I’ve had an interest in cyber for several years now and keep a breadth of the current trends and tools in the industry, but this is the first step towards a future career in the area. I really want this to become my profession and the Cyber Security Challenge has given me a catapult into the industry that you can’t find anywhere else.”

All good news, and Nowill encouraged any individual to have a go at some of the games on the play-on-demand gaming platform.

Registration is already open for next year’s programme and a host of competitions are available to play now. Using the play-on-demand system which allows access to games any time, you could sign up and take part in just a matter of clicks.

I want my NME

News appeared today the mighty New Musical Express (NME) is to move to a free distribution model in order to boost flagging sales.

According to the BBC, this will boost the readership from a weekly circulation of 15,000 to around 300,000. Of course the move is not without precedent, as Time Out did a similar move a couple of years ago with free distribution on Tuesdays across the capital.

Now the 63 year old music paper, which I read every week from the mid 1990s to the mid 2000s should survive the inevitable collapse of print media that has seen national newspapers and magazines find different ways to diversify and generate a revenue.

In my view this is a great move for the NME. The days of it breaking news on its pages are over as people (including me) go to its website for breaking news, and Twitter and Facebook are there for tour dates and for bands to have a direct communication with fans.

What NME still offers is the interviews and profiles of the new bands that forms its central editorial, while its live and album reviews are what its journalists do best. I had some experience of the atmosphere having spent a week on work experience there in 1998 (biggest bands of the week were Embrace, Unbelievable Truth and Ultrasound, I had the pleasure of meeting some established journalists and rewriting faxed articles).

I really hope this enables the NME to survive as in the USA there is Rolling Stone and while in the UK we have lost Smash Hits, this is one musical institution which I hope will carry on.


Hop to the ground Victoria

Today I’ve added a new link to the blog my wife Victoria (or Vicky as some of you know her) has started about her (and hopefully I will be there too) travels to various football matches both in and out of London. Last season we were delighted to attend matches at Clapton FC, Waltham Abbey FC and Haringey Borough, while I made my first visits to Kings Meadow to see both AFC Wimbledon and Kingstonian, but there is so much to see in this city.


I’d recommend a regular for her blogs on where she has been, hopefully it will inspire you into doing some non-league groundhopping yourself

RSA Conference 2015

At the time of writing I am in one of my favourite bars (Jack’s Cannery in San Francisco) looking back on another successful RSA Conference. How can I deem that it is successful? Well I got here, met old friends and made new ones, saw some great talks and got what I hope is some pretty good content for the day job website.

Of course the biggest news of the week regards the day job, with me announcing that I’ll be departing Eskenzi PR from my job as editor of IT Security Guru which has been fantastic, and I have never regretted turning down positions at more established titles to take back in summer 2013, to shift to 451 Research where I will be working from mid May.

I have had plenty of opportunities to announce this and it was hard to keep quiet, but the response has been fantastic. I’ve also had 3 common questions, mostly when do I leave/start, and what will I be covering? The answers in order: Friday 23rd April, Monday 18th May and “I don’t know yet”.

Little to say about the upcoming job apart from the team seem fantastic and I got a great welcome at an event in San Francisco this week. For the old job, I wouldn’t have left apart from for the right position and I’m leaving a fantastic team who I hope will remain friends.

I’ve done security journalism for close to seven years now and while I am not bored of it, the prospect of a change was great. In my time I’ve met plenty of great people and been fortunate to cover some great stories and research. I won’t hear anything about journalism being a dying profession, that is for another blog, but in the hands of the likes of Brian Krebs, Tom Fox-Brewster, Dan Goodin, John Leyden and Darren Pauli, security journalism is in a very good state.

As I started off by saying, this all took place during RSA Conference, the global gathering of security’s finest minds at the Moscone Center. This was my third visit to the conference, the previous two falling in my previous guise at SC Magazine in 2011 and 2013. To bring IT Security Guru here was a pleasure, I did submit talks to both RSA and its counterpart BSides SF, but with so many fantastic minds in town I am not surprised to have failed to make the cut.

The week started well with a comfy flight in via Calgary and a decent and cheap hotel. I’ll pass over the fact that my phone ceased to work and I was forced to buy a Mini SIM adaptor to use my 2009 era iPhone as my device of choice. In fact I’m writing this blog on it!

BSides was good fun with some good people, free bagels and plentiful coffee – by failing to buy a ticket in time I was advised to turn up at 8am and see if I could get in. No such problems with the jet lag and I got a good portion of the day in, and met with my new team in the evening before heading to the annual cocktail fest of TongaCON at the Fairmont.

RSA, for those who have not been, is a global gathering of IT security minds and since I last came, has switched its opening keynote speaker, branched its expo hall into two halls, and put its speaking and press rooms into new places. I’m not going to complain, everything was easy to navigate and kudos to the organisers and press team for an excellent job well done.

The coverage is likely across the Internet, and I hope I was at the best sessions (about 15 go on at any one time) so it takes some prior judgement to make sure you’re at the best ones.

RSA is also known for its social gatherings and I attended what I could with busy days and early starts, and I’ll pass the best party of the week to the bug gathering under the highway organised by Alert Logic, Barracuda Networks and Bugcrowd.

With my employment coming to an end officially on Friday morning, I’ll spend my last few hours writing the final interviews up, and pass control of IT Security Guru back to the team. Treat it well, a lot of hours have gone into making this great.

Across and over the line

This could be my most right-on post yet, and what I’m about to say may not be particularly original but there is a large part of society which will agree with me.

The trolling of Sue Perkins on Twitter over her link to the vacant host position on Top Gear is not only disgraceful, but it shows a poor representation of the show’s viewers. I can recall when Top Gear was a motoring programme produced by the BBC to fill a niche for enthusiasts. In the past ten years it’s brand changed to be about its presenters and their antics. The cars should have been annoyed, apart from a review of a new model that was tested by The Stig, most of the show was essentially Lad TV that anyone could enjoy.

Was it bad? No it was funny and it attracted a great calibre of guests and kept the cynical views of the hosts at its heart. Jeremy Clarkson was a great host as it goes, he followed the Jeremy Paxman model of doing what he thought was right and persisting until he was told otherwise (maybe that is what caused the downward spiral?) and kept together a show that developed a strong identity of 40 something men in denim enjoying themselves.

His departure and potential replacement has caused plenty of discussion and as I said at the top, bad headlines causing the comedian, writer and host to suspend her social networking activities due to death threats.

There is so much wrong with this it could take another 500 words to complete, but I suspect I am not alone in thinking that Sue Perkins and James May would be an excellent pairing for the next version of Top Gear. If it ends up being Chris Evans or Dermot O’Leary then it will show a lack of ambition at the BBC as they are doing a like for like replacement for Clarkson.

What the opportunity here presents is for a new direction, perhaps even back to the essence of motoring journalism. James May has proved himself to be an excellent pundit in his guise as “Captain Slow”, but I’d rather watch him than Bear Grylls talk about piston wear as I know he will know what he is talking about.

As for the host, a wise cracking, no shit taking female would be perfect, and as Suzy Perry has proved on the BBC’s coverage of F1 and Jacqui Oatley will hopefully demonstrate as ITV’s new football anchor, the right person in the right job can be a winning combination.

Time will tell if Sue Perkins is right for Top Gear, although I now fear that she will turn the opportunity down because of the death threats, and it will be up to the BBC to prove the haters wrong.

Let’s reclaim the originals

I think it is time that we seized back those works of art that are criminally butchered by the modern generation. I’m not talking films, I am talking songs. Mark Ronson is to blame – taking decent songs and covering them into bland, lounge level music.

I know Charlie Brooker offered some agreeable points on the Christmas songs turned into breathy advertising backing tracks for high street retailers, see the once sex-war-religion trilogy of Frankie Goes to Hollywood turned into a mush, but instead I am going to try and reclaim something I believe to be perfect. The Smiths song “Stop me if you think you’ve heard this one before” didn’t appear on the best of I bought in the 1990s, and doesn’t appear on their finest work “The Queen is Dead”, but it remains a terrific tune.

Mark Ronson turned it into…something boring. Here’s the one you should be listening to –