Following audience responses to Pod 107 with Jason Blake, Secarma Jen Williams has circled back to do a deeper dive into the PSTI legislation and IoT devices. With the legislation going live at the end of April, any manufacturers that have not yet found a successful route to show compliance should listen to this podcast which goes into finer detail with Jason Blake. As IASME's IOT scheme manager, Jason shares a selection of ways to navigate the legislation and he and Jen discuss the ways to appr...
Apr 22, 2024•26 min
Secarma Head of Testing, Simon Chapman, takes over the hosting duties as the Hacked Off podcast returns. Episode 107 focuses on IoT and the new regulations that are forcing manufacturers to place security at the heart of their devices. Simon interviews Jason Blake, IOT scheme manager at IASME and Jen Williams who heads up consultancy services at Secarma. Jason talks us through the diverse world of IoT devices, from smart letter boxes to B2B moisture content monitors for farmers and explains why ...
Feb 06, 2024•24 min
In this episode of Hacked Off, Holly interviews Simon McNamee - Secure Impact's Security Technology Lead. This week, they discuss what issues security experts often encounter when working with businesses; both those with a high level of security maturity, as well as those just starting off on that journey. Holly and Simon offer some sage advice to organisations about getting the most out of their security services - it all starts with understanding the difference between these services and recog...
Oct 29, 2021•43 min
For some organisations, using Security Operation Centre services is a great way to minimise the impact of a possible cyberattack. Moving quickly and effectively, SOCs can detect, analyse and respond to breaches if an organisation doesn’t have the resources to do so themselves. In this episode we spoke to Rob Demain – founder and CEO at e2e-assure – about the role of SOCs, today’s diverse threat landscape, and the importance of research and development when working in cybersecurity. 02:00 Why SOC...
Oct 15, 2021•42 min
In the cybersecurity world, the digital forensics dept acts as the Crime Scene Investigation team for a business that has fallen foul of a cyber-criminal. DFI techniques are used to investigate and rectify the problems caused by the hack, and/or bring the perpetrator to justice. Similarly to traditional forensics, cyber incident response teams can find data to use as evidence in the investigation. In this episode, we talk to David Barr – Principle CIRT Consultant at Secure Impact – about the day...
Sep 24, 2021•31 min
Valuing your SME as ‘too small to get hacked’ can leave you complacent and open to attacks, with little to no defences in place. For those who find cybersecurity daunting, there are organisations out there, ready to help. In this episode, we talk to Declan Doyle – head of Ethical Hacking at the Scottish Business Resilience Centre – about cyber resilience, misconceptions around who can get hacked, and understanding clients to best help them stay secure. 00:26 What is the SBRC? 01:35 Resilience 02...
Aug 20, 2021•31 min
The medium of cyber-attacks is code, but the mastermind that drives them is always human intelligence. Systems are created by people, and automated tech still can't understand every nuance that humans embed into them. In this episode, we talk to Nick Blundell – head of R&D at AppCheck – about the pros and cons of vulnerability scanning, how hackers can enter weak systems and the need for a blended approach. 00:50 Will automation take over? 04:25 Scanning or Pentesting: the pros and cons 17:30 Is...
Aug 16, 2021•1 hr 5 min
In a time of record unemployment due to the pandemic, it’s strange that cybersecurity job openings receive so little applicants and take 20% longer to fill than typical IT roles. Is there a cyber skills shortage, or are we simply looking in the wrong places? In this episode, we talk to Greg van der Gaast – CISO at Scoutbee GMBH and author of Rethinking InfoSec – about how we can rethink the cyber hiring process and role requirements, in order to find many more suitable candidates. We also touch ...
Aug 06, 2021•32 min
To celebrate Hacked Off's 100th episode, we spoke with Jai Aenugu – founder of TechForce Cyber - a highly regarded cybersecurity resilience organisation with offices in both Edinburgh and Aberdeen. This week’s podcast features conversation around what sets Scotland apart in terms of cybersecurity, doing one thing and doing it really well, plus security essentials for SMEs, and an overview of the NotPetya and Kaseya cyber-attacks. 0:49 Cybersecurity in Scotland 4:45 Why found an InfoSec business?...
Jul 26, 2021•46 min
Workplace security training can be hit or miss; to keep your business safe, your awareness training needs to be memorable, but a conventional annual security presentation on passwords and phishing scams can be tedious and forgettable. In this episode, we talk to Ian Murphy – founder and content creator at CyberOff, and co-founder of LMNTRIX – about how we can utilise engaging, out-of-the-box content to revamp security training and get the general population excited about security practices. 00:5...
Jul 16, 2021•45 min
Security awareness training is a common requirement in most businesses, but oftentimes it can be difficult to effectively teach employees how to recognise and respond to security risks. In this episode, we speak with Javvad Malik – Security Awareness Advocate at KnowBe4, co-founder of Security B-Sides London and cybersecurity blogger – about the variety of risks out there, the challenges of security awareness training, and how best to promote it. 00:28 What is a Security Awareness Advocate? 02:4...
Jul 12, 2021•46 min
Studies in recent years have revealed how little diversity there is within the cybersecurity industry, with women making up only 8% of the cyber workforce in the UK. In this episode, we speak with Dr Andrea Cullen and Lorna Armitage – co-founders of cyber training organisation CAPSLOCK – about the difficulties of getting into cyber, the need for accessibility and inclusivity in the industry, and recruitment advice for organisations and those wanting to get hired. 02:52 Obstacles for those wantin...
Jul 05, 2021•44 min
Over the past year and a half, the event industry have had to adapt like never before, and this led to many events going online via webinars, digital roundtables, and large-scale virtual conferences. In this episode, we interviewed Natasha Taylor - Senior Conference Producer at DTX - about what makes a successful cybersecurity event, networking from home, and what the future of tech conferences could look like. 0.40 Preparation is everything 4:36 What makes a good panel or presentation? 8:50 It'...
Jun 25, 2021•45 min
This week, Holly is joined by Clean.io's Kathleen Booth to talk about how the very methods that marketing teams use to bring in customers may also attract the unwanted attention of cyber-criminals. Whether it's third party plug-ins, digital ads, or even a stray tweet - hackers can corrupt your marketing department's efforts and attack your organisation. Thankfully, there are ways to balance robust business security without cutting your marketing team off at the knees. Listen to this week's inter...
Jun 18, 2021•42 min
This week, Holly speaks with Patricia Keating, founder of Tech Manchester - a start-up hub designed to upskill Manchester-based entrepreneurs, nurture their ideas, and connect them with investors. They discuss cybersecurity for start-ups, the tech business landscape in Manchester, and how virtual conferencing allows you to be in two places at once. 1:20 Working with start-ups 3:55 Is London the only tech hub? 5:30 Common misconceptions 7:55 Mentoring tech business founders 12:00 What does "faili...
Jun 07, 2021•36 min
This week, Holly delves deeper into the topic of security higher education and training with Dr Dan Prince - Senior Lecturer in Security and Protection Science at Lancaster University's School of Computing and Communications. Together, they discuss the challenges that the mentors of today have when teaching the security experts of tomorrow, how to prepare students for threats that may not exist, and how thinking differently may be the key to keeping one step ahead of threat actors. 1:00 Preparin...
May 28, 2021•43 min
Recently, the University of Salford announced their partnership with Tanium, to help the education institution improve their security against an increase of attacks. Universities have been high up on the target list for threat actors over the course of the pandemic, and these nefarious parties aren't slowing down anytime soon. In this episode, Holly interviews Mark Wantling - the University of Salford's CISO, as well as Chris Vaughan of Tanium to understand more about their partnership and trade...
May 21, 2021•1 hr 1 min
Although our specialty is penetration testing, there's a wide variety of interesting roles available within the security industry. In this episode, Holly sits down with Evan Jones of Complete Cyber, to explore the ins and outs of security architecture. Over the course of the conversation, they discuss the skills necessary to become a security architect, the benefits of using a pen and paper to map out possible threats, and Evan also explains how solution architecture is a lot like a Rubik's cube...
May 17, 2021•51 min
In last week's episode we talked about how security professionals can leverage their skills to get into cyber, but how do you obtain those skills in the first place? Enter Jonathan Slater, co-founder of CapsLock and our guest for today. In this episode, we discuss his journey from nuclear, to recruitment, to co-founding a disruptive education model that's designed to help everyone from bus drivers to web developers gain a qualification - and most importantly, employment - in cybersecurity. We al...
Apr 30, 2021•50 min
In this episode, Holly interviews Jay Jay Davey - SOC Analyst at CyberClan and founder of NoxCyber - a one stop page of career advice for aspiring cyber security professionals, with resources to help you get into the industry. We spoke with him about the different routes into cyber, as well as what to do once you're in. Listen to this episode for career advice, CV tips, and why explaining what networks are to your parents could lead you being a CEO's shoulder to cry on one day. 1:05 About NoxCyb...
Apr 23, 2021•43 min
In this episode, Holly sits down with Shauni - our Marketing Manager - to discuss how she promotes technical services to a non-technical audience. Marketers in the security industry have a pretty big task on their hands; as technical people - cybersecurity is our passion (hence last week's 55 minute rant about security policies), but how do you create content that appeals to CEOs and other non-technical decision makers? Over the course of the conversation, we discuss Shauni's journey from fashio...
Apr 16, 2021•32 min
In this episode, Holly and Michael have an in-depth discussion - okay, maybe it's a little bit of a rant - about security policies. Many organisations' cybersecurity policies are rarely given the attention they deserve, despite them being such an important part of protecting your business. Over the course of this conversation, Holly and Michael take a look at policy building and reviewing, common mistakes that organisations tend to make, and why you should be worried if no one on your team has a...
Apr 09, 2021•56 min
In this episode, Holly and Thomas discuss the MITRE ATT&CK framework and the multi-layered security strategies that organisations need to defend against threat actors. 0:58 What is the MITRE ATT&CK framework? 9:50 A real-world breach progresses in layers 11:50 Using MITRE ATT&CK 15:08 Communication is key 16:50 Vulnerability scan, penetration test, or red team? Yes. 30:23 How to get started Listening time: 34 minutes Host: Holly Grace Williams, MD at Secarma Guest: Thomas Ballin, Testing Team Le...
Mar 26, 2021•34 min
What are the benefits of gaining skills that are a little more broad to the niche that you do? In this episode, we have a discussion around certifications, training, and upskilling. We also provide a brief overview of our penetration testing training courses, which are a great resource for businesses that are looking to upskill their security and IT teams, as well as for tech savvy individuals that want to break into pentesting. 0:50 Holly's own experience with recent exams 4:45 Reasons to upski...
Mar 19, 2021•17 min
The Hacked Off podcast is back! In this episode, we sit down with Sarah and Sian from the NCSC's CyberFirst initiative to talk about the CyberFirst Girls competition. The National Cyber Security Centre is committed to developing the UK's next generation of IT professionals and has a number of fantastic initiatives designed to introduce 11 – 17 year olds to the fast-paced world of cybersecurity. Because we need the broadest mix of minds to tackle the security threats of tomorrow, and the NCSC’s C...
Mar 12, 2021•37 min
It's the last podcast of the year, so Holly is revisiting some of our key guest interviews from 2020. We also couldn't do a 'A Year in Review' without discussing the impact of the pandemic on business security, and how now is the time to revisit your change management and risk register. Key points: 0'34 Our new training course 4'00 Lockdown and change management 6'49 Time to review the risk register 8'14 Security Awareness Training 10'52 What kind of attacks do we need to worry about? 15'58 Turn...
Nov 26, 2020•22 min
Generally when you think of eCommerce attacks you probably think of theft of personal information and payment cards, when in fact there are many ways a hacker could attack your online store. Holly Grace discusses the most common threats to eCommerce businesses, and a few you may not have considered before! Key points: 0'47 CIA - Confidentiality, Integrity and Availability 1'38 Denial of Service Attacks 6'43 How to protect your business from Denial of Service Attacks 8'08 Compromising user/admini...
Nov 19, 2020•18 min
Application Program Interfaces have increasingly become a target for hackers. With 6 of the OWASP Top 10 vulnerabilities being API related, it is no surprise that OWASP released their first list of API Security Top 10, last year. For those wanting to better understand the process of API penetration testing, Holly Grace takes you through the process, from scoping the job to which vulnerabilities to look out for. 0'16 What is an API? 2'11 Scoping an API test 4'11 Making API testing more efficient ...
Nov 12, 2020•12 min
Is your online store ready for Black Friday and Christmas shopping? Have you considered how automated bots, fake reviews, plugins and a data breach could wreak havoc over the busiest shopping period of the year? This podcast is a perfect starting point for eCommerce businesses wanting to secure their business ahead of the mad rush! 0'52 Preventing the use of automated bots and buying scripts. 3'33 How to avoid fake reviews 5'45 What we can learn from The British Airways data breach 10'09 Using S...
Nov 05, 2020•14 min
This month there has been a lot going on in the world of cybersecurity. With major IT firm Sopra Steria getting hit by a cyberattack, Apple paying out over $250,000 to a team of bug hunters for finding 55 vulnerabilities in Apple systems, as well as the USA indicting 6 Russian Intelligence Officers for a range of attacks such as attacks against the Ukrainian Power Grid and the 2017 NotPetya attack. Key Points: 0'20m Google Project Zero, Zero Days and Chrome Vulns 3'14m Fifty-five Apple Bugs and ...
Oct 29, 2020•14 min
