Just 27% of businesses in the UK reported that staff had attended internal or external training on cybersecurity in the last 12 months* and more often than not, what is being taught is either incomplete or no longer relevant. This talk, which our Technical Director Holly Grace Williams presented at InfoSecurity Europe, discusses the miseducation of cybersecurity aspects such as physical security, phishing and malicious websites and why trying to oversimplify security is a part of the problem. Ke...
Jun 06, 2019•36 min
In 2017 Equifax, one of the largest credit agencies in the world, became the victim of a major breach resulting in over 150 million records being stolen. In this podcast we speak to Graeme Payne, the CIO of Equifax during their breach about the lessons learnt and his personal experience. 0’48 Graeme Payne, guest introduction 3’48 The timeline of the Equifax breach 6’47 How incident planning can help businesses be better prepared for a breach 10’13 Announcing a breach – The lessons learnt from di...
May 30, 2019•43 min
Looking to take the first steps to ensuring your business is secure but not sure where to start? Holly Grace takes a fresh look at some basic, fundamental security steps that every business should be adopting. Highlights include: 0’53 Software updates 2’08 Passwords 4’06 Network Segmentation 5’40 Manage out of band 6’26 If you don’t need it, disable it! 8’58 Pre-shared keys 10’09 Network access control 11’15 Credential stuffing 12’50 Restrict user input 15’01 Trust but verify! Download on iTunes...
May 23, 2019•19 min
We’ve previously discussed the difference between Penetration Testing and Red Teaming, so in this episode we delve a little deeper into the different stages of PenTesting. For organisations who are considering this security assessment, it’s is an excellent starting point to better understand the process. The discussion includes: 2’00 What is a Penetration Test? 3’02 How is it performed? 5’03 An example of a vulnerability: SQL Injection 6’52 What kind of vulnerabilities do we look for? The OWASP ...
May 16, 2019•15 min
The ‘Internet of Things’ is evolving fast and more and more companies are seeing the value it can bring by increasing business productivity and efficiency. However, adding IOT devices to a company can increase security vulnerabilities in a way that businesses might not have considered. We take a look at hardware hacking as an aspect of penetration testing and how IoT can affect an organisation's security. Key points discussed include: 0’28 Hardware hacking as an aspect of penetration testing 2’3...
May 09, 2019•11 min
Cloud computing offers many benefits, such as scalability and elasticity; but with new technologies and terminologies some companies worry about the security implications. In this week's episode Holly Grace gives us an intro to Cloud Security Testing perspectives. Here's what she covers: 0’52 Perspectives when looking at Cloud hosted systems 3’15 Where are things the same? 4’41 Where do we start in terms of Cloud security? 6’10 What should we have tested? 6’38 When Cloud has gone wrong! NCSC Clo...
May 02, 2019•10 min
In 2018 it was reported that there had been a 36% increase in total bug bounty payouts*, but does this mean this kind of security testing is best for your business? We take a look at the pros and cons of bug bounty programs and how it compares to penetration testing. Key points include: 1’13 A brief definition of penetration testing and bug bounties 1’53 How the costing works 3’05 The difference between a penetration test and a bug bounty 6’46 The difficulty with reporting bug bounties 7’42 The ...
Apr 25, 2019•17 min
Security risks aren’t always found through vulnerability scanning and hacking. Holly Grace talks us through how physical access testing and social engineering can be used to demonstrate security risks in a target organisation. This introduction to social engineering talks about how these assessments are performed and their benefits, through some funny on-the-job stories. 1’43 What is social engineering? 3’25 Three common Phishing attacks 7’00 Training staff to recognise the signs of a social eng...
Apr 18, 2019•32 min
We’re often asked about the career pathway to becoming an ethical hacker, or penetration tester. So, we thought it would be best to let a current penetration tester share her thoughts on working in the industry. Whether you’re interested in penetration testing, computer science or security in general, Holly Grace's intro to becoming a penetration tester is packed full of tips you can use when getting started in cybersecurity. 1’00 What is a penetration tester? 1’35 What makes a good candidate? 4...
Apr 11, 2019•11 min
You’ve probably heard of the term ‘penetration testing’ and ‘red teaming’, but are you clear about what they really mean? Our Principal Security Consultant, Holly Grace Williams talks us through the difference between these two security tests, elaborating why you’d choose them, how they work and the benefits of each one. 1’44 What is penetration testing? 3’55 What is a Red Team engagement? 7’42 Summary Download on iTunes: apple.co/2li61Ek Listening time: 9 minutes For more information, follow us...
Apr 04, 2019•9 min
When it comes to software security, prevention is always better than cure. Design flaws can open the door to breaches from the outset and result in millions of pounds worth of losses. It’s vital to have security principles running through the whole software development lifecycle. To discuss this in more detail we spoke to Adrian Thompson, a Consultant Software Engineer and Chair of the British Computer Society (Preston Branch), about the importance of security in software development. He tells t...
Mar 28, 2019•36 min
In 2016 financial fraud losses totalled £768.8 million*. With the ever-growing risk of cybercrime, what can we do as individuals and as a business to reduce the risk to ourselves and others? Jennie Williams, Cyber Protect Officer for the North West Regional Organised Crime Unit (NWROCU) talks to us about how making small changes and taking simple steps towards cybersecurity can make all the difference. Key points include: 3’00 – Joining the high-tech crime unit 11’22 – What to do with your devic...
Mar 21, 2019•42 min
Some say education is the most powerful weapon which you can use to change the world, so we brought together two of the most influential educators in cybersecurity. Manchester University’s Academic Cybersecurity Lead and overall cyber enthusiast, Dr Daniel Gideon Dresner, BSc (Hons), FInstISP and our very own Head of Education at Secarma, Paul Mason to discuss all things cyber. From Danny’s first memories of ‘computers’, to finding his first job, learning technical skills, developing frameworks ...
Mar 14, 2019•48 min
The risk of a cybersecurity attack on the UK’s critical infrastructure, like the one that hit Ukraine’s energy grid in 2015 and 2016, is growing. With the threat landscape constantly evolving it’s vital for public sector organisations to adopt a robust approach to defending key targets from cyber-attacks. In this episode Paul speaks with Stephen Jewell, Director of UKFast Public Sector, which has worked with Government departments and private industry partners, for more than 18 years. Some of th...
Dec 20, 2018•33 min
Becoming an Ethical Hacker The cybersecurity industry is working hard to close the skills gap. But, with increasing advancements in technology and a continuously rising number of attacks, the gap is widening. It’s predicted that, by 2022, there will be a shortage of 1.8 million workers in the information security sector. Paul is joined by Gordon, a senior consultant at Secarma, to discuss his path into cybersecurity. Warning – he doesn’t take a direct route! If you're short on time here are some...
Dec 06, 2018•40 min
Today, women make up 20% of the global cybersecurity workforce. That figure has increased from 11% in 2013, but the numbers are still desperately low. So, why does cybersecurity have such a gender problem? To discuss the issue of diversity in cyber and how to encourage more women into the industry, Paul is joined by Noha Amin, Information Security Awareness Manager at TalkTalk. The key points: 3’00 The main problems with communicating cybersecurity issues with non-technical staff. 12’20 The chal...
Nov 22, 2018•26 min
Cyber criminals are constantly looking to exploit the weakest link in your chain. Using social engineering, they’re targeting employees, looking to abuse their trust and willingness to help, in order to gain access to sensitive information. Paul Mason is joined by Edward Whittingham, founder of the British Fraud Prevention Partnership (BFPP), to understand how companies can best get to grips with the security risk posed by their staff. Some of the key points of discussion are: 1’48 – The obstacl...
Nov 01, 2018•37 min
When it comes to cybersecurity, can you believe everything you read in the news? In the opening episode of Hacked Off, Paul Mason and David Quinn dissect the recent Superdrug breach. They explore how the breach was reported by the media and delve a little deeper to uncover the real takeaway lessons that need to be learned. The discussion then moves on to the issue of password security. What makes a strong password? How can people effectively manage their passwords? There’s even the discussion of...
Oct 15, 2018•25 min
