Running Marathons: The Perfect Cybersecurity Analogy

What follows is an analogy that I have been meaning to write for years, but, like all great procrastinators, I let life get in the way.

Be warned however, I have taken significant ‘poetic licence’, and generalised outrageously, so don’t be too upset with the glaring ‘plot’ holes. I have also written this from the perspective of my own experience running, not from a true runner’s perspective. Anyway, I’m still faffing…

Continue reading

We Can All Be Successful…

…as long as WE are the ones who define success for ourselves. Otherwise 99.9% of the world’s population would fall well short.

Seems obvious, right? For example, if you take money as a measure of success, for every billionaire (~2,600 as of 2019) there are nearly 3,000,000 people who are just ‘getting by’. So for the vast majority of us, the chances of being a big success [in monetary terms] are very slim.

The same applies for any other success factor where you are comparing yourself to the world’s best, there is very little room at the top.

Continue reading

On the Convergence of Data Privacy and Data Security – Part 2

In Part 1 of this two-part blog ‘series’, I played the part of a security expert (which I do most days), and examined how privacy is changing the face of the security industry.

In Part 2, I have enlisted the help of a lawyer, data protection and contracts expert, who is basically to blame for me getting into this ‘privacy stuff’ in the first place. She also happens to be my sister; Angela Boswell.

In her learned (and earned!) opinion……………………

Continue reading

On the Convergence of Data Privacy and Data Security – Part 1

If you’re fairly new to this ‘privacy stuff’, you might be wondering why I used the phrase ‘data privacy’, not ‘data protection’. Well, unlike the security industry where we can’t even agree on when to use ‘cybersecurity’, ‘data security’, or ‘information security’, the privacy world has its act together. Hell, security folk can’t even agree on the spelling OF cybersecurity/cyber security!

But for the purposes of this blog, and the Part 2 guest blog to follow, it’s important that you accept my definitions at least, whether you agree with the names or not. It’s the points I’m trying to make that matter, not the nomenclature.

Continue reading

You Want an Honest CV / Resume? Here’s Mine!

I have written several blogs on the poor state of cybersecurity recruiting, all with the hope that they may trigger at least some positive change. Even if that change is only in the very few people who are actually reading this crap.

When I say “poor state”, I of course mean fundamentally, systemically, and damned near fatally broken. It just does not work, not for the employers, not for the candidates, not for the recruiters, and not for the industry as a whole. As much as I have criticised/blamed recruiters, it’s really not their fault as much as we might think.

Recruiters, like any other salesperson, are rarely [if ever] subject matter experts in their chosen industry sector (i.e. they cannot DO the jobs they are trying to fill). The real experts, the ones who can actually do the work, are in turn rarely [if ever] capable of doing what the ‘salesperson’ does (i.e. they have no idea how to sell themselves).

Continue reading