Notes on data, AI, IT
and security

Security . April 25, 2022

The Okta breach: what it means when an identity provider is compromised

In March 2022 Okta confirmed a breach. A look at the lesson a director should take from this, not just a security specialist.

Read

Security . January 24, 2022

Log4Shell: the management lessons from the incident

Breaking down the Log4Shell vulnerability as a management lesson - about hidden dependencies, response speed, and invisible risk.

Read

Security . December 17, 2021

Log4Shell: if you do not know your dependencies, you do not know your attack surface

The Log4Shell vulnerability showed that most companies have no idea which libraries are running inside their systems.

Read

Security . November 25, 2021

Zero trust: what it actually means and when it is worth the investment

Zero trust has become one of the biggest buzzwords in security. I break down what is behind it and who it is actually relevant for.

Read

Security . August 26, 2021

Colonial Pipeline: when a cyberattack stops physical infrastructure

The May 2021 Colonial Pipeline attack showed that the boundary between IT security and operational security has disappeared.

Read

Security . May 10, 2021

Colonial Pipeline: when cybersecurity becomes physical resilience

A breakdown of the Colonial Pipeline attack for managers: why the incident changes the security conversation for companies with physical infrastructure.

Read

Security . March 15, 2021

Hafnium and Exchange: the patch that waited too long

The March 2021 Microsoft Exchange mass exploitation showed that patch management is not a technical task - it is an organisational one.

Read

Security . February 22, 2021

SolarWinds: a supply chain attack explained for managers

What happened with SolarWinds, and why this incident changes the security conversation for companies that do not think of themselves as targets.

Read

Security . December 18, 2020

SolarWinds: supply chain risk now belongs in the risk model

The SolarWinds attack in December 2020 showed that trusted software can be an attack vector. What this means for how companies must think about their software suppliers.

Read

Security . November 12, 2020

Ransomware hits hospitals in a pandemic: a lesson for every security leader

In autumn 2020, several European hospitals were hit by ransomware attacks during the second wave of COVID-19. What this pattern tells us about operational risk.

Read

Security . September 10, 2020

Nine months of remote work: how the attack surface changed

By autumn 2020, companies that shifted to remote work in the spring had accumulated new security risks - often without realising it. What changed and what to look at now.

Read

Security . May 7, 2020

COVID phishing: how the threat landscape shifted in two months

A briefing for managers: how attackers are exploiting the pandemic and remote work, and what to do without panic.

Read