Notes on data, AI, IT
and security
No marketing fog. The way I think about real problems with founders and managers.
Zoom in a crisis: the security settings managers need to check
In March 2020 Zoom went from a niche tool to company infrastructure overnight. A practical checklist for managers who are not security specialists.
VPN under load: what to check when the whole office went home
A practical guide for managers: how to assess the security and reliability of remote access during a mass shift to remote work.
Data leaks through contractors: how it happens and what to do
A breakdown of the mechanics of data leaks through external contractors, and practical access control measures.
Contractor and vendor access: an underestimated risk point
Third parties with access to your systems are one of the least-controlled security perimeters. How to think about this from a management perspective.
The Capital One breach: the cloud is not to blame, configuration is
In July 2019 Capital One lost data on over 100 million customers. I look at what happened and why the main lesson is not about the cloud - it is about access management.
Cloud security after the first wave of containers: more than just the network
Why the perimeter security model does not work in a container environment - and what actually needs protecting instead.
Attack through a software vendor: when your perimeter starts elsewhere
Why a compromise of third-party software is a threat to your infrastructure, and how to think about managing this risk.
GDPR: nine months in and the first major fine
In January 2019 Google was fined 50 million euros under GDPR. What it means and why having a privacy policy is not the same as actual compliance.
Data breach: what to do in the first 72 hours
A practical breakdown of how companies respond to personal data incidents - and why most of them get it wrong.
GDPR: lessons from the first months of enforcement
What the first weeks of real GDPR enforcement revealed, and how it changes the practical approach to handling personal data.
GDPR: personal data becomes an architecture problem
What GDPR changes in how companies must design their systems, not just what policies to write.
Cambridge Analytica: a data governance lesson beyond platforms
What the Facebook and Cambridge Analytica story means for ordinary companies - not platforms, but those that use data about people in their daily work.