Security Considerations for MACH (Microservices, API-First, Cloud-Native, Headless) Architectures We are always pushing the boundaries of digital innovation to remain competitive in a tough economic climate, the demand for flexible, scalable, and secure architectures has never been more pressing to keep pace with business change. One such architecture that has gained significant traction in recent years that helps organizations to move fast is the MACH (Microservices, API-First, Cloud-Native, Headless) approach. I have seen small elements of this in large organizations with legacy systems built over decades, but it was only when I worked with a client to build out a complete bank infrastructure in the cloud did I see it’s true power to move fast and adapt to competition and new technologies rapidly becoming available. [Read More . . .]

In search of a Secure Mobile Phone As an iPhone user myself, I’ve had my fair share of frustrations with Apple’s approach to security and data protection. When it launched, I embarked on a journey to try to implement Advanced Data Protection in iOS, a journey that took over a year working with Apple support which resulted in having to create a whole new iCloud account and “delete” the data from the other account. [Read More . . .]

Designing zero trust architectures for clients who have thousands of IoT devices connected to the network, from monitoring warehouse capacity, automated movement of stock throughout the warehouse down to monitoring retail store merchandise and how customer interact with the store. Internet of Things (IoT) devices have become ubiquitous. However, their proliferation brings unique security challenges that traditional controls often struggle to address effectively.

Microsegmentation has emerged as a critical technique for enhancing security by isolating workloads and reducing the attack surface. Unlike traditional network segmentation methods, which focus on broad divisions based on subnets or VLANs, microsegmentation allows for granular control at the individual workload level.

With all the technology focus on AI you would be forgiven for forgetting about the next frontier in computing, quantumn computing which is developing leaps and bounds. Quantum computing, once a theoretical concept, is rapidly advancing towards practical application. The technology promises to redefine cryptographic protocols and security architecture fundamentally. Understanding quantum computing’s implications for cybersecurity is crucial as we prepare for this next frontier.

Blockchain technology has completly changed the world of digital currencies, but its potential extends far beyond just cryptocurrencies. Its decentralized and immutable nature makes it an attractive solution for securing various applications in industries such as supply chain management and identity verification.

Serverless architectures, with their promise of auto-scaling, cost efficiency, and reduced operational overhead, have rapidly gained traction in the cloud computing landscape. However, this paradigm shift also introduces new security challenges that necessitate a reevaluation of traditional security models.

Data privacy has become a cornerstone issue in cyber security in producing large data sets to train large language models. As machine learning (ML) and artificial intelligence (AI) models increasingly drive critical business decisions, ensuring that these models respect user privacy is paramount. But, what is the best way to do this? Enter federated learning, a groundbreaking approach to training ML models without exchanging or centralizing data. This methodology holds promise for preserving data privacy while still allowing organizations to leverage the power of AI.

AI and LLMs are transformative, and continue to enrich and permeate our digital lives, the importance of planning incident response and detection specific to these platforms for security teams cannot be overstated. Speaking to my network of security professionals, the prospect of malicious actors exploiting vulnerabilities in production AI systems sends a shiver down even the most seasoned of security professional’s spines. It was from these conversations I decided to venture into the nuances of detecting incidents around AI platforms, providing guidance on what to look for and how to respond, this isn’t using AI in incident response, but responding to incidents with AI (LLMs), the former is a topic for a future blog, maybe. [Read More . . .]

In my last post, I detailed the importance of securing the model development pipeline, highlighting the unique challenges posed by the complex nature of AI development. Today, we delve into another crucial aspect of AI security that isn’t in the OWASP Top 10 for Large Language Models but I feel is important to understand, inexplicitability, a factor that can compromise the integrity and reliability of AI models. inexplicitability : Noun. [Read More . . .]

In my previous blog post, I wrote about the risks of Model Inversion Attacks and ways to mitigate them. In today’s post, I will focus on another aspect of AI security: securing the model development pipeline. The model development pipeline is a series of processes that transforms raw data into a trained machine learning model. This pipeline typically includes several stages, such as data collection, preprocessing, feature engineering, model selection, training, validation, and deployment. [Read More . . .]

Last time I discussed Training Data Poisoning, a threat to AI systems that involves manipulating the training data used by Language Learning Models (LLMs). Today’s blog post I will explore another significant risk which can expose sensitive data, Model Inversion Attacks. This attack method focuses on exploiting the information contained within LLMs themselves to infer sensitive data about individual users or entire datasets. Model inversion attacks rely on a simple premise, since an LLM has been trained on specific data, it should be possible to extract information from the model that could reveal details about the underlying dataset. [Read More . . .]

In my previous post, I wrote about Prompt Injection, a manipulation technique that exploits the way LLMs process user-provided inputs. In this post, we’ll delve into another critical threat: Training Data Poisoning. What is Training Data Poisoning? Training Data Poisoning refers to the act of intentionally manipulating the training data used by LLMs to influence their behavior and output. This can be done by introducing misleading, biased, or malicious information into the training dataset. [Read More . . .]

Large Language Models (LLMs) are begin integrated into more and more software applications and changing the way we interact with technology. Having spent many years in cyber security I looked at Machine Learning a long time ago and began to question, so what is new here, it’s software, it’s data, what makes it different and why did I need to approach it differently from other software?

One of areas I have spent a lot of time researching over the past 5 months is in building cybersecurity machine learning models for a personal project, when using uncensored models it is a completly different ball game on what is achievable.

Continuing from the previous blog post, today’s post takes us to Identity and Access Management (IAM) roles for ECS/EKS Tasks. Keeping the principle of least privilege in mind, it is important to understand the difference between Task Roles and Service Roles in securing your containerized workloads. Too many times I have seen the right permissions used for Service Roles and the assumption is thats the permissions set, yet root permissions is then used for tasks.

Securing Container Images: Best Practices for a Robust Containerized Environment

Throughout 2024 my blog posts will mainly draw upon my security engineering and architecture experience, sharing best practices I have used and how I have conquered challenges in AWS over the past 10+ years.

Throughout my journey in different organisations over the past two decades, one constant remains: the pivotal role of organisational culture in cybersecurity. Despite all the technical controls, it’s the human element that often dictates the success or vulnerability of each organisation’s cyber defences.

Penetration testing is a critical part of any robust cybersecurity strategy. However, a successful penetration test relies not only on the skills of the testing team but also on effective collaboration with the security operations team. Providing the right information to your security operations team before a penetration test can prevent false alerts, streamline investigations, and enhance the overall effectiveness of the testing process.

Being in a leadership role in information security requries bringing together a level of technical understanding, strategic thinking, leadership, business skills and communication abilities. This can be a lot to manage all at once, as well as projects and the security hot topic of the day. One way to manage all of this is through good organsiation strategies, over many engagements with clients I have tried different methods, these are the ones which I use today to help me stay organised and strike a balance across competing priorities.

The ability to communicate effectively with a diverse array of stakeholders, from your own security team to C-level executives is extremely if not the one of the most important aspect of leadership in security.

As I prepare to embark on my next assignment, I thought I would share how the initial fortnight in a CISO role is vital for understanding your team, establishing relationships, and setting the stage for long-term success. As an independent consultant, my strategies might be dramatically condensed compared to when you are assuming the role for a longer term as a permanent team member.

As an independent consultant, I gain a unique insight working with many different organisations. I have seen my fair share of management trends come and go, some seek to revolutionise and transform the way teams work in cybersecurity, while others fail to plan far enough ahead, because you know cybersecurity changes so quickly and todays priority may not be tomorrows. This was recently raised during one of my catchup sessions with a mentee, a number of challenges have arisen as their organisation goes through some leadership changes.

Building a successful and resilient global organisation requires more than just internal controls. With opportunities come risks, and managing third-party risks has become a pressing concern for organisations across industries.

Artificial intelligence (AI) and Machine Learning (ML) are transforming the cybersecurity landscape. These technologies, characterised by their ability to learn from data and predict outcomes, offer vast potential in combatting cyber threats. Nevertheless, they also introduce new vulnerabilities that need to be addressed by security leaders.

As a security leader one of the most vital aspects of my leadership roles has been not just dealing with the technical intricacies and cybersecurity as a product but also creating, leading and moulding highly effective teams..

The task of managing cybersecurity risks in supply chain management is an imperative for businesses. Supply chain processes involve a complex web of suppliers, manufacturers, distributors, retailers, and service providers, all interconnected through digital transactions. This web is open to cyber threats, which can potentially have a substantial impact on businesses.

Take a moment to reflect on your typical day.

You wake up, perhaps groggily fumbling for the phone beside your bed, thumbing through notifications and catching up on the news from last night. Maybe you then order a flat white from your favourite local café via an app, or video call a loved one overseas before settling into your emails for the day. It’s all so second nature, isn’t it?

Securing our businesses from invisible invaders is imperative, requiring orchestration of defence akin to a symphony, with each resource playing its part to perfection. The challenges of implementing robust security operations include scarcity of skilled personnel, insufficient resources, a reactive approach to threats, and over-reliance on tools to fill gaps, the failure of which can lead to catastrophic financial, reputational, and regulatory consequences.

In the heart of the French Alps, where innovation, adrenaline, and nature converge, I witness alpinists gearing up for their mountain adventures every weekend. Ropes, mountain bikes, and mountain running shoes dominate the scene, while skis and snowboards take over during winter. As a technology enthusiast, I am always intrigued by the gadgets people bring along, ranging from performance trackers to emergency beacons. My focus turned to the workings of beacons in the mountains, connecting with satellites and radio repeaters. The CEO of one of my clients participates in an annual multi-day cross mountain running event in the Alps, where his progress can be tracked online, stage by stage.

Digital business operations continue to rapidly expand and the threat landscape concurrently evolves in complexity and sophistication along with that growth. Cybercriminals are perpetually seeking out vulnerabilities to exploit, and the onus is on businesses to adopt proactive defence strategies to keep one step ahead. Among the most effective tools in our cybersecurity repertoire to help us do this is threat intelligence.

In software and systems development, the incorporation of security measures from the outset of a project is an imperative. The notion of ‘secure by design’ is achieved through a multitude of processes and methodologies, of which threat modelling is a crucial part.