Without a mandate for measuring and reporting actual improvements in security, attempts at improving security make absolutely no sense.

These are some of my notes made while delivering … not slick, not ready to go, just some notes.


If you don’t understand how hackers could get into your systems, you’re going to have a hard time securing them. Learning how to hack can help you implement the strongest possible security practices. Hacking forensics includes techniques for detecting and reverse engineering malware and advanced persistent threats, like Finfisher ..

Threat modelling

Threat modelling is a process by which potential threats can be identified, enumerated, and prioritised – from a hypothetical attacker's point of view. With a systematic analysis of the probable attacker's profile, the most likely attack vectors, and assets most desired by an attacker, defenders can focus on what is most important to protect.


Assistance when developing implementation plans and validating, migrating, and integrating new security policies, measures and technologies, including developing curricula for training, and teaching workshops with engaging roleplay and exercises

Everything we can creatively think of to make it so!

Security consulting

It all depends. On you, on context and on others.

This service can vary greatly, from determining the most effective way to protect computers, networks, software, data and information systems (see below), to facilitating the definition, implementation and maintenance of security policies.

Where you stand depends on where you sit, but all threats are cross-vector threats.

If they're getting valuable enough stuff from you, at least the organized crime folks have an incentive to issue regular updates to keep the appliance working after the manufacturer discontinues support.

Computer security

Cybersecurity, computer security or IT security is the protection of computer systems from theft of or damage to their hardware, software or electronic data, as well as from disruption or misdirection of the services they provide.

More ...

Viruses so far have been really disappointing on the 'disable the internet' front, and time is running out. When Linux/Mac win in a decade or so the game will be over.

Network security

Network security consists of the policies and practices adopted to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources.

More ...

Software security

Software or application security encompasses measures taken to improve the security of an application, which is often done by finding, fixing and preventing security vulnerabilities.

More ...

Before you say anything, no, I know not to leave my computer sitting out logged in to all my accounts. I have it set up so after a few minutes of inactivity it automatically switches to my brother's.

Information security

Information security, sometimes shortened to InfoSec, is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information.

More ...