@infosecgreybeard.bsky.social
Grumpy old InfoSec beard. Whether it's physical security or grumbling about firewalls and governance, I ramble about it all.
Running a SaaS business is hard. You have to demonstrate to every client that you're meeting their compliance requirements, protecting their data and that your services meets their exact needs. Not easy for a few clients, almost impossible for 500+ clients.
November 10, 2025 at 6:53 PM
Running a SaaS business is hard. You have to demonstrate to every client that you're meeting their compliance requirements, protecting their data and that your services meets their exact needs. Not easy for a few clients, almost impossible for 500+ clients.
AI! Quantum! Cloud persistent ransomware!
If you're worried about these but don't have your compliance perfect, you're probably worrying about the wrong things!
If you're worried about these but don't have your compliance perfect, you're probably worrying about the wrong things!
chaos panic disorder situation normal is written on a cartoon
ALT: chaos panic disorder situation normal is written on a cartoon
media.tenor.com
November 3, 2025 at 9:04 PM
AI! Quantum! Cloud persistent ransomware!
If you're worried about these but don't have your compliance perfect, you're probably worrying about the wrong things!
If you're worried about these but don't have your compliance perfect, you're probably worrying about the wrong things!
Ed is 15 and has released his first Jazz album.
That's pretty amazing in itself, but it's also very good.
Please support him by giving his album a listen.
spotify.link/mLEAaRMkYXb
That's pretty amazing in itself, but it's also very good.
Please support him by giving his album a listen.
spotify.link/mLEAaRMkYXb
Standards and Scribbles, Vol. 1
spotify.link
November 2, 2025 at 4:42 PM
Ed is 15 and has released his first Jazz album.
That's pretty amazing in itself, but it's also very good.
Please support him by giving his album a listen.
spotify.link/mLEAaRMkYXb
That's pretty amazing in itself, but it's also very good.
Please support him by giving his album a listen.
spotify.link/mLEAaRMkYXb
"You can accurately judge a society by how well it looks after it's most vulnerable." Although this quote is often misattributed to Ghandi, whoever coined it was on to something.
Although I don't fully understand the food stamp situation in the US, I am responsible for US employees and so I thought
Although I don't fully understand the food stamp situation in the US, I am responsible for US employees and so I thought
November 1, 2025 at 6:48 PM
"You can accurately judge a society by how well it looks after it's most vulnerable." Although this quote is often misattributed to Ghandi, whoever coined it was on to something.
Although I don't fully understand the food stamp situation in the US, I am responsible for US employees and so I thought
Although I don't fully understand the food stamp situation in the US, I am responsible for US employees and so I thought
Reposted
This is really well written, if you want to scare your CISO, send them this for Halloween. 🎃
🧯The security community is pushing back against new claims that 80% of #ransomware attacks are AI-driven, a figure from a recent MIT-linked report now drawing widespread criticism. →
socket.dev/blog/securit...
socket.dev/blog/securit...
Security Community Slams MIT-linked Report Claiming AI Power...
Experts push back on new claims about AI-driven ransomware, warning that hype and sponsored research are distorting how the threat is understood.
socket.dev
October 31, 2025 at 11:32 AM
This is really well written, if you want to scare your CISO, send them this for Halloween. 🎃
I went to Germany for lunch. The people were lovely and the currywurst was delicious.
a hot dog with ketchup on it and the words lecker currywurst below it
ALT: a hot dog with ketchup on it and the words lecker currywurst below it
media.tenor.com
October 30, 2025 at 4:21 PM
I went to Germany for lunch. The people were lovely and the currywurst was delicious.
I dread to think about the occurrence that prompted this text:
October 29, 2025 at 8:11 PM
I dread to think about the occurrence that prompted this text:
Reposted
if you ever wanted to buy 28mm miniatures of the characters from Bottom, Crooked Dice have you covered.
October 27, 2025 at 9:24 AM
if you ever wanted to buy 28mm miniatures of the characters from Bottom, Crooked Dice have you covered.
Yesterday I drove through three countries and was only asked for my passport once. The only marker on the borders was a modest country name sign and the road signs changed slightly.
Europe has a lot to teach the world about cooperative living.
Europe has a lot to teach the world about cooperative living.
a purple map of europe with a white frame around it
ALT: a purple map of europe with a white frame around it
media.tenor.com
October 27, 2025 at 7:38 AM
Yesterday I drove through three countries and was only asked for my passport once. The only marker on the borders was a modest country name sign and the road signs changed slightly.
Europe has a lot to teach the world about cooperative living.
Europe has a lot to teach the world about cooperative living.
Looks like Thunderbirds really are go!
October 24, 2025 at 6:16 AM
Looks like Thunderbirds really are go!
One of my pet hates is the use of the word "Plan" in security governance. Is it a policy, is it a set of procedures, is it a guidance document?
Often it's an ungodly mix of all three with PII and sensitive data chucked in!
Please don't.
Often it's an ungodly mix of all three with PII and sensitive data chucked in!
Please don't.
a picture of a man with the words i think this is getting too silly
ALT: a picture of a man with the words i think this is getting too silly
media.tenor.com
October 22, 2025 at 10:12 AM
One of my pet hates is the use of the word "Plan" in security governance. Is it a policy, is it a set of procedures, is it a guidance document?
Often it's an ungodly mix of all three with PII and sensitive data chucked in!
Please don't.
Often it's an ungodly mix of all three with PII and sensitive data chucked in!
Please don't.
It's amazing how many organisations follow the "If Daddy says no, I'll ask Mummy" approach to supplier due diligence.
a man with a bandana on his head is making a funny face and saying i see no problem here .
ALT: a man with a bandana on his head is making a funny face and saying i see no problem here .
media.tenor.com
October 21, 2025 at 6:15 PM
It's amazing how many organisations follow the "If Daddy says no, I'll ask Mummy" approach to supplier due diligence.
The AWS outages has produced tons of column inches and endless sound bites, but there are very few pointing out that choosing to run your services exclusively on AWS is a business decision meaning that outages due to loss of AWS is also a business decision.
a woman is sitting at a table with her arms crossed and the words just sayin above her
ALT: a woman is sitting at a table with her arms crossed and the words just sayin above her
media.tenor.com
October 21, 2025 at 6:36 AM
The AWS outages has produced tons of column inches and endless sound bites, but there are very few pointing out that choosing to run your services exclusively on AWS is a business decision meaning that outages due to loss of AWS is also a business decision.
Tell me that it's a rainy day...
October 20, 2025 at 3:41 PM
Tell me that it's a rainy day...
*sigh*
October 20, 2025 at 3:22 PM
*sigh*
Compliance relies on companies checking that each other is doing things properly and imposing horrible consequences if they don't.
The problem with this approach is most companies don't check on each other.
The problem with this approach is most companies don't check on each other.
a man wearing headphones says i haven 't actually .
Alt: a man wearing headphones says i haven't actually looked into that.
media.tenor.com
October 14, 2025 at 8:22 PM
Compliance relies on companies checking that each other is doing things properly and imposing horrible consequences if they don't.
The problem with this approach is most companies don't check on each other.
The problem with this approach is most companies don't check on each other.
Anyone can make a security programme a complex, expensive mess.
Keeping it simple, cost effective and risk focused is key.
Keeping it simple, cost effective and risk focused is key.
a cartoon of a man with the words sounds simple enough
ALT: a cartoon of a man with the words sounds simple enough
media.tenor.com
October 11, 2025 at 9:25 AM
Anyone can make a security programme a complex, expensive mess.
Keeping it simple, cost effective and risk focused is key.
Keeping it simple, cost effective and risk focused is key.
One piece of advice I'd give anyone in a technical role is to learn how a company works. Being able to work outside of your area, for the good of the business, makes you more valuable, which can lead to better pay and a better chance of surviving job losses.
a man with a lot of dirt on his face is pointing
ALT: a man with a lot of dirt on his face is pointing
media.tenor.com
October 11, 2025 at 9:02 AM
One piece of advice I'd give anyone in a technical role is to learn how a company works. Being able to work outside of your area, for the good of the business, makes you more valuable, which can lead to better pay and a better chance of surviving job losses.
Trying to keep the employee assistance programme up to date has become increasingly hard for some US based staff.
The rising wave of intolerance means we're having to add more and more people to the "vulnerable" list and find ways to protect them.
The rising wave of intolerance means we're having to add more and more people to the "vulnerable" list and find ways to protect them.
a cartoon of spongebob holding a piece of paper with memecenter.com written on the bottom
ALT: a cartoon of spongebob holding a piece of paper with memecenter.com written on the bottom
media.tenor.com
October 10, 2025 at 6:40 PM
Trying to keep the employee assistance programme up to date has become increasingly hard for some US based staff.
The rising wave of intolerance means we're having to add more and more people to the "vulnerable" list and find ways to protect them.
The rising wave of intolerance means we're having to add more and more people to the "vulnerable" list and find ways to protect them.
I've just suggested that someone replace their overly confident Head of Facilities with a lettuce as it would have a better understanding of site security.
I'm guessing that I shouldn't have any more coffee today.
I'm guessing that I shouldn't have any more coffee today.
a woman in a plaid shirt says oops !
ALT: a woman in a plaid shirt says oops !
media.tenor.com
October 10, 2025 at 1:44 PM
I've just suggested that someone replace their overly confident Head of Facilities with a lettuce as it would have a better understanding of site security.
I'm guessing that I shouldn't have any more coffee today.
I'm guessing that I shouldn't have any more coffee today.
People when they start working in infosec: I wanna be a hacker!
People when they work in infosec: Another due diligence questionnaire? Kill me now!
People when they work in infosec: Another due diligence questionnaire? Kill me now!
a cartoon character says it 's a trap in front of a starry sky
ALT: a cartoon character says it 's a trap in front of a starry sky
media.tenor.com
October 7, 2025 at 8:07 AM
People when they start working in infosec: I wanna be a hacker!
People when they work in infosec: Another due diligence questionnaire? Kill me now!
People when they work in infosec: Another due diligence questionnaire? Kill me now!
Today, I plan on finishing my CAIQ.
a bunch of buns with faces on them are sitting on a counter
ALT: a bunch of buns with faces on them are sitting on a counter
media.tenor.com
October 7, 2025 at 7:12 AM
Today, I plan on finishing my CAIQ.
LinkedIn is a strange echo chamber.
When I'm between contracts, I read it.
When I'm working, I don't have time to read it.
Which means that it's mostly full of non-working people, desperate to sell their product or service to each other.
When I'm between contracts, I read it.
When I'm working, I don't have time to read it.
Which means that it's mostly full of non-working people, desperate to sell their product or service to each other.
a man wearing glasses and a green and white shirt looks at the camera
ALT: a man wearing glasses and a green and white shirt looks at the camera
media.tenor.com
October 7, 2025 at 7:07 AM
LinkedIn is a strange echo chamber.
When I'm between contracts, I read it.
When I'm working, I don't have time to read it.
Which means that it's mostly full of non-working people, desperate to sell their product or service to each other.
When I'm between contracts, I read it.
When I'm working, I don't have time to read it.
Which means that it's mostly full of non-working people, desperate to sell their product or service to each other.
Reposted
A recent fire destroyed a South Korean government's cloud storage system, reportedly leaving no backups. This incident is a critical reminder for everyone: You must keep verified backups in multiple locations. Please follow the standard 3-2-1 backup strategy if you care about your personal data
NIRS fire destroys government's cloud storage system, no backups available
A fire at the National Information Resources Service (NIRS) Daejeon headquarters destroyed the government’s G-Drive cloud storage system, erasing work files saved individually by some 750,000 civil se...
koreajoongangdaily.joins.com
October 6, 2025 at 5:05 AM
A recent fire destroyed a South Korean government's cloud storage system, reportedly leaving no backups. This incident is a critical reminder for everyone: You must keep verified backups in multiple locations. Please follow the standard 3-2-1 backup strategy if you care about your personal data
I watched The Days Ahead, three short stories about the days around a limited nuclear strike against the UK. It wasn't too bad; just a little optimistic.
@cybergeekgirl.bsky.social
watch.amazon.co.uk/detail?gti=a...
@cybergeekgirl.bsky.social
watch.amazon.co.uk/detail?gti=a...
Watch The Days Ahead | Prime Video
The Days Ahead is a present day nuclear attack drama anthology presenting three distinct stories showing how characters with varying degrees of preparedness cope with an attack on the United Kingdom.
watch.amazon.co.uk
October 5, 2025 at 3:42 PM
I watched The Days Ahead, three short stories about the days around a limited nuclear strike against the UK. It wasn't too bad; just a little optimistic.
@cybergeekgirl.bsky.social
watch.amazon.co.uk/detail?gti=a...
@cybergeekgirl.bsky.social
watch.amazon.co.uk/detail?gti=a...