James John
@james-m-john.bsky.social
DFIR nerd, coffee fanatic & whisky purveyor
https://cyberjj.substack.com/
https://cyberjj.substack.com/
New cyber blog's live!
open.substack.com/pub/cyberjj/...
open.substack.com/pub/cyberjj/...
October 27, 2025 at 8:16 PM
New cyber blog's live!
open.substack.com/pub/cyberjj/...
open.substack.com/pub/cyberjj/...
Had an interesting chat with someone today who wanted to break into the DFIR field. They asked what key skills I look for when hiring. Thought it's be worthwhile putting those thoughts on paper for all to read as it may benefit others! Check them out!
cyberjj.substack.com/p/beyond-the...
cyberjj.substack.com/p/beyond-the...
Beyond the Playbook: What It Really Takes to Excel in Incident Response
The technical depth and soft skills that hiring managers seek but rarely find.
cyberjj.substack.com
March 21, 2025 at 10:45 PM
Had an interesting chat with someone today who wanted to break into the DFIR field. They asked what key skills I look for when hiring. Thought it's be worthwhile putting those thoughts on paper for all to read as it may benefit others! Check them out!
cyberjj.substack.com/p/beyond-the...
cyberjj.substack.com/p/beyond-the...
Great to see the world's LE coming together and continuing to apply pressure to ransomware groups! This time its Phobos & 8Base
www.europol.europa.eu/media-press/...
www.europol.europa.eu/media-press/...
Key figures behind Phobos and 8Base ransomware arrested in international cybercrime crackdown | Europol
A coordinated international law enforcement action has led to the arrest of four individuals leading the 8Base ransomware group. These individuals, all Russian nationals, are suspected of deploying a ...
www.europol.europa.eu
February 11, 2025 at 5:27 PM
Great to see the world's LE coming together and continuing to apply pressure to ransomware groups! This time its Phobos & 8Base
www.europol.europa.eu/media-press/...
www.europol.europa.eu/media-press/...
Still convinced this ins one of the silliest BEC's I've ever handled. So much effort went into to setting up the attack, for such little payoff!
cyberjj.substack.com/p/a-novel-bu...
cyberjj.substack.com/p/a-novel-bu...
A Novel Business Email Compromise Attack
A recent BEC Attack using unconventional email harvesting technique.
cyberjj.substack.com
January 31, 2025 at 10:23 AM
Still convinced this ins one of the silliest BEC's I've ever handled. So much effort went into to setting up the attack, for such little payoff!
cyberjj.substack.com/p/a-novel-bu...
cyberjj.substack.com/p/a-novel-bu...
When fighting ransomware, could our response actions cost more than the attack itself? A real case where containment measures hit eight figures, and why we need to rethink our response playbooks. Plus: How new proposed UK legislation changes everything.
cyberjj.substack.com/p/the-hidden...
cyberjj.substack.com/p/the-hidden...
The Hidden Costs of Ransomware Response
When the Cure Might Be Worse Than the Disease + a look to the horizon.
cyberjj.substack.com
January 29, 2025 at 7:54 PM
When fighting ransomware, could our response actions cost more than the attack itself? A real case where containment measures hit eight figures, and why we need to rethink our response playbooks. Plus: How new proposed UK legislation changes everything.
cyberjj.substack.com/p/the-hidden...
cyberjj.substack.com/p/the-hidden...
Glad the new administrator is taking cyber seriously...
DHS has terminated the memberships of everyone on its advisory committees.
This includes several cyber committees, like CISA's advisory panel and the Cyber Safety Review Board, which was investigating Salt Typhoon.
That review is "dead," person familiar says.
www.documentcloud.org/documents/25...
This includes several cyber committees, like CISA's advisory panel and the Cyber Safety Review Board, which was investigating Salt Typhoon.
That review is "dead," person familiar says.
www.documentcloud.org/documents/25...
January 25, 2025 at 12:20 PM
Glad the new administrator is taking cyber seriously...
Looking forward to seeing the outcome of this consultation. As someone who operates within UK CNI IR, for once I think this is a smart move by UK gov! Hopefully other countries will follow suit in at least considering the topic
www.gov.uk/government/c...
www.gov.uk/government/c...
Ransomware: proposals to increase incident reporting and reduce payments to criminals
The government is consulting on proposals to reduce the threat posed by the criminal infection of computer systems with malicious 'ransomware' software.
www.gov.uk
January 15, 2025 at 7:46 AM
Looking forward to seeing the outcome of this consultation. As someone who operates within UK CNI IR, for once I think this is a smart move by UK gov! Hopefully other countries will follow suit in at least considering the topic
www.gov.uk/government/c...
www.gov.uk/government/c...
Recently worked a strange cybersecurity BEC whereby the attacker tried to use a hugely powerful application to harvest emails, but used it in a really silly way. It failed and they gave up. Can't work out if its clever or just dumb...
cyberjj.substack.com/p/a-novel-bu...
cyberjj.substack.com/p/a-novel-bu...
A Novel Business Email Compromise Attack
A recent BEC Attack using unconventional email harvesting technique.
cyberjj.substack.com
January 7, 2025 at 5:41 PM
Recently worked a strange cybersecurity BEC whereby the attacker tried to use a hugely powerful application to harvest emails, but used it in a really silly way. It failed and they gave up. Can't work out if its clever or just dumb...
cyberjj.substack.com/p/a-novel-bu...
cyberjj.substack.com/p/a-novel-bu...
Reposted by James John
🚀 Excited to announce the alpha release of NIMS - a Notion-based Incident Management System!
Designed for SOC/IR teams, NIMS helps streamline incident management and collaboration using Notion's powerful database features.
#InfoSec #DFIR #IncidentResponse #SecOps #Notion
Designed for SOC/IR teams, NIMS helps streamline incident management and collaboration using Notion's powerful database features.
#InfoSec #DFIR #IncidentResponse #SecOps #Notion
January 7, 2025 at 12:42 AM
🚀 Excited to announce the alpha release of NIMS - a Notion-based Incident Management System!
Designed for SOC/IR teams, NIMS helps streamline incident management and collaboration using Notion's powerful database features.
#InfoSec #DFIR #IncidentResponse #SecOps #Notion
Designed for SOC/IR teams, NIMS helps streamline incident management and collaboration using Notion's powerful database features.
#InfoSec #DFIR #IncidentResponse #SecOps #Notion
Finally made it to Bluesky! Looking forward to less noise and more interesting conversations. Bring on 2025!
January 3, 2025 at 7:08 PM
Finally made it to Bluesky! Looking forward to less noise and more interesting conversations. Bring on 2025!