All Cyber-Kinetic Security & Cybersecurity Posts
-
Cyber-Kinetic Security
Non-Executive Directors as Cyber Champions
As a non-executive director (NED) who often represents cybersecurity and emerging technology interests on boards, I’ve learned that even without being a deep technical expert, I must challenge management and ensure our company’s security posture is sound. In today’s high-risk digital environment, boards can no longer treat cybersecurity as "someone else’s problem." Directors cannot abdicate or simply delegate oversight of cybersecurity - we must instead…
Read More » -
Cyber-Kinetic Security
The World of Cyber-Physical Systems & Rising Cyber-Kinetic Risks
We live in a world in which the way we observe and control it is radically changing. Increasingly, we interact with physical objects through the filter of what computational systems embedded in them tell us, and we adjust them based on what those systems relate. We do this on our phones, in our cars, in our homes, in our factories and, increasingly, in our cities.…
Read More » -
Leadership
MAS TRM Just Reset the Floor for Financial‑Sector Cybersecurity
I’ve spent the last few years in Singapore helping banks, insurers, and market infrastructure across APAC harden their environments. We’ve all said the same thing in private: we need a clear, enforceable baseline that trades vague “best practice” for concrete expectations and timelines. With the Monetary Authority of Singapore’s (MAS) Technology Risk Management (TRM) package - the Guidelines (principles/best practices) and the legally binding TRM…
Read More » -
Cyber-Kinetic Security
Cyber War – scaremongering or reality?
“Cyber war” is a term that is in recent days used so liberally that people may often wonder if these words are as menacing as they sound or used only as a tool to incite fear as a way to control a society that increasingly depends on technology. How we prepare and respond to cyber attacks depends on whether we believe we are in cyber…
Read More » -
Cyber-Kinetic Security
United We Secure: Why Cybersecurity Needs Information Sharing
The cyber battlefield is heating up. On one side, cyber criminals are pooling their knowledge like a well-oiled team; on the other, many organizations still act like lone wolves. I recall a fellow CISO remarking at a meeting, “I don’t need perfect security - just better security than the other guys. Then attackers will leave me alone.” This popular “outrun the bear” analogy - you…
Read More » -
Cyber-Kinetic Security
The Decline of Real Penetration Testing
As the leader of Cyber Agency, one of the largest penetration testing and red teaming specialist outfis, I have a bone to pick with where our industry is headed. Back in the late 90s and early 2000s, "pentesting" actually meant breaking into systems (and sometimes buildings!) with skill and creativity. Today, I’m watching a disappointing shift: more and more so-called pentests have turned into cheap,…
Read More » -
AI Security
Testing AI in Defense – A New Kind of Security Challenge
Looking back at our engagement, I'm concerned that the pace of AI adoption in military will overtake our abilities to validate and verify such systems. If AI systems continue proving valuable, there is nothing that will stop their adoption, but the infosec and QA communities simply don't have the tools and skills to ensure these systems behave in an ethical way. I remember our team…
Read More » -
Cyber-Kinetic Security
Polymorphic Viruses: The Shape-Shifting Malware Menace
Polymorphic viruses represent a turning point in malware history. These shape-shifting programs have shown that malicious code can be made highly adaptable, challenging the very foundations of signature-based security. We’ve examined how polymorphic malware works - using encryption, mutation engines, and self-modifying code to constantly reinvent itself - and looked at notorious examples from the past decade (Tequila, One Half, SatanBug/Natas, Marburg, and the hypothetical…
Read More »