Flaky Career Plans in Cyber Security


Right, this is about the time in most blogs when you realise that you have only a few readers & you begin to wonder whether the whole thing is a pointless exercise…

(Incidentally, that piccie is me during my time in the bunker, see previous blogs but I thought the piccie summed it all up pretty well!)

Well, I’m using this point to checkpoint where I’m up to in my career plans, with particularly reference to technology & cyber security. Here are a couple of things I’ve learnt so far:

They don’t make it easy. You will read loads of articles reporting on massive gaps in the sector & from experts saying that it needs x thousand people by 2020. But, transitioning is very difficult. Routes are not clear. It typically comes down to that old adage; if you’re not already doing to the role then it’s hard to break into the area…

Cyber security does not just mean network security & firewalls. There’s a lot more to it but it sometimes feels like not everyone got the memo. I have a feeling the software development cycle & human factor will become increasing important. What route should I take? Should I just have swallowed the pill & done the CISCO networking qualifications?

You can find cyber security in your current role (probably). Unless you’re a goat-herder in Sinai, there are aspects of IT security in most roles. As I’ve done a lot of software testing I’ve had great fun with the following:

  1. Finding a web form which leaves the organisation open to an SQL injection attack (success)
  2. Discovering that a display screen for orders could be viewed by any user over the web with no credentials (great success)
  3. Checking whether IP addresses can be faked as discovered that communications from a server to our mail server did not have any credentials other than the IP address. Turns out it’s very hard (impossible for me) to fake an IP address to get through the firewall (kinda success)

I think I’ve got the mustard for penetration testing. I’m irritating & I think that helps. I just need to develop my technical skills on par with my ‘gitness’ skills.

So, where does that leave me?


Well, I’m half-way through my computing degree with the OU. I’m not happy with my current module as it reads like it was written in 2006. The book on nuclear war wasn’t on the reading list.

Next year I move onto Java & web technologies. Believe it or not, there is no cyber security track. I did ask & was told ‘it’s part of every module’. Kinda true but also not that helpful.

Hence my remarks about flaky. I’ve learnt stacks so far but there’s still so far to go…that should be a song…My mind is awash with courses, certifications, entry level jobs, challenges & virtual ports….

I’m going to be revisiting my career plans in the next few weeks but am facing a few changes at work. I’m not really sure where this is going to end up so stay tuned. Let’s just hope I don’t go totally crazy with all this adventure…


Six Days Alone in a Cold War Bunker

OK – you are probably wondering what’s going on here – after all, this is essentially a blog about cyber-security. However, it’s also a crazy adventure blog & a few weeks ago I spent six days sealed in a Cold War bunker – now that’s a crazy adventure….

Yeah – alone in a huge bunker for a week. I blogged the experience & created a few videos to give you a flavour of what I got up to.

From a computing perspective – let’s just say the bunker is full of old kit….read on if you dare. I also made some video-blogs – I’ll put a link if for the first of these then you can follow if it’s your kind of thing….you watch them all through to when I get out if you like that kinda stuff….

Monday 13:00hrs

I arrived at the bunker about 2 hours ago, through thick ice and snow. I’m now sitting in a room at the very bottom of the bunker in an old meeting room that is going to be my home for the next 6 days. I’ve set up my camp which includes an inflatable mattress, sleeping bag, basic supplies and the kit I’ll need to survive underground.


This is my second stint staying in this former Air Ministry bunker. My first time was a few years ago and I have to say, things feel the different. The place is the same. I’ll take as many photos as I can but you can imagine stacks of old radio and computer hardware. Piles of old ministry papers everywhere. Gas masks and Geiger counters on every corner. This bunker was built back in 1952 and was meant to hold up to 600 people. It’s where government would take refuge during a nuclear attack and there is even a special bedroom here for the Prime minister. It’s part of a network of 12 such bunkers across the country.


I wanted to take these moments before lock-down to really consider two questions. Firstly, why am I doing this again? And, secondly, what do I want to or hope to learn? (Perhaps a sneaky third question would be how is it different from the first time?)


Why am I doing this? Well, I’ll be honest; I don’t have any upcoming bunker books to sell. It’s not part of some clever marketing ruse – this is purely for the experience. My first stay here was burnt into my memory as one of those life changing experiences. I still struggle to describe it. Cut off, alone and in a Cold War setting, you didn’t need to do much role-play to imagine yourself as the last survivor of some holocaust. That will be the same this time. Once I’m sealed in later, I won’t see another soul for 6 days. I’ll be on regular patrols of the perimeter but basically that’s it – I survive by myself. But what about the why bit?


Mmm….I suppose I dreamt of being here when I was away. It’s just such a unique experience in a unique setting and I feel you have to grab these things when you get the chance. Plus, it’s the chance to play in a giant Cold War bunker – what’s not to love.


Secondly, what do I hope to learn? Not sure. I think I’ll better be able to answer that at the end of the week. One thing is for sure, I’m better prepared this time. I feel like I know the bunker better and it knows me. I’ve spent time here before. There is far less of an alien feel to it now. Last time it took me a day or two to really get out and see the entire bunker. Now, I’ve already scouted most of it out.

Let’s see after 6 days what I’ve learnt. From my time in the desert and my previous survival blog here, I suspect it will be around being alone, around self-reliance. There is a kind of peace down here in the bunker.

Right, not sure if I answered any of my questions but certainly a kick off to this survival blog…stay tuned for more daily updates this week.

Monday 22:09hrs

Right, video blogs done. I need to remind myself why I’m doing this. The reality is beginning to kick in. I’m in here for 5-6 days. I’ve eaten dinner and will be keeping myself awake for as long as I can so I can get onto nights. Trouble is – I’m already tired. As it was last time, this is going to be far tougher than I thought. My plan is to relax a bit, drink a ton of coffee then review in the morning. Things always look better in the morning!


Here’s a link to the first of the video blogs:

The Last Survivor Video Blog – Day One

Tuesday 13:48hrs

Manage to stay awake until 04.30 and then slept in today until about an hour ago – that should get my body clock on to nights. I woke up with a dull head ache I can’t seem to shift. I wonder if it’s the oppressive impact of the bunker? Underground life would certainly not suit everybody. The temperature is consistent, with very little variation across the bunker so you need to wear a jumper but not a coat.

Tuesday 15:22hrs

It’s amazing the difference a cold wash and sink shower can make. I’m still locked down below but managed to grab myself a decent clean up. Feels 100% better. One thing I remember is that importance of having a regime – of having the day planned out. I felt like I was drifting a bit. Right, I’m getting back into a routine. You need it down here. With no natural daylight, you forget we all work on a cycle. Upset that cycle and things get kooky. In a couple of hours, I’ll get breakfast, do some exploring and filming then have my dinner. Structure is more important to me than I realised.


Wednesday 15.13hrs

I feel like I’m on bunker time now – adapted to a new cycle of day and night. I followed a routine more carefully yesterday and having that structure does help. I’m up, work out then patrol. Breakfast, some blogging the more patrols. (The patrols simply involve checking each of the main doors and the security integrity of the bunker.) After all that, I spend some time preparing a meal. Even if it’s just dried pasta heated up, you try to make an event out of it. It’s a main feature of the day. Then some relaxing, more patrolling, exploring through to lock-down at around 04.00 in the morning.

That’s life underground. You have to get used it. The sterile, dry air. The humming of the fluorescent lights. The shadows and noises everywhere. This is a vast concrete structure. There are always creaking pipes or noisy air conditioning units.


I keep returning to the central question of why I am doing this? Why am I ‘wasting’ 5-6 days of my holiday alone and locked in a Cold War bunker. I enjoy doing the video blogs and posting them online. Internet connectivity is better here now so in that sense you are never truly cut off. But, at the same time, it is an intrusion. I’m posting the blogs as I hope people will find them interesting but they aren’t the reason I’m doing this. I enjoy sharing the experience.

I think the real answer is similar to the ‘walkabout’ the native Australians often talk of. Just to separate yourself from life for a while. To disconnect if that’s possible these days. To distance yourself from the familiar to gain new insight and perspective. Ironically I wanted to do a wilderness walkabout during this time but here in the UK it’s very difficult to find anywhere to do and be able to free-camp in the open. So, I ended up back in the bunker.


Distance from the familiar to gain new insight – I reckon that’s it. Anyway, on with another patrol.

Thursday 16.04hrs

Busy planning my last few video blogs this morning. I found a can of curry yesterday and it transformed my boiled rice dish into a meal to remember. Maybe it was the spices but that taste just lifted me above the blandness of bunker life. There is still so much to explore here so I have to plan my blogs carefully. I’m planning on visiting the plant room then perhaps trying to capture something of my patrols, with a bit of wrap up commentary on this whole experience.


It has been different second time round, it was bound to be. The isolation has been the same. The challenge has been the same. But, my sleeping quarters are better equipped this time as I knew how to set up my camp. It really helps knowing the environment you’re coming into.

Also, I feel very much more aware of the limited time I’m here for. Last time, the days seemed to drag, getting out of the bunker almost seemingly like a theoretical event. This time, I can see the 5-6 days as a distinct period of time. It’s hard to explain but perhaps there is less of an ‘unknown’ factor this time. I don’t feel like such a stranger to the bunker. I almost feel at home.

Friday 14.04hrs

I quickly updated my last video blog this morning then packed up the base I’ve called home for the last week. Leaving the dusty atmosphere of the bunker into the fresh air, I didn’t realise just how musty it was down there. I was glad to get into the open daylight.


It’s going to take a while to think through this survival blog. For sure, it was different to last time. Different to the desert. But, as always, it was a challenging and unique experience not to be missed.

Incidentally, the photo below was taken next to the broadcast room – this is where the emergency messages would be sent out to any survivors across the country. A grim place but I discovered these two LP’s ready to play.

So, if you ever wondered what was going to be playing at the end of the world, I know the answer – it was disco….pure James Last & Hawaiian disco…


Blockchain Technology and The Muppets

As buzzwords go they don’t come much buzzier than blockchain. It’s used in every other article about digital business or cyber-security.

But, my own straw poll tells me that most people don’t know what the blazes it’s all about.  My ad-hoc survey work also tells me that people like The Muppets but are surprisingly ill-informed about the character Fozzie Bear. So, I thought I’d combine the two.

Fozzie_BearBlockchain is complicated enough to need explaining more than once. So, even if you’ve read an article or seen a presentation on it, the central concepts can still be vague and nebulous. You know it’s something to do with Bitcoins. Something to do with managing currencies or payments online….that’s about where most of us check out.

Fozzie Bear from the Muppets never gives up. He keeps coming back no matter how bad the joke so using that tenuous link I’ve created facts about both blockchain and Fozzie Bear.

(Please note in the real world, Fozzie Bear had no involvement with the creation or development of blockchain technology. If you’re interested check out Satoshi Nakamoto – he’s certainly no muppet.)

Random Facts About Blockchain and Fozzie Bear

  • A blockchain is a digital & decentralised or distributed database. Importantly, data is added in blocks and that each block is linked to the previous one. As well as data, each block contains a hash pointer (or secret code) which to verifies that nothing has been changed. Soooo, it’s a super thing for keeping track of digital currency transactions.
  • Fozzie Bear was created by Frank Oz & is a key member of the Muppet team. He’s best known for his naff joke-telling skills. He is no use as a distributed database with no central authority. But, he’s a skilful light entertainer.
  • It was back in 2008 that Japanese uber-geek Satoshi Nakamoto published his paper on blockchain technology & introduced the world to a newly proposed crypto-currency. It went on to be a vital technology behind the success of Bitcoin.
  • According to Muppet legend, Fozzie Bear grew up right next door to his best friend Kermit. Fozzie always wanted to be a comedian. Also, for years I thought it was ‘Fuzzy Bear’.
  • Each block is a permanent part of the blockchain & records transactions. The chain is designed so that transactions cannot be tampered with or removed. As a distributed database system, it’s an open digital ledger which needs no central authority & keeps an open record of transactions.
  • In later Muppet Shows, Fozzie teamed up with some chickens to create routines of every increasingly hilarity. However, by the 1990s the laughs were drying up & he had to resort to wearing a wig to get a giggle. He made a cameo appearance in The Muppet Christmas Carol as Scrooge’s kind employer Fozziwig. Rumours of onsite arguments with Kermit & the Chickens abounded. Fozzie was seen as a washed up diva with a honey drinking problem.


  • Blockchain works. Bitcoin is the best example but how to you change your virtual bitcoins into ‘real cash’. Simple. Look for a Bitcoin exchange that is offering a reasonable price. Check the currency you want. You’ll need an account but beyond that it’s like cashing in chips at a casino. They may be virtual but they have real value.
  • Fozzie Bear has many catchphrases but his most famous is ‘Wocka wocka wocka’ – which he often employs after one of his disastrous gags.
  • Blockchain technology is perfect for the digital space & cross-border activity due to the lack of human involvement,  it’s speed & efficiency. There is no single blockchain & there are various blockchain technologies which look at various aspect of the solution.
  • There is not that much information on Fozzie Bear on the web. When selecting a Muppet to brighten up a serious blog, it would be far easier to go for Kermit. Also, select the right Muppet at the start or things such drying up when you get half-way through.
  • Blockchain technology will be a buzzword for years to come. The potential is significant. Some banks & institutions are cautious. The anonymity & state-less nature of blockchains is perfect for the dark forces of this world to use to move their money around. Blockchains will become everyday in the next few years so just as well you got to the end of this article. Seriously, there is a stack of information out there online, just check your sources as always.

Right, that’s it. I’m sure mixing up Muppet facts help to confuse things further but if you picked up only a snippet about blockchain technology then my work here is done (poorly).


Halloween Special: The Perils of Living in a Wireless World


Everyone loves wireless. It’s a liberating technology that’s allowed us to do anything pretty much anywhere. But data flying through the air comes with additional vulnerabilities.

Considering how ubiquitous Wi-Fi is, it surprising how little most of us know about it. Here are a few random factoids to get us started. And some of them are decidedly spooky.

Spooky Fact 1 – folks talk about wireless speed in terms of bits per second – so how many zeros and ones can fly through the air. This is known as maximum data capacity & you typically see it so written as 54 Megabits per second etc. That’s cool right?

But, like a mysterious ghost story – just over half of this speed vanishes into the misty night when using Wi-Fi. What you’re left with is zombie-like throughput. That’s a scary factoid – even before any nasties attack your wireless network, you only get around half of the speed you think. The causes of this are, in no order, ghosts hiding in your router, all the bits of information added to your data to help it find its way & the fact this devilish ‘overhead’ increases the further you away from the safely of your router….well, two of these are true anyway….

Spooky Fact 2 – by adding monster names to the follow list – you can see 3 terrifying areas of danger – not just on wireless but being on wireless is the equivalent of adding scary music & this making it even scarier.

  • Devilish Physical Hardware – Dracula could easily hypnotise you then steal your device. Got a password – an easy to remember one, probably take the Prince of Darkness a few hours to crack it. (So, think the obvious physical security, keeping your devices safe plus a kick-ass password.)
  • Ghastly Software – Frankenstein isn’t as stupid as he looks. He could use loopholes in programs to do bad stuff. (This monster doesn’t like patches & updates. Get anti-virus software, keep everything updated & you can loosen this monster’s bolts.)
  • Deadly Data – Zombies could easily nick your data in transit, feasting on it as it flies through the air. (Mmm…trickier – just how do you protect data in the air? Fly spray? Read on for details….)

Spooky Fact 3 – Holy Water (WPA2) – You might recognise WPA2 from when you’ve been fiddling with your wireless router. It is a stallion of an encryption protocol with few known weaknesses at the moment. Most routers are now set default to WPA2 but it’s wise to check. Having WPA2 encryption is like having Van Diesel turning up to your wireless horror movie – fully ‘tooled up’. And he’s going help you kick a lot of ass. Does that mix enough metaphors for you?


Right, sick of Halloween-type banter?

OK – here are 3 processes to set up. Get this right, along with all the other advice around patching, passwords & crucifixes & you’re be as secure as you can be.

  1. Set the right security protocol – remember WPA2 on your router – probably already set – it’s like holy water…
  2. Securing access – do some research & find out how to control access to your wireless access point. Might be something I look at in a future blog but check it out – you’ll come across something called MAC addresses (not your ancestral home in Scotland.)
  3. Default passwords – routers come with those tricky passwords – something like E83HHG3g21 – remember typing that is for access. For public area free Wi-Fi, you get stuff like ‘cafepassword’. This can be changed & you should do it. Again, do a bit of research. I’ll try to cover it in future blogs.

Finally, remember, just like any decent horror movie. When that nice calm bit comes at the end, you’re never 100% sure it’s over. Could the axe murderer still be alive? Could he burst through the window at any time? The truth is no medium (not the crystal ball kind) wired or wireless is 100% safe.

And, wireless still has greater risks. For example, I went into a Costa Coffee the other day & logged onto their ‘free Wi-Fi’. The password was on the front desk – anyone can use that. Blimey I’m scaring myself now so I’m going to check my stuff….stay safe out there in wireless monster land….


Threat Horizons (including a Robot Takeover

Very smart people at organisations like the ISF (Information Security Forum) & Gartner consulting produce some excellent predictions of terror for everyone to be scared of.

They help by projecting forward to look at the kind of threats we’re going to face in cyber security in the next 5 years.

My diagram provides a good overview of the ones I suspect will cause a few sleepless nights (No I haven’t employed a professional graphic designer – it’s all my own work, scanned in.):


New Picture (10)

Automated Misinformation

Pretty much every point on this list is underpinned by smarter AI capability. Think deliberate, automated & targeted false information – targeting organizations & corporates. This could be anything from a sea of misinformation to false profit warnings, artificially created scandals & fake board level announcements. We can do much of this at the moment but think how powerful it would be with evolving AI personas driving it at a relentless pace. Are the PR & Comms team ready for this?

Unexpected Outcomes

No knows the future – not even Mystic Meg but the experts see a headlong rush into AI projects leading to new vulnerabilities. In science terms, ‘unexpected outcomes’ is a terrifying phrase which could mean anything from a button you didn’t know about to thermonuclear war & the eradication of life on Earth. Realistically, cyber criminals will quickly exploit any gaps or vulnerabilities in AI decision-making. This we can be sure of.

Opaque Algorithms

Mmm….I was going to put legacy systems collapsing, as few people realize how much institutions like the Stock Exchange rely on old code. Still, imagine you’re turned down for some form of insurance – you query it – who knows how the algorithm works – the business probably won’t. Who knows what could happen? My point is they are getting ever more complex mathematically & the pool of those who understand them is already small. People on Facebook are already blaming the algorithm for things going wrong. Will we see forms of discrimination we don’t even know about? How important is that that we understand how important decisions about us are made?

Robot Takeover

We all know it’s coming but maybe not in the way we imagine. People get excited about robot waiters but the real challenge will come as AI replaces thousands of ‘middle’ jobs. We’re not the first generation to face disruption but if we fail to plan for this, I’m convincved we’ll face serious civil unrest. One option is to offer everyone a basic universal income – regardless of whether they work or not. If you want to earn more, you can apply for one of the few jobs open to humans. (I’ll cover this in more detail later.)


The ‘Diamond of Unwelcomeness’

I’ve read a lot about cyber security on my journey so far & I think I’ve already mentioned that many debates are dominated by the on-going theme that the industry needs more people….fair enough……

However, I have to say, they don’t make it easy.

I’d be classified as a career changer – a general business/IT project managery type of person, shifting some of his focus to cyber & data security. But, trying to find your way through the jungle is just so confusing.

I present here what I call the ‘Diamond of Unwelcomeness’ which shows just how unwelcoming the profession really is to newcomers & career changers….


(To help us (& this is only from a selfish point of view!) there are regular ‘women in cyber’ sessions to which I can’t really go.)

Qualifications, Training & Standards – don’t get me started here. Never have I come across such a confusing nexus of industry standards, associations & qualifications. I’m a member of BCS but there are about 4 other industry groups you could join – it would cost you a fortune to join all of them…

Barriers to First Jobs – Accountants have it good don’t they – CIMA/ACCA – a recognised path…everything I think we are missing. My solution is to look for the cyber security elements in my current role & that is working really well.

Apologies if this all sounds a bit grim…if you’re new like me you also find conventions full of these folks:

Type As – glossy sales people on stands who know all the lingo but have a surprisingly shallow knowledge of the industry & technology.

Type Bs – industry old-hands who have been in it for years. There’s not much you can tell these guys & most of them used to code.

Type Cs – network & helpdesk folks – they’re big on the technical side – they know how to configure a firewall. This is their domain & they don’t want it de-mystified too much..

I say this all slightly tongue in cheek – you kinda get this with every professional. But, I hope there are also some serious points in here.

I’ll keep on chipping away & keep you posted on how I get on.

If I disappear, you’ll know I’ve probably been taken out by one of the industry associations in a revenge attack…



Four Types of Cybercrime

Let’s start with four. More are available. There are more sub-divisions than there are branded coffee outlets in London.

Personally, I’d never heard of malvertising but it’s a big problem in India at the moment. Identify theft we are all aware of but how many of us really take this seriously. I always imagine someone coming up to you in the street & talking about your most personal information – all stuff you’ve shared online.

Cyberstalking – a nasty, very personal attack which can be motivated by money or something even worse.

Spam & Phishing – team this one up with a bit of social engineering & it’s like finding an irritated scorpion in your sleeping bag that was in a real bad mood even before you sat on him. Just one click, that’s all it took. So convincing. Click on the mysterious link, go on, we’re friends now – Clickie Click Here

(Note to my few readers – yeah things are a bit simple at the moment on my blog. Yeah there are lines in the drawings. That’s just how it is. I’ll keep updating the site as I learn stuff but if you’re an MSc student from somewhere or a 20 year security veteran who knows what a container is, hey you’re not gonna learnt a lot here.)

Here’s a graphic to summarise what’s in my brain:

New Picture (3)