The ‘Diamond of Unwelcomeness’

I’ve read a lot about cyber security on my journey so far & I think I’ve already mentioned that many debates are dominated by the on-going theme that the industry needs more people….fair enough……

However, I have to say, they don’t make it easy.

I’d be classified as a career changer – a general business/IT project managery type of person, shifting some of his focus to cyber & data security. But, trying to find your way through the jungle is just so confusing.

I present here what I call the ‘Diamond of Unwelcomeness’ which shows just how unwelcoming the profession really is to newcomers & career changers….


(To help us (& this is only from a selfish point of view!) there are regular ‘women in cyber’ sessions to which I can’t really go.)

Qualifications, Training & Standards – don’t get me started here. Never have I come across such a confusing nexus of industry standards, associations & qualifications. I’m a member of BCS but there are about 4 other industry groups you could join – it would cost you a fortune to join all of them…

Barriers to First Jobs – Accountants have it good don’t they – CIMA/ACCA – a recognised path…everything I think we are missing. My solution is to look for the cyber security elements in my current role & that is working really well.

Apologies if this all sounds a bit grim…if you’re new like me you also find conventions full of these folks:

Type As – glossy sales people on stands who know all the lingo but have a surprisingly shallow knowledge of the industry & technology.

Type Bs – industry old-hands who have been in it for years. There’s not much you can tell these guys & most of them used to code.

Type Cs – network & helpdesk folks – they’re big on the technical side – they know how to configure a firewall. This is their domain & they don’t want it de-mystified too much..

I say this all slightly tongue in cheek – you kinda get this with every professional. But, I hope there are also some serious points in here.

I’ll keep on chipping away & keep you posted on how I get on.

If I disappear, you’ll know I’ve probably been taken out by one of the industry associations in a revenge attack…



Four Types of Cybercrime

Let’s start with four. More are available. There are more sub-divisions than there are branded coffee outlets in London.

Personally, I’d never heard of malvertising but it’s a big problem in India at the moment. Identify theft we are all aware of but how many of us really take this seriously. I always imagine someone coming up to you in the street & talking about your most personal information – all stuff you’ve shared online.

Cyberstalking – a nasty, very personal attack which can be motivated by money or something even worse.

Spam & Phishing – team this one up with a bit of social engineering & it’s like finding an irritated scorpion in your sleeping bag that was in a real bad mood even before you sat on him. Just one click, that’s all it took. So convincing. Click on the mysterious link, go on, we’re friends now – Clickie Click Here

(Note to my few readers – yeah things are a bit simple at the moment on my blog. Yeah there are lines in the drawings. That’s just how it is. I’ll keep updating the site as I learn stuff but if you’re an MSc student from somewhere or a 20 year security veteran who knows what a container is, hey you’re not gonna learnt a lot here.)

Here’s a graphic to summarise what’s in my brain:

New Picture (3)



7 Odd things in cyber security

Here are some of my early observations as a noob on the wacky world of cyber security.

(1) It’s complex. Lordy is it complex. No one really seems to understand it. We don’t even really grasp the scope of the risks. That explains why even our hospitals are vulnerable to relatively simple cyber-attacks. That should worry us shouldn’t it? If all the PhD’s in the industry don’t get it, what chance do we have? To paraphrase Whoopi Goldberg in Ghost :-


(2) We’re told North Korea is a backward nation, cut off from the world & isolated from everyone. Yeah – even if they are, they still managed to (digitally) pull the pants down on businesses & organisation across the world. What does this teach us? Well, we are told that cyber-crime is a relatively easy game. That’s not good. Also, it gives an amazing new avenue for any Bond villains redundant since the Cold War.

(3) I went to a cyber security event last week. I came away with a stack of brochures. And some branded socks. For some reason, everyone was giving away branded socks. One of the big messages was that there’s a skill shortage. The industry goes on & on about this one. Metaphorically, they’re hammering pieces of wood over the windows and locking the doors, they’re so short of qualified people. And yet, as a noob, there are multiple qualification & accreditation paths & little in the way of a structured route into the professional for career changers. Basically, it stinks of professionals that have a vested interested in keeping the pool of qualified talent limited. The only real growth is in people to write more articles about how short the industry is of qualified professionals.

Training Materials from the 1980s. Step 1 – Call the Ministry

(4) A snotty but smart teenager who spends a lot of time in his bedroom can bring the FBI & the US Army to its knees. Seriously, if these guys can’t defend their digital baggage then why bother renewing that McAfee subscription. (Seriously though, do keep your virus protection updated. It does do something, apparently.)

(5) No one cares about data until it goes where it shouldn’t. Edward Snowdon taught us this. Of course, a few people worry about it. But, most of us need a saline drip just to stay alive in any data protection training. It’s just below going to the dentist on everyone’s ‘what I don’t want to be doing’ list.

(6) There are lots of different aspects to cyber security. I learnt this from a brochure. There’s the network stuff – that’s all I really knew about. There’s the software angle. Even the people angle. Who would have thought it? I met the National Cyber Security crew from MI5 at the conference. Their ethos is ‘a pratt with a USB stick is just as dangerous as a Russian hacker with a bit coin account.

(7) Finally, block chain is nothing to do with plumbing. I read an article on it but still do not understand entirely what it is. I know it’s good to drop into conversation if you work in tech circles. You should also try Gamification. That’s another good one. Block chain is a buzzword. We should really find out what it is.

If in doubt – What the F*&* is Blockchain?

An adventure begins…

This isn’t my first blog. I’ve got a trail of graveyard blogs behind me. From zombies to deserts. Now a new blog – cyber security.

This blog is going to be a weird look into the world of cyber security. Weird because I’m no expert. I’m learning on the job. Just like the rest of the world.

There are lots of very clever people in the cyber security industry. Some of whom I’ve met and will hopefully appear on the blog from time to time. Like 007 in binary form – the heroes and heroines of a secret war.

Weird because I hope that it will have a broader appeal that just a review of the latest technical jargon. Cyber security should be in the public domain. My first prediction is that they’ll soon start calling is something different. Like Cyber Welfare or Digital Health or something no one has thought up yet.

I hope, in time, we’ll have some technical experts on to help us understand what in the hell’s going on in cyberspace.

So that’s it. A new blog on cyber security. A subject guaranteed to turn folks off. Let’s try and make it a bit more…spicy….