Episodes

  • In this episode of Hacked Off, Holly interviews Simon McNamee - Secure Impact's Security Technology Lead. This week, they discuss what issues security experts often encounter when working with businesses; both those with a high level of security maturity, as well as those just starting off on that journey. Holly and Simon offer some sage advice to organisations about getting the most out of their security services - it all starts with understanding the difference between these services and recognising what your business is ready for - and they also share some of their own experiences from different on-site engagements.1:00 Defining Value7:00 What happens when nothing happens?10:50 Goals13:42 Cyber Essentials & beyond17:35 Are you ready for a pentest?22:50 Simulating the bad guys30:40 Creating a distraction35:50 Not every attack is ransomwareListening time: 43 minutesHost: Holly Grace Williams, on behalf of SecarmaGuest: Simon McNamee, Security Technology Lead at Secure Impact LtdConnect with Simon: www.linkedin.com/in/samcnameeSecure Impact: www.secure-impact.comOur website: www.secarma.comTweet us: www.twitter.com/SecarmaEvents: www.eventbrite.co.uk/o/secarma-ltd-31129456455

  • For some organisations, using Security Operation Centre services is a great way to minimise the impact of a possible cyberattack. Moving quickly and effectively, SOCs can detect, analyse and respond to breaches if an organisation doesn’t have the resources to do so themselves.

    In this episode we spoke to Rob Demain – founder and CEO at e2e-assure – about the role of SOCs, today’s diverse threat landscape, and the importance of research and development when working in cybersecurity.

    02:00 Why SOCs?
    06:00 Building trust
    13:35 Keeping up-to-date
    15:40 Delivering the service
    23:20 When disaster strikes
    29:20 Working with SMEs
    33:55 Security risks

    Listening time: 42 minutes
    Host: Holly Grace Williams, MD at Secarma
    Guest: Rob Demain, founder and CEO at e2e-assure

    Connect with Rob: www.linkedin.com/in/rob-demain-01733468
    e2e-assure: https://www.e2e-assure.com/

    Our website: www.secarma.com
    Tweet us: www.twitter.com/Secarma
    Events: www.eventbrite.co.uk/o/secarma-ltd-31129456455

  • Missing episodes?

    Click here to refresh the feed.

  • In the cybersecurity world, the digital forensics dept acts as the Crime Scene Investigation team for a business that has fallen foul of a cyber-criminal. DFI techniques are used to investigate and rectify the problems caused by the hack, and/or bring the perpetrator to justice. Similarly to traditional forensics, cyber incident response teams can find data to use as evidence in the investigation.

    In this episode, we talk to David Barr – Principle CIRT Consultant at Secure Impact – about the day-to-day of digital forensics, how the scene is evolving, and what to expect from his talk at UnLocked: London Olympia.

    00:35 Working in Digital Forensics
    07:20 Research
    09:20 Investigating the Incident
    15:25 When is Digital Forensics needed?
    20:10 Is Digital Forensics Evolving?
    21:25 Preparing for Forensics Investigations
    24:50 UnLocked: London Olympia
    28:30 Careers in Digital Forensics

    If this episode was of interest to you, you can catch more of David at UnLocked: London Olympia on the 28th September.
    Tickets here: https://www.eventbrite.co.uk/e/unlocked-london-olympia-2021-tickets-153829914415

    Listening time: 31 minutes
    Host: Holly Grace Williams, MD at Secarma
    Guest: David Barr, Principle CIRT Consultant at Secure Impact

    Connect with David: https://www.linkedin.com/in/david-barr-a2a639121/
    Secure Impact: https://www.secure-impact.com/

    Our website: www.secarma.com
    Tweet us: www.twitter.com/Secarma
    Events: www.eventbrite.co.uk/o/secarma-ltd-31129456455

  • Valuing your SME as ‘too small to get hacked’ can leave you complacent and open to attacks, with little to no defences in place. For those who find cybersecurity daunting, there are organisations out there, ready to help.

    In this episode, we talk to Declan Doyle – head of Ethical Hacking at the Scottish Business Resilience Centre – about cyber resilience, misconceptions around who can get hacked, and understanding clients to best help them stay secure.

    00:26 What is the SBRC?
    01:35 Resilience
    02:55 Helping out
    05:35 Misconceptions around size
    07:49 Optics and tailoring services
    19:55 Different pathways in Cyber
    26:50 Engaging with SBRC

    Listening time: 31 minutes
    Host: Holly Grace Williams, MD at Secarma
    Guest: Declan Doyle, head of Ethical Hacking at the Scottish Business Resilience Centre (SBRC)

    Connect with Declan: https://www.linkedin.com/in/declandoyle/
    SBRC: https://www.sbrcentre.co.uk/

    Our website: www.secarma.com
    Tweet us: www.twitter.com/Secarma
    Events: www.eventbrite.co.uk/o/secarma-ltd-31129456455

  • The medium of cyber-attacks is code, but the mastermind that drives them is always human intelligence. Systems are created by people, and automated tech still can't understand every nuance that humans embed into them.

    In this episode, we talk to Nick Blundell – head of R&D at AppCheck – about the pros and cons of vulnerability scanning, how hackers can enter weak systems and the need for a blended approach.

    00:50 Will automation take over?
    04:25 Scanning or Pentesting: the pros and cons
    17:30 Issues with automation
    22:00 Weak systems
    52:50 A blended testing approach

    Listening time: 1 hour 5 minutes
    Host: Holly Grace Williams, MD at Secarma
    Guest: Nick Blundell, head of R&D at Appcheck

    Appcheck: https://appcheck-ng.com/

    Our website: www.secarma.com
    Tweet us: www.twitter.com/Secarma
    Events: www.eventbrite.co.uk/o/secarma-ltd-31129456455

  • In a time of record unemployment due to the pandemic, it’s strange that cybersecurity job openings receive so little applicants and take 20% longer to fill than typical IT roles. Is there a cyber skills shortage, or are we simply looking in the wrong places?

    In this episode, we talk to Greg van der Gaast – CISO at Scoutbee GMBH and author of Rethinking InfoSec – about how we can rethink the cyber hiring process and role requirements, in order to find many more suitable candidates. We also touch on diversity, the role of HR, and building stronger enterprising teams.

    00:28 Security in supply discovery
    02:30 Rethinking InfoSec
    09:20 Synergy
    12:00 Resourceful recruitment
    17:50 Finding the right fit
    20:18 Health, safety, and growth
    27:44 The role of HR

    Listening time: 32 minutes
    Host: Holly Grace Williams, MD at Secarma
    Guest: Greg van der Gaast, CISO at Scoutbee GMBH and author of Rethinking InfoSec

    Scoutbee GMBH: https://www.linkedin.com/company/scoutbee/
    Connect with Greg: https://www.linkedin.com/in/gregvandergaast/

    Our website: www.secarma.com
    Tweet us: www.twitter.com/Secarma
    Events: www.eventbrite.co.uk/o/secarma-ltd-31129456455

  • To celebrate Hacked Off's 100th episode, we spoke with Jai Aenugu – founder of TechForce Cyber - a highly regarded cybersecurity resilience organisation with offices in both Edinburgh and Aberdeen.

    This week’s podcast features conversation around what sets Scotland apart in terms of cybersecurity, doing one thing and doing it really well, plus security essentials for SMEs, and an overview of the NotPetya and Kaseya cyber-attacks.


    0:49 Cybersecurity in Scotland
    4:45 Why found an InfoSec business?
    7:00 The Kasaya attack
    10;10 Minimising impact
    14:00 Don't plan for ransomware
    19:45 Security bias
    25:00 When phishing turns foul
    30:30 Risk
    37:00 The baseline and beyond
    41:00 Look after the customer

    Listening time: 46 minutes
    Host: Holly Grace Williams, MD at Secarma
    Guest: Jai Aenugu, Founder of TechForce Cyber

    TechForce Cyber: www.techforce.co.uk
    Contact: hello@techforce.co.uk
    Connect with Jai: www.linkedin.com/in/jai23155/?originalSubdomain=uk

    Our website: www.secarma.com
    Tweet us: www.twitter.com/Secarma
    Events: www.eventbrite.co.uk/o/secarma-ltd-31129456455

  • Workplace security training can be hit or miss; to keep your business safe, your awareness training needs to be memorable, but a conventional annual security presentation on passwords and phishing scams can be tedious and forgettable.

    In this episode, we talk to Ian Murphy – founder and content creator at CyberOff, and co-founder of LMNTRIX – about how we can utilise engaging, out-of-the-box content to revamp security training and get the general population excited about security practices.

    00:50 Creating engaging content
    06:48 The need for a new approach
    15:00 Context, content and culture
    19:45 Attracting an audience
    21:40 What’s going wrong?
    24:15 The need for good communication
    30:53 Building content
    37:20 Valuing time and skills

    Listening time: 45 minutes
    Host: Holly Grace Williams, MD at Secarma
    Guest: Ian Murphy, Founder of CyberOff and Co-Founder of LMNTRIX

    CyberOff: www.cyberoff.co.uk
    LMNTRIX: www.lmntrix.com
    Connect with Ian: www.linkedin.com/in/ianmurphy

    Our website: www.secarma.com
    Tweet us: www.twitter.com/Secarma
    Events: www.eventbrite.co.uk/o/secarma-ltd-31129456455

  • Security awareness training is a common requirement in most businesses, but oftentimes it can be difficult to effectively teach employees how to recognise and respond to security risks.

    In this episode, we speak with Javvad Malik – Security Awareness Advocate at KnowBe4, co-founder of Security B-Sides London and cybersecurity blogger – about the variety of risks out there, the challenges of security awareness training, and how best to promote it.

    00:28 What is a Security Awareness Advocate?
    02:45 Challenges
    11:14 Messaging
    16:20 Importance of Security Champions
    19:25 Minimising risk
    21:45 Lesser-known types of phishing attacks
    29:20 Promotion
    38:10 The fear of embarrassment
    40:40 Bias and the role of marketing


    Listening time: 46 minutes
    Host: Holly Grace Williams, MD at Secarma
    Guests: Javvad Malik, Security Awareness Advocate at KnowBe4

    KnowBe4: www.knowbe4.com
    Connect with Javvad: www.linkedin.com/in/javvad/
    Javvad on Twitter: www.twitter.com/J4vv4d

    Resources:
    Daniel Kahneman’s Ted Talk: https://www.ted.com/talks/daniel_kahneman_the_riddle_of_experience_vs_memory


    Our website: www.secarma.com
    Tweet us: www.twitter.com/Secarma
    Events: www.eventbrite.co.uk/o/secarma-ltd-31129456455

  • Studies in recent years have revealed how little diversity there is within the cybersecurity industry, with women making up only 8% of the cyber workforce in the UK.

    In this episode, we speak with Dr Andrea Cullen and Lorna Armitage – co-founders of cyber training organisation CAPSLOCK – about the difficulties of getting into cyber, the need for accessibility and inclusivity in the industry, and recruitment advice for organisations and those wanting to get hired.


    02:52 Obstacles for those wanting to enter the industry
    09:33 Cyber skills
    14:05 Building confidence
    16:35 Breaking into cyber
    21:32 Imposter syndrome and conquering fears
    31:14 Finding yourself and your strengths
    36:14 The importance of finding a good fit
    39:21 Advice for those wanting to get into the industry and recruiters

    Listening time: 44 minutes
    Host: Holly Grace Williams, MD at Secarma
    Guests: Dr Andrea Cullen and Lorna Armitage, co-founders of CAPSLOCK

    CAPSLOCK: https://www.capslock.ac
    Connect with Andrea: https://www.linkedin.com/in/dr-andrea-c-57a29522/
    Connect with Lorna: https://www.linkedin.com/in/lorna-armitage/

    Our website: www.secarma.com
    Tweet us: www.twitter.com/Secarma
    Events: www.eventbrite.co.uk/o/secarma-ltd-31129456455

  • Over the past year and a half, the event industry have had to adapt like never before, and this led to many events going online via webinars, digital roundtables, and large-scale virtual conferences.

    In this episode, we interviewed Natasha Taylor - Senior Conference Producer at DTX - about what makes a successful cybersecurity event, networking from home, and what the future of tech conferences could look like.


    0.40 Preparation is everything
    4:36 What makes a good panel or presentation?
    8:50 It's good to disagree
    14:55 Overcoming obstacles
    17:20 Technical difficulties
    22:30 Why you should give public speaking a go
    26:00 Finding a balance
    34:20 The future of networking


    Listening time: 45 minutes
    Host: Holly Grace Williams, MD at Secarma
    Guest: Natasha Taylor, Senior Conference Producer at DTX Europe & DTX Manchester

    DTX Europe: www.dt-x.io/europe/en/page/dtx-europe
    DTX 360: www.dtx360.io/live/en/page/home
    Connect with Natasha: www.linkedin.com/in/natasha-taylor-6969a0a9

    Our website: www.secarma.com
    Tweet us: www.twitter.com/Secarma
    Events: www.eventbrite.co.uk/o/secarma-ltd-31129456455

  • This week, Holly is joined by Clean.io's Kathleen Booth to talk about how the very methods that marketing teams use to bring in customers may also attract the unwanted attention of cyber-criminals. Whether it's third party plug-ins, digital ads, or even a stray tweet - hackers can corrupt your marketing department's efforts and attack your organisation.

    Thankfully, there are ways to balance robust business security without cutting your marketing team off at the knees. Listen to this week's interview for discussion around innovative yet secure marketing strategies, the importance of cybersecurity awareness training, and why marketers and security staff should be best friends.


    0.20 About Clean.io
    2:47 3rd party code: what are the risks?
    13:00 Broaden your security awareness training
    21:00 Marketing + Security
    29:10 The attack surface
    31:55 Good cyber hygiene
    32:55 The keys to the kingdom
    35:55 How it feels to be hacked


    Listening time: 42 minutes
    Host: Holly Grace Williams, MD at Secarma
    Guest: Kathleen Booth, VP Marketing at Clean.io

    Find out more here: www.clean.io
    Kathleen's podcast: https://inboundsuccesspodcast.com
    Connect with Kathleen: www.linkedin.com/in/kathleenslatterybooth

    Our website: www.secarma.com
    Tweet us: www.twitter.com/Secarma
    Events: www.eventbrite.co.uk/o/secarma-ltd-31129456455

  • This week, Holly speaks with Patricia Keating, founder of Tech Manchester - a start-up hub designed to upskill Manchester-based entrepreneurs, nurture their ideas, and connect them with investors. They discuss cybersecurity for start-ups, the tech business landscape in Manchester, and how virtual conferencing allows you to be in two places at once.


    1:20 Working with start-ups
    3:55 Is London the only tech hub?
    5:30 Common misconceptions
    7:55 Mentoring tech business founders
    12:00 What does "failing" mean?
    16:00 Work-life balance
    22:35 Crisis spawns innovation
    30:05 Working from home means working anywhere
    34:00 Sharing the journey


    Listening time: 36 minutes
    Host: Holly Grace Williams, MD at Secarma
    Guest: Patricia Keating, Founder of Tech Manchester

    Find out more here: www.techmanchester.co.uk
    Patricia's podcast: www.podcasts.apple.com/gb/podcast/fastforward/id1438089653

    Our website: www.secarma.com
    Tweet us: www.twitter.com/Secarma
    Events: www.eventbrite.co.uk/o/secarma-ltd-31129456455

  • This week, Holly delves deeper into the topic of security higher education and training with Dr Dan Prince - Senior Lecturer in Security and Protection Science at Lancaster University's School of Computing and Communications.

    Together, they discuss the challenges that the mentors of today have when teaching the security experts of tomorrow, how to prepare students for threats that may not exist, and how thinking differently may be the key to keeping one step ahead of threat actors.


    1:00 Preparing the next generation
    4:30 Creating the framework for a Masters in security
    9:55 Where is the line?
    17:15 Know your enemy
    20:40 Working with the NCSC
    29:30 Bridging the disconnect
    34:00 Taking notes from R2-D2
    36:00 How does Lancaster University engage with companies?


    Listening time: 43 minutes
    Host: Holly Grace Williams, MD at Secarma
    Guest: Dr Dan Prince, Senior Lecturer at Lancaster University

    Contact Dan here: www.linkedin.com/in/drdanielprince
    You can find more info about Lancaster University's security research centre here: www.lancaster.ac.uk/scc

    Our website: www.secarma.com
    Tweet us: www.twitter.com/Secarma
    Events: www.eventbrite.co.uk/o/secarma-ltd-31129456455

  • Recently, the University of Salford announced their partnership with Tanium, to help the education institution improve their security against an increase of attacks. Universities have been high up on the target list for threat actors over the course of the pandemic, and these nefarious parties aren't slowing down anytime soon.

    In this episode, Holly interviews Mark Wantling - the University of Salford's CISO, as well as Chris Vaughan of Tanium to understand more about their partnership and trade tips on protecting the education sector from cyber-attacks.


    1:00 Security challenges in higher education
    3:40 Joiners, movers, and leavers
    8:30 Are the basics really all that basic?
    13:10 How Covid-19 has pushed digital transformation
    15:00 Visibility is key
    22:00 Your whole security team vs a single pentester
    33:00 Are universities sitting ducks for cybercriminals?
    37:45 Should you pay the ransom?
    40:00 Stop calling it a ransomware attack
    45:50 Are you setting the bar high enough?
    57:30 Timing is everything
    59:00 Closing remarks


    Listening time: 60 minutes
    Host: Holly Grace Williams, MD at Secarma
    Guests: Mark Wantling, CISO at the University of Salford
    Chris Vaughan, Technical Account Manager at Tanium

    More info on Salford & Tanium's partnership: www.tanium.com/customers/university-of-salford
    www.tanium.com/press-releases/tanium-helps-protect-the-university-of-salford-from-surge-of-cyberattacks

    Contact Mark here: www.linkedin.com/in/mark-wantling-7b149690
    More about the University of Salford: www.salford.ac.uk
    Contact Chris and other Tanium reps here: www.tanium.com

    Our website: www.secarma.com
    Tweet us: www.twitter.com/Secarma
    Events: www.eventbrite.co.uk/o/secarma-ltd-31129456455
    NCSC approved security tips: www.ncsc.gov.uk/collection/10-steps

  • Although our specialty is penetration testing, there's a wide variety of interesting roles available within the security industry. In this episode, Holly sits down with Evan Jones of Complete Cyber, to explore the ins and outs of security architecture.

    Over the course of the conversation, they discuss the skills necessary to become a security architect, the benefits of using a pen and paper to map out possible threats, and Evan also explains how solution architecture is a lot like a Rubik's cube... somehow.


    0:35 Transferring your skills
    3:30 What is a security architect?
    15:00 What makes a good security architect?
    17:00 Dear customers, help us help you
    30:30 Threat modelling with a pen and paper
    44:20 Very naughty people and adapting to your audience
    46:00 The 6th face of the cube


    Listening time: 50 minutes
    Host: Holly Grace Williams, MD at Secarma
    Guest: Evan Jones, Lead Security Architect at Complete Cyber

    Find out more here: www.completecyber.co.uk
    www.twitter.com/completecyber

    Our website: www.secarma.com
    Tweet us: www.twitter.com/Secarma
    Events: www.eventbrite.co.uk/o/secarma-ltd-31129456455

  • In last week's episode we talked about how security professionals can leverage their skills to get into cyber, but how do you obtain those skills in the first place? Enter Jonathan Slater, co-founder of CapsLock and our guest for today.

    In this episode, we discuss his journey from nuclear, to recruitment, to co-founding a disruptive education model that's designed to help everyone from bus drivers to web developers gain a qualification - and most importantly, employment - in cybersecurity.

    We also take a deep dive into how candidates can make themselves more attractive to hiring managers, diversity in cyber, and the benefits of starting all over again.

    3:15 Stepping down to step up
    5:50 Roles to work towards
    14:00 Group projects
    20:00 Communication, communication, communication
    22:30 Increasing your employability
    26:15 Sidebar - what is DevSecOps?
    31:40 Diversity in cyber
    35:15 Reskilling recommendations
    36:50 Different roles, sectors, and company sizes
    41:30 Standing out from the crowd


    Listening time: 50 minutes
    Host: Holly Grace Williams, MD at Secarma
    Guest: Jonathan Slater, Co-founder of CapsLock

    Find out more here: www.capslock.ac

    Our website: www.secarma.com
    Tweet us: www.twitter.com/Secarma
    Events: www.eventbrite.co.uk/o/secarma-ltd-31129456455

  • In this episode, Holly interviews Jay Jay Davey - SOC Analyst at CyberClan and founder of NoxCyber - a one stop page of career advice for aspiring cyber security professionals, with resources to help you get into the industry.

    We spoke with him about the different routes into cyber, as well as what to do once you're in. Listen to this episode for career advice, CV tips, and why explaining what networks are to your parents could lead you being a CEO's shoulder to cry on one day.

    1:05 About NoxCyber
    2:40 Getting into cybersecurity
    7:15 Getting hired
    13:05 The different roles in cyber
    22:30 Are mentors vital?
    26:35 Public speaking
    37:00 Develop your writing skills and promote yourself
    40:10 The importance of emotional intelligence in cyber


    Listening time: 43 minutes
    Host: Holly Grace Williams, MD at Secarma
    Guest: Jay Jay Davey, founder of NoxCyber

    Find Jay Jay here:
    www.noxcyber.co.uk
    www.linkedin.com/in/noxcyber

    Our website: www.secarma.com
    Tweet us: www.twitter.com/Secarma
    Events: www.eventbrite.co.uk/o/secarma-ltd-31129456455

  • In this episode, Holly sits down with Shauni - our Marketing Manager - to discuss how she promotes technical services to a non-technical audience.

    Marketers in the security industry have a pretty big task on their hands; as technical people - cybersecurity is our passion (hence last week's 55 minute rant about security policies), but how do you create content that appeals to CEOs and other non-technical decision makers?

    Over the course of the conversation, we discuss Shauni's journey from fashion marketing to cybersecurity, what she has in common with a lot of penetration testers, and how much marketing fluff is too much.

    1:30 How did you get into cybersecurity?
    4:30 What's the goal of a marketer?
    6:00 Do you consider yourself to be technical?
    12:15 Is cybersecurity an intimidating industry?
    14:30 Sharing knowledge
    18:45 Are InfoSec marketers and penetration testers that different?
    25:50 Making content accessible
    30:40 You've gotta start somewhere

    Listening time: 32 minutes
    Host: Holly Grace Williams, MD at Secarma
    Guest: Shauni Adekoya, Marketing Manager at Secarma

    Tweet us: www.twitter.com/Secarma
    Events: www.eventbrite.co.uk/o/secarma-ltd-31129456455
    Blogs: www.secarma.com/blog
    News: www.secarma.com/news

  • In this episode, Holly and Michael have an in-depth discussion - okay, maybe it's a little bit of a rant - about security policies. Many organisations' cybersecurity policies are rarely given the attention they deserve, despite them being such an important part of protecting your business.

    Over the course of this conversation, Holly and Michael take a look at policy building and reviewing, common mistakes that organisations tend to make, and why you should be worried if no one on your team has any questions after "reading" through the policy...

    0:15 Policy review
    3:20 Rethink your security policy
    11:00 Exceptions to the rule(s)
    14:30 Does everyone in your organisation understand your security policy?
    22:30 Are your rules made to be broken?
    24:20 Our recommendations
    27:00 What counts as a major system change?
    31:35 Vulnerabilities and hardening
    38:20 What, where, when, and why
    43:10 A security policy rant
    45:00 Don't restrict your staff
    52:50 To be continued...

    Listening time: 55 minutes
    Host: Holly Grace Williams, MD at Secarma
    Guest: Michael Ranaldo, vISM & CSMA Security Consultant at Secarma

    Our website: www.secarma.com
    Tweet us: www.twitter.com/Secarma
    Events: www.eventbrite.co.uk/o/secarma-ltd-31129456455
    Security Awareness Training: www.secarma.com/cybersecurity-services/security-training/security-awareness-training