Javvad Malik

November Blog a Day Reflections

Javvad Malik

I’m no writer of novels, but I allowed myself to be influenced by national November novel writing month and thought it would be a good idea to attempt a blog a day through the month. In the end, I wrote 17 blogs during November, the most I’ve written in a long time, perhaps ever.

CISO 182

Cybersecurity startup ideas

Javvad Malik

I’ve seen VC’s fund many security and tech startups. Lots of the ideas are rubbish, so I’ve come up with my own ideas that aren’t rubbish so VC’s can fund me instead. Don’t steal any of my ideas or I will sue you! Take a human skull and 3D print an eyeball on it, add Linux to the inside where the brain would be. Website uses photo of person looking out from screen with windows environment running, call this cyberSURVIVOR.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

5 Tips to be an awesome CISO

Javvad Malik

I’m not a CISO, I never have been and hope I never will be. It seems like a lot of hard work and stress, and if you’re the CISO at a company when you suffer a breach it’s difficult to blame the intern without a mob of security professionals criticising you.

CISO 173

Your polls are bad

Javvad Malik

If you’ve been on LinkedIn recently, you’ve probably seen your feed littered with polling questions.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

What Your CISO Can Learn From Logan Paul vs Floyd Mayweather

Javvad Malik

Logan Paul and his brother Jake Paul are what you could call social media celebrities. They amassed over 20 million followers across YouTube, Vine, Instagram, and others over the years through different types of content, sketches, and pranks.

CISO 191

I’ve made it!

Javvad Malik

First off, happy new year! Well if the tax man can start the new year in April, I can start it on Feb 11th!). Secondly, Infosecurity Magazine was ever so kind as to feature an interview with me in the Q1, 2021, Voume 18, Issue 1 edition.

206
206

Why Predator is the ultimate CISO movie

Javvad Malik

There’s often a lot of debate as to what the best security or hacking movie is. Many people talk about Hackers, or Sneakers, or try and slip Mr Robot into the mix. But they are all way way waaaaay off the mark.

CISO 208

This isn’t the place to make a name for yourself

Javvad Malik

It was T’s first week in a new organisation and they went into a project meeting for a new product that was about to be released. T: Has this product been pen tested? Project manager (PM): We don’t usually do pen tests on most systems, unless they’re really high risk, and even then we wait 6-12 months after they’ve gone live to do so. T: I don’t know what kind of setup you people have here. But from where I’m from, PM’s have been fired for a lot less.

Risk 136

Setting a Guinness World Record

Javvad Malik

I’ve been thinking of the best way to write this post for several days. Many drafts have ended up being deleted. Which, to be honest, doesn’t have the same visual satisfaction as seeing pages crumpled up into balls and tossed across the room into the bin. But here we are. Last week, KnowBe4, OneLogin, and Eskenzi PR partnered up to attempt to set the Guinness World Record for the Most views of A Cybersecurity Lesson Video on YouTube in 24 hours.

The Impending Reality of Virtual Reality

Javvad Malik

There’s a concept around finite and infinite games. A finite game is played to win whereas an infinite game is played for the purpose of continuing. I like to think of Monopoly as an infinite game.

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.

Your engine doesn’t matter

Javvad Malik

I have flown many times in my life, but I’ve never really known the difference between a Boeing 747, 787, or whatever the numbers are. It’s not that I’m not interested in planes. I still look up in the sky when I see one flying overhead and ask myself where it’s coming from and going to. Flying is really a marvel of engineering, and it blows my mind every time I get on a flight. You can enjoy flying without being an aeroplane nerd. Airlines understand this too.

The Future of Cybersecurity Isn’t What We Expected

Javvad Malik

We were told that by now, we would live in a perfect world with flying cars. But that hasn’t arrived yet. We also believed that cybersecurity would be a problem that would have been solved, but it just seems to be getting worse. But what if the problem isn’t getting worse. What if we have solved cybersecurity and we do have flying cars – we’re just not looking at things in the right way.

The Million Dollar Homepage

Javvad Malik

Back in the olden times (in 2005) a website was setup called the Million Dollar Homepage. A brainchild of student Alex Tew who wanted to raise some money for university. The concept was simple, get a webpage composed of a million pixels and sell them all for $1 each. They were sold in 10 x 10 pixel blocks. Whoever bought the block could provide an image, logo, text, link etc.

Looking for security in the wrong places

Javvad Malik

It’s an old economists’ joke. A person out walking at night comes across a man scrabbling on the floor under a lamppost. The man on the floor says he lost his keys. When asked when he dropped them he then replies, “Oh, I dropped them over there, but the light’s better here.” ” It’s an apt metaphor for how cyber security sometimes operates. It’s easier to deal with things we are familiar with, in environments we know best, and using tools we prefer.

122
122

Leaving WhatsApp – Treating the Symptom, Not the Cause

Javvad Malik

A few months ago, many people were riled up over the proposed updates to WhatsApp terms and conditions. The popular messaging service which was acquired by Facebook in 2014 for $16bn, was apparently updating its Ts and Cs which users had to either accept or choose to leave.

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization. They’ll share how to grow your business faster and minimize costs for both security and compliance

Making the best of a bad situation

Javvad Malik

It must have been around 2005. I was fed up with my job. I was the at that stage of life where I had the perfect balance of youthful arrogance, a disdain of authority, and just enough knowledge to give me illusions that I could do my boss, and his boss, and his bosses job better than they could combined. So, I did what anyone would do – updated my CV and sent it out to recruiters.

Roll your own VPN and other tech advice

Javvad Malik

Like many people, over the last couple of years, my main real interaction with people outside of my immediate family and Amazon delivery drivers has been via the internet. The beauty of the internet is that you don’t need to shower, put on decent clothes, or worry about offending anyone. If anything, offending someone is an online ritual that everyone partakes in at some point or another. There are many highly skilled security professionals online.

VPN 122

Every day is cyber security awareness month

Javvad Malik

October is National Cyber Security Awareness Month. . Delivering effective cyber security awareness is an ongoing process, and not one that can be solved in one month a year. But that doesn’t mean we shouldn’t try. Staying safe online has many similarities with staying safe on the line aka tightrope walking. It involves a delicate mix of courage, foolhardiness, balance, poise, and the threat of falling to a horrible death.

The Value of Certifications

Javvad Malik

“How does your degree compare to my 10 years practical work experience?”. This was something my very first manager used to say often to me and other fresh-faced graduates. He had a point – we knew nothing about the business, any of the tools, or the job compared to him, or indeed anyone else who had been working more than three days at the bank. But we had come in on the exclusive ‘graduate programme’ touted as the future of the workforce. It did not even matter what your degree was in.

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. Join Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies, for a discussion that will focus on compliance and the types of privacy and security measures your company should be aware of, as well as tips and methods for implementing these measures.

How I pwned an ex-CISO and the Smashing Security Podcast

Javvad Malik

Disclaimer, this was a bit of fun with consent. But there are some worthwhile things to bear in mind. If you’re predictable, then criminals can take advantage of that.

CISO 141

The Ying Yang of Your Engine

Javvad Malik

I recently argued that I don’t really care about an aeroplane’s engine and that I only cared about the experience I have travelling on it. Some people argued with me that the engine is very important and without an engine the aeroplane won’t fly. Allow me to elaborate my thinking with the example of a road. When you’re building a road, engineering is of utmost importance.

The Familiar Stranger

Javvad Malik

Along my journey, I cross paths with a stranger. We have never met before, and will probably never meet again. We are aware of each others presence and acknowledge each other without acknowledgement. To each other, we are familiar strangers. There are many familiar strangers, all on their own journeys. Each with their own precious cargo. Some have exquisite rings, others with grand sparkling crowns, and some have small trinkets. The familiar stranger is holding a diamond encrusted cane.

109
109

My Retirement Plan

Javvad Malik

Buy 10,000 trophies from China (max $1 each including shipping) Buy an engraver Register a fancy domain, like, “WorldsBestSecurity.com” Send emails to companies saying they’ve “won” an award in some <random category> For a mere $1000 they can get featured in the WorldsBestSecurity.com listing and receive an engraved trophy. . 10,000 * 1000 = 10,000,000 . Even with a 50% failure rate I’ll make $5,000,000.

109
109

The bad old days

Javvad Malik

BSides London is taking place and due to the pandemic and things, I’m not going and it’s put me in a contemplative mood about the early days of my career. When I started there were no such things as conferences such as BSides. We only had Infosec Europe and the most we got out of there was some free USB sticks… If we were lucky they would be 500 megs. A lotta things have changed since those days.

All security products are good

Javvad Malik

I tried to be a bit click-baity with my headline by saying all security products are good. But I think I failed in making it very enticing. That’s typically a problem with click bait, if you don’t go big, you don’t really generate a ton of interest. And if you go too big, then you end up looking crazier than the naruto runner outside Area 51.

What business are you in?

Javvad Malik

Do you want fries with that? Global giant McDonald’s is famous for its fast food. However, it’s not their burgers and fries that made the business profitable. Ray Kroc struggled to initially bring enough revenue from his franchised restaurants in order to pay for the land and the building for McDonald’s restaurants, which meant growth was limited to one restaurant at a time.

3 takeaways and a ramble

Javvad Malik

It’s been another weird year for many. Most of the world had vaccines, came out of lockdown, only to be hit by another variant, and ending up in a weird limbo lockdown all over again. As someone who has predominantly worked from home for the last 8 years, I have welcomed the last couple of years. I no longer get the, “oh, so you’re working huh” nudge nudge wink wink from people. Now I get the, “WFH is hard.

Media 100

Cybersec’s Messy Messaging

Javvad Malik

I saw an article on The Register today entitled, Crypto for cryptographers! Infosec types revolt against use of ancient abbreviation by Bitcoin and NFT devotees. TL;DR the argument is whether or not crypto should mean cryptography or cryptocurrency. Now, I get it, it can be an emotional topic for some – but really? The majority of the population don’t even understand what cryptography actually is.

The Terminator had it all wrong

Javvad Malik

It’s really easy to become complacent in security when the bad guys aren’t focussing you. But when the evil eye of Cyber Sauron casts its gaze your way, you soon realise your silver bullets were only silver-plated. As lockdowns around the world ease to a degree and many organisations are welcoming staff back into the office. However, it’s not a complete return to office, and for now, it appears as if hybrid work environments are the way to go.

VPN 100

Ransomware gangs aren’t very bad

Javvad Malik

Ransomware is the big threat to all organisations. It’s the worst thing to ever happen on the internet. All ransomware gangs need to be hunted down and shut down wherever they may be. No ISP should be left unturned, no router left unexamined. They all need to be burnt to the ground! But is that really the case? If you think of the story of Goldilocks and the 3 bears. Goldilocks is portrayed in a way in which we sympathise with her. Or are fearful for her safety once the bears return.

Fisherian Runaway

Javvad Malik

Today I learn the phrase Fisherian Runaway, which was a term coined by mathematical biologist Ronald Fisher to account for the evolution of exaggerated male ornamentation, e.g. peacocks with their big tails. I wonder if we’ve fallen into the same trap within cyber security – especially when it comes to what gets researched, reported, and presented at events. Are we pursuing things that will further the industry and benefit the users?

My top 5 videos of the year

Javvad Malik

Following on from last weeks post in which I summed up my top 5 blogs of the year , the sequel that one person asked me for was, what were the most watched videos of mine during 2020? Well, wonder no more, as I give you the top 5 in reverse order, cue the Top of the Pops intro!

Middle Brothers

Javvad Malik

When we talk about privacy and surveillance, discussions usually involve talk of Governments keep the population under manners. But unlike the good old days of the eighteenth century, Governments aren’t the only ones with skin in the population monitoring, control, and profiteering business.

The NCSAM Campaign

Javvad Malik

For October’s National Cyber Security Awareness month, I put together a few videos and blogs. In my mind it formed a campaign, but for various reasons, the timings were a bit inconsistent and the different resources ended up on different places.

The Predictions Dilemma

Javvad Malik

The last quarter of the year is also known as predictions season. It’s the time where those who consider themselves to be wise and enlightened rub their chin thoughtfully and spout the wisdom of what the future holds.

If you want security, lie to me

Javvad Malik

We’re all honest and good people… well, at least most of us are. From a young age, we’re taught to always tell the truth and to never lie. However, our inherent honesty can be our own worst enemy when it comes to cybersecurity.

Winding down 2020

Javvad Malik

From a creative perspective, 2020 hasn’t been a bad year for me. I ended up writing, 80 blog posts (most of which were published elsewhere ) created 54 videos, 48 podcasts, and 48 presentations and webinars. I guess lockdown gave me more time to mull on things and be more productive. Despite the fact that I am far more productive than the average person, and have been called the Hercules of information security (not my words), I think it’s good for everyone to take some downtime.

My Top 5 Blogs of the Year

Javvad Malik

I saw Cygenta posted their top 5 blogs of the year on Twitter and thought that it was a wonderful idea to rip off / borrow / be inspired by. So, I proudly present, my top 5 read blogs during the course of 2020. From my blog that is. I’ve written many other articles on other sites this year, and I’m sure some of them have been read more. Anyhow – on to the list. 5: Writing better risk statements Do you struggle to articulate security risks?

CISO 100

Bravo-Cado: Cloud Forensics Defying COVID-19

Javvad Malik

I worked for a couple of years with Chris Doman when I was at AlienVault. In his spare time Chris ran a popular threat intelligence portal called ThreatCrowd which AlienVault acquired when they hired him. Chris is not only one of the smartest people I’ve worked with, but also one of the nicest. I enjoyed collaborating with him over the years and learnt a lot from him. .