Sunday, August 18, 2013

IWM Duxford

On my way to KatFest, I took the family to the International War Museum at Duxford. We had taken mou youngest there when she was 10 days old (as part of a UK Empeg meet) but no-one had really had a chance to look around.

This time we spent nearly 6 hours there, and could still have spent more time (tip - start at the furthest hangar, the one with tanks, the Somme and the Land Warfare exhibits, and work back down - that way you won't queue to see anything, even at busy times) Getting there around 9:30 for an opening time of 10am helped as well.

Of particular interest to me are the hangars with the Navy exhibits (as my father and brother both served in the Royal Navy Fleet Air Arm) and the USAF hangar (as it has the Lokheed SR-71 Blackbird)

We saw a Spitfire being wheeled out of the 'flying aircraft' hangar so thought we'd see one of them flying around, but it was just to let out another aircraft. There were biplanes and world war two aircraft flying all day.

Anyway - a few pictures of my favourites:

The Blackburn Buccaneer

The SR-71 Blackbird from a couple of angles

Some suspended aircraft - can you identify all 9 in this picture?

De Havilland Sea Vixen

 One of 4 Spitfires at Duxford

De Havilland Twin Otter belonging to BAS, and stationed at Duxford when in the UK

The De Havilland Dragon Rapide - would have been nice to go for a flight

A Panavia Tornado

An Avro CF 100 MK4 Canuck of the Royal Canadian Air Force 

Hawker Siddeley Harrier

A De Havilland DH9 bomber in beautiful condition

My middle daughter took photos of every jet engine she could find - think she plans an art project

An F16 undergoing extensive work

Some instantly recognisable jets in a famous wing

Thursday, January 17, 2013

Securi-Tay 2

Spent January 16th up in Dundee, at the University of Abertay, at Securi-Tay 2. It was a very well run conference - it was organised by students on the Ethical Hacking and Countermeasures course, but was better organised than some professional conferences I have been to.

I saw some excellent speakers, and gave a talk on career planning in information security, so mine was by far the least technical talk there. Once the video is up online I will add in a link here...I was going to attach slides but it seems this blog software doesn't understand attachments that aren't pictures or video.

Highlights for me:

  • Graham Sutherland's talk on attacking office hardware ranged from simple and relatively harmless, to pretty hardcore hacking via chip removal and analysis. Excellent fun.
  • Nick Walker's talk on Android Security Assessments, while slightly too technical for me, was very interesting, and reminded me to pop Cyanogenmod on my Galaxy S3 this weekend.
  • The" Rory track" - of the two lecture theatres, one had 3 Rorys presenting, which just goes to confirm one of the Memes of Meta...

Security Stack Exchange managed to supply me with a few T-shirts, pens and stickers so quite a few speakers presented their talks wearing them, which was nice :-)

And the good folks at Securi-Tay kindly donated this bright red t-shirt to my con swag collection.

Friday, November 09, 2012

Conference planning for 2013

Having a look at conferences, as I have spoken at quite a few over the past couple of years, including AppSecEU, eSecurity Scotland Summit, Institute of Internal Auditors, ISACA and IISP events.

Top of my list for the year is the grass-roots security conference: B-Sides London, which I got to in 2011, but unfortunately missed this year. It's in the calendar, and I may propose a talk if I can get time before the CfP closes at the end of November. It coincides with Infosec, which is much more vendor focused, but the pair of them offer some excellent networking opportunities. is another one I'm looking at. I haven't been, but the Abertay guys are a good bunch, and this is just an hour up the road for me.

Will have to liaise with the team to see if I can take along some Security.StackExchange swag - T-shirts, pens, torches, stickers etc.

Any other thoughts on which conferences I should get to?

Thursday, November 01, 2012

And the Evening...

Now my IIA conference piece is finished, I can focus on tomorrow evening - Metaltech is one of the headline acts at the Alba Underground Scottish Industrial Music Festival.

We have been working hard to plan a session of hard rock, lasers, glowsticks, techno, fire-breathing guitars, audience based pyrotechnics and bubbles. Yes - bubbles. If Ozzy can use them, so can we!

Timing seems perfect, ISACA Now just published this article on my double life - and I hear from more and more people in security who have a deep interest in rock, metal and similar genres of music.

If you can make it - come and say hi. If not, enjoy a little number called Sell Your Soul, which harks back to some of our influences:

The Day Job

Was invited to talk to the Chartered Institute of Internal Auditors today, at their annual even. This was hosted at the Hilton in Dunblane (lovely setting, by the way - I recommend it!)

The theme of the event was around the auditor being a 'critical friend' which supports a large proportion of the work I do with audit, IT, security, risk, compliance and governance teams, namely:

Leveraging the skill sets of these teams and communicating will help you understand risks in your organisation!

With the rate of change of technological advances, and the associated new risks, your audit team are not in an ideal position to know about the new security risks a particular technology brings. But your security team may well know all about them already. So they should talk to each other.

In the echo chamber that is the security industry we harp on about this a lot - we understand security and often seem puzzled why others don't 'get it' but it is because we have our own peculiar jargon, terms, ratings etc.

The focus of my talk was on communication - being able to translate this jargon into business language. This goes for all specialist teams, to be honest - you all need to be able to get your information across to the FD, the COO, the business unit lead or whoever, in their terms, otherwise you will be ignored!

It was perhaps a challenge, being placed right after lunch, and right before Karl Snowden's political awareness talk, but I enjoyed myself, and I had enough people come to talk to me about the subject that it must have resonated with a few of the attendees.

Many thanks for inviting me, hosting an excellent event, and I must congratulate the venue on the awesome chocolate chip cookies!

(My only problem now is that with KPMG sponsoring this event, I now have an EY umbrella and a KMPG umbrella - and with my OCD I'm going to have to complete the Big-4 set!)

Friday, June 15, 2012

e-Crime Scotland Summit

On the 21st of May I presented a short talk at the inaugural e-Crime Scotland Summit, hosted by RBS at their excellent conference centre in Gogarburn. This event was introduced by Kenny MacAskill, Minister for Justice and boasted a wide range of high profile security professionals from the Police, consultancy, financial services, retail, penetration testers, audit and CISOs. Some talks were quite technical, and some at very high level - such as Richard Hollis' "Zen and the art of Threat and Risk assessment"

280 attendees registered for the event, which was reported in local and national news, and the feedback is incredibly positive - the aims of e-Crime Scotland are to equip Scottish businesses with the knowledge and tools to be "aware, vigilant, informed and ultimately safe from the destructive effects of e-crime in all its forms."

There were core themes running through the event - the key threats from organised crime, the technological capabilities of attackers and defenders, and the value of awareness training for all staff.

I spoke on Scams, Phishing and Malware - and the majority of my talk was aimed at describing just how reliant the majority of attacks are on people. While there are technical controls which can mitigate risks - which are used by many organisations - getting the people side right is critical!

I also used some of the results from PwC's biannual Information Security Breach survey to demonstrate why this should be of interest to all the attendees, who included heads of security, CISO's, CIO's, auditors, FD's, police officers and others.

The report includes some interesting numbers in the executive summary:
  • 93% of large companies had at least one breach last year
  • The median number of attacks last year was 54 for large companies
  • The cost of the biggest breach averaged between £110,000 and £250,000
  • 45% of large companies had breached data protection laws in the last year (one in ten of these said it happened at least once a day)
  • 73% of large companies outsource business processes, but carrying out checks of providers has not kept pace
Have a read - some very interesting summaries in there, and along with the Verizon DBIR gives a good overall picture.

Friday, November 18, 2011

Alter Ego - Boosted

My band, Metaltech, supported the mighty KMFDM this week at the Classic Grand in Glasgow. Now this was by no means the biggest gig we have played, having had successful gigs at the Wickerman, Belladrum and Rock Ness festivals etc., but in terms of pure awesomeness it wins hands down.

Trauma Inc. - a local Glasgow band kicked off, despite one of their number being hospitalised earlier in the week with an extreme allergy. Their sound is becoming more polished every gig.

Our gig was the best we have ever had - the house sound and light guys did us proud, we had an amazing mix, and KMFDM's fans really got into our set. Having them crammed down the front jumping (and singing) along really took us to a new level of excitement and fun. Our dancers, the Kamikaze Girls, from Edinburgh attracted a lot of attention too - big thanks to them for spicing up the dance floor! Barry, who runs the Classic Grand, made the entire evening run well, including an excellent after party. As ever Barry - apologies for the general mess we tend to leave...

And huge thanks have to go to Sascha, Lucia, Steve, Jules and Andy and their road crew for not only being an utterly lovely bunch of people and superb musicians, but for making us feel like part of the family for an evening. They delivered the promised Ultra Heavy beats, and made time to party with their fans, the support acts and generally hang out. Despite the obvious KMFDM influences in Metaltech's beats, I had never seen them live and I was soooo impressed at the skill each individual had (including Sascha and Lucia's wee daughter who joined in with soundcheck, despite being only 4 - there's a girl who is destined to be on stage!)

Hanging out with Lucia.

Already acquired the KMFDM WTF? t-shirt, so am a happy bunny

Steve, Lucia and Sascha rocking out!

The energy KMFDM have is amazing. This gig is 5 from the end of a long tour and they still give it everything...even through technical difficulties (a mic failed halfway through)

Aside from a gig tonight at the Cabaret Voltaire, I think Metaltech's 2011 live shows are at an end (next one isn't until January) but it has been an awesome year, with our album launch, festivals, loads of headline gigs, our Acoustech sideline and now this.

Let's see what 2012 brings for Metaltech.

Monday, September 12, 2011

So Alsop Consulting is on hiatus for a bit

I have happily taken on a new role - back in Big-4 consultancy - despite really enjoying owning and running my own company, and despite proving to myself that it is more relaxing and more profitable to run my own company!

After the experience of the best part of ten years working in, and then leading Ernst & Young's security team in Scotland, I was pleasantly surprised to be offered a very similar role in PricewaterhouseCoopers - to build and lead an information security team in Scotland.

The remit is nice and wide, the market is good, and I can draw on the experience and skills of a wide UK and global team in the short term while I grow local capability and resource.

Really looking forward to the next couple of years!