Sample Work

Samples
You could say that this entire website is a sample of my work. Well, yes and no. Most of this site is writing for myself; and, if you hadn’t noticed, letting off steam about things that concern me. But when I write for a client, I write what the client wants the reader to read; not what I want to write.

Here are a few examples; and I’ll include more as time progresses. ‘Exclusive’ means you’ll only find it here on this site; that is, I’m writing for myself but it’s something I feel strongly.

• Whitelisting Vs Blacklisting
  Traditionally, we use ‘blacklisting’ for our anti-malware defences. We create a blacklist of known malware, and stop them; allowing everything else to run. But should it be the other way round? Should we have a ‘whitelist’ of what we want to allow; and stop everything else? This article was written for, published by, and posted here with the kind permission of Infosecurity Magazine.

• The infosec market in China
  “From the early days of Confucius throughout the history of the empire right to modern communist China, the driving force is the collectivist state and not the individual.” This article was written for, published by, and posted here with the kind permission of Infosecurity Magazine.

• Social networks and security
  “Social networking applications are a very, very good idea; and they are characterised by a lack of built-in security.” This article appeared in the Guardian. It was written for, published by, and posted here with the kind permission of Lyonsdown.

• Data Centres in the Cloud
  “…the complete migration of data centres into the cloud is simply not happening as fast as these arguments suggest it should; and that’s what we’re going to discuss…” This article was written for, published by, and posted here with the kind permission of Infosecurity Magazine.

• Anti-virus and anti-spam: a technology update
  Are the bad guys winning the arms race? What are the latest developments in malware, and what is the AV industry doing to combat them? This article was written for, published by, and posted here with the kind permission of Infosecurity Magazine.

• Selling Biometrics to the masses
  Biometrics has been around for a long time; but has never quite been accepted? Why? What needs to be done to make it acceptable? This article was written for, published by, and posted here with the kind permission of Infosecurity Magazine.

• Securing the Public Cloud for the Mobile Workforce
  This article looks at the collision of mobile and cloud computing; and examines the security issues that arise. It was included in the Raconteur supplement on Security in the Cloud that was published in the Times on 12 October 2010.

• The art of social engineering
  This article looking at the development of online social engineering was written for, published by, and posted here with the kind permission of, Infosecurity Magazine.

• How to achieve greater security in the cloud than most people have in the computer room. This article looks at some of the emerging technologies that could make the Cloud a safe place for your data. It was included in the Raconteur supplement on Enterprise Cloud Computing published in the Times on 20 July 2010.

• AMTSO: a serious attempt to clean up anti-malware testing; or just a great big con?
  Exclusive. This article examines the philosophy and organization that is the Anti Malware Testing Standards Organization.

• A chat with Luis Corrons, technical director at PandaLabs
  Exclusive interview. Discusses the Mariposa botnet, the Aurora hack, and the value of product tests.

• Security on a Shoestring — how to get more for less in a recession
  This article on maximising your security budget was written for, published by, and posted here with the kind permission of, Infosecurity Magazine.

• The fully virtualized environment
  This paper was written for Raconteur Media. It was included in the Raconteur supplement on Virtualisation published in the Times on 2 March 2010.

• Log Management: a necessary part of information security
  This paper was commissioned by ITProPortal. It examines the value of log management as a means to improve security and aid regulatory compliance.

• 2009 reviewed; 2010 previewed
  This was an exercise for myself just before I started this blog. It was written in December 2009. The idea was to produce a typical magazine/web article while at the same time laying down my security predictions for 2010. Time will tell if I got it right.

• Cloud: What Information Security has been waiting for?
  This paper was written for Raconteur Media. It was included in the Raconteur supplement on Cloud Computing published in the Times on 2 December 2009.