In my previous posts, we’ve explored the imperative of building resilient AI architectures through adversarial robustness pipelines and the continuous testing that underpins them. I spoke about MITRE ATLAS and today, I want to introduce it as it is a crucial framework that provides a common language and structured approach to understanding and defending against sophisticated threats: MITRE ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems). For those of us deeply entrenched in cybersecurity, the MITRE ATT&CK framework is likely second nature. [Read More . . .]

I have observed a profound shift in the cybersecurity landscape over the past few years, the threat landscape is changing rapidly. The integration of Artificial Intelligence (AI) into core business functions is no longer futuristic; it’s a present-day reality. However, with this incredible innovation comes a fresh wave of sophisticated risks. This is precisely why the demand for expertise in threat modelling and risk assessments specifically tailored to AI workloads is skyrocketing – and rightly so. [Read More . . .]

Across multiple industries we are witnessing a palpable surge in advanced AI-powered cyberattacks, which has triggered a significant and, frankly, necessary shift in organisational priorities. Crucially, Artificial Intelligence and Large Language Models (LLMs) have now unequivocally surpassed ransomware as the top cybersecurity concern for security leaders. This isn’t just a fleeting trend; it’s a profound re-evaluation of risk driven by several critical developments: AI-Driven Threats: The New Arsenal The adversaries are getting smarter, faster, and more scalable. [Read More . . .]

Federated Learning Security: Training Together, Staying Safe I’ve spoken in previous posts about the transformative power of Federated Learning. This innovative approach allows machine learning models to be trained collaboratively across numerous decentralised devices or organisations, critically, without ever centralising the sensitive raw data. It’s a game-changer for privacy, especially in sectors dealing with highly confidential information like healthcare or finance. However, as with any powerful technology, Federated Learning introduces its own unique set of security risks that demand our meticulous attention. [Read More . . .]

Securing the Edge: Lightweight Architectures for Robust AI One area that truly excites – and challenges – me is the burgeoning world of Edge AI. Deploying sophisticated Artificial Intelligence directly onto resource-constrained edge devices presents a unique security conundrum: how do we implement robust protection without overtaxing hardware with limited processing power, memory, and battery life? It’s a delicate balancing act, but one that’s absolutely critical for the trustworthiness and widespread adoption of Edge AI. [Read More . . .]

Zero Trust for AI: Securing Intelligence in a Distributed World As a security architect one truth that has become increasingly clear for many years is traditional perimeter defences are simply not fit for purpose. This reality is amplified manifold when we consider the dynamic, interconnected nature of Artificial Intelligence (AI) systems. When AI components dynamically interact across increasingly distributed environments – from cloud to edge, microservices to serverless functions – the old ‘trust but verify’ model doesn’t just falter; it crumbles. [Read More . . .]

Hardware-Enforced AI Security: Fortifying Your Models from the Ground Up As an experienced security architect, I’ve spent considerable time contemplating the layers of defence needed for our AI intelligent systems. While robust software practices, stringent CI/CD pipelines, and even adversarial training are absolutely vital (as we’ve discussed in previous posts), there’s a fundamental truth often overlooked: if the underlying hardware isn’t secure, our software defences can ultimately be compromised. This is why Hardware-Enforced AI Security is fast becoming a non-negotiable for protecting our most valuable AI models. [Read More . . .]

Adversarial Robust Pipelines and Building AI That Bends, But Doesn’t Break Artificial Intelligence has been nothing short of transformative, I use my own AI models on my laptop everyday, automate agents to research and find information in the darkest corners of the internet for projects I work on. Yet as the saying goes with great power comes great responsibility – particularly in the realm of security. Beyond the headline-grabbing breakthroughs, a critical area of focus for security architects like myself is adversarial robustness. [Read More . . .]

Securing the Future: Navigating MACH Architectures with Confidence It is a fiercely competitive and economically challenging business landscape, the relentless pursuit of digital innovation is non-negotiable. Businesses are constantly striving for agility, scalability, and, crucially, rock-solid security to keep pace with relentless change. One architectural paradigm that has truly taken hold is MACH (Microservices, API-First, Cloud-Native, Headless). While I’ve witnessed glimpses of this in enormous organisations wrestling with decades of legacy systems, it was only when I had the privilege of helping a client build an entire banking infrastructure from the ground up in the cloud that I truly grasped MACH’s transformative power – its ability to enable blistering speed and rapid adaptation in the face of fierce competition and emerging technologies. [Read More . . .]

In search of a Secure Mobile Phone As an iPhone user myself, I’ve had my fair share of frustrations with Apple’s approach to security and data protection. When it launched, I embarked on a journey to try to implement Advanced Data Protection in iOS, a journey that took over a year working with Apple support which resulted in having to create a whole new iCloud account and “delete” the data from the other account. [Read More . . .]

Designing zero trust architectures for clients who have thousands of IoT devices connected to the network, from monitoring warehouse capacity, automated movement of stock throughout the warehouse down to monitoring retail store merchandise and how customer interact with the store. Internet of Things (IoT) devices have become ubiquitous. However, their proliferation brings unique security challenges that traditional controls often struggle to address effectively.

Microsegmentation has emerged as a critical technique for enhancing security by isolating workloads and reducing the attack surface. Unlike traditional network segmentation methods, which focus on broad divisions based on subnets or VLANs, microsegmentation allows for granular control at the individual workload level.

With all the technology focus on AI you would be forgiven for forgetting about the next frontier in computing, quantumn computing which is developing leaps and bounds. Quantum computing, once a theoretical concept, is rapidly advancing towards practical application. The technology promises to redefine cryptographic protocols and security architecture fundamentally. Understanding quantum computing’s implications for cybersecurity is crucial as we prepare for this next frontier.

Beyond Bitcoin: Blockchain’s Role in Next-Gen Security Architectures Following on from our recent deep dives into cloud and container security, today’s post takes us to a technology that, while often synonymous with digital currencies, holds far broader implications for our security landscape: blockchain. Its truly disruptive potential extends well beyond cryptocurrencies, with its decentralised and immutable nature making it an incredibly attractive solution for securing various applications, particularly in complex industries such as supply chain management and identity verification. [Read More . . .]

Serverless architectures, with their promise of auto-scaling, cost efficiency, and reduced operational overhead, have rapidly gained traction in the cloud computing landscape. However, this paradigm shift also introduces new security challenges that necessitate a reevaluation of traditional security models.

Data privacy has become a cornerstone issue in cyber security in producing large data sets to train large language models. As machine learning (ML) and artificial intelligence (AI) models increasingly drive critical business decisions, ensuring that these models respect user privacy is paramount. But, what is the best way to do this? Enter federated learning, a groundbreaking approach to training ML models without exchanging or centralizing data. This methodology holds promise for preserving data privacy while still allowing organizations to leverage the power of AI.

AI and LLMs are transformative, and continue to enrich and permeate our digital lives, the importance of planning incident response and detection specific to these platforms for security teams cannot be overstated. Speaking to my network of security professionals, the prospect of malicious actors exploiting vulnerabilities in production AI systems sends a shiver down even the most seasoned of security professional’s spines. It was from these conversations I decided to venture into the nuances of detecting incidents around AI platforms, providing guidance on what to look for and how to respond, this isn’t using AI in incident response, but responding to incidents with AI (LLMs), the former is a topic for a future blog, maybe. [Read More . . .]

In my last post, I detailed the importance of securing the model development pipeline, highlighting the unique challenges posed by the complex nature of AI development. Today, we delve into another crucial aspect of AI security that isn’t in the OWASP Top 10 for Large Language Models but I feel is important to understand, inexplicitability, a factor that can compromise the integrity and reliability of AI models. inexplicitability : Noun. [Read More . . .]

In my previous blog post, I wrote about the risks of Model Inversion Attacks and ways to mitigate them. In today’s post, I will focus on another aspect of AI security: securing the model development pipeline. The model development pipeline is a series of processes that transforms raw data into a trained machine learning model. This pipeline typically includes several stages, such as data collection, preprocessing, feature engineering, model selection, training, validation, and deployment. [Read More . . .]

Last time I discussed Training Data Poisoning, a threat to AI systems that involves manipulating the training data used by Language Learning Models (LLMs). Today’s blog post I will explore another significant risk which can expose sensitive data, Model Inversion Attacks. This attack method focuses on exploiting the information contained within LLMs themselves to infer sensitive data about individual users or entire datasets. Model inversion attacks rely on a simple premise, since an LLM has been trained on specific data, it should be possible to extract information from the model that could reveal details about the underlying dataset. [Read More . . .]

In my previous post, I wrote about Prompt Injection, a manipulation technique that exploits the way LLMs process user-provided inputs. In this post, we’ll delve into another critical threat: Training Data Poisoning. What is Training Data Poisoning? Training Data Poisoning refers to the act of intentionally manipulating the training data used by LLMs to influence their behavior and output. This can be done by introducing misleading, biased, or malicious information into the training dataset. [Read More . . .]

Large Language Models (LLMs) are begin integrated into more and more software applications and changing the way we interact with technology. Having spent many years in cyber security I looked at Machine Learning a long time ago and began to question, so what is new here, it’s software, it’s data, what makes it different and why did I need to approach it differently from other software?

One of areas I have spent a lot of time researching over the past 5 months is in building cybersecurity machine learning models for a personal project, when using uncensored models it is a completly different ball game on what is achievable.

IAM Roles for ECS/EKS: Right Permissions, Right Place Continuing our journey through the intricate world of cloud security, today’s post takes us straight to the heart of Identity and Access Management (IAM) roles for ECS/EKS Tasks. As a security architect, I constantly champion the principle of least privilege, and a crucial part of that is genuinely understanding the nuanced difference between Task Roles and Service Roles when it comes to securing your containerised workloads. [Read More . . .]

Securing Container Images: Best Practices for a Robust Containerised Environment Throughout 2024, my blog posts will primarily draw upon my security engineering and architecture experience, sharing the best practices I’ve implemented and the challenges I’ve conquered in AWS over the past decade. In this month’s dive, I’m heading into the intricate world of container security, aiming to shed some much-needed light on the best ways to fortify your containerised infrastructure. [Read More . . .]

Throughout my journey in different organisations over the past two decades, one constant remains: the pivotal role of organisational culture in cybersecurity. Despite all the technical controls, it’s the human element that often dictates the success or vulnerability of each organisation’s cyber defences.

Penetration testing is a critical part of any robust cybersecurity strategy. However, a successful penetration test relies not only on the skills of the testing team but also on effective collaboration with the security operations team. Providing the right information to your security operations team before a penetration test can prevent false alerts, streamline investigations, and enhance the overall effectiveness of the testing process.

Being in a leadership role in information security requries bringing together a level of technical understanding, strategic thinking, leadership, business skills and communication abilities. This can be a lot to manage all at once, as well as projects and the security hot topic of the day. One way to manage all of this is through good organsiation strategies, over many engagements with clients I have tried different methods, these are the ones which I use today to help me stay organised and strike a balance across competing priorities.

The ability to communicate effectively with a diverse array of stakeholders, from your own security team to C-level executives is extremely if not the one of the most important aspect of leadership in security.

As I prepare to embark on my next assignment, I thought I would share how the initial fortnight in a CISO role is vital for understanding your team, establishing relationships, and setting the stage for long-term success. As an independent consultant, my strategies might be dramatically condensed compared to when you are assuming the role for a longer term as a permanent team member.

As an independent consultant, I gain a unique insight working with many different organisations. I have seen my fair share of management trends come and go, some seek to revolutionise and transform the way teams work in cybersecurity, while others fail to plan far enough ahead, because you know cybersecurity changes so quickly and todays priority may not be tomorrows. This was recently raised during one of my catchup sessions with a mentee, a number of challenges have arisen as their organisation goes through some leadership changes.

Building a successful and resilient global organization demands more than just robust internal controls. In today’s interconnected business landscape, opportunities often come hand-in-hand with external dependencies. Effectively managing third-party risks has become a critical imperative for leaders across all industries.

The AI Revolution: Friend or Foe in Cybersecurity?

Artificial intelligence (AI) and Machine Learning (ML) are undeniably reshaping our world, and the realm of cybersecurity is no exception. These remarkable technologies, with their uncanny ability to learn from vast datasets and predict future outcomes, offer an almost boundless potential in our ongoing battle against ever-evolving cyber threats. Yet, as with any powerful innovation, they also introduce new vulnerabilities that demand the sharpest attention from today’s security leaders.

As a security leader one of the most vital aspects of my leadership roles has been not just dealing with the technical intricacies and cybersecurity as a product but also creating, leading and moulding highly effective teams..

The task of managing cybersecurity risks in supply chain management is an imperative for businesses. Supply chain processes involve a complex web of suppliers, manufacturers, distributors, retailers, and service providers, all interconnected through digital transactions. This web is open to cyber threats, which can potentially have a substantial impact on businesses.

Take a moment to reflect on your typical day.

You wake up, perhaps groggily fumbling for the phone beside your bed, thumbing through notifications and catching up on the news from last night. Maybe you then order a flat white from your favourite local café via an app, or video call a loved one overseas before settling into your emails for the day. It’s all so second nature, isn’t it?

Securing our businesses from invisible invaders is imperative, requiring orchestration of defence akin to a symphony, with each resource playing its part to perfection. The challenges of implementing robust security operations include scarcity of skilled personnel, insufficient resources, a reactive approach to threats, and over-reliance on tools to fill gaps, the failure of which can lead to catastrophic financial, reputational, and regulatory consequences.

In the heart of the French Alps, where innovation, adrenaline, and nature converge, I witness alpinists gearing up for their mountain adventures every weekend. Ropes, mountain bikes, and mountain running shoes dominate the scene, while skis and snowboards take over during winter. As a technology enthusiast, I am always intrigued by the gadgets people bring along, ranging from performance trackers to emergency beacons. My focus turned to the workings of beacons in the mountains, connecting with satellites and radio repeaters. The CEO of one of my clients participates in an annual multi-day cross mountain running event in the Alps, where his progress can be tracked online, stage by stage.

Digital business operations continue to rapidly expand and the threat landscape concurrently evolves in complexity and sophistication along with that growth. Cybercriminals are perpetually seeking out vulnerabilities to exploit, and the onus is on businesses to adopt proactive defence strategies to keep one step ahead. Among the most effective tools in our cybersecurity repertoire to help us do this is threat intelligence.

In software and systems development, the incorporation of security measures from the outset of a project is an imperative. The notion of ‘secure by design’ is achieved through a multitude of processes and methodologies, of which threat modelling is a crucial part.