Subscribe to Fresh Thoughts - The Fresh Security Weekly Newsletter

Get control of
cybersecurity
in 4 minutes each week.

Subscribe to Fresh Thoughts for a weekly dose of straight talking.

It's how you cut through the cybersecurity bull.

Discover stories and insights that help you make better security decisions.

What matters? What's hype? And why?

Our newsletter subscribers always get the answers. First.

We'll never share your email.
reading Fresh Security Newsletter on a phone

Previous Issues of
Fresh Thoughts

Soldering Iron

Fresh Thoughts #63: The Power of Experiences

"Please, can you pass me that soldering iron?". He picked up the wrong end. At that moment, I recognised the difference between book knowledge and experience...

Laptop on the garden table

Fresh Thoughts #62: Scattered Secrets: How Lockdowns Changed IT and the Way We Think About Security

The last vestiges of the pandemic are playing out, and returning to pre-pandemic policies. But one area I have already seen a substantial change is in business IT...

Antique Scales

Fresh Thoughts #60: The Truth About Incident Response

Responding to cybersecurity incidents doesn't always get to the "truth", and that's why you must prepare beforehand...

Child playing in foam blocks

Fresh Thoughts #59: What Do Soft Play Centres, Top Secret Government Bases and Your Supply Chain Have in Common?

Spending most of my time looking and thinking about security issues in customers' supply chains - I found an unconventional yet fitting comparison...

Gap in rock formation

Fresh Thoughts #58: Vulnerability Scans or Pen Tests?

I was helping prepare a cyber insurance questionnaire, and a thorny question arose - What's the difference between a vulnerability scan and a penetration test?

One match next to the other and now also

Fresh Thoughts #57: Backup and Disaster Recovery Are Very Different Things

Working in the computer storage industry I learnt a valuable lesson - which many knowledgeable, technical people still don't recognise...

Childs bike on ground

Fresh Thoughts #56: We Made a Mistake

Mistakes will happen. But how can you minimise the number of mistakes - and systematically learn from them when they occur?

Child using phone to look at flowers

Fresh Thoughts #55: A Great Security Experience

It's hard to see the value of security until it's needed. It can feel like a waste. But security is the cosiest feeling when the chips are down.

woman holding a handbag and laptop case

Fresh Thoughts #54: What Can a Stolen Handbag Teach Us About Threats?

The latest version of ISO 27001 has a new control - Threat Intelligence. What is it? And how can a recent theft help us understand more?

IT Assets now redundant in a skip

Fresh Thoughts #53: Asset Management - Done Differently

If you don't know what devices connect to your network, how can they be secured? Are they patched and configured correctly? Let's talk asset management.

woman holding money

Fresh Thoughts #52: Should You Pay a Ransom?

Ransomware payments - I thought I knew the answer. But researching the topic ready for this newsletter, I found a much more complicated situation.

stack of notebooks

Fresh Thoughts #51: Autumn/Winter Directory 2023

Next week it will be one year since I started writing Fresh Thoughts. Time to reflect on the stories we've covered in the past year...

creating a checklist in a notebook

Fresh Thoughts #50: The 10 Immutable Laws of Security Administration

This hard-to-find blog post from 2000 lays out ten fundamental truths of cyber security. 23 years on... it's still insightfully brilliant.

father helping son observe

Fresh Thoughts #49: How Do You Respond? OODA

This is the model I use to respond to all types of cybersecurity and business situations... OODA.

woman holds up stop hand

Fresh Thoughts #48: Are Cyber Attacks "Uninsurable"?

The headlines say, "Cyber attacks set to become 'uninsurable', says Zurich chief"... But is this real or clickbait?

girl reading where the world ends

Fresh Thoughts #47: Situation Normal. The End of the World Is Nigh.

As is tradition the conclusion of the LastPass data breach was spun into "the end of the world is nigh" scaremongering. But what does it actually mean?

rugby players in in a huddle

Fresh Thoughts #46: The People Perimeter

No amount of cybersecurity technology can provide perfect protection. At some point, your people will need to form a defensive perimeter...

concrete silo

Fresh Thoughts #45: Can ISO-27001 Solve Our Siloed Comms Problem?

ISO 27001 isn't just a security certification - it can also help your team communicate effectively.

man on bike at sunset

Fresh Thoughts #44: Let Technology and People Play to Their Strengths

Do people and technology both have the same strengths in cybersecurity?

girl shaking hands with a robot

Fresh Thoughts #43: Who Do You Trust More - People or Tech?

It can be challenging to decide which is better... Buying more security tech or taking a human-centric approach? Here are some points you should consider...

swiss cheese plant

Fresh Thoughts #42: My Security Is Like Swiss Cheese

Your security is like Swiss cheese. Is that an insult or a good thing?

black kite soaring

Fresh Thoughts #41: Are You Ready to SOAR?

Are you ready to auto-magically respond to every other incident with SOAR... 🤔

production line

Fresh Thoughts #40: Think Like a Hacker

What motivates a hacker to infect a computer? Let's use the recent EMOTET outbreak as an example...

Nope written on a board

Fresh Thoughts #39: The #1 Reason Cyber Insurers Don't Pay

Why do cyber insurers refuse claims? It turns out there's one main reason...

Person standing alone in a field of wheat

Fresh Thoughts #38: “You're on your own.”

Sandip Patel KC tells us - "The government and law enforcement are not going to save you from cybercrime."

Tired athlete during an ultra marathon

Fresh Thoughts #37: What Does It Take to Get ISO27001:2022?

You're thinking about ISO 27001:2022… So what does it take to achieve the certification?

Multiple choice answer booklet

Fresh Thoughts #36: Get Security Certified! Why Should We?

Why do we do cybersecurity? It's a question we regularly ask at Fresh Security and the answers are pretty predictable...

Smythson note card and envelope

Fresh Thoughts #35: Who Represents Your Business?

Every new Fresh Security customer receives a handwritten Thank You note. It's a small token saying - we appreciate your trust...

people sitting round a coffee table

Fresh Thoughts #34: Are We Asking Too Much of IT Admins?

"When I started, it was common to have 6-9 months to figure out a new technology... Now my team has 2 days."

standing looking out of a window

Fresh Thoughts #33: The Show Must Go On

After every shock or atrocity, there is a time of recoil. This pause happens whether it's an event of world significance, a purely personal one...

Queen Elizabeth II

Fresh Thoughts #32: The Queen's Wit

My mum's Irish. And like many old societies, the Irish have strong opinions about death. If you've been to an Irish wake, you'll know...

old map

Fresh Thoughts #31: The State of Cyber Insurance - September 2022

In March we made predictions about the cyber insurance industry. Were we right?

a stack of books

Fresh Thoughts #30: Spring/Summer Directory 2022

With 29 issues of Fresh Thoughts under our belts, it's time to pause and reflect. Here are the themes we have touched on...

motion blur of people walking in an underground station

Fresh Thoughts #29: Security Should Be Shaker, Not Silk

The minimal elegance of Shaker furniture doesn't always come to mind when thinking of security... but when security is done right, it should.

motion blur of people walking in an underground station

Fresh Thoughts #28: Resilience: What Are My Options?

There should never be a budget for unnecessary. But when spending gets tight - resilience can start to look increasingly unnecessary.

motion blur of people walking in an underground station

Fresh Thoughts #27: Resilience: Keeping the Lights On and the Business Moving

"Never say - redundant. It implies unnecessary. And there's no budget for unnecessary." I was told this 3 days into my cybersecurity career.

boundary of a forest to felled trees

Fresh Thoughts #26: How to Right-Size Accountability

Being held accountable but having no control. It's one of the worst feelings I know. Unfortunately, it's all too common in cybersecurity...

Rocky path on the side of a mountain

Fresh Thoughts #25: The Revolutionary Advance of Three Random Words

Passwords have always been a problem. But in 2016, the NCSC rejected the legacy password rules and published a new, revolutionary idea...

three chrysalis

Fresh Thoughts #24: The Evolution of Cybersecurity: Antivirus

"Cybersecurity tech is constantly changing". Erm… not in my experience. Most of the cybersecurity tech is evolutionary.

Rocky path on the side of a mountain

Fresh Thoughts #23: The Time a Teenage Girl Broke Her Back

In Incident Response, “doing anything” can sometimes make things much, much worse. And it always burns time. Did I ever tell you about the time when doing nothing meant a 13-year-old girl wasn’t paralysed for life?

fire fighters putting out a burning car

Fresh Thoughts #22: Incident Response: What Most Companies Do & How To Respond

Once the shock of a data breach or ransomware attack subsides, everyone starts asking the question… What do most companies do in this position?

privacy please sign

Fresh Thoughts #21: The "I've got a policy you can use..." Insult

Cybersecurity policies have a bad reputation. It's well deserved, but it doesn't have to be this way.

bowl of M&Ms

Fresh Thoughts #20: Brown M&Ms & Trusting Your Team

Van Halen's rider famously contained a clause requiring a bowl of M&Ms... but no brown ones. While easily dismissed as rockstars being picky - it was anything but.

wolf in a forest

Fresh Thoughts #19: Tiny Changes, Significant Impact & Board Briefing Packs

At Fresh Security, we help our customers make small, tiny changes to the way they work. But those tiny changes create significant impacts.

chalk board with math formulas

Fresh Thoughts #18: Policies, Plans and Bad Weather

In business, there's a plan. But unlike a boat with a rudder and propulsion, there isn't a mechanical way to translate the plan into action. In business, we use policies.

chalk board with math formulas

Fresh Thoughts #17: Foundations and First Principles

Cybersecurity doesn't need to be complicated. Here are 2 models to ask questions and find gaps.

Empty Mason jar sat on a table

Fresh Thoughts #16: Risk Is Part of Business & Why Certification Is Not the Goal

Here are the 4 ways to deal with the risk of business and everyday life... And why security certifications are a goal....

Empty Mason jar sat on a table

Fresh Thoughts #15: Vulnerability Zero Is A Terrible Idea & Consistent Secure Configuration

Vulnerability Zero is the idea that you should fix every vulnerability. Vulnerability Zero is a terrible idea. Here are seven reasons why...

going up on a rollercoaster

Fresh Thoughts #14: The Emotional Rollercoaster of a Vulnerability Scan

Where else in life would you ask for a list of perceived flaws in excruciating detail? But that's precisely what a vulnerability scan is designed to do...

fulham football stadium

Fresh Thoughts #13: Communicating With Certifications & Fingerprinting Vulnerabilities

Some servers are like football supporters on a Saturday afternoon... And security certificates communicate information... quickly.

spreadsheet of numbers

Fresh Thoughts #12: Lies. Statistics. Risk Transfer & Cyber Insurance.

Are you a hacker - by mistake? And watching an insurance underwriter decide if they will take on risk reminded me recently of being a new manager...

dropped ice cream

Fresh Thoughts #11: Risk Assessment Mistakes & Do You Need More Security?

The biggest mistake I made on my first risk assessment? It was too detailed. I documented every possible way...

open rotten door in a decaying house

Fresh Thoughts #10: Risk is Not Unique & A Rotten Analogy

For some reason, cybersecurity folks seem to think they have a unique view of risk. But any business owner, investor or accountant knows - there are many types of risks we see...

burned out car in the desert

Fresh Thoughts #9: Keeping on Top of Common Threats & Wasted Training?

Why use security awareness training when 90% is forgotten within 1 week? Security awareness training is about creating triggers. To cause people to "feel something isn't quite right".

radio antenna on a hill side picking up signals

Fresh Thoughts #8: Seeing Signals & Why Some Bugs are Unpatchable

Security awareness training teaches your team how to spot the signals used in scams. Once they see it...

speaking to a large audience

Fresh Thoughts #7: The State of Cybersecurity Sales in 2022

Cybersecurity conferences are feeling nostalgic. Like it's 2010... but for some reason, no one is talking about the solution to ransomware. So we are...

jumping off a cliff into the sea

Fresh Thoughts #6.5: Trust is Earned (Sometimes)

Trust should be simple. Trust is doing what you say you will - over time. Unless you're in cybersecurity, then...

password spelled out in keys

Fresh Thoughts #6: Please. No More Security Soundbites

When you distil an idea too much, all meaning is lost. Security soundbites are contradictory and confusing. Time for a new project...

stop saving to chrome

Fresh Thoughts #5: Password Managers Are Becoming Collateral Damage

Password managers are fundamental to better security practices. But since Christmas, LastPass and Chrome have been working to block each other. Why?

Broken fence

Fresh Thoughts #4: The Price of Cyber Insurance & Know Your Perimeter

The eye-watering price of cyber insurance renewals may be coming as a surprise... Let's have a look at why it's happening.

Storm at sea

Fresh Thoughts #3: When Cyber Threats Are “Imminent” What Do You Do?

Doom! Doom! I say. What should you actually do when a cyber attack is imminent?

ice hockey game

Fresh Thoughts #2: Zero Trust & Leading Indicators

Zero Trust is everywhere... but is it just another buzzword? And the trouble with looking at the wrong indicators.

Little girl looking through binoculars

Fresh Thoughts #1: Trouble Ahead for Cyber Essentials?

Are the new Cyber Essentials v3 cloud requirements possible for small & mid-sized businesses? Let's discuss.

Freshsec Logo

Subscribe to Fresh Thoughts

Our weekly newsletter brings you cybersecurity stories and insights. The insights that help you cut through the bull.

We'll never share your email.

Resources

Fresh Security Support

Your Questions

Blog

Legal Bits

Your Privacy

Our Terms

Cookies

Fresh Sec Limited

Call: +44 (0)203 9255868