Subscribe to Fresh Thoughts - The Fresh Security Weekly Newsletter
Get control of cybersecurity in 4 minutes each week.
Subscribe to Fresh Thoughts for a weekly dose of straight talking.
It's how you cut through the cybersecurity bull.
Discover stories and insights that help you make better security decisions.
What matters? What's hype? And why?
Our newsletter subscribers always get the answers. First.
Previous Issues of Fresh Thoughts
Fresh Thoughts #63: The Power of Experiences
"Please, can you pass me that soldering iron?". He picked up the wrong end. At that moment, I recognised the difference between book knowledge and experience...
Fresh Thoughts #62: Scattered Secrets: How Lockdowns Changed IT and the Way We Think About Security
The last vestiges of the pandemic are playing out, and returning to pre-pandemic policies. But one area I have already seen a substantial change is in business IT...
Fresh Thoughts #59: What Do Soft Play Centres, Top Secret Government Bases and Your Supply Chain Have in Common?
Spending most of my time looking and thinking about security issues in customers' supply chains - I found an unconventional yet fitting comparison...
Fresh Thoughts #58: Vulnerability Scans or Pen Tests?
I was helping prepare a cyber insurance questionnaire, and a thorny question arose - What's the difference between a vulnerability scan and a penetration test?
Fresh Thoughts #56: We Made a Mistake
Mistakes will happen. But how can you minimise the number of mistakes - and systematically learn from them when they occur?
Fresh Thoughts #55: A Great Security Experience
It's hard to see the value of security until it's needed. It can feel like a waste. But security is the cosiest feeling when the chips are down.
Fresh Thoughts #53: Asset Management - Done Differently
If you don't know what devices connect to your network, how can they be secured? Are they patched and configured correctly? Let's talk asset management.
Fresh Thoughts #52: Should You Pay a Ransom?
Ransomware payments - I thought I knew the answer. But researching the topic ready for this newsletter, I found a much more complicated situation.
Fresh Thoughts #50: The 10 Immutable Laws of Security Administration
This hard-to-find blog post from 2000 lays out ten fundamental truths of cyber security. 23 years on... it's still insightfully brilliant.
Fresh Thoughts #49: How Do You Respond? OODA
This is the model I use to respond to all types of cybersecurity and business situations... OODA.
Fresh Thoughts #47: Situation Normal. The End of the World Is Nigh.
As is tradition the conclusion of the LastPass data breach was spun into "the end of the world is nigh" scaremongering. But what does it actually mean?
Fresh Thoughts #46: The People Perimeter
No amount of cybersecurity technology can provide perfect protection. At some point, your people will need to form a defensive perimeter...
Fresh Thoughts #44: Let Technology and People Play to Their Strengths
Do people and technology both have the same strengths in cybersecurity?
Fresh Thoughts #43: Who Do You Trust More - People or Tech?
It can be challenging to decide which is better... Buying more security tech or taking a human-centric approach? Here are some points you should consider...
Fresh Thoughts #41: Are You Ready to SOAR?
Are you ready to auto-magically respond to every other incident with SOAR... 🤔
Fresh Thoughts #40: Think Like a Hacker
What motivates a hacker to infect a computer? Let's use the recent EMOTET outbreak as an example...
Fresh Thoughts #38: “You're on your own.”
Sandip Patel KC tells us - "The government and law enforcement are not going to save you from cybercrime."
Fresh Thoughts #37: What Does It Take to Get ISO27001:2022?
You're thinking about ISO 27001:2022… So what does it take to achieve the certification?
Fresh Thoughts #35: Who Represents Your Business?
Every new Fresh Security customer receives a handwritten Thank You note. It's a small token saying - we appreciate your trust...
Fresh Thoughts #34: Are We Asking Too Much of IT Admins?
"When I started, it was common to have 6-9 months to figure out a new technology... Now my team has 2 days."
Fresh Thoughts #32: The Queen's Wit
My mum's Irish. And like many old societies, the Irish have strong opinions about death. If you've been to an Irish wake, you'll know...
Fresh Thoughts #31: The State of Cyber Insurance - September 2022
In March we made predictions about the cyber insurance industry. Were we right?
Fresh Thoughts #29: Security Should Be Shaker, Not Silk
The minimal elegance of Shaker furniture doesn't always come to mind when thinking of security... but when security is done right, it should.
Fresh Thoughts #28: Resilience: What Are My Options?
There should never be a budget for unnecessary. But when spending gets tight - resilience can start to look increasingly unnecessary.
Fresh Thoughts #26: How to Right-Size Accountability
Being held accountable but having no control. It's one of the worst feelings I know. Unfortunately, it's all too common in cybersecurity...
Fresh Thoughts #25: The Revolutionary Advance of Three Random Words
Passwords have always been a problem. But in 2016, the NCSC rejected the legacy password rules and published a new, revolutionary idea...
Fresh Thoughts #23: The Time a Teenage Girl Broke Her Back
In Incident Response, “doing anything” can sometimes make things much, much worse. And it always burns time. Did I ever tell you about the time when doing nothing meant a 13-year-old girl wasn’t paralysed for life?
Fresh Thoughts #22: Incident Response: What Most Companies Do & How To Respond
Once the shock of a data breach or ransomware attack subsides, everyone starts asking the question… What do most companies do in this position?
Fresh Thoughts #20: Brown M&Ms & Trusting Your Team
Van Halen's rider famously contained a clause requiring a bowl of M&Ms... but no brown ones. While easily dismissed as rockstars being picky - it was anything but.
Fresh Thoughts #19: Tiny Changes, Significant Impact & Board Briefing Packs
At Fresh Security, we help our customers make small, tiny changes to the way they work. But those tiny changes create significant impacts.
Fresh Thoughts #17: Foundations and First Principles
Cybersecurity doesn't need to be complicated. Here are 2 models to ask questions and find gaps.
Fresh Thoughts #16: Risk Is Part of Business & Why Certification Is Not the Goal
Here are the 4 ways to deal with the risk of business and everyday life... And why security certifications are a goal....
Fresh Thoughts #14: The Emotional Rollercoaster of a Vulnerability Scan
Where else in life would you ask for a list of perceived flaws in excruciating detail? But that's precisely what a vulnerability scan is designed to do...
Fresh Thoughts #13: Communicating With Certifications & Fingerprinting Vulnerabilities
Some servers are like football supporters on a Saturday afternoon... And security certificates communicate information... quickly.
Fresh Thoughts #11: Risk Assessment Mistakes & Do You Need More Security?
The biggest mistake I made on my first risk assessment? It was too detailed. I documented every possible way...
Fresh Thoughts #10: Risk is Not Unique & A Rotten Analogy
For some reason, cybersecurity folks seem to think they have a unique view of risk. But any business owner, investor or accountant knows - there are many types of risks we see...
Fresh Thoughts #8: Seeing Signals & Why Some Bugs are Unpatchable
Security awareness training teaches your team how to spot the signals used in scams. Once they see it...
Fresh Thoughts #7: The State of Cybersecurity Sales in 2022
Cybersecurity conferences are feeling nostalgic. Like it's 2010... but for some reason, no one is talking about the solution to ransomware. So we are...
Fresh Thoughts #6: Please. No More Security Soundbites
When you distil an idea too much, all meaning is lost. Security soundbites are contradictory and confusing. Time for a new project...
Fresh Thoughts #5: Password Managers Are Becoming Collateral Damage
Password managers are fundamental to better security practices. But since Christmas, LastPass and Chrome have been working to block each other. Why?
Fresh Thoughts #3: When Cyber Threats Are “Imminent” What Do You Do?
Doom! Doom! I say. What should you actually do when a cyber attack is imminent?
Fresh Thoughts #2: Zero Trust & Leading Indicators
Zero Trust is everywhere... but is it just another buzzword? And the trouble with looking at the wrong indicators.