In my previous article The End of Active Directory: Why Your Cybersecurity Strategy Demands Entra ID Now I wrote about the inherent incompatibility of Active Directory with modern enterprise security architectures and cloud strategies.
Originally published on LinkedIn
The European Union’s Artificial Intelligence Act is not another piece of tech regulation; it is a foundational legal framework poised to define the development and deployment of AI across the continent and beyond. Specific requirements came into force in February 2025, while it is scheduled for 2nd August.
A startling security vulnerability in a recruitment platform used by McDonald's has potentially exposed the personal data of up to 64 million job applicants. The incident serves as a powerful reminder of a risk that has plagued the technology sector for decades: the supply chain. I question whether McDonald's had even done a thorough cybersecurity due diligence when contracting with Paradox.
I also note, while the platform in question uses artificial intelligence, the critical error was deeply human and not a failure of AI at all.
On 24 May 2025, Owanate Bestman joined me for what turned out to be a really insightful conversation about the evolving CISO landscape in the UK.
In a historic shift for the digital economy, Apple is being forced by courts and regulators in both the United States and Europe to allow app developers to use any payment method for their apps and in-app purchases-without Apple’s customary commission or fees. While these rulings are set to unleash a wave of fintech innovation and competition, they also introduce new cybersecurity risks that could impact millions of users worldwide. This article explores the legal battles, the global regulatory landscape, the opportunities for fintech, and the security challenges that lie ahead.
Right, let's have a honest discussion about Microsoft Active Directory. For ages, it’s been the bedrock of how most businesses handle logins and access – the familiar, reliable workhorse humming away in the server room. It did its job, absolutely.
But here’s the rub: the world it was built for vanished years ago. Is it appropriate to keep clinging to legacy technology foundations as your main line of identity defence in today's world? Frankly, that’s looking increasingly like bringing a knife to a gunfight.
Date: 4 Apr 2025
I had an engaging discussion with David Gadd about the misunderstanding of the CISO role. (Be interested in your views whether you think the CISO role is fully understood and if it isn't, why not! Comment in the LinkedIn post below ⬇️)
Your iPhone houses your entire digital existence - from cherished photographs and private messages to sensitive banking information and beyond. Whilst Apple's iPhone with the latest iOS offers impressive built-in security, it's not simply a "set and forget" arrangement. To properly shield your digital life from criminals, I recommend taking several straightforward measures. None of these steps are intrusive and shouldn't hamper your user experience.
Yesterday, 24th February 2025, I received the heartbreaking news that one of the cybersecurity vendors I had worked with since 2006, Skybox Security, has closed its doors.
The announcement came as a shock, first shared with employees on a call and later communicated to channel partners via email. Skybox Security was once a visionary company, yet it has now faced an unfortunate end.
My thoughts are with all the former employees whose lives have been suddenly disrupted. I sincerely wish them strength and resilience in navigating this transition and finding new opportunities that match their talents and expertise.
Let’s take a moment to reflect on Skybox Security’s journey and the lessons to be learned.
I am lost for words, so I will be brief - you can read my opinion piece on this from a couple of weeks back here: ./2025-02 UKGov our data is not yours to take/our data is not yours to take.md
This blatant disregard for the people's privacy by the UK government will do nothing to protect us more from criminals. They will continue to use existing and new tools that offer end-to-end data encryption outside of the reach of any government.
I have had Advanced Data Protection activated since it was released in 2023. Sadly, I will be losing this privacy protection someday.