Ric
Principal security researcher - Orange Cyberdefense
Honorary researcher - @imperialcollegeldn.bsky.social
OT, CNI, novel attack techniques, quantitative risk
motorcycle & guitar obsessive | cat hoarder
- I made a survey to find out what people in cyber security are actually like beyond the keyboard. Questions about human stuff like preferences and stereotypes. If you work in cyber security, please fill it in and share it so we can make bad generalisations responsibly. forms.office.com/e/xZfzdS30j9
- Personal news. I'm starting a Series-A funding round for my new cyber startup guys. Who wants shares?
- Ultra secure work from home password manager right there.
- “Advanced Data Protection continues to be available everywhere else in the world.” To put it gently, this is a very odd position for Britain to be in. support.apple.com/en-gb/122234
-
View full threadA pedant writes - actually this one is the Investigatory Powers Act 2016…😀
- Oh wow so it is! When the ADP news hit earlier in the year it came with a load of OSA discourse because of the e2ee rules. It clearly affected my head canon of the whole thing.
- My DMs right now
- Just arrived at the World Police Congress in Berlin to speak on cyber crime and I’m doing a tour of the exhibitors. Here’s the first one - anybody need anything?
- Look at that, a stand without a single AI pitch. I'm speaking at the wrong conferences.
- It's world password day!
- The first topic is from yours truly 🤩
- Binding Hook is excited to introduce @virtualroutes.bsky.social newest cohort of European Cybersecurity fellows with a short series exploring their answers to some of the biggest questions in #cybersecurity today: bindinghook.com/articles-bin...
- Added to Siemens' 2024 Hall of Thanks! 💪 Link below 👇
- [Not loaded yet]
- Cheers! A few living off the land things, including what I presented at Insomni'hack' last year. We've been talking for a few years now over various similar things.
- [Not loaded yet]
- Thanks! A few vendors have them, I think
- These aren't the cyber-physical attacks I signed up for. economictimes.indiatimes.com/news/interna...
- Latest OT TTP just dropped, specific to the Swiss rail sector
- I attended my first Insomni'hack' last year and was even lucky enough to give a talk. It's an amazing event and you should definitely consider going!
- 🚨 Conferences & Workshops tickets are live! Whether you're a cybersecurity pro or passionate hacker this event is for you! 🎁 No gift under the tree yet? 👉 Secure your spot today: insomnihack.ch/register/ #INSO25 #cybersecurity #ethicalhacking #switzerland
- [Not loaded yet]
- Filmed by the best! 😎
- Actually starting to feel not ill for the first time in months, might have a nice healthy Christmas break. Child coming home from nursery:
- Weekly stand-up: Any blockers? Me:
- [Not loaded yet]
- [Not loaded yet]
- Might have been really dumb, fortunately! :)
- I've seen an increasing number of these this year. I'm surprised they're not being picked up.
- [Not loaded yet]
- Any animals still outside this evening
- Talking at a conference vs adrenaline comedown the rest of the day
- [Not loaded yet]
- You can relax for a bit now, at least!
- [Not loaded yet]
- [Not loaded yet]
- Would be interested to see the second. Particularly your thoughts on anti-patterns: www.ncsc.gov.uk/whitepaper/s...
- Hi, I'm an ex-academic OT researcher! I have a few OT security papers in various (early) stages. The intention would be to submit these to academic journals or conferences. I'd be happy to have a call about collaboration or offer any advice for writing/publication that may help.
- Although @emmamstewart.bsky.social has a very valid point. You'd want a track record of peer reviewed papers, which is a long process and not something you can easily speed run.
- [Not loaded yet]
- Bloody hell we're only on yellow warning and it's already bonkers, keep safe!
- [Not loaded yet]
- Oh wow all my friends had this when I was younger and I was always envious. This has awakened some deep rooted memories. I can't wait until my lad is old enough for these kinds of toys!
- Where do I report to the NCSC that, not only will they cease to exist if threat is reduced to 0, but time itself will stop?
- [Not loaded yet]
- Regardless of how far away that is, the NCSC do amazing work, so thank you.
- [Not loaded yet]
- Allow just a dusting of ransomware to justify the coffers!
- [Not loaded yet]
- Fast food™️
- This is like Speed but for cyber threat
- @ollieatnowhere.bsky.social do I get a challenge coin for this very critical bug report?
- [Not loaded yet]
- [Not loaded yet]
- Thanks, I wasn't totally certain so I'm glad I was sort of right. One of my faves, too. Nice playing!
- I think that's the first time I've heard phrygian dominant (I think?) on a Ukelele!
- [Not loaded yet]
- I'm not but I have my fingers crossed for Tom! 🤞 Have a great evening! :D
- We finally got some time to catch up on TV shows for the first time since the young lad was born. How come nobody told me how good Slow Horses was? Massively underhyped show for its quality!
- [Not loaded yet]
- I haven't been invested in a telly show like this in ages. For some reason I thought it was supposed to be a bit of a comedy as I didn't check it out before just sticking it on. The opening scene was not what I expected haha!
- [Not loaded yet]
- A paper on this topic has recently been accepted in S&P 2025 that demonstrates it isn't effective: www.computer.org/csdl/proceed...
- You'd best be VERY aware for the next 4 days!
- [Not loaded yet]
- My main concern is what the critical infrastructure defenders were doing the other 361 days this year without serious government intervention! We should create another 4th AI research institute to find out, perhaps.
- [Not loaded yet]
- How is it different from the diversely scoped AI security work done at the Alan Turing Institute, too?
- Aside from Daniel's excellent work, it's really exciting to see the term 'cyber extortion' being used rather than 'ransomware'. It represents the fact that encryption-based ransomware is only a subset of the much wider issue that is cyber enabled or cyber dependent extortion.
- What does personal cyber insurance cover? Our new article found that personal cyber insurance covers a range of online harms, including social media abuse. "Why would money protect me from cyber bullying?": A Mixed-Methods Study of Personal Cyber Insurance www.computer.org/csdl/proceed...
- [Not loaded yet]
- I haven't spent much time with cyber insurance so I was unaware of that. Perhaps it would be good for the cyber security industry to follow suit with the clearer terminology.
- [Not loaded yet]
- Extremely sophisticated cyber-physical attack!
- LASR is a cool name but why are we having a Lab for AI Security Research when we've never had a dedicated lab for holistic cyber security research?
- [Not loaded yet]
- I do get where you're coming from, there is plenty of research going on but it is either internal or dispersed into small pockets. Considering we already have the Alan Turing Institute dedicated to AI research, a chunk of which is on AI security, it all feels a bit wasteful.
- [Not loaded yet]
- GCHQ does signals intelligence and NCSC provides public guidance and support. While both will conduct and fund research where appropriate, including one of my current projects through RITICS, neither are dedicated to it because they have wider missions.
- [Not loaded yet]
- D-LAB is the UK's secret cyber weapon!
