Monthly cyber security podcast, with our experts Stephen Ridgway and Rich Benfield. If you are in a sticky situation or need any advice related to cyber security answered anonymously and on the podcast, email us at info@th4ts3cur1ty.company. This week's question is:"I made a mistake that I'm still losing sleep over. We got an alert that looked like routine noise, a similar pattern to false positives we'd been seeing all week from a dodgy update. I triaged it as low priority and moved on to the mountain of other tickets in the queue. Turns out, it wasn't noise. It was the early stage of a ransomware attack. Luckily, our endpoint protection caught it before it spread too far, and we contained it within a few hours. No data loss, no ransom paid, minimal disruption. Management have been great about it. They said everyone makes mistakes, praised the team for the quick response, and moved on. But here's my problem: I haven't told anyone the full truth. In my incident report, I said I "initially assessed it as lower priority given the alert volume" but I didn't say I completely dismissed it. I didn't mention that I didn't even do the basic checks I should have. My team lead thinks I just deprioritised it slightly, not that I basically ignored it. Everyone's moved on, but I feel like a fraud. Do I come clean now and risk looking worse for the cover-up, or do I just learn from this privately and be better going forward? I'm terrified that if I'm honest now, I'll lose my job or destroy the trust I've built. But I also can't shake the feeling that I'm not the person my colleagues think I am."Don't forget to like and subscribe to our podcast to be ready and waiting for the next episode.#cybernews #cybersecurity #CyberSecurity #cybersecurities #infosec

In this episode of Cyber Security Agony Uncles, Uncle Rich and Uncle Ross (stepping in for Uncle Stephen) dive into the UK's Online Safety Act, a law designed to protect children on the internet.

But how effective is it really? And more importantly: Would you trust government officials to morally safeguard your child’s digital life?

Rich and Ross explore: What the Online Safety Act actually covers:

🔍The tension between child safety and digital freedom

⚖️Whether government regulators are equipped, ethically and technically, to manage online safety.

The broader impact on encryption, censorship, and platform liability. Is this a genuine step toward a safer internet, or just another overreach in the name of “protection”?

🎧 Tune in and save our podcast for monthly insights into the world of cyber.

#OnlineSafetyAct #CyberSecurityPodcast #ChildOnlineSafety #DigitalRights #OnlineFreedom #UKLaw #CyberLaw

Our monthly cyber security podcast, with experts Rich Benfield and Ross Eastman. If you are in a sticky situation, or need any advice to do with cyber security answered anonymously and on the podcast, email us at info@th4ts3cur1ty.company.

This week's question is: We are getting closer to launching our product, and as a startup without a dedicated security team, it's tough to know which external security services or consultancies we should actually invest in before going live. From your experience, how do you figure out what's really worth doing at that stage? And how do you tell the difference between good vendors and the ones just selling buzzwords, of which there are plenty?

Don't forget to like and subscribe the our channel and ring the bell to be ready for our next episode.

#cybernews #cybersecurity #CyberSecurity #cybersecurities #infosec

In this month's episode, have a listen to our experts, Stephen and Rich, as they work through a really interesting listener's question:

I work at a large company with a substantial Security Operations Centre (SOC). Recently, there's been a lot of talk about moving the SOC offshore and replacing our Level 1 SOC roles with AI. Management is saying this is a good thing for the company, but I’m seriously concerned. Although my role isn’t directly affected, I work closely with the SOC, and I can already see the problems coming. I’ve voiced my opinion that the quality of service will decline significantly, and for saying that, someone actually called me racist. For the record, I’ve worked with outsourced teams in India before. They were professional and capable, but there were real issues with understanding our internal processes and cultural nuances. They often took instructions literally, which created delays and confusion. I understand that cost savings are important and that the "bottom line" is a major factor here. But I genuinely believe that this move could backfire and ultimately hurt the company, including the bottom line they’re so focused on. Am I overreacting, or is this a disaster in the making?

Monthly cyber security podcast, with our experts Stephen Ridgway and Rich Benfield. If you are in a sticky situation, or need any advice to do with cyber security answered anonymously and on the podcast, email us at info@th4ts3cur1ty.company. This week's question is:I work for a decent-sized retail company. We have a few hundred stores selling all sorts of products. I am fairly senior in the cyber security team, and I'm absolutely petrified by the attacks on M&S, Coop and Harrods. I'm genuinely concerned that we could be next. The thing is, security is the one area where the board have been underinvesting for years, and whilst we have nice shiny shops on the high street, the rest of our operations are held together by duct tape and string. I've been screaming into the void about our lack of tools, processes and manpower on the security front for nearly a year, nothing's improved. Now that we're at dire risk of a cyber attack, how do I tell the business that it's now or never in terms of getting secure?Email us info@th4ts3cur1ty.company if you have any questions that you would like to be answered anonymously.#cybernews #cybersecurity #CyberSecurity #cybersecurities #infosec

Monthly cyber security podcast, with our experts Stephen Ridgway and Rich Benfield. If you are in a sticky situation, or need any advice to do with cyber security answered anonymously and on the podcast, email us at info@th4ts3cur1ty.company. This week's question is:I'm a security analyst with 4 years experience. Prior to that, I worked in IT infrastructure for 3 years after years of help desk roles. I'm in my early 30s. Now, I'm not getting any younger and feel the need to move into leadership roles, with a view to climbing the corporate ladder in the next couple of years. I've been keeping an eye on LinkedIn and the job boards to see what my potential career path may look like. Ultimately, I would like to reach a board level role, maybe a CISO or CIO in the next 10 years or so, but what I'm seeing is that the CISO and CIO roles are few and far between, and CISO roles don't seem to either pay well or be very genuine senior roles. What's going on? How does the role have a C-level job title but then often report to IT, CTO's or CFO's? Is the hierarchy in cyber security broken? Do I have a long-term future in cyber?#cybernews #cybersecurity #CyberSecurity #cybersecurities #infosec

Monthly cyber security podcast, with our experts Stephen Ridgway and Rich Benfield. If you are in a sticky situation, or need any advice to do with cyber security answered anonymously and on the podcast, email us at info@th4ts3cur1ty.company. This week's question is: "I work as a security engineer for a company that has put out a massive RFP for cybersecurity services. On the surface, it looks like an open competition, and several businesses have been invited to submit proposals. But behind the scenes, the higher-ups have already chosen who’s getting the contract—so much so that the winning vendor actually wrote the RFP themselves, and we even paid them consulting fees to do it.I can’t shake the feeling that the other businesses are wasting their time and resources bidding on something they have no chance of winning. Is it unethical to let them believe they have a shot? Should I find a way to discreetly warn them, or is that just asking for trouble?"Listen in to catch Stephen and Rich offering some guidance on this issue. #cybersecurity #cyberadvice #infosec

Monthly cyber security podcast, with our experts Stephen Ridgway and Rich Benfield. If you are in a sticky situation, or need any advice to do with cyber security answered anonymously and on the podcast, email us at info@th4ts3cur1ty.company. This week's question is:Here goes, "I'm the Head of IT in a reasonably large company in Birmingham. The execs hired a cyber security team last summer, and they're making my life miserable! They seem to be the department that always says "no!". I get that we need to be secure, but they're demanding so many changes that we can't get through any of our BAU work. They want us to rip out the tools that took forever to implement and now seem to be set on their own agenda. They're not aware of the change and disruption we went through to get where we are; they're just hell-bent on having things their way. It's making my team miserable, and we just seem to be constantly clashing with the cyber team. How can we coexist with them? Things seemed to be so much easier before...."Listen in to hear what advice and solutions Stephen and Rich have to offer, and don't forget to like and subscribe. #cybernews #cybersecurity #CyberSecurity #cybersecurities #infosec