Posts by Brandon Salem
IT Cost Optimisation: Part 2 – The Art and Science of Right-Sizing
What Is Right-Sizing? Right-sizing is more than just cutting back; it’s the strategic process of precisely matching your IT resources (incl. assets) with actual requirements. Think of it as finding the “Goldilocks zone” for your digital estate: not too much, not too little, but just right to meet your requirements without unnecessary expense. This approach…
Read MoreIngram Micro Outage: A Critical Reminder of Third-Party Risk
Lateral Movement and Privileged Access Risk Distributors like Ingram Micro often configure access to an organisation’s cloud services during the licensing process – potentially without explicit visibility or awareness from the organisation (e.g. via an IT Service Provider or an internal IT admin). A common example involves Microsoft 365 licensing, which can be accompanied with…
Read MoreUnmasking the Invisible: Why True Security Starts with Visibility
The Unseen Passage: A Museum Security Parable Imagine a prestigious museum filled with priceless artefacts. Its security appears impeccable: visitors pass through turnstiles, undergo bag checks, use access cards, and are monitored by trained guards, CCTV, and motion sensors. From the security team’s perspective, all entry points are fortified, ensuring multiple layers of defence. However,…
Read MoreIT Cost Optimisation: Part 1 – Redundant Software
What is Redundant Software? Redundant software, as the name suggests, refers to the use of multiple applications, systems or services—which we will collectively refer to as ‘software’—that serve the same purpose or provide overlapping functionality. While this has always been an issue for organisations, it has become more widespread in recent years due to the…
Read MoreSecurity Is Not a Checklist – A Deeper Dive
In this article, we explore the concept by examining both physical and digital scenarios, illustrating how flexibility, adaptability, and contextual awareness are essential to effective security. A Physical Scenario Imagine a security team assigned to safeguard an asset, at the request of a regular client. The team leader immediately consults a standardised checklist. The team…
Read MoreCIPP Vulnerability Finding – A Third-Party Risk Story
Prior to proceeding with this article, it is important to highlight that the vulnerability is still not fixed at this time but the finding has been disclosed to the vendor and this article is now being published following the mutually agreed upon publish date. This is in understanding that the severity of this vulnerability was…
Read MoreThe Privileged Identity Crisis
Introduction Various bodies and their standards, such as the Australian Signals Directorate’s (ASD) Information Security Manual and Center for Internet Security (CIS) Critical Security Controls explicitly recommend multiple accounts, to separate standard (i.e. web browsing) and privileged (i.e. system configuration) activities, as a preventative measure to limit the potential impact of unauthorized privileged access. However,…
Read MoreStrengthening Your Defence Against Social Engineering: Beyond Traditional Email Security
While an Email Security solution offers many protections against email-based social engineering attacks, it faces a very common issue, which can be presented as a simple question organisations and business can ask themselves when designing and/or reviewing their cybersecurity strategy: What happens when an Email Security solution is presented with a new sender, who sends…
Read More