Monthly cyber security podcast, with our experts Stephen Ridgway and Rich Benfield. If you are in a sticky situation or need any advice related to cyber security answered anonymously and on the podcast, email us at info@th4ts3cur1ty.company. This week's question is:"I made a mistake that I'm still losing sleep over. We got an alert that looked like routine noise, a similar pattern to false positives we'd been seeing all week from a dodgy update. I triaged it as low priority and moved on to the mountain of other tickets in the queue. Turns out, it wasn't noise. It was the early stage of a ransomware attack. Luckily, our endpoint protection caught it before it spread too far, and we contained it within a few hours. No data loss, no ransom paid, minimal disruption. Management have been great about it. They said everyone makes mistakes, praised the team for the quick response, and moved on. But here's my problem: I haven't told anyone the full truth. In my incident report, I said I "initially assessed it as lower priority given the alert volume" but I didn't say I completely dismissed it. I didn't mention that I didn't even do the basic checks I should have. My team lead thinks I just deprioritised it slightly, not that I basically ignored it. Everyone's moved on, but I feel like a fraud. Do I come clean now and risk looking worse for the cover-up, or do I just learn from this privately and be better going forward? I'm terrified that if I'm honest now, I'll lose my job or destroy the trust I've built. But I also can't shake the feeling that I'm not the person my colleagues think I am."Don't forget to like and subscribe to our podcast to be ready and waiting for the next episode.#cybernews #cybersecurity #CyberSecurity #cybersecurities #infosec
In this episode of Cyber Security Agony Uncles, Uncle Rich and Uncle Ross (stepping in for Uncle Stephen) dive into the UK's Online Safety Act, a law designed to protect children on the internet.
But how effective is it really? And more importantly: Would you trust government officials to morally safeguard your child’s digital life?
Rich and Ross explore: What the Online Safety Act actually covers:
🔍The tension between child safety and digital freedom
⚖️Whether government regulators are equipped, ethically and technically, to manage online safety.
The broader impact on encryption, censorship, and platform liability. Is this a genuine step toward a safer internet, or just another overreach in the name of “protection”?
🎧 Tune in and save our podcast for monthly insights into the world of cyber.
#OnlineSafetyAct #CyberSecurityPodcast #ChildOnlineSafety #DigitalRights #OnlineFreedom #UKLaw #CyberLaw
Our monthly cyber security podcast, with experts Rich Benfield and Ross Eastman. If you are in a sticky situation, or need any advice to do with cyber security answered anonymously and on the podcast, email us at info@th4ts3cur1ty.company.
This week's question is: We are getting closer to launching our product, and as a startup without a dedicated security team, it's tough to know which external security services or consultancies we should actually invest in before going live. From your experience, how do you figure out what's really worth doing at that stage? And how do you tell the difference between good vendors and the ones just selling buzzwords, of which there are plenty?
Don't forget to like and subscribe the our channel and ring the bell to be ready for our next episode.
#cybernews #cybersecurity #CyberSecurity #cybersecurities #infosec
In this month's episode, have a listen to our experts, Stephen and Rich, as they work through a really interesting listener's question:
I work at a large company with a substantial Security Operations Centre (SOC). Recently, there's been a lot of talk about moving the SOC offshore and replacing our Level 1 SOC roles with AI. Management is saying this is a good thing for the company, but I’m seriously concerned. Although my role isn’t directly affected, I work closely with the SOC, and I can already see the problems coming. I’ve voiced my opinion that the quality of service will decline significantly, and for saying that, someone actually called me racist. For the record, I’ve worked with outsourced teams in India before. They were professional and capable, but there were real issues with understanding our internal processes and cultural nuances. They often took instructions literally, which created delays and confusion. I understand that cost savings are important and that the "bottom line" is a major factor here. But I genuinely believe that this move could backfire and ultimately hurt the company, including the bottom line they’re so focused on. Am I overreacting, or is this a disaster in the making?
Monthly cyber security podcast, with our experts Stephen Ridgway and Rich Benfield. If you are in a sticky situation, or need any advice to do with cyber security answered anonymously and on the podcast, email us at info@th4ts3cur1ty.company. This week's question is:I work for a decent-sized retail company. We have a few hundred stores selling all sorts of products. I am fairly senior in the cyber security team, and I'm absolutely petrified by the attacks on M&S, Coop and Harrods. I'm genuinely concerned that we could be next. The thing is, security is the one area where the board have been underinvesting for years, and whilst we have nice shiny shops on the high street, the rest of our operations are held together by duct tape and string. I've been screaming into the void about our lack of tools, processes and manpower on the security front for nearly a year, nothing's improved. Now that we're at dire risk of a cyber attack, how do I tell the business that it's now or never in terms of getting secure?Email us info@th4ts3cur1ty.company if you have any questions that you would like to be answered anonymously.#cybernews #cybersecurity #CyberSecurity #cybersecurities #infosec
Monthly cyber security podcast, with our experts Stephen Ridgway and Rich Benfield. If you are in a sticky situation, or need any advice to do with cyber security answered anonymously and on the podcast, email us at info@th4ts3cur1ty.company. This week's question is:I'm a security analyst with 4 years experience. Prior to that, I worked in IT infrastructure for 3 years after years of help desk roles. I'm in my early 30s. Now, I'm not getting any younger and feel the need to move into leadership roles, with a view to climbing the corporate ladder in the next couple of years. I've been keeping an eye on LinkedIn and the job boards to see what my potential career path may look like. Ultimately, I would like to reach a board level role, maybe a CISO or CIO in the next 10 years or so, but what I'm seeing is that the CISO and CIO roles are few and far between, and CISO roles don't seem to either pay well or be very genuine senior roles. What's going on? How does the role have a C-level job title but then often report to IT, CTO's or CFO's? Is the hierarchy in cyber security broken? Do I have a long-term future in cyber?#cybernews #cybersecurity #CyberSecurity #cybersecurities #infosec
Monthly cyber security podcast, with our experts Stephen Ridgway and Rich Benfield. If you are in a sticky situation, or need any advice to do with cyber security answered anonymously and on the podcast, email us at info@th4ts3cur1ty.company. This week's question is: "I work as a security engineer for a company that has put out a massive RFP for cybersecurity services. On the surface, it looks like an open competition, and several businesses have been invited to submit proposals. But behind the scenes, the higher-ups have already chosen who’s getting the contract—so much so that the winning vendor actually wrote the RFP themselves, and we even paid them consulting fees to do it.I can’t shake the feeling that the other businesses are wasting their time and resources bidding on something they have no chance of winning. Is it unethical to let them believe they have a shot? Should I find a way to discreetly warn them, or is that just asking for trouble?"Listen in to catch Stephen and Rich offering some guidance on this issue. #cybersecurity #cyberadvice #infosec
Monthly cyber security podcast, with our experts Stephen Ridgway and Rich Benfield. If you are in a sticky situation, or need any advice to do with cyber security answered anonymously and on the podcast, email us at info@th4ts3cur1ty.company. This week's question is:Here goes, "I'm the Head of IT in a reasonably large company in Birmingham. The execs hired a cyber security team last summer, and they're making my life miserable! They seem to be the department that always says "no!". I get that we need to be secure, but they're demanding so many changes that we can't get through any of our BAU work. They want us to rip out the tools that took forever to implement and now seem to be set on their own agenda. They're not aware of the change and disruption we went through to get where we are; they're just hell-bent on having things their way. It's making my team miserable, and we just seem to be constantly clashing with the cyber team. How can we coexist with them? Things seemed to be so much easier before...."Listen in to hear what advice and solutions Stephen and Rich have to offer, and don't forget to like and subscribe. #cybernews #cybersecurity #CyberSecurity #cybersecurities #infosec
Monthly cyber security podcast, with our experts Stephen Ridgway and Rich Benfield. If you are in a sticky situation, or need any advice to do with cyber security answered anonymously and on the podcast, email us at info@th4ts3cur1ty.company. This week's question is:"Dear Agony Uncles (favourite podcast), I work in a SOC delivering SecOps to public sector clients, but I'm increasingly troubled by the poor quality of the services we're providing. I've tried raising my concerns internally, but the response has been dismissive, along the lines of 'not your job to worry about it'. I feel like I've ruffled feathers and don't want to put a target on my back, but I can't shake the feeling that our customers aren't getting what they're paying for. One manager even admitted, 'the customer knows,' but brushed me off, saying I don't understand the bigger picture. It feels like they're just humouring me. I genuinely lose sleep over this because of the nature of the customers, and while I've fantasised about whistle-blowing, I'm not sure if I can or should. Definitely couldn't move to Russia! With only 3 years of experience and no real influence. Is there anything I can do to improve things without making myself a scapegoat, or should I just keep my head down and let it go?#cybernews #cybersecurity #CyberSecurity #cybersecurities #infosec
Monthly cyber security podcast, with our experts Stephen Ridgway and Rich Benfield. If you are in a sticky situation, or need any advice to do with cyber security answered anonymously and on the podcast, email us at info@th4ts3cur1ty.company. This week's question is:"Loving the show, fellas, I could really do with some advice. I was head of cyber security at a fairly well-known company, but I was made redundant earlier this year. Now here I am staring down Christmas, and I've been out of work for almost 7 months. I'm getting lots of interviews for CISO roles and head of cyber positions, but recruiters keep telling me the competition for these roles in the UK is fierce. I've not been able to land anything, and I'm starting to feel pretty stuck (I'm so glad this is anonymous by the way). So, here's the thing: I don't want to go into consultancy, working for myself would be too much pressure, and I thrive in large professional environments. I spoke to a career coach who told me to know my worth and not compromise on salary or my career aspirations, but now I'm wondering if that's bad advice. Should I let go of chasing CISO or head of cyber type of roles for now, and apply for any role I can get? I'm not technical enough to pivot to something like architecture or penetration testing, and my GRC skills are a bit rusty. Could this be why I'm struggling? I don't even know where to start. What should I do?Don't forget to like and subscribe to our channel.
Monthly cyber security podcast, with our experts Stephen Ridgway and Rich Benfield. If you are in a sticky situation, or need any advice to do with cyber security answered anonymously and on the podcast, email us at info@th4ts3cur1ty.company. This week's question is:I'm head of security operations at a retailer I'm absolutely myself all the time I don't have incontinence issues I'm not literally crapping my pants but basically I can't take the stress we'rem bombarded from all directions every day I have no clue if our defences work I'm crossing my fingers every day the soccer mediocre on a good day mainly because uh we're a retailer I'm constantly being tasked with driving down costs to the point where we're understaffed and I'm losing sleep thinking what the heck do I do if and when something happens I can't sleep I've aged 50 years in five years I guess I'm not cut out for this job but at the same time I worked hard to get to this point and my wife likes to spend money like you'd not believe she'd probably leave me if I ditched my job or took a demotion, there isn't really a question here, other than who can cope with this, please don't tell me it's just me.Don't forget to like and subscribe to our channel!#infosec #cybersecurity
Monthly cyber security podcast, with our experts Stephen Ridgway and Rich Benfield. If you are in a sticky situation, or need any advice to do with cyber security answered anonymously and on the podcast, email us at info@th4ts3cur1ty.company. This week's question is:I'm responsible for budget at one of your competitors hush hush I'm responsible for allocating security practitioners onto projects for our customers I'm also a senior security VC own myself so not only am I delivering billable work I oversee the other FTE consultants and make sure they are doing billable work correctly so many of them aren't good the business has hired graduates with absolutely no work ethic and I find it hard to resist parachuting in and doing the work myself to fix the problems they're creating I'm absolutely exhausted when I go to the business to discuss this they make out like it's a problem with my leadership style but trying to get work out of these grads is like trying to get blood out of a brick what do I do and there's also uh a PS on there may I also clarify that customers do not know that these are grads they think they're senior security practitioners but I'm the only senior and I feel like I'm the proxy for everyone's knowledge.Don't forget to like and subscribe to our channel!
Monthly cyber security podcast, with our experts Stephen Ridgway and Rich Benfield. If you are in a sticky situation, or need any advice to do with cyber security answered anonymously and on the podcast, email us at info@th4ts3cur1ty.company. This week's question is:How can someone with decades of tech industry experience as a software developer, engineering manager, advisor, etc., transition into cyber security? How can that wealth of experience be applied to a cyber security company to be the most effective and utilised.Don't forget to like and subscribe to our channel.#infose #cybersecuritycompany #cybersecurity #cybersecurities
One-time only special episode featuring our CEO, Eliza-May Austin and Head of Strategic Solutions, Rosie Anderson.If you are in a sticky situation, or need any advice to do with cyber security answered anonymously and on the podcast, email us at info@th4ts3cur1ty.company. This week's question is:I'm the head of it for a tech company in the UK and I've been tasked with getting everyone back in the office four to five days a week this is not going to go down well with the team how on Earth do I manage this situation um by the way that they did write somewhere about I don't know where that's gone in the question um but they did write somewhere about their discretionary bonus it being implied that that is hindering on it as well so they really do have to get everyone back in the office from an IT perspective.Don't forget to like and subscribe to our channel!
Monthly cyber security podcast, with our experts Stephen Ridgway and Rich Benfield. If you are in a sticky situation, or need any advice to do with cyber security answered anonymously and on the podcast, email us at info@th4ts3cur1ty.company. This week's question is:I'm Head of our IT department, and I'm constantly getting pushback from the development team about our security protocols being too restrictive. How can we find a middle ground that keeps our systems secure without stifling Innovation and making our developers' jobs harder?Don't forget to like and subscribe to our channel!
Welcome to this Cyber Security Agony Uncles Podcast episode. Have any industry problems and need advice from experienced cyber security professionals aka our agony uncles? Email us info@th4ts3cur1ty.company if you have any questions that you would like to be answered anonymously.This episode's question:I'm a consultant working in various vCISO roles for multiple companies. Recently, I've noticed a troubling trend: vendors are blatantly lying to SMEs that lack cyber representatives, and they're getting away with it. One of my customers recently reduced my hours to just a couple per month because a provider of a prominent tool assured them they had eradicated all cyber risk. When I tried to explain that this was nonsense, they dismissed it as me trying to hold onto my hours. It feels like cyber security is the wild west—companies can’t use fake eyelashes in mascara ads, but in cyber security, anything seems to go. I'm embarrassed and frustrated. What is happening, and how can I address this without looking jealous or like I'm trying to upsell things myself?Don't forget to like and subscribe to our channel.#infosec #cybersecurity #cybersecurities
Have any industry problems and need advice from experienced cyber security professionals aka our agony uncles? Listen to our podcast on the first Tuesday of every month at 1pm. Email us info@th4ts3cur1ty.company if you have any questions that you would like to be answered anonymously.This month's question: "I work in IR, I'm absolutely burnt out, have lost all desire to keep abreast of the latest security knowledge and I just don't care about cyber anymore. I'm incredibly tempted to just quit and go and do training and awareness or GRC, something non technical that requires less research investment. The thing that is stopping me is that I'm a woman and it's such a cliche that women in cyber aren't technical and I don't want to add to those appalling stats but I am just so tired of this sh*t, it's so hard and I can't be bothered." - Burnt out Becky
Monthly cyber security podcast, with our experts Stephen Ridgway and Rich Benfield. If you are in a sticky situation, or need any advice to do with cyber security answered anonymously and on the podcast, email us at info@th4ts3cur1ty.company. This week's topic is:It's massively kicked off on LinkedIn and Twitter. Do you have to have technical experience to be a CISO? Does a CISO need to be technical in order to be successful? There were strong arguments online from both sides. Today, we dig a little deeper into the subject.
Monthly cyber security podcast, with our experts Stephen Ridgway and Rich Benfield. If you are in a sticky situation or need any advice related to cyber security answered anonymously and on the podcast, email us at info@th4ts3cur1ty.company. This week's question is:Firstly, I’m so glad that this is anonymous! I'm a CISO across the pond (in the States), I have a relatively high profile, a ton of followers on LinkedIn, I'm invited to speak at conferences, and I've got a great job. However, I cannot shake this feeling that I don't know what I'm doing. I know people talk about impostor syndrome a lot in cyber security, but I don't think it's that. I genuinely think, no, I know that I'm not very good at my job. My knowledge is superficially deep, but my employer keeps me around because of my reasonably high profile. I'm too far in to my career to start back at basics with certifications, also my employer isn't going to fund certs that someone new to the industry would be doing, not to mention that would give the game away.What can I do? Where do I start? I'm just not good at this, and no one has seemed to notice....yet.
Have any industry problems and need advice from experienced cyber security professionals aka our agony uncles? Listen to our podcast on the first Tuesday of every month at 1pm. Email us info@th4ts3cur1ty.company if you have any questions that you would like to be answered anonymously.
In this episode, Stephen and Rich offer some advice to one of our listeners with the following problem:
Dear Agony Uncles, I have recently started working in cyber security, and while I love the challenge and the constant learning, I can't help but feel overwhelmed by the pressure to keep up with rapidly advancing technology. It seems like every day there's a new vulnerability or attack Vector to worry about. How do I maintain a healthy work-life balance and prevent burnout in an industry where the stakes are so high and the pace is relentless, sincerely struggling to stay secure?
