Robin Oldham


I’m Robin, founder of Cydea, the positive cyber security consultancy, and previously lead BAE Systems’ Security Advisory & Technical Services business, recognised by Forrester as one of the leading information security consultancies.

I help businesses defend themselves from cyber crime and thrive in the digital world and have over fifteen years experience including advising numerous boards on how to manage crises resulting from cyber-attack.

This is my personal site, where I publish archive copies of my weekly newsletter and aggregate my posts from other platforms.

If you’re interested in improving how you manage your cyber risk, or need help governing information security at the board level, then get in touch with me via Cydea, or connect on LinkedIn or Twitter.

Robin's Newsletter
I send out a weekly information security newsletter of the news and links that have caught my attention and why I think they're interesting. Check out the previous editions, or:

Recent Posts

Robin’s Newsletter #133

 Vol. 4  Iss. 1  03/01/2021, last updated 10/01/2021   Robin Oldham

This week Solorigate attackers accessed Microsoft source code In their first blog post on the Sunburst/Solorigate attack (vol. 3, iss. 51) Microsoft was quick to state there was no evidence of access “to production services or customer data.” That left the door open to the confirmation on New Year’s Eve that development environments were compromised and source code accessed. That, in itself, isn’t a directly ‘bad thing’. Microsoft regularly shares its source code with governments seeking to assure themselves that it is secure for use in sensitive military and intelligence systems.

Read more… ( ~5 Min.)

Robin’s Newsletter #132 — 2020 Retrospective

 Vol. 3  Iss. 52  27/12/2020, last updated 03/01/2021   Robin Oldham

Strap in and get ready for a recap of the things that I think have been most interesting rather than highest profile, in 2020. (I have deliberately steered clear of vulnerabilities: there have been plenty, including ‘perfect 10s,’ and generally, patches have been released quickly). I’ve also thrown in four things I’d recommend reading, and some thoughts on what 2021 has in store to-boot. January
 The year started with a shift in privacy regulation in the United States: The California Consumer Privacy Act (CCPA) - the strongest of America’s patchwork of privacy legislation - heralded as being ‘GDPR-like’ came into force.

Read more… ( ~16 Min.)

Robin’s Newsletter #131

 Vol. 3  Iss. 51  20/12/2020, last updated 21/12/2020   Robin Oldham

This week ‘SolarWinds’ breach of U.S. government networks is huge, also nothing new If you work in information security you’ve probably not been able to escape the ‘SUNBURST’ aka ’Solorigate’ news this week that popular network management tool SolarWinds Orion has been compromised and a backdoor included within its code. A sophisticated state actor gained access to the SolarWinds sometime between October 2019 and March 2020 to implant a backdoor into their software.

Read more… ( ~9 Min.)

Robin’s Newsletter #130

 Vol. 3  Iss. 50  13/12/2020, last updated 13/12/2020   Robin Oldham

This week FireEye discloses security breach The infosec community has been abuzz this week with news that industry giant FireEye, usually called in to help other government departments and large organisations unpick cyber attacks, had themselves been breached. In a blogpost CEO Kevin Mandia concluded, in the present-tense, that the firm is “witnessing an attack by a nation with top-tier offensive capabilities”. Microsoft and the FBI have been helping investigate the breach.

Read more… ( ~6 Min.)

Robin’s Newsletter #129

 Vol. 3  Iss. 49  06/12/2020, last updated 13/12/2020   Robin Oldham

This week TrickBot malware gains firmware tampering capabilities To date, capabilities to manipulate device firmware have been the preserve of nation-state affiliated actors. Two public examples are known: Russia’s Fancy Bear LoJax (vol. 1, iss. 15) and China’s MosaicRegressor (vol. 3, iss. 41) malware. This week a joint report from AdvIntel and Eclypsium says that the notorious TrickBot malware has gained capabilities to inspect and modify the UEFI and BIOS of devices it infects.

Read more… ( ~5 Min.)

Robin’s Newsletter #128

 Vol. 3  Iss. 48  29/11/2020, last updated 06/12/2020   Robin Oldham

This week Cyber public health I’ve been embracing my inner geek this week with an interesting lecture from the ‘Cyber Security in the Age of Large-Scale Adversaries’ group at Ruhr University Bochum. In it, Adam Shostack, formerly of Microsoft and responsible for a lot of their threat modelling focus, makes the case for ‘cyber public health’ against a backdrop of COVID-19 and the role that public health has played in combating coronavirus.

Read more… ( ~6 Min.)

Robin’s Newsletter #127

 Vol. 3  Iss. 47  22/11/2020, last updated 29/11/2020   Robin Oldham

This week RCEP, cyber security cooperation and data sovereignty The Regional Comprehensive Economic Partnership (RCEP) is the world’s largest-ever trade deal, covering 30% of global GDP, and it was signed by the ten members of the Association of South-East Asian Nations (ASEAN), plus Australia, China, Japan, New Zealand and South Korea this week. Electronic commerce is an area of focus for the trade agreement with objectives to promote e-commerce and ‘create an environment of trust.

Read more… ( ~5 Min.)

Robin’s Newsletter #126

 Vol. 3  Iss. 46  15/11/2020, last updated 22/11/2020   Robin Oldham

This week Does Apple really log every app you run? Apple’s latest operating system, Big Sur, was released for its Mac computer lineup this week. That coincided with some Mac users finding that they couldn’t run applications. Twitter users were quick to spread that blocking connections to ‘[.]com’ would make their Macs useable again. Reports that “Apple was logging every app you run” followed (Spoiler alert: they aren’t.) Apple’s ‘online certificate status protocol’ (OSCP) service is used to validate the developer certificate of apps before they are executed by the operating system.

Read more… ( ~7 Min.)

Robin’s Newsletter #125

 Vol. 3  Iss. 45  08/11/2020, last updated 15/11/2020   Robin Oldham

This week US Election free from cyber-attack The big news this week is also a non-event: the US election went off without any reported cyber-attacks. Director of the US Cybersecurity and Infrastructure Security Agency (CISA), Chris Krebs, released a statement saying that “after millions of Americans voted, we have no evidence any foreign adversary was capable of preventing Americans from voting or changing vote tallies.” That doesn’t mean that there aren’t isn’t room for improvement - vulnerabilities in voting and tabulation machines and so on (though these have reported in a somewhat sensationalist manner) - but the human oversight and audit provide a meaningful control to manage such risk.

Read more… ( ~5 Min.)

Robin’s Newsletter #124

 Vol. 3  Iss. 44  01/11/2020, last updated 04/11/2020   Robin Oldham

This week Final GDPR penalty for Marriott comes in at £18.4M The UK Information Commissioner announced the final penalty for Marriott International this week. The £18.4 million ($23.8 million) penalty is down from the previously announced £99 million. Marriott has announced that they do not plan to appeal and “deeply regret” the incident. The 2018 incident involved a breach of data from the Starwood Preferred Guest loyalty programme [vol. 1, iss.

Read more… ( ~6 Min.)