Robin Oldham


I’m Robin, founder of Cydea, the positive cyber security consultancy, and previously lead BAE Systems’ Security Advisory & Technical Services business, recognised by Forrester as one of the leading information security consultancies.

I help businesses defend themselves from cyber crime and thrive in the digital world and has over fifteen years experience including advising numerous boards on how to manage crises resulting from cyber-attack.

This is my personal site, where I publish archive copies of my weekly newsletter and aggregate my posts from other platforms.

If you’re interested in improving how you manage your cyber risk, or need help governing information security at the board level, then get in touch with me via Cydea, or connect on LinkedIn or Twitter.

Robin's Newsletter
I send out a weekly information security newsletter of the news and links that have caught my attention and why I think they're interesting. Check out the previous editions, or:

Recent Posts

Robin’s Newsletter #117

 Vol. 3  Iss. 37  13/09/2020, last updated 20/09/2020   Robin Oldham

This week China’s data security initiative China has published details of a ‘Global Initiative on Data Security’. The plans were unveiled by Wang Yi, a state councillor (equivalent to a cabinet-level position) at an International Seminar on Global Digital Governance event. It’s a move by China to influence cyber-norms and combat Western restrictions on telecoms companies Huawei and ZTE and the US President’s looming bans on social media companies Tik Tok and WeChat.

Read more… ( ~6 Min.)

Robin’s Newsletter #116

 Vol. 3  Iss. 36  06/09/2020, last updated 13/09/2020   Robin Oldham

This week Hiscox Cyber Readiness Report 2020 Hiscox’s Cyber Readiness Report 2020, released recently, marks the fourth edition and provides some interesting insights that may help organisations assess and benchmark their security posture. Over 5,500 respondents participated in this year’s report. Spending on cyber security increased by 39% in the last twelve months across respondents, with UK firms reporting 12%, and US firms 14%, of IT budget being spent on cyber security.

Read more… ( ~7 Min.)

Robin’s Newsletter #115

 Vol. 3  Iss. 35  30/08/2020, last updated 13/09/2020   Robin Oldham

This week Ransomware gang allegedly offered $1M to employee to install malware Increasingly ‘professional’ operations are targeting Remote Desktop and VPN servers with weak or compromised passwords to gain access to the networks of large organisations. Increasingly they are also taking copies of the data they encrypt, demanding two ransoms: one to unlock computer systems, the other to not leak the data they have stolen. The advice continues to be ‘not to pay’ and that capitulating to demands does not guarantee the return of your systems or data.

Read more… ( ~6 Min.)

Robin’s Newsletter #114

 Vol. 3  Iss. 34  23/08/2020, last updated 13/09/2020   Robin Oldham

Bletchley Park announced that a third of their staff are at risk of redundancy following a fall in visits due to Coronavirus. The site was at the centre of code-breaking operations, played a crucial part in shortening World War II and is also home to the National Museum of Computing. Please consider becoming a friend, making a donation or sponsoring a brick so they can continue to inspire tens-of-thousands of school children and care for 450,000 items in their collection.

Read more… ( ~7 Min.)

Robin’s Newsletter #113

 Vol. 3  Iss. 33  16/08/2020, last updated 26/08/2020   Robin Oldham

This week Algorithms and accuracy in A-Level results This week saw students in the UK receive their A-Level (qualifications between compulsory and university education) exam results. Due to social distancing and stay-at-home orders from Coronavirus individual exams were not possible. Instead, the results have been controversial because grades were assigned using an algorithm devised by Ofqual, the UK’s qualifications and examinations regulator. There has been significant media coverage of students that have been downgraded from their teacher’s predicted grades and calls for these to be used instead.

Read more… ( ~8 Min.)

Robin’s Newsletter #112

 Vol. 3  Iss. 32  09/08/2020, last updated 16/08/2020   Robin Oldham

This week Some Cydea related news for you from this week… Introducing cydea.Tools We launched cydea.Tools, a collection of the tools we use in our client work and that are now freely available under open source licences for any infosec team to pick up and accelerate their cyber security programme. It’s a resource we’re going to continue adding to. One of the resources available — and something that client’s have asked from us — is an example of what a good incident response plan looks like.

Read more… ( ~9 Min.)

Robin’s Newsletter #111

 Vol. 3  Iss. 31  02/08/2020, last updated 09/08/2020   Robin Oldham

This week Ransomware payments encourage more ransomware It’s been a rewarding week for ransomware gangs. Garmin services have started coming back online following reports that the company ‘obtained the decryption key’ presumably by paying the ransom. Meanwhile, corporate travel agent CWT paid $4.5M to get out of their ransomware incident. The CWT case is interesting as Jack Stubbs’ tweets shaw, with publicly available chat logs between CWT and the Ragnar Locker operators that giving an insight into the negotiations from a $10M demand down to their $4.

Read more… ( ~6 Min.)

Robin’s Newsletter #110

 Vol. 3  Iss. 30  26/07/2020, last updated 02/08/2020   Robin Oldham

This week Garmin ‘ran somewhere’ Fitness enthusiasts around the world have been unable to prove their achievements on social media this week after GPS tracking company Garmin suffered a ransomware attack. The company’s website and all customer services, including phone lines, online chat and email are down, though in a statement they claim that no personal data is believed to have been compromised. They are believed to be victims of the WastedLocker ransomware, operated by a group called ‘Evil Corp.

Read more… ( ~7 Min.)

Robin’s Newsletter #109

 Vol. 3  Iss. 29  19/07/2020, last updated 26/07/2020   Robin Oldham

This week The battle for tech and data dominance Tech and data are becoming increasingly politicised as nations seek ‘digital dominance.’ A few big cyber and data stories this week that tie into the geopolitical themes of Digital Balkanisation / Divide, critical infrastructure protection and national interest. This is a massive, and fascinating, area that warrants more time than I can devote to a single Sunday. That said, seeing all these interesting stories break I didn’t want to miss the chance to take a look at them more ‘in the round,’ rather than individually.

Read more… ( ~10 Min.)

Robin’s Newsletter #108

 Vol. 3  Iss. 28  12/07/2020, last updated 19/07/2020   Robin Oldham

This week Hong Kong national security law increases security risk for region China opened a national security office in Hong Kong as part of new legislation for the special administrative region (BBC). It changes the web dramatically for Hong Kong’s citizens and essentially brings them inside the ‘Great Firewall.’ Hong Kong police can now censor content, track citizens online and require sites to take content down. On Monday Facebook, Twitter, Google, Microsoft, Zoom, and WhatsApp all pledged to refuse requests coming from Hong Kong authorities.

Read more… ( ~5 Min.)