Robin Oldham


I’m Robin, founder of Cydea, the positive cyber security consultancy, and previously led BAE Systems’ Security Advisory & Technical Services business, recognised by Forrester as one of the leading information security consultancies.

I help businesses defend themselves from cyber crime and thrive in the digital world and have over fifteen years experience including advising numerous boards on how to manage crises resulting from cyber-attack.

This is my personal site, where I publish archive copies of my weekly newsletter and aggregate my posts from other platforms.

If you’re interested in improving how you manage your cyber risk, or need help governing information security at the board level, then get in touch with me via Cydea, or connect on LinkedIn or Twitter.

Robin's Newsletter
I send out a weekly information security newsletter of the news and links that have caught my attention and why I think they're interesting. Check out the previous editions, or:

Recent Posts

Robin’s Newsletter #85

Jumpshot reminds us security isn't privacy; whopping REvil ransom demands; and keep calm/cary on for DPOs.

 Vol. 3  Iss. 5  02/02/2020, last updated 06/04/2020   Robin Oldham

This week Avast shutters Jumpshot division following report highlighting sale of web browsing data Joseph Cox at Vice Motherboard and Michael Kan at PC Mag broke the news that Avast was collecting and selling browsing habits from over 100 million devices. User’s who had installed AVG, Avast’s freemium anti-virus software, were prompted to opt-in to data collection as part of the functionality that scanned websites they visited for malware. Unbeknownst to them, this also gave the company authority to ship that to their Jumpshot division, who packaged it all up into a series of ‘click feed’ products and sold their browsing habits to companies like Tripadvisor, Pepsi, and management consultants McKinsey.

Read more… ( ~6 Min.)

Robin’s Newsletter #84

Jeff Bezos' phone hacking; Microsoft's elastic search snafu; ClearView.AI and facial recognition tech.

 Vol. 3  Iss. 4  26/01/2020, last updated 06/04/2020   Robin Oldham

Some blog posts from Cydea that might interest you: Thoughts for board directors and NEDs on cyber governance and protecting shareholder value We got Cyber Essentials certification :-) You can follow Cydea on: LinkedIn and Twitter. This week Investigation into hacking of Jeff Bezos’ phone It’s a web of the ultra-rich, nation-states, sex, murder, political influence and hacking. Photos and text messages leaked to the National Inquirer that exposed Jeff Bezos’ extramarital affair in 2018 triggered an investigation into the breach.

Read more… ( ~6 Min.)

Robin’s Newsletter #83

Changing the economics of cybercrime; Windows crypto vulnerability; and rival groups exploiting Citrix.

 Vol. 3  Iss. 3  19/01/2020, last updated 26/12/2020   Robin Oldham

This week Changing the economics of cybercrime An interesting read this week on how the team at Visa are working to tackle MageCart payment card fraud. MageCart attacks work by add virtual ‘card skimmers’ to the checkout pages of hacked eCommerce websites. When a user fills out their card details a copy is encoded and sent to the criminal gang. Because they’re intercepted as the user enters them into the web browser, they can see card numbers, expiry dates and the all-important three/four card verification digits.

Read more… ( ~6 Min.)

Robin’s Newsletter #82

Travelex's ongoing response; £500K penalty for DSG Retail; No patch for Citrix vulnerabilities until end of month.

 Vol. 3  Iss. 2  12/01/2020, last updated 26/12/2020   Robin Oldham

This week Travelex systems still offline as team restore from Sodinokibi infection Travelex continues to battle a ransomware infection and restore services as the 31st December outbreak marches on towards the end of its second week. The ransomware is believed to be Sodinokibi (aka REvil.) As well as encrypting files and causing disruption to business operations, the group claim to have stolen 5GB of personal data which they are threatening to release.

Read more… ( ~7 Min.)

Robin’s Newsletter #81

California's Consumer Privacy Act; Travelex systems still offline; the rise of 'data exposures'.

 Vol. 3  Iss. 1  05/01/2020, last updated 06/04/2020   Robin Oldham

This week California Consumer Privacy Act comes in to force The California Consumer Privacy Act (CCPA) - the strongest of America’s patchwork of privacy legislation - has come into force. The legislation is heralded as being ‘GDPR-like’ (vol. 2, iss. 41). Whilst it affords some of the same rights, there are plenty of areas where it diverges from European legislation. CCPA gives Californian resident’s the right to request copies of their data, request its deletion, it also mandates the option to send ‘do not sell’ instructions to businesses.

Read more… ( ~5 Min.)