Robin Oldham


I’m Robin, founder of Cydea, the positive cyber security consultancy, and previously lead BAE Systems’ Security Advisory & Technical Services business, recognised by Forrester as one of the leading information security consultancies.

I help businesses defend themselves from cyber crime and thrive in the digital world and has over fifteen years experience including advising numerous boards on how to manage crises resulting from cyber-attack.

This is my personal site, where I publish archive copies of my weekly newsletter and aggregate my posts from other platforms.

If you’re interested in improving how you manage your cyber risk, or need help governing information security at the board level, then get in touch with me via Cydea, or connect on LinkedIn or Twitter.

Robin's Newsletter
I send out a weekly information security newsletter of the news and links that have caught my attention and why I think they're interesting. Check out the previous editions, or:

Recent Posts

Robins Newsletter #107

 Vol. 3  Iss. 27  05/07/2020, last updated 12/07/2020   Robin Oldham

This week Encrochat and evolving law enforcement tactics prove there is a different want to encryption backdoors Details of the pan-European law enforcement operation that took down an encrypted phone service (vol. 3, iss. 25, 26) came to light this week.
French authorities infiltrated the EncroChat mobile network operated popular among organised criminal gangs. Over 60,000 people used the service, that cost €1,000 for a customised Android handset with the microphone and GPS disabled, and then €1,500 for a six-month subscription.

Read more… ( ~7 Min.)

Robins Newsletter #106

 Vol. 3  Iss. 26  28/06/2020, last updated 05/07/2020   Robin Oldham

This week Maersk, me & NotPetya Saturday 27th marked three years since the NotPetya attack on Ukraine that went on to cripple computer systems around the world. MeDoc, a tax accountancy software package used by 90% of domestic Ukrainian companies, had been compromised and its auto-update mechanism had been used to deploy malware. Intelligence agencies would go on to attribute the attack to Russia’s foreign military intelligence agency, the GRU.

Read more… ( ~9 Min.)

Robins Newsletter #105

 Vol. 3  Iss. 25  21/06/2020, last updated 28/06/2020   Robin Oldham

This week marks the second birthday of Robin’s Newsletter! There are a few things I’m hoping to be able to share with you soon, but that aren’t quite ready yet. So in a showing of great self-restraint, I’m going to put off any massive celebrations just yet, other than to say THANK YOU SO MUCH for being a subscriber. It’s always lovely to hear your feedback and a privilege to have you on this journey.

Read more… ( ~8 Min.)

Robins Newsletter #104

 Vol. 3  Iss. 24  14/06/2020, last updated 21/06/2020   Robin Oldham

It’s the Open Security Summit this week and I’ll be presenting on the CISO and Risk Management and Threat Modelling tracks, along with Phil Huggins: Threat Personas and Application Vulnerability Scoring (Mon @ 11:00am) Open Information Security Risk Universe (Thu @ 2:00pm) No surprises, it’s virtual, and is not too late to get a ticket for the whole week (£50, or FREE for students, charities and Ladies Hacking Society members!

Read more… ( ~9 Min.)

Robins Newsletter #103

 Vol. 3  Iss. 23  07/06/2020, last updated 14/06/2020   Robin Oldham

You will, no doubt, have seen some of the horrific coverage of violence used against protesters this week that is indicative of what is suffered by many every week. You may feel detached or removed from events however the issues are systemic and pervasive even in a ‘modern’ field like cyber security. Whitelist/blacklists. Master/slave. The language we use is a powerful thing and it is an area where you can make a change.

Read more… ( ~7 Min.)

Robins Newsletter #102

 Vol. 3  Iss. 22  31/05/2020, last updated 07/06/2020   Robin Oldham

This week Cybercrime is (often) boring New research from the University of Cambridge’s Cybercrime Centre this week that takes a look at the workings behind the cybercrime economy. Far from the ‘romanticised’ notions of rockstar hackers and zero-day exploits, they argue that with the rise of cybercrime-as-a-service business models, cybercrime is a volume business “with boring, tedious maintenance and infrastructure jobs outsourced to lowly paid contractors.” That would fit with some of the statical evidence, for example, last week’s DBIR report (vol.

Read more… ( ~7 Min.)

Robins Newsletter #101

 Vol. 3  Iss. 21  24/05/2020, last updated 31/05/2020   Robin Oldham

This week This week is interesting stats again: it’s DBIR time! Now in its 13th year, Verizon’s Data Breach Investigations Report (DBIR) has become an annual fixture of the infosec calendar. The report, which now has over eighty organisations contributing to it, provides useful intelligence into the state of security. In total, over 157,000 incidents were analysed, though only 32,000 met quality requirements. Just under 4,000 were publicly disclosed data breaches.

Read more… ( ~8 Min.)

Livestream with CyberTalks

 24/05/2020, last updated 24/05/2020   Robin Oldham

I had a chat with Naveen Vasudeva from CyberTalks this week. We covered a lot of ground, from EasyJet and the need to ‘stop, look, listen’ during breaches to what we can all learn from athletes like Roger Federer and Lewis Hamilton. You can check out the recording of the live stream on

Read more… ( ~1 Min.)

Robins Newsletter #100

 Vol. 3  Iss. 20  17/05/2020, last updated 24/05/2020   Robin Oldham

This week Assessing cyber risk from external information An interesting post on the LawFare blog on assessing cyber risk from external information. Particularly the idea of hedging cyber risk and market pricing. In a similar vein, there is an interesting data set (vol. 1, iss. 13; vol. 3, iss. 2) that analyses the relative market performance of public companies that suffered a data breach. The headline is share prices fall an average of 7.

Read more… ( ~6 Min.)

Robins Newsletter #99

 Vol. 3  Iss. 19  10/05/2020, last updated 17/05/2020   Robin Oldham

This week Privacy concerns over contact tracing app These issues have been bubbling away (vol. 3, iss. 16, 18) for the last few weeks and have come to a head in the UK following the launch of a trial on the Isle of Wight. NCSC’s Technical Director, Dr Ian Levy, has posted a breakdown of the ‘small part’ that NCSC has played in the design of the app and the decisions that have been made, for example favouring a centralised rather than decentralised approach.

Read more… ( ~8 Min.)