Robin Oldham


I’m Robin, founder of Cydea, the positive cyber security consultancy, and previously lead BAE Systems’ Security Advisory & Technical Services business, recognised by Forrester as one of the leading information security consultancies.

I help businesses defend themselves from cyber crime and thrive in the digital world and has over fifteen years experience including advising numerous boards on how to manage crises resulting from cyber-attack.

This is my personal site, where I publish archive copies of my weekly newsletter and aggregate my posts from other platforms.

If you’re interested in improving how you manage your cyber risk, or need help governing information security at the board level, then get in touch with me via Cydea, or connect on LinkedIn or Twitter.

Robin's Newsletter
I send out a weekly information security newsletter of the news and links that have caught my attention and why I think they're interesting. Check out the previous editions, or:

Recent Posts

Robin’s Newsletter #90

 Vol. 3  Iss. 10  08/03/2020, last updated 06/04/2020   Robin Oldham

Cydea needs you help to develop a better way to measure and manage cyber risk: check out the blog post on This week It’s International Women’s Day Some gains in improving gender diversity within information security have been made in the last couple of years and some estimates now suggest women make up 20% of the cyber workforce. I’ve had the privilege of working with some amazing people over my career and I wanted to take a brief moment to list some of their fields as proof that you don’t need to be a white dude with a bachelors in computer science to make it in cyber (or tech, for that matter): Psychology, Linguistics, Archeology, War Studies, (Astro)Physics, Astronomy, Criminology/Law, Philosophy.

Read more… ( ~6 Min.)

Robin’s Newsletter #89

 Vol. 3  Iss. 9  01/03/2020, last updated 06/04/2020   Robin Oldham

This week Do you know someone who’d like $959 worth of cyber security books? I’m paying it forward by gifting five copies of the latest Cybersecurity Humble Book Bundle to students or those looking to retrain for a career in cyber security. Please forward this email on to anyone you know who’d be interested, and share my tweet, and LinkedIn post to help spread the world. Thanks! Dr Jessica Barker’s Guide to Security Awareness Without Fear This week was the RSA Conference in San Francisco.

Read more… ( ~5 Min.)

Robin’s Newsletter #88

 Vol. 3  Iss. 8  23/02/2020, last updated 06/04/2020   Robin Oldham

This week UK, US says Russia’s GRU behind massive Georgia cyber-attack This week the UK and US point the finger of blame at Russia for the defacement of thousands of Georgian websites in October last year. The UK’s National Cyber Security Centre (NCSC) believes there is a ’95% likelihood’ that Russia’s GRU Unit 74455 is responsible for the action and that it was to sow discord amongst the population. Original reports (vol.

Read more… ( ~5 Min.)

Robin’s Newsletter #87

 Vol. 3  Iss. 7  16/02/2020, last updated 06/04/2020   Robin Oldham

This week All the nations doin’ all the cybers A few stories this week all circling the tech divide theme (aka ‘digital sovereignty’ or ‘digital Balkanisation.’) A lot of posturing as the rollout of 5G networks picks up. The US brought allegations that Huawei can covertly access their customer networks. The Washington Post ran the full story of how Crypto AG, a Swiss company that sold diplomatic encryption machines, was secretly run by the CIA.

Read more… ( ~6 Min.)

Robin’s Newsletter #86

 Vol. 3  Iss. 6  09/02/2020, last updated 06/04/2020   Robin Oldham

This week Man creates traffic jam on Google Maps using a cart full of mobile phones Pablo Picasso is credited with saying “art is a lie that makes us see the truth,” and artist Simon Weckert brought to life our reliance on algorithms with a great art installation this week. “[He] walked the streets of Berlin tugging a red wagon behind him. Wherever he went, Google Maps showed a congested traffic jam.

Read more… ( ~6 Min.)

Robin’s Newsletter #85

 Vol. 3  Iss. 5  02/02/2020, last updated 06/04/2020   Robin Oldham

This week Avast shutters Jumpshot division following report highlighting sale of web browsing data Joseph Cox at Vice Motherboard and Michael Kan at PC Mag broke the news that Avast was collecting and selling browsing habits from over 100 million devices. User’s who had installed AVG, Avast’s freemium anti-virus software, were prompted to opt-in to data collection as part of the functionality that scanned websites they visited for malware. Unbeknownst to them, this also gave the company authority to ship that to their Jumpshot division, who packaged it all up into a series of ‘click feed’ products and sold their browsing habits to companies like Tripadvisor, Pepsi, and management consultants McKinsey.

Read more… ( ~6 Min.)

Robin’s Newsletter #84

 Vol. 3  Iss. 4  26/01/2020, last updated 06/04/2020   Robin Oldham

Some blog posts from Cydea that might interest you: Thoughts for board directors and NEDs on cyber governance and protecting shareholder value We got Cyber Essentials certification :-) You can follow Cydea on: LinkedIn and Twitter. This week Investigation into hacking of Jeff Bezos’ phone It’s a web of the ultra-rich, nation-states, sex, murder, political influence and hacking. Photos and text messages leaked to the National Inquirer that exposed Jeff Bezos’ extramarital affair in 2018 triggered an investigation into the breach.

Read more… ( ~6 Min.)

Robin’s Newsletter #83

 Vol. 3  Iss. 3  19/01/2020, last updated 06/04/2020   Robin Oldham

This week Changing the economics of cybercrime A not-hugely-report-but-interesting read this week on how the team at Visa are working to tackle MageCart payment card fraud. MageCart attacks work by add virtual ‘card skimmers’ to the checkout pages of hacked eCommerce websites. When a user fills out their card details a copy is encoded and sent to the criminal gang. Because they’re intercepted as the user enters them into the web browser, they can see card numbers, expiry dates and the all-important three/four card verification digits.

Read more… ( ~6 Min.)

Robin’s Newsletter #82

 Vol. 3  Iss. 2  12/01/2020, last updated 06/04/2020   Robin Oldham

This week Travelex systems still offline as team restore from Sodinokibi infection Travelex continues to battle a ransomware infection and restore services as the 30th December outbreak Marche on towards the end of its second week. The ransomware is believed to be Sodinokibi (aka REvil.) As well as encrypting files and causing disruption to business operations, the group claim to have stolen 5GB of personal data which they are threatening to release.

Read more… ( ~7 Min.)

Robin’s Newsletter #81

 Vol. 3  Iss. 1  05/01/2020, last updated 06/04/2020   Robin Oldham

This week California Consumer Privacy Act comes in to force The California Consumer Privacy Act (CCPA) - the strongest of America’s patchwork of privacy legislation - has come into force. The legislation is heralded as being ‘GDPR-like’ (vol. 2, iss. 41). Whilst it affords some of the same rights, there are plenty of areas where it diverges from European legislation. CCPA gives Californian resident’s the right to request copies of their data, request its deletion, it also mandates the option to send ‘do not sell’ instructions to businesses.

Read more… ( ~5 Min.)