Robin Oldham


I’m Robin, founder of Cydea, the positive cyber security consultancy, and previously led BAE Systems’ Security Advisory & Technical Services business, recognised by Forrester as one of the leading information security consultancies.

I help businesses defend themselves from cyber crime and thrive in the digital world and have over fifteen years experience including advising numerous boards on how to manage crises resulting from cyber-attack.

This is my personal site, where I publish archive copies of my weekly newsletter and aggregate my posts from other platforms.

If you’re interested in improving how you manage your cyber risk, or need help governing information security at the board level, then get in touch with me via Cydea, or connect on LinkedIn or Twitter.

Robin's Newsletter
I send out a weekly information security newsletter of the news and links that have caught my attention and why I think they're interesting. Check out the previous editions, or:

Recent Posts

Robin’s Newsletter #127

RCEP, cyber cooperation and Asian data sovereignty; UK National Cyber Force; Microsoft's 'Pluton' and US Special Forces buying location tracking data

 Vol. 3  Iss. 47  22/11/2020, last updated 29/11/2020   Robin Oldham

This week RCEP, cyber security cooperation and data sovereignty The Regional Comprehensive Economic Partnership (RCEP) is the world’s largest-ever trade deal, covering 30% of global GDP, and it was signed by the ten members of the Association of South-East Asian Nations (ASEAN), plus Australia, China, Japan, New Zealand and South Korea this week. Electronic commerce is an area of focus for the trade agreement with objectives to promote e-commerce and ‘create an environment of trust.

Read more… ( ~5 Min.)

Robin’s Newsletter #126

No, Apple aren't logging every app you run, but they are brining privacy nutrition labels to AppStore. Tim Berners-Lee's Inrupt launches Solid server. Ticketmaster to appeal £1.25M data breach penalty.

 Vol. 3  Iss. 46  15/11/2020, last updated 22/11/2020   Robin Oldham

This week Does Apple really log every app you run? Apple’s latest operating system, Big Sur, was released for its Mac computer lineup this week. That coincided with some Mac users finding that they couldn’t run applications. Twitter users were quick to spread that blocking connections to ‘[.]com’ would make their Macs useable again. Reports that “Apple was logging every app you run” followed (Spoiler alert: they aren’t.) Apple’s ‘online certificate status protocol’ (OSCP) service is used to validate the developer certificate of apps before they are executed by the operating system.

Read more… ( ~7 Min.)

Robin’s Newsletter #125

Nothing cyber happened in the US election. Corporate VOIP systems being targeted. Don't pay ransomware gangs to not leak your data.

 Vol. 3  Iss. 45  08/11/2020, last updated 15/11/2020   Robin Oldham

This week US Election free from cyber-attack The big news this week is also a non-event: the US election went off without any reported cyber-attacks. Director of the US Cybersecurity and Infrastructure Security Agency (CISA), Chris Krebs, released a statement saying that “after millions of Americans voted, we have no evidence any foreign adversary was capable of preventing Americans from voting or changing vote tallies.” That doesn’t mean that there aren’t isn’t room for improvement - vulnerabilities in voting and tabulation machines and so on (though these have reported in a somewhat sensationalist manner) - but the human oversight and audit provide a meaningful control to manage such risk.

Read more… ( ~5 Min.)

Robin’s Newsletter #124

Marriott's data breach penalty, how the Clean Network Program is changing 5G economics, reverse-engineering redaction and new ransom threat to health data. Plus company naming fun.

 Vol. 3  Iss. 44  01/11/2020, last updated 04/11/2020   Robin Oldham

This week Final GDPR penalty for Marriott comes in at £18.4M The UK Information Commissioner announced the final penalty for Marriott International this week. The £18.4 million ($23.8 million) penalty is down from the previously announced £99 million. Marriott has announced that they do not plan to appeal and “deeply regret” the incident. The 2018 incident involved a breach of data from the Starwood Preferred Guest loyalty programme [vol. 1, iss.

Read more… ( ~6 Min.)

Robin’s Newsletter #123

DOJ charges Fancy Bear, Doubts over Trump's Twitter password, and digital dilemmas for charity donations.

 Vol. 3  Iss. 43  25/10/2020, last updated 01/11/2020   Robin Oldham

This week Charges for Sandworm, sanctions for Fancy Bear, as US and EU tighten screws on Russia for cyber-attacks It’s been quite the week for relations between the West and Russia this week. The US Department of Justice has charged six Russian intelligence officers of being behind some of the most disruptive and significant cyber-attacks of the last five years. The line up is alleged to work for Unit 74455 of the Russian Main Intelligence Directorate, widely known as the GRU.

Read more… ( ~6 Min.)

Robin’s Newsletter #122

British Airways fined £20M for data breach; Businesses exploiting contact tracing data; Microsoft's trademark takedown of TrickBot.

 Vol. 3  Iss. 42  18/10/2020   Robin Oldham

This week ICO issue British Airways with £20M fine The ICO has issued British Airways (BA) a £20 million fine for lax security practices that allowed a MageCart card-skimming group to steal the personal information of 400,000 customers (vol. 1, iss. 12).
The fine comes after two years of investigation and an ‘intention to fine’ notice of £183 million (vol. 2, iss. 28) fifteen months ago. The final penalty is therefore just under 11% of the original notice and less than the £22 million that BA set aside in its most recent financial statements (vol.

Read more… ( ~7 Min.)

Robin’s Newsletter #121

Integrity in the UK Test & Trace scheme; ransomware attacks up 50%; a different type of lock-down.

 Vol. 3  Iss. 41  11/10/2020, last updated 18/10/2020   Robin Oldham

## This week Integrity: test & trace One of the main stories in the UK this week was that an ‘IT error’ in the COVID-19 Test & Trace programme had cause 15,841 cases to go unreported and not been passed to contact tracing teams. The missing data accumulated over eight days, much longer than the 48-hour ‘ideal time limit’ for contacting tracing following a positive test result, and potentially contributing to the continuing ‘second wave’ of cases.

Read more… ( ~8 Min.)

Robin’s Newsletter #120

US Treasury issues advisory over ransomware payments; Huawei code quality still really bad; and Singapore's consumer security labels.

 Vol. 3  Iss. 40  04/10/2020, last updated 18/10/2020   Robin Oldham

This week US Treasury sets out stance on ransomware payments and sanctions The Office of Foreign Assets Control (OFAC), part of the US Treasury, issued an advisory this week on the payment of ransom demands to individuals, groups or regions that are subject to US sanctions. It comes in the wake of Garmin’s ransomware demands from the EvilCorp group (vol. 3, iss. 31) and increased scrutiny of companies paying up to avoid their data being released in ‘breach-and-leak’ ransomware campaigns.

Read more… ( ~7 Min.)

Robin’s Newsletter #119

YOLOsec, FOMOsec, business value and commodity controls. Plus a couple of examples of how hactivism is evolving.

 Vol. 3  Iss. 39  27/09/2020, last updated 27/12/2020   Robin Oldham

This week YOLOsec, FOMOsec, business value and reducing the cost of control A great read from Kelly Shortridge this week on #YOLOsec (careless disregard for future security issues) and #FOMOsec (the need to perfectly protect everything). There are plenty of astute observations about infosec as a profession* (and that personally frustrate me when I come across them!) Ultimately both are presented as either end of a spectrum, where neither contributes successfully to business strategy.

Read more… ( ~7 Min.)

Robin’s Newsletter #118

Domain admin for EVERYONE! APT41/Winnti charged for cyber-espionage and activities against computer games companies. First death leading directly from cyber-attack :-(

 Vol. 3  Iss. 38  20/09/2020, last updated 27/09/2020   Robin Oldham

This week ZeroLogon: Domain admin for everyone! If you’re reading this with your cuppa on Monday morning and are responsible for your companies IT or Security: stop reading this right now and check you’ve applied the Windows Server updates from August. Despite CVE-2020-1472 scoring a ‘perfect 10.0’ on the CVSS scale it got little reporting at release. Now, new details of ZeroLogon (as it is dubbed by researchers at Secura that discovered it) have been published.

Read more… ( ~6 Min.)