Robin Oldham


I’m Robin, founder of Cydea, the positive cyber security consultancy, and previously lead BAE Systems’ Security Advisory & Technical Services business, recognised by Forrester as one of the leading information security consultancies.

I help businesses defend themselves from cyber crime and thrive in the digital world and have over fifteen years experience including advising numerous boards on how to manage crises resulting from cyber-attack.

This is my personal site, where I publish archive copies of my weekly newsletter and aggregate my posts from other platforms.

If you’re interested in improving how you manage your cyber risk, or need help governing information security at the board level, then get in touch with me via Cydea, or connect on LinkedIn or Twitter.

Robin's Newsletter
I send out a weekly information security newsletter of the news and links that have caught my attention and why I think they're interesting. Check out the previous editions, or:

Recent Posts

Robin’s Newsletter #86

 Vol. 3  Iss. 6  09/02/2020, last updated 06/04/2020   Robin Oldham

This week Man creates traffic jam on Google Maps using a cart full of mobile phones Pablo Picasso is credited with saying “art is a lie that makes us see the truth,” and artist Simon Weckert brought to life our reliance on algorithms with a great art installation this week. “[He] walked the streets of Berlin tugging a red wagon behind him. Wherever he went, Google Maps showed a congested traffic jam.

Read more… ( ~6 Min.)

Robin’s Newsletter #85

 Vol. 3  Iss. 5  02/02/2020, last updated 06/04/2020   Robin Oldham

This week Avast shutters Jumpshot division following report highlighting sale of web browsing data Joseph Cox at Vice Motherboard and Michael Kan at PC Mag broke the news that Avast was collecting and selling browsing habits from over 100 million devices. User’s who had installed AVG, Avast’s freemium anti-virus software, were prompted to opt-in to data collection as part of the functionality that scanned websites they visited for malware. Unbeknownst to them, this also gave the company authority to ship that to their Jumpshot division, who packaged it all up into a series of ‘click feed’ products and sold their browsing habits to companies like Tripadvisor, Pepsi, and management consultants McKinsey.

Read more… ( ~6 Min.)

Robin’s Newsletter #84

 Vol. 3  Iss. 4  26/01/2020, last updated 06/04/2020   Robin Oldham

Some blog posts from Cydea that might interest you: Thoughts for board directors and NEDs on cyber governance and protecting shareholder value We got Cyber Essentials certification :-) You can follow Cydea on: LinkedIn and Twitter. This week Investigation into hacking of Jeff Bezos’ phone It’s a web of the ultra-rich, nation-states, sex, murder, political influence and hacking. Photos and text messages leaked to the National Inquirer that exposed Jeff Bezos’ extramarital affair in 2018 triggered an investigation into the breach.

Read more… ( ~6 Min.)

Robin’s Newsletter #83

 Vol. 3  Iss. 3  19/01/2020, last updated 06/04/2020   Robin Oldham

This week Changing the economics of cybercrime A not-hugely-report-but-interesting read this week on how the team at Visa are working to tackle MageCart payment card fraud. MageCart attacks work by add virtual ‘card skimmers’ to the checkout pages of hacked eCommerce websites. When a user fills out their card details a copy is encoded and sent to the criminal gang. Because they’re intercepted as the user enters them into the web browser, they can see card numbers, expiry dates and the all-important three/four card verification digits.

Read more… ( ~6 Min.)

Robin’s Newsletter #82

 Vol. 3  Iss. 2  12/01/2020, last updated 06/04/2020   Robin Oldham

This week Travelex systems still offline as team restore from Sodinokibi infection Travelex continues to battle a ransomware infection and restore services as the 30th December outbreak Marche on towards the end of its second week. The ransomware is believed to be Sodinokibi (aka REvil.) As well as encrypting files and causing disruption to business operations, the group claim to have stolen 5GB of personal data which they are threatening to release.

Read more… ( ~7 Min.)

Robin’s Newsletter #81

 Vol. 3  Iss. 1  05/01/2020, last updated 06/04/2020   Robin Oldham

This week California Consumer Privacy Act comes in to force The California Consumer Privacy Act (CCPA) - the strongest of America’s patchwork of privacy legislation - has come into force. The legislation is heralded as being ‘GDPR-like’ (vol. 2, iss. 41). Whilst it affords some of the same rights, there are plenty of areas where it diverges from European legislation. CCPA gives Californian resident’s the right to request copies of their data, request its deletion, it also mandates the option to send ‘do not sell’ instructions to businesses.

Read more… ( ~5 Min.)