Beware the Perils of Audit-Driven Design


When you work in IT, security audits are par for the course. Like dental check-ups, they’re generally a good idea, but can still be painful (and expensive). They help uncover issues that need fixing, and raise senior exec visibility.

There is however a dark underbelly to security audits – they can drive counterproductive behaviours leading to unintended and undesirable outcomes.

Wouldn’t it be ironic if remediating a security audit item made your organisation less secure…? Continue reading

Emerging from the Murky Swamp of InfoSec – An Architect’s View

I recently attended the fantastic Kiwicon 2038 InfoSec conference (shout out to the crew and speakers – you guys rock!) in Wellington, New Zealand. An eclectic cast of speakers, including Bruce Schneier, Kelly Ann from Slack and many others, delivered thought-provoking talks accompanied by ‘flame effects’[1].

We’re all doomed…

Bruce Schneier, a celebrity in the world of InfoSec, painted a grim picture of the future of security, to the point that part way through the talk he had me convinced that we’re all doomed…


Only at Kiwicon: Bruce Schneier prophesising doom (and plugging his new book[2]), while a sheep wearing neon sunglasses looks on …

Continue reading