I write about issues around cyber security testing, how testing works and industry practice from perspectives of both the businesses that make security services and those that buy them.
I investigate how things actually work, and why some attack and defence ideas endure, even as technologies change.
Topics include:
- Cyber Security Is a Practical Discipline, Not a Product
- Why Testing Matters More Than Claims
- Why Most Cyber Attacks Succeed Without Sophistication
- Technology Changes, Principles Do Not
- Security Advice for Normal People
- Early anti-virus reviews (2001–2004): historical context
Longer articles are preserved separately as a historical archive at spgedwards.com.