Mastodawn

I laugh when I see organisations contorting themselves to comply with #cyberessentials (the governments own Cyber Security standard) whilst the cabinet and number 10 use Twitter, WhatsApp and personally owned devices apparently without a care in the world!

Outpost24 Apr 24

𝗖𝘆𝗯𝗲𝗿 𝗘𝘀𝘀𝗲𝗻𝘁𝗶𝗮𝗹𝘀 𝘃𝟯.𝟯: From 27 April 2026, NCSC introduces a new self-assessment question set (Danzell) with tighter scope, clearer wording, and stricter evidence requirements.

The changes apply to all UK organizations handling business or customer data on internet-connected systems, and to suppliers bidding for government or public sector contracts where certification is mandatory.

#CyberEssentials #RiskManagement #NCSC

al Apr 20

What does "digital sovereignty" actually mean -- and what doesn't it mean?
We use the phrase a lot at @hauntedlighthouse. So here's our position, written down clearly.
Jurisdiction. Audit trails. Knowing who can be compelled by a court order to hand over your data. Not nationalism. Not isolationism. Not a routing table with opinions.
https://sovereignauditor.substack.com/p/what-digital-sovereignty-means-to
#DigitalSovereignty #DataProtection #CLOUDACT #CyberEssentials #IsleOfMan #InfoSec #Privacy #GDPR

What Digital Sovereignty Means to Us (And What It Doesn't)

The phrase “digital sovereignty” has been doing the rounds lately -- and not always in ways that are particularly illuminating. So it seems like a reasonable moment to say clearly what we mean when we

The Sovereign Auditor

al Apr 19

MI5 is briefing CNI operators. The Technology Secretary says firms have months to prepare. On the Isle of Man, the biggest unaudited risk isn't your firewall -- it's your IT provider. The Island has been here before. https://open.substack.com/pub/sovereignauditor/p/the-island-has-been-here-before
#CyberSecurity #IsleOfMan #Mythos #CyberEssentials #DataProtection #NCSC #SovereignAuditor

The Island Has Been Here Before

And the firm that got breached probably thought its IT was fine.

The Sovereign Auditor

al Apr 17

We called out Anthropic's Cyber Verification Program this morning as opaque gatekeeping. Then we applied. Approval came in under an hour. A Cyber Essentials cert and three honest sentences about what you actually do was sufficient. If you do legitimate security work and haven't applied -- the barrier is lower than it looks. https://open.substack.com/pub/sovereignauditor/p/if-you-dont-ask-youll-never-find

#CyberSecurity #CyberEssentials #Anthropic #Claude #AI #InfoSec #DataProtection #IsleOfMan

If You Don't Ask, You'll Never Find Out.

Anthropic's Cyber Verification Program: what it actually takes to get approved.

The Sovereign Auditor

al Apr 16

Ireland's NCSC says defenders have the advantage. Their own director told the Oireachtas it's a race the frontier moves every week. Both true. Together they define a window. At Present -- on the Mythos moment and what "at present" actually means. https://open.substack.com/pub/sovereignauditor/p/at-present
#CyberSecurity #AIGovernance #Mythos #CyberEssentials #DataSovereignty

At Present

“At present the advantage is with cyber defenders.”

The Sovereign Auditor

al Apr 14

Zero detections across 69 AV engines for a credential stealer delivered via a fake Windows Update site. WiX MSI, Electron wrapper, hidden Python runtime. Every layer legitimate. The evasion is architectural, not accidental. "We have AV" is not a compliance answer -- here's what is. https://sovereignauditor.substack.com/p/zero-detections-does-not-mean-clean #infosec #cybersecurity #CyberEssentials #patchmanagement

Zero Detections Does Not Mean Clean

A fake Windows Update site is delivering a credential stealer that 69 antivirus engines missed entirely. The technical construction is deliberate and instructive.

The Sovereign Auditor

BergerodeCyber Mar 26

Today @bergerode_cyber are at the latest Lancashire Partnership against Crime expo, Ewood Park, Blackburn Rovers

Come and see us!

#cyberessentials
#cyberessentialsplus
#defencecybercertification

al Feb 19

The Haunted Lighthouse Limited has achieved Cyber Essentials certification (whole organisation scope).

Assessed under the IASME scheme, aligned with the UK National Cyber Security Centre baseline controls. Sensible fundamentals: patch management, MFA, least privilege, secure configuration, and disciplined backup practices.

Not glamorous, just solid security hygiene.

The lighthouse is officially audited.

#CyberEssentials #IASME #NCSC #CyberSecurity #InfoSec #SmallBusiness #PrivacyFirst

αxel simon ↙︎↙︎↙︎Feb 6

Providing some helpful and constructive feedback on the UK's Cyber Essentials scheme, a set of controls to ensure organisation have a base level of IT security.

That's right kids, full disk encryption for laptops in not considered a bare minimum of #infosec for #CyberEssentials.