Parliament is little better
Head of Infosec Risk HMG Pariliamentary Digital services - £75k.
That's still joke money to deal with teh risk associated with the loonies that are using WhatsApp and TikTok to move government secrets around
1915 publicly visible posts • joined 25 Nov 2009
As a counterpoint Renfrewshire Council in Scotland have a Security and Governance Manager job up right now - £56-59k.
But tbh I don't really know any qualified security guy who would even look at a salary like that for a job that is likely going to be one to drive you into an early grave whilst ministers use you as a blamehound for their failings.
I had one, I'm not a big app user so it's main functionality as a phone was good and price was good. Then it got dropped, or first MS attempted to ruin it with a W10 update which luckily I never applied.
At work we bought thousands of them as they could be centrally managed. Then MS dropped support and that probably cost us a couple of 100k to replace with android devices earlier than we would otherwise have.
So yeah, I'm not buying into anything that MS could easily dump.
My personal opinion is that the term 'automation' or ' auto' in its use as 'automation' or 'automatic' should be banned (excepting gearboxes as an established norm) untill such time as the manufacturer is legally responsible for driving not the owner.driver.
I agree wholheartedly that 'semi-autonomous' driving is the worst of all worlds with drivers bored and unfocussed yet still expected to take control in a split second emergency.
I can handle cruise control but I found that the more advanced cc such as radar cruise is quite distracting. You either mentally hand over judgement to the car or you are on edge as you catch up to a slower car.
If your distance is set long to avoid the "will it slow" worry, invariably some arse will cut in on your and the car will brake suddenly to put the distance in again. I've given up on it. Nice idea buit doesn't work for me.
I've never had a review rejected even those that were critical. I did have one Chinese company come back and offer me a refund if I upped my review from 4 to 5 stars. The review was actually quite positive towards the product but I don't often give 5* unless something is exceptional.
Oh you can't read very well, can't understand how to phrase or answer basic questions, think grammar is an old woman who lives a few streets away? Never mind, here is an iPad that'll make it all better. With the added benefit that your ill equipped teachers don't need to bother teaching or even talking to you any more.
It sounds like a bit of a Mexican standoff right now.
Businesses don't want to take on IR35 burdens but neither do they want to pay the required salary rate for specialisms they previously contracted for.
Contractors are unwilling to take poor salaries as full time employees.
So as businesses wait for contractors to starve and give in, they don't get their required work done. Who will blink first?
I've read both sides of the argument and it seems that although there may have been a requirement to reform tax arrangments for contractors, IR35 seems to have been a cackhanded way to do it which in the end suits no one, not even the treasury.
"Accessing a ship's cargo control system would be problematic as they are not normally connected to the outside world and neither are bridge/engine controls."
Yeeess except that most of us have run into SCADA systems that should never be connected to the outside world that have in fact been plugged into the internet in an insecure cludge to save $100 on training for a member of the crew or so some exec can keep an eye on something they should have no access to at all.
All too often the stupid plots of 20yr ago become the stupid mangement decisions of today
Autonomous cars my arse.
I'm sticking to my own definition of true self-driving cars -
When I can legally climb into the back of my car drunk as a skunk, slur "home" to it and have it take me there safely, THEN I have an autonomous/self driving car.
If I legally need to be able to take control at a moments notice then I'm still driving the damn car.
The public knowledge that a company/organisation has cyber insurance is already being flagged as a risk factor.
If the bad guys know you have insurance you are much more likely to be a target simply because they know your insurance will likely pay them. And it'll all be kept quiet so there is unlikely to be a political motivation to make paying ransoms illegal.
Yeah easy to forget about at home but there is a pile of legacy crap out there that won't work on anything but IE (half of it probably still demands IE6).
Lots of very large companies make some very big and expensive products which they spend fuck all on development to keep up to date with current dependencies.
Basically screw the customers, it's their risk to run old bit of crap on their networks even if our critical software demands it.
What do they expect, phishers to send a nice header that says "THIS IS A PHISH!!!"
If they were using this as a screen to take disciplinary action against staff then it might be a bit rich but to identify areas for education tough, suck it up buttercup.
I've done the same exercises internally and had the same kickback, Unions insisting that we were "entrapping staff" despite there being nothing at the end of failed test except awareness training. Interestingly those who pushed back hardest against training were usually the worst at spotting them.
I'm aware of one organisation that was forced to alert staff that a test was being carried out.
Voice of experience....
Backups aren't worth shit if they're not tested and used regularly.
I've seen backups that were logged as sucessful that had 0k or 64kb of a multi terabyte backup.
I've seen backups that IT didn't know how to restore
I've seen attack ships on fire off the shoulder or Orion
Backups should be tested, restoration should be tested and loss of systems should be tested as exercises.
I'm sure NASA always had a part 2 in their back pocket if things went as well as they'd hoped.
After all Ingenuity could have tipped over and broken a rotor before it ever left the ground.
It's always a delight when these top boffins contraptions exceed expectations.
Fingers crossed they get some good work out of it before the dust and cold wins the day as it inevitably must.
I've seen him take part in many documentaries and he spoke of his time in the space program with eloquence and pride but what really came across was happiness, an almost childlike joy in what he and his collegues did. I think we've lost a real gem of humanity.
That seems to be a rare thing in life but common with Apollo. Hardworking, professional, dedicated, supremely talented and happy.
RIP Michael Collins.
Yep I was regularly attending a local hostelry from the age of 15/16 under the wind of the older guys from my local air cadets.
All very sensible really when you think about it, we got introduced to drinking under supervision and we never got wasted or did anything stupid.
The local landlord (RIP) was well in on it to the point where he's come and give us a bottle of (awful) fizz on our 18th birthdays, even though we'd been going to his place for a number of years.
This sort of thing is missed these days in the world of box ticking rules. There is no tolerence for being gentle introduced to the adult world. One day you're a kid, the next you can drink all you want.
As for this teacher, he sounds like a bit of an arse but he was probably well liked by the pupils he was in the club with. However, sharing a room with a female staff member that isn't your romantic other, that's doesn't sound very clever at all.
I'm sure there will be a reason it's just not being mentioned since most people don't really care that much. El Reg readers being a slightly odder breed like to know the details.
Myself I'd like to know what NASA plan to do with the drone if it does last beyond it's planned life. I'm sure they've given some thought as to how to use it if it proves tougher than expected. I doubt they'd just say "ok it flew now dump it".
If nothing else it's a nice bit of PR to humanise the probes as little companions.
I don't think the C-Suite are ignoring it but many companies and organisations have been around for a long time and their networks have grown like slime moulds over decades. If these were brand new networks then securing them would be far easier. It's like trying to find a way to make a horse and cart carry a shipping container.
The board probably do see the problem but it seems nearly impossible to fix in a financially viable way, plus they've spent many of the last 5yr decimating their IT departments so they have no resources or skills to do the work even if they wanted to. This is something I've always found hard to understand, C-Suite falling over themselves to proclaim a new digital future yet forgetting who actually has to do the work on anything that is digital.
The video made me think of physicists who work on problems using perfect models.
These robots will work great and be hyper efficient if they are working on perfect cardboard boxes, loaded with perfect goods, transported perfectly ending up stacked in the perfect way.
When they can cope with a Yodel van carrying cheap carboard overloaded, ripped boxes, packed by a disgruntled and probably hungover human loader, driven through a potholed UK road network at excessive speed then parked haphazardly in the vacinity of the loading dock THEN I think this might work.
With this year's current record Apophis will probably ( despite the improbably huge nature of space) hit some piece of old space junk which will send it into an inescapable death dive towards Earth which it will hit on December 25th, striking the site a large nuclear waste/weapons dump with uncanny accuracy and just outside the blast radius causing an armoured van filled with an unlawfully developed weaponised new Covid/Flu/Ebola/ variant to crash and burst open next to a crowded area filled with people waiting to go to the airport on holiday all around the world.
I'm just saying, don't buy a lottery ticket yet.
Banks use email because it's cheap.
Banks use SMS as a MFA toke not because it's secure (it's not any more due to sim swap fraud bringing the entire mobile phone industry into your attack surface), but because it's easy and cheap.
And banks know what they should be doing, they hire people that know security good practice, they CHOOSE not to do it.
Fines and compensation are just operating costs for them. Until the hit on their bottom line is significant they'll continue to make bad choices.
That's a governance issue not an IT issue.
Senior mangment need to set the rules which IT will operate within. If they don't and leave IT hanging out there to 'deal with' IT stuff because those execs are scared of IT (or scared of looking stupid) then it's their failure not IT's.
But IT will get the blame, because that's what always happens.
It's not just users but sloppy development, or lack of development resource by the vendor, means a lot of legacy applications demand excessive rights as well as out of date dependencies before they will work.
It's not as big a problem as it used to be but it's still there. Particularly bad with behemoth suppliers of near monopoly niche systems.