Security Says Yes is, funnily enough, my security blog. The main goal of it is the share some hints and tips from the start-up/scale-up world, and smaller orgs. Something hopefully more tangible and less scary that you can implement with a small team (or just you).
Occasionally, I'll veer off course and write about something else.
Me, I'm Adam. I've been working across the tech industry since before the start of the millennium. In the past I've worked on civic tech, broadcasting, campaigning, edtech, data, hacktivism, data standards, data publishing, corruption, banking/financial services, and a few startups, spin-outs, accelerators/incubators. I sometimes talk at events, although I prefer hosting/facilitating round-tables.
I've over a decade of experience in the security space, and at the heart of my CISOcraft is very practical approaches, human-centric, and ideally, do it well and automate the fuck out of it so you can concentrate on the high-impact, high-effort tasks and not worry about the little things.
I still refer to Larry Wall (the inventor of the Perl language)'s
"three great virtues of a programmer: laziness, impatience, and hubris."
which I think can apply to a lot of security/governance approaches.
I read a lot, I bookmark a few things via pinboard, I use claude and gemini to vibe-code (which is nice to get back into) and I like trying things out for myself.
I do a few bits of consultancy work, serve on the Advisory Council of Open Rights Group, and build lego. I listen to a combination of polyphony, trance, indie-pop.
For fun, I help make EMFCamp happen.
Fresh content, delivered
I update when I can be bothered. It takes me a while to write posts (unless I'm angry/the mood comes to me).
You can sign-up for free; I don't intend to make anything available to just people who might pay (but I can't be bothered setting up stripe right now).
If you fill out the form below, you can subscribe for the posts-by-email. Hopefully they won't end up in your spambox.
There's also an RSS feed if that's something you do.
This site is self-hosted using the Ghost 👻 platform (and Docker). Whilst many people use substack, their silence and promotion of extremist political content is not for me and I don't wish to be associated with it. 🕊️☮️
Start your own thing
Enjoying the experience? Get started for free and set up your very own subscription business using Ghost «hxxps[://]ghost[.]org», the same platform that powers this website.
If you want to fork my repo, you can — I was trying to use MariaDB instead of MySQL, but some of the services used only support MySQL, and I wasn't going to maintain that. The other thing I do differently is use AWS SES for emails instead of Mailgun, and set some memory limits in the docker-compose.yml .
My repo's «hxxps[://]github[.]com/adamamyl/ghost-docker»
Links
I've deliberately broken links, so you don't inadvertently clikc something that might be highjacked. A term for this technique/approach is defang(ed|ing). You should be able to see where you're clicking, especially from security people.
The replacements should be:
from → to
http→hxxp;-
.→[.]; :→[:]
And I like «guillemots».