Company: InfosecurityAdviser.com
About Me: I've been involved in IT engineering for almost 30 years, and in that time I have seen huge advances in miniaturisation, speed and capacity, but little advance in strategic thinking on robustness and security despite a massive increase in exposure. Although at first sight threats appear to be getting more and more sophisticated, I see the same basic mistakes being made time and time again. For example,  the overwhelming majority of software vulnerabilities result from a mere half dozen basic decades-old programming errors.  Low cost web application development, particularly for SMEs, is frequently conducted on the fly without a detailed up front specification, and look and feel usually take precedence over security (and indeed sometimes over functionality and performance) in the thinking of both developers and clients. Highly abstracted development environments and volumes of vendor-supplied library code are trusted implicitly by developers, and little if any thinking out of the box takes place - leading to a development process more akin to assembling an MFI wardrobe than to real engineering.  Many web application developers still seem to assume that if you use SSL and have a robust login, the system is secure - the hard shell with a soft centre approach. But unless security is layered like the skins of an onion it will be subject to single points of failure. And unless security is built into projects from the ground up at the design stage, it will always remain an afterthought - a sticking plaster that conceals ill-understood hazards rather than minimising business risk. We need security by design instead of accepting the endless round of breaches, bugs and patches. But that means customers must be helped to define their business risks, these risks need to be translated into technical terms, and security specifications must provided to application developers in terms they can understand and implement. That's what I do. 

Company: ISAF
About Me: ISAF, the Information Security Awareness Forum, is a partnership between all the most influential groups and industry bodies in the UK associated with information security. It was formed to tackle one of the biggest problems facing organisations and individuals, that of a lack of information security awareness with people either not knowing about, ignoring or circumventing security processes and technical countermeasures. Lack of awareness has been the main cause of some of the most impactful security incidents in the UK in the last 12 months whether as a result of HMRC sending inadequately protected discs containing millions of peoples sensitive data in the post, the MOD leaving a lap top in a car with hundreds of thousands of confidential data records on it, TJX transmitting millions of credit card transactions over an open wireless network, or individuals simply replying to phishing emails. In light of so many breaches associated with lack of wareness, the Information Security Awareness Forum was established as a cross industry initiative dedicated to improving information security awareness by pooling the expertise and resources of the participating organisations. In this Blog, several members of the Forum will not only aim to increase awareness (of information security) but will discuss how best to go about the task given that there are a lot of differing situations to address such as the home worker, parents, children, small businesses and large enterprises. The ISAF participating organisations are found in the associations and accreditations section of this portal.

Company: Freeform Dyamics
About Me: As Service Director, Jon is a member of the Freeform Dynamics management team and is responsible for looking after the company’s portfolio of services and alliances strategy, which are intimately linked given the open collaborative culture of the organisation. Also an active industry analyst, Jon has an end-user background, having worked as an IT consultant, network manager and software engineer for companies such as Admiral Management Services Ltd, Alcatel and Philips Electronics. Through positions such as these, Jon has accumulated significant real world expertise and experience in many areas of IT service delivery over the years, including IT service management, IT security, infrastructure management, IT architecture and application development. Jon has worked as an industry analyst since 1999 for companies including IDC, Bloor Research, Quocirca and Macehiter Ward-Dutton. He is a widely published author and has acted as an advisor to leading vendors including Cisco, EMC, IBM and Microsoft; and to large IT user organisations in the Government, Telecommunications and Financial Services sectors.

Company: PricewaterhouseCoopers
About Me: I am a partner in PricewaterhouseCoopers UK firm who helps companies manage their technology risks. Since 2001, I have co-authored the UK government (BERR) survey on information security breaches.