Compromising Positions - A Technology Podcast

Is cybersecurity just a technical problem, or a human one?
In this episode, we debut our new format: bridging the gap between deep academic research and boots-on-the-ground security practice. We dive into Zoe M. King et al., 2018 paper, "Characterising and Measuring Maliciousness for Cybersecurity Risk Assessment," to uncover why we need to stop looking at code and start looking at intent.
From the "Dark Triad" of personality traits to the rise of the "patriotic hacker" in global geopolitics, we peel back the layers of the human onion to understand what actually drives a person to cause harm.
In This Episode, We Discuss:
The Maliciousness Assessment Metric (MAM): Why traditional risk assessments fail by ignoring "intent to harm" and how to integrate human factors into your security posture.
The Four Layers of Maliciousness: A deep dive into the Individual, Micro, Meso, and Macro levels—from personal psychology to national narratives.
Hacking as Patriotism: How cultural contexts in the US, Russia, and China dictate whether a hacker is seen as a criminal or a hero.
The "War Games" Effect: How 80s cinema shaped US cybersecurity legislation (CFAA) and continues to influence public perception.
Insider Threats & Organizational Hygiene: Why disgruntlement is a security vulnerability and how the "Principle of Least Privilege" is your best defense.
Risk as a Moral Construct: Why the risks your company chooses to mitigate reveal your organisation's true values and concept of justice.
Show Notes
Characterizing and Measuring Maliciousness for Cybersecurity Risk Assessment by Zoe M. King et al., featured in the journal Frontiers in Psychology (2018)
Risk and Blame: Essays in Cultural Theory by Mary Douglas
Risk and Culture: An Essay on the Selection of Technological and Environmental Dangers by Mary Douglas and Aaron Wildavsky

Did you know the best way to bring down hackers is to punch them in the face? That if you don’t have a seven screen set up you’re a rogue amateur? Or that the best hackers have fins?
This Episode we are joined by Simon Painter a senior software engineer with nearly 20 years of experience in the industry and author of the book Functional Programming with C#.
In this episode, Hack The Movies! The Best And Worst Hacker Movies Part 2! Our regular programming has been hijacked to bring you a discussion on the best, and worst, hacker movies! In this episode we cover The Beekeeper (2024), Swordfish (2001), Jonny Mnemonic (1995), Paper Man (1971) and The Italian Job (1969).
So boot up that modem, turn off the lights and enter the deepest darkest web of hacker forums, and try not overload your memory bank, as we explore this sometimes brilliant and sometimes bonkers sub-genre!
Show Notes
A Developer Goes to The Movies! Simon’s fantastic history on how technology features in films
Paper Man (1971)
About SIMON PAINTER
With nearly 20 years of software engineering experience across various industries, Simon is a Senior Software Engineer at Talos360. Simon is also a Microsoft Most Valuable Professional (MVP) since 2023, an O'Reilly technical book author, and a public speaker at IT events worldwide.
His core competencies include C#, JavaScript, React.js, and Microsoft Azure, as well as ITIL and computer security.
LINKS FOR SIMON PaINTER
Simon’s Website
Simon’s Linkedin
Simon’s Book, Functional Programming with C#

We all know running a cybersecurity function is expensive and many of us have a hard time successfully negotiating the budgets we need to keep our organisation safe.
But what if we let you in on the secrets of successfully securing your cybersecurity budget?
This week we are joined by Scott Robertson, CFO of CreateFuture and he gives us the insights on what you should ask for when it comes to your next yearly budget, how to ask for it and crucially (because timing is everything when it comes to money!) when to ask for it!
Key Takeaways:
What Does a CFO do? A CFO is not just about managing financials but also safeguarding assets and ensuring future stability through effective risk management.
Time Your Requests Strategically: Discover the optimal timing to approach your CFO for budget increases and how to align your requests with the organisation's financial planning.
Quantify the Cost of Risk: Learn how to effectively communicate the potential financial impact of cyberattacks and the value of preventive measures.
Build Strong Relationships: Cultivate relationships with key stakeholders, including the CFO and other executives, to foster trust and support.
Prioritise and Justify: Identify critical security needs, prioritise investments, and present a compelling business case to secure the necessary budget.

The data landscape is changing faster than ever, and with it, the security threats - so whose responsibility is it to make sure your data is safe? Is it the data team? Or is it the cyber team? We tackle this question and more with Head of Data at AND Digital, Tim Hatton.
From leveraging AI to secure data to the importance of real user testing, to how Tim threat models his client’s data capability, you won’t want to skip this ever-important topic!
We also talk about ‘data mesh’ and if you’re not familiar with that term - it’s a data management framework that decentralises data ownership and responsibility to the teams that use the data. The idea is to make data more accessible and available to business users by directly connecting data owners, data producers, and data consumers.
So you can see why we thought that was an important topic to cover because, with this model, comes a lot of trust in others doing the right thing when it comes to data security!
So you won’t want to ‘mesh it up’ if people are following this framework in your organisation.
Key Takeaways:
Test User Journeys with Real People: Assumptions don't cut it—Tim emphasizes the importance of validating user journeys with real-world testing to ensure effective data usage.
AI and the Data Deluge: Friend or Foe? We explore the booming trend of AI in data management, but also ask the tough questions: Can AI be used for good in cybersecurity? Can it even help solve cold cases?
Holistic Data Security Assessments: Discover Tim's approach to assessing clients' data capabilities and security, involving both data and cybersecurity teams for comprehensive protection.
Maturity Matters: Responsibility for Data Protection. Tim reveals a surprising trend - immature organizations might have stricter controls! Discover how your organization's maturity level defines data security ownership.
The Future of Self-Sovereign Data: Explore the concept of self-sovereign data and why it might be the future of personal data management and security.
Show Notes
Book - Wicked Beyond Belief (The one I mistakenly said was Helter Skelter)
An Article on Self-Sovereign Data
About Tim Hatton
Tim Hatton has been working in digital since before it was called digital. Over the course of his career, he has worked on data and digital transformation projects for some of the biggest companies in the world.
He joined AND Digital in 2016 and is currently Head of Data. At AND he has worked on data strategy projects for clients in industries including finance, travel, publishing and retail as well as for several government departments.
Tim joined AND from Accenture Digital, and prior to this Tim ran his own digital marketing agency for many years, and co-founded a number of dotcom start-ups during the 1990s, none of which made him a millionaire but all of which taught him a great deal.
Tim is a regular speaker on digital topics at AND Digital events, for AND’s clients and in the media.
LINKS FOR Tim Hatton
Tim’s LinkedIn

LinkedIn is very divisive! Some people love it, and others hate it and everything it stands for. And if you’ve ever hangout on the subreddit, LinkedIn lunatics, then you can see why.
Now for all the braggarts and the ‘what working during my wedding taught me about b2b sales’ posts, there is a lot to like about LinkedIn and many opportunities to be had…if you do it right!
We can all learn how to be good LinkedIn citizens, So if you’re LinkedIn has two followers, or 20,000, there is plenty to be getting your ears around in this conversation with John Moore -the question is…have you endorsed me yet?
Key Takeaways:
Why Humour Makes You Human (and Helps You Get Hired): Ditch the cringe! Learn how humour can break the ice and make your cybersecurity expertise more relatable.
Building Your Personal Brand Brick by Brick: Discover John's three-pronged approach to building a lasting LinkedIn legacy (think Time, Effort, and Commitment!).
Embrace the Journey: Failure is Fertilizer (But Not Fertilizer for Your Profile): Don't shy away from sharing lessons learned.
The Power of Storytelling: Learn how to craft compelling narratives that resonate with your audience and build genuine connections.
LinkedIn as Your Digital Shopfront: Make sure your profile shines!
Show Notes
Negotiate Anything Podcast
Humour is Serious Business in Cybersecurity Compliance
About John Moore
John C. Moore brings over two decades of dynamic experience in recruitment and operations management to his role at TekBank. With a keen eye for talent assessment and acquisition, John has mastered the art of full-cycle recruitment, excelling in sourcing, screening, and onboarding top-tier candidates. His expertise extends across diverse areas, including IT recruitment for commercial and government sectors.
LINKS FOR John Moore
John’s LinkedIn
TekBank