peter bassill · operator
$ ls writing/ -lt

writing.

Notes from the desk, not thought leadership. Specifics over slogans. If a piece couldn't earn its keep at a kitchen table, it didn't make it here.

Total · 104 pieces Latest · 2026·06·06 Page · 4 / 5 Locale · en_GB License · CC BY 4.0
$ grep -l tag:* | sort | uniq
agent 1 agentic 2 ai 26 annual review 1 architecture 2 attribution 2 board 13 board-portal 1 breach 1 case-study 1 children 6 chromium 1 ciso 1 closing 2 cni 5 concentration 1 copilot 1 craft 16 crest 2 csr-bill 1 cyber essentials 13 cyberdeck 6 deepfake 1 defence 1 deployment 1 determinism 1 dvb 1 edtech 1 embedded 1 emilyai 2 enforcement 1 explainer 1 family 1 financial 1 gaming 1 governance 31 hardening 2 hardware 1 hbbtv 4 healthcare 2 hedgehog 1 home 4 honesty 1 ico 2 identity 1 incident 2 incident response 2 inference 1 iot 3 ir 1 lab 1 law enforcement 1 leadership 3 learning 1 llm 1 mfa 1 ml 1 ned 33 network 1 open-source 1 operational 1 operator 3 patching 1 pen testing 1 plain english 12 privacy 25 provenance 1 quantisation 1 ransomware 6 reasoning 1 reflection 2 regulation 6 regulatory 1 research 4 resilience 2 retail 1 retrospective 5 scattered-spider 1 school 1 sdr 1 series 53 smacks 1 small business 13 smarttv 1 soc 17 social engineering 1 social media 1 sovereignty 5 spyware 1 ssh 1 staff 1 standards 2 state-aligned 1 subtraction 1 supply chain 4 supply-chain 2 synthesis 1 technical 1 third-party 1 threat-model 1 tizen 1 travel 3 ukcd 1 update 1 v8 1 vendor 1 vulnerability 1 weekly 7 work 3 all tags → series →
2024·03·12 What a cyber attack actually costs a small business The financial number is the smallest part. Operational disruption, reputational damage, and regulatory consequences are the costs that compound. Plus the positive case for getting this right. small business · cyber essentials · plain english · series 5 min 2024·02·27 Deterministic inference: the property the market is losing Post 2 of the AI series. Same input, same output, every time. A property that used to be table stakes in production systems and that LLM-based security tooling has quietly let go of. Why it matters and how EmilyAI is built to preserve it. ai · soc · determinism · series 7 min 2024·02·20 Board portals and document handling Part 12 of 18. Diligent, BoardEffect, Nasdaq Boards, the email-attachment habit, and the moments in board-paper handling when sensitive material is most likely to leak. The practical posture for non-executive directors. privacy · work · ned · board-portal · series 7 min 2024·02·13 Know your enemy: the threats small businesses actually face Phishing, ransomware, social engineering, malware, credential stuffing, insider mistakes, denial of service. The actual menu of threats facing UK small businesses — in plain English, without the drama. small business · cyber essentials · plain english · series 7 min 2024·01·16 Cyber security for the small business: where to start An honest start to a year-long series. What cyber security actually is, why small businesses are targeted, and the five things every small business has that attackers want. small business · cyber essentials · plain english · series 6 min 2024·01·09 AI in cyber: the long view from 2018 Start of a six-weekly series tracking how AI in cyber security is developing through 2024 and beyond — and how each development reads against EmilyAI, the SOC analyst I have been running in production at Hedgehog since 2018. ai · soc · series · emilyai 6 min 2023·12·12 Assistants, drivers, and household staff Part 11 of 18. The people around a senior board director are, for practical purposes, part of the security boundary. The standing rules that protect everyone — the executive, the staff, the relationship — without becoming surveillance. privacy · work · ned · staff · series 7 min 2023·11·30 The CISO in the dock The SEC's charges against Tim Brown over the SolarWinds disclosures, alongside Joe Sullivan's conviction over Uber a year ago, signal a regime change in personal accountability for security leaders. What it means for UK CISOs and the boards that employ them. ciso · governance · regulation · ned 7 min 2023·11·14 23andMe, and the data with the longest half-life Last month 23andMe disclosed that attackers used credential stuffing against accounts opted in to relative-matching to scrape data on roughly 6.9 million people. The board lesson is about which data has the longest half-life — and it is not what most firms think. privacy · breach · governance · ned 6 min 2023·10·17 The board director's public exposure Part 10 of 18. Companies House, LinkedIn, conference speaker lists, the corporate website. The footprint your board role creates whether you want it or not, and the small set of choices that determine how much it reveals. privacy · work · ned · series 7 min 2023·09·12 Financial and identity hygiene at home Part 9 of 18. Credit freezes, the paper post, joint advisors, mortgage and bank communications, the family-office channel. The unglamorous half of personal privacy that, when neglected, costs the most. privacy · home · financial · identity · series 8 min 2023·08·15 Photo backup, family chat groups, and the extended family Part 8 of 18. iCloud, Google Photos, WhatsApp family chats, grandparents on Facebook. The household network you actually live in is wider than the four walls of the house. What to do about it without becoming the family killjoy. privacy · home · series · family 7 min 2023·07·11 Gaming, voice chat, and the communities that look least like social media Part 7 of 18, fourth of five children-focused posts. Roblox, Fortnite, Minecraft, Discord. The environments where British children spend more time than they spend on social media, what the risks actually look like, and what to do. privacy · children · gaming · series 8 min 2023·06·13 Children, social media, and the parent's reasonable role Part 6 of 18, third of five children-focused posts. The conversation about social media most parents avoid, written for the board-director parent who wants to be present without being absurd. privacy · children · social media · series 8 min 2023·05·16 School accounts and edtech: the parent's reasonable role Part 5 of 18, second of five children-focused posts. Schools collect a remarkable amount of data on children. Some of it is necessary; some of it is not. What a board-director parent should ask, and what they are entitled to. privacy · children · school · edtech · series 8 min 2023·04·18 The digital footprint we create for our children before they can speak Part 4 of 18, first of the children-focused posts. The photos, the school records, the birthday Facebook posts, the WhatsApp groups, the smart toys. What we lay down for our children, before they have any say. privacy · children · series · ned 8 min 2023·03·21 The smart-home dilemma Part 3 of 18. Alexa, Ring, the smart thermostat, the smart TV, the connected fridge. The devices you have invited into your kitchen and what they are actually doing while you sleep. privacy · home · iot · series 7 min 2023·02·28 The home network you live on Part 2 of 18. Your home Wi-Fi router is the only thing between everything connected in your house and the rest of the internet. What boards should ask their household to look at this weekend. privacy · home · series · ned 7 min 2023·02·07 Digital privacy for board directors: the eighteen-post version An honest start to a long series. What digital privacy actually means for a board director in 2023, why the home / travel / work boundary is the right framing even though it leaks, and why children deserve four of the eighteen posts. privacy · ned · board · series 6 min 2022·05·26 INT8 quantisation, in numbers — and why INT16 is the boring choice What "INT8-quantised inference" actually means once you do the arithmetic, why dropping from FP32 to INT8 is a cliff and dropping to INT16 isn't, and why every interesting question about putting an ML model on real silicon ends up here. ai · ml · quantisation · inference · hardware 11 min 2022·04·26 What the teenagers taught the Fortune 500 LAPSUS$ compromised Microsoft, Okta, Nvidia, Samsung, Vodafone, and several others in a few months. They were teenagers using social engineering and MFA fatigue. The lesson, awkwardly, is that the dominant compromise vector in 2022 is social, not technical. incident · social engineering · mfa · governance 8 min 2022·01·12 Log4Shell, and the inventory question we cannot keep ducking A month on from CVE-2021-44228, the headline-grabbing exploits have slowed but the underlying problem has not. The discomfort of the past month was not really about Log4j. It was about how few firms could answer the question 'where is it running?' vulnerability · supply chain · governance · craft 7 min 2021·08·21 wlan0: the unlocked back door on every TV Part 4 of 4. Once you have root on the TV, the most useful thing on the device isn't the data on it — it's the second network interface nobody disabled. What this bypasses, why the SIEM is blind to it, and what to do about it. hbbtv · iot · network · defence · research 10 min 2021·08·17 Pegasus, and the question for UK boards we have been pretending not to face The Pegasus Project disclosures last month confirmed what specialists have privately known for years: commercial spyware is a mature, well-funded industry, and its customer list includes governments most UK firms do business with. The board question is what to do about it. spyware · privacy · ned · governance 7 min 2021·07·17 From the embedded browser to a shell on a smart TV Part 3 of 4. From the AIT-triggered page load to a shell prompt. CVE-2020-6383, shell.js, SMACK, and the public Samsung Q60T root chain. hbbtv · chromium · v8 · tizen · smacks · research 11 min

back to home  ·  subscribe by email  ·  rss