Image for post
Image for post

The Problem

Arguably the biggest barrier to cybersecurity is cost. Many companies, regardless of size and age, find themselves priced out of cyber defence tools and services. Implementing tools and support services often come at the expense of investment in Security team training, and the constant requirement to justify every penny spent on Security forces InfoSec managers to burn through political capital. These things, coupled with a vendor market that focuses on revenue rather than protection, leave the holders of Security budgets fighting an up-hill battle with senior business leaders to justify such a ‘high spend’.

When your department is seen as…


Image for post
Image for post

Humour changes our relationship with distress, it strips the power from trauma and provides us with the ability to take control over what can otherwise be a matter too disturbing to take seriously in the moment. If you laugh at something you remove its power and thus you don’t crumble at the mere scale of it.

Dark humour is a way of accepting something, it’s a way of grieving a lost loved one, getting through stress, battling through the depression-inciting daily grind, dealing with our own failings and if you laughed at a single COVID19 meme in the past 6…


Image for post
Image for post

We’re 2 years old, can you believe how fast the time has gone?

I want to publicly say “Happy Birthday” “Thanks” “Give yourselves a pat on the back” and “Well done” to the team.

Approximately 2 years ago LHS was born in London, here you can read more about the backstory, or if audio is your thing listen here.

The start

When I first decided to start Ladies of London Hacking Society the first person I asked to join me in this endeavor was Lynda Barber, at the time she was my manager, a great manager, probably the best I’ve had. Clearly…


Image for post
Image for post

I’m new to the world of sales, besides upselling muffins on McDonald's drive through windows 1 at 16 years old, I’ve very little personal engagement with sales as a seller.

Quite understandably this lack of sales knowledge concerned me when embarking on a new business venture with my business partner. Yes I have worked for retail in an engineering capacity and I have worked for MSSPs, also in an engineering capacity, but not in a sales-driven role or customer facing presales role during my time in cyber security. My experience with cyber security sales has come entirely from a consumer…


Small to medium sized enterprises want to be cyber secure, but most struggle to afford it. With prevention being cheaper than recovery they can’t afford to not be secure either. Average expenditures on cyber-crime are increasing exponentially, and costs associated with these crimes can be crippling to smaller companies.

“61 percent of breach victims in 2017 were businesses with under 1,000 employees.” (Verizon)

Couple this cost issue with the cyber defence market being saturated with tools and services, it can be incredibly daunting to decipher which of these are adding value and which aren’t. …


Should Winston Churchill have trained his army to fight the Chinese during the war against Hitler and the Germans, he would not have had the success he did. When you saturate a SOC with successfully mitigated alerts to report on , and force your pen-testers to run post production web app scans continuously, you are training your defence for the wrong enemy, the wrong battle and setting yourself up for imminent failure.

“Simply running a purple team exercise will train and develop your internal offence and defence like nothing else can.”

Image for post
Image for post

It is expected that organizations run penetration tests now…


Purple teaming should always be intelligence-lead adversary emulation. If it isn’t then quite frankly you aren’t doing it right. It’s hard to defend against something you have never seen, and it’s pointless spending resources defending against something you likely will never see.

Intelligence lead purple teaming simply means you are acting on knowledge you have acquired about threat actors, which therefore better equips you in a purple teaming exercise. The reason for this is to avoid a wide scoped, vague or non-targeted purple team exercise.

Adversary emulation is the act of attacking by using the same methodology and approach as…


From a non-Docker expert just making the most of insomnia

Image for post
Image for post
Photo by Clément H on Unsplash

Examples ran on Ubuntu 16.04.6 and using Docker version 18.09.5

Basic Install

sudo apt install docker.io
sudo systemctl start docker
sudo systemctl enable docker
sudo apt install git -y

Install Benchmark Security:

git clone https://github.com/docker/docker-bench-security.git

From the Benchmark directory, run Benchmark against your Docker version

cd docker-bench-security/
sudo ./docker-bench-security.sh

The output should look something like the below:


Examples run on Ubuntu 16.04.6 and using Docker version 18.09.5

Image for post
Image for post
Photo by Goran Ivos on Unsplash

Basic Install

sudo apt install docker.io
sudo systemctl start docker
sudo systemctl enable docker
sudo apt install git -y

Install Benchmark Security:

git clone https://github.com/docker/docker-bench-security.git

From the benchmark directory, run Benchmark against your Docker version.

cd docker-bench-security/
sudo ./docker-bench-security.sh

The output should look something like the below:


Image for post
Image for post

1st published in 2017

When I first decided to join LinkedIn and join groups on here, Females in Cyber type groups, I thought these would be a place to learn/share techniques and methodologies, with like-minded women. Oh boy was I wrong. Instead, I’m noticing an increase in the amount of winge articles about how women aren’t walking straight into CISO roles, or how men are conspiring against women in the security industry.

We hear stories of Jimmy being paid more than Jane, and are apparently supposed to be marching over this, with the fact Jimmy has 10 years more experience…

Eliza-May Austin

CEO & Co-Founder at th4ts3cur1ty.company & PocketSIEM. Founder and Director of Ladies Hacking Society | Purple teaming enthusiast @Eliza_MayAustin

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store