The Lockbit 2.0 ransomware gang have been stepping up their game over the last year, and yesterday they claimed a big scalp: Accenture. With a haul of 6TB of data, and clearly wanting to pile on the pressure for a pay-out, the Lockbit crew went public and gave Accenture only 7 hours to pay up, instead of the usual couple of days.

“The long term benefits of sunscreen have been proved by scientists, whereas the rest of my advice has no basis more reliable than my own meandering experience. I will dispense this advice, now.”

Along with “You can’t say that” and “Hey, how’d you get in here?”, one of the things I’ve been hearing from people recently is “How do I get a career in Cyber Security?” I thought I’d throw my notes from those conversations in a sort of Liber Primus for those interested in moving into Cyber Security — either as a side hustle or a career.

First: what is it you actually want?

I often get complaints from clients that their IT projects are always cumbersome, delivered late and over budget. They’ve had an impact on the business, certainly, but it’s far from a positive one. There’s a lot of blame to go round for this, and finger pointing can be fun, but what needs to be done is to get our C-level stakeholders and project sponsors to understand the implications of proposed work versus timelines.

Everyone should be familiar with John Boyd’s OODA loop — Observe, Orient, Decide, Act. There are a number of variations (pick a favourite!) but the basic premise remains the same: you gather information before acting.

Our newsfeeds are filled with hundreds of articles about Amazon’s S3 failure on Tuesday. Doom, gloom, S3 down in US-East-1 and cascading failure — dogs and cats, living together: mass hysteria! It’s been covered on Forbes, Business Insider — even The Daily Mail and The Sun (hardly bastions of technology reporting, but “OMG Instagram is down!” cuts off their supply of click bait).

A 2013 report by McKinsey showed that 70% of transformation programs fail. We’ve all seen our fair share of high profile disasters — the BBC digital transformation, the NHS National Programme for IT and the Co-Op Bank’s failed core banking systems replacement are all prominent examples.