A Case Study of a SecurityScorecard Report.

SecurityScorecard recently published a report on the “State of the States” which they asked me to review and comment. I also took time to talk to SecurityScorecard chief data scientist, Dr. Bob Shoval, to understand how they approach their scoring and make an informed review.

Cybersecurity attacks by criminals and state sponsored actors against government or state infrastructure is reality. We’ve seen ransomware attacks against the NHS, UK state run health service, with Wannacry and more recently a US hospital group UHS with Ryuk. In 2015, the German Bundestag (parliament) was hit by an attack that led to over 16gb…


When Epic Games recently announced and subsequently released Fortnite for Android, it took the decision to bypass the Play Store and ask users to side-load the app. After I read that Epic Games’ brilliant idea was to ask Android users to essentially downgrade the security on their devices, there was a lot of head-on-desk action.

Side-loading an app onto an Android device is essentially asking the user to download it from a website instead of the Play Store and then ignore the Android warnings about installing apps from untrusted locations. In more recent Android versions this safety net is called…


The InfoSec industry has a crippling skills shortage, or so we’re told. There’s a constant stream of articles, keynotes, research and initiatives all telling us of the difficulty companies have in finding new talent. I’ve been in the industry for over 30 years now and through my role as one of the directors of Security BSides London, I often help companies who are struggling to grow their teams. More recently, my own circumstances have led me to once again join the infosec candidate pool and go through the job hunt and interview process.

I have been in the position of…


I was recently asked to write a bio, when I realised that I’ve been involved in Information Technology for close to 40 years now. It was a jaw-dropping moment because time has a tendency to fly by and days start to merge together. In that moment, 30 years of my professional life in I.T. didn’t really feel that long at all. It got me thinking… I suppose most people know me today from my work in Information Security, but I actually started out, all those years ago, on the programming and infrastructure side of things.

It all began when I…


Fyodor Dostoyevsky wrote “Taking a new step, uttering a new word, is what people fear most.”

As InfoSec professionals taking a new step should be welcomed as potential for growth. We have plenty of opportunity ahead of us and many areas to excel and build better defenses in our profession. As individuals, focusing on what drives and makes us better needs to be a key area in personal development and we should not fear that as it will ultimately make us a better person.

This month I took a new step and decided to open a new chapter in my…

Thomas V Fischer; aka Fvt

Principal security engineer & threat researcher providing information security engineering & incident response leadership. Spending my time researching threats!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store