The wonders of ISO/IEC ISO27001… Why you should think about implementing it in your SME.

I thought it would be a good idea to put together a series of short articles championing the value of ISO/IEC ISO27001 for people with little to no experience with information security and to put it in plain English so it can be read over a cup of coffee.
The threat of cyber crime is increasing for organisations of all shapes and sizes. Hopefully this series of articles will help you make good decisions on how to best protect your organisation, employees and clients from that threat.

Here goes!

The chances are, if you’re reading this, that you’re either a senior manager who’s IT person is banging on about security or an IT person that has had a frantic email from a ‘higher up’ asking what the company is doing in regards to cyber security. You could be just fed up of answering client RFIs with something that sounds right-ish and not really sure where to start when implementing ‘information security’ in your organisation.

Firstly, we should stop using the term ’implementing security’. You need to establish an information security management system (ISMS) in your organisation.

What’s an ISMS?
An ISMS is the policies, controls, procedures and audit methods for managing the CIA of data in your organisations. (Acronym hell exists even in Information Security)

What’s the ‘CIA’ of Data?
Don’t worry I’m not talking about secret agents, we are referring to the Confidentiality, Integrity and Availability of data in your organisation.

Now we’ve established what the purpose of an ISMS is, how do you build one? You can just go rogue and build something without any guidance but there are some pretty solid standards out there… but this series is about ISO/IEC 27001:2013.

ISO/IEC ISO27001 is part of the ISO27000 family of standards, which is published by the International Organisation for Standardization and the International Electrotechnical Commission. Consultation from some of the best security minds in the business are used to create the them, and pretty well recognised by most large businesses.

A live look at the creation of the ISO/IEC 27001:2013 standard by the Council of Elders

The standard can help give clients, investors, insurers and anyone involved with your organisation the confidence that the implementation, monitoring and improvement of information security is taken seriously by the whole organisation.

It’s important to note here this isn’t something that can be implemented and maintained by a couple of people so have ’Security’ in their job titles. It’s vital (and a requirement of the standard) that every person in the business is engaged and responsible for information security and this responsibility starts at the highest level of management.
The highest level of management in the business needs to be supportive, set objectives and have active involvement in the ISO27001 programme for it to succeed. Should you decide to get certified, auditors will need to see evidence of top level participation… it’s a requirement of the standard.

I’ll talk a little more about what standard looks like in my next blog.Stay tuned!

iOS 11 in the Enterprise

After wading through the WWDC content from a couple of weeks ago, I thought I’d give a quick update on what Apple are giving enterprise customers with their iOS 11 offering, due in September this year.

It’s so exciting to see… wait for it….




Yep – boring.

Most of the new management features that came out of the WWDC lab for device management centred around education again.  However, the iOS 11 update brings some great opportunities for business that you won’t see in your MDM vendor’s three hour webinars.

Apple are opening up the NFC Chip… kind of.

This opens up a whole new set of applications that businesses can use for their shiny mobile devices for. In large corporations the ID card is king; giving access to buildings, desktop IT equipment and even in-house payment terminals in cafeterias  etc. This paired with BLE beacons will finally allow large businesses to ditch the lanyards and use phone based authentication systems which are more secure… think ‘touchID’ authorisation to enter certain rooms.

Augmented Reality

No, It isn’t a Jamiroquai album.  Apple is building new APIs into IOS 11 to help developers take advantage of the augmented reality capabilities of the hardware. For corporates this could mean interactive digital signage in buildings, visual meeting aides in presentations or nice interactive 3D infographics for product and data science teams.  It’s the next step before Apple eventually enters the VR headset arena and the new support for HTC Vive devices in High Sierra supports that.

Metal 2

Direct graphics chipset processing access has been provided though the new Metal 2 APIs, which isn’t just for games. Machine learning and proper number crunching can take place right in the pockets of corporate employees. Why spend money on AWS elastic processing when you can distribute the processing over the idle devices you control?


Cool new drag and drop, super low latency for refresh rates on the iPad pro and the  Files app give the iPad Pro a boost as an every day productivity device. Apple Pencil will work great with the new refresh rate and the new middle ground screen size will all go a long way to persuading users to ditch the laptop and work on an iPad Pro.

Can Block Chain: Help our staff work on documents on their preferred platform?

Those who have been involved with rolling out iOS devices in regulated industries have typically encountered massive problems with securing documents on devices.

Shoe-horning some third party editing software into a corporate mobile offering has been OK until now, allowing users to quickly reference content instead to creating it; but with the introduction on the iPad Pro and accessories that have been purposely created to encourage users to perform actual day to day work on their devices, we see that users would still rather send documents to their personal email accounts and use the tools they know and love to get work done.

For information security departments in regulated companies this scenario is a nightmare; If the regulator comes knocking for a full audit trail of a confidential document that has ended up for sale on the dark web, then only part of the story can be revealed.

I think that Blockchain technology could help users and Infosec departments have their cake and it when it comes to document data retention. Imagine being able to send documents using any method and being able to track every time the document had beeng sent and audit that information.

A very simple flowchart to describe how this might work…

Microsoft are thinking about this problem already as evidenced by their ‘Azure RMS’ product *which must really piss of Richard Stallman*

The main problem that I can see with the Blockchain document auditing process is that if someone wanted to leak the document content, they could just copy/paste it into something that isn’t going to connect to the blockchain to register the transfer of content.

So why do it?

Lets say Microsoft set up a Blockchain network, open it up and encourage all legitimate software platform developers to implement the transaction protocol into their products, then it could allow people to simply email their work home, use their favourite operating systems, personal devices etc to get their work done in a productive way. There would be a ton of bugs to work out, specifically how we could stop the data leaking, but I would love to see how this technology can help corporate users be more productive, by using their personally owned software.

How many miles per gallon does the average human get?

I wondered… If we measured the energy efficiency of humans the way we measured it for cars, how efficient would a human be??

The way we  casually measure how efficient a car  is in miles per gallon of petrol, lets see how many MPG humans get.

So firstly we have to make some assumptions.

Cars eat petrol, it’s their favourite, unless they are ‘vegetarians of the car world’ and eat Diesel or LPG. We don’t have to assume this.

Humans; can’t eat petrol. Lets just assume that petrol is amazing, we can digest it, and Starbucks will sell you a nice ‘gasacino’.

Lets find our average human, the equivalent of the ‘Volkswagen Golf’ of the car world.

After reading a lot of ‘The average UK male is:’ articles from various crappy newspapers, I’m going to assume that the average person is:

Male, 30 years old, weighting 12 Stones, 10 Pounds and is 5 ft 10″ Tall and in a reasonable state of health.


First we need to find out how much energy in Kcal this human uses just by being alive in a day. This is called the BMR (Base Metabolic Rate) and can be worked out using the ‘Harris Benedict Equation’

BMR = 88.362 + (13.397 x weight in KG) + (4.799 x height in cm) – (5.677 x age in years)

In this case the BMR for our human is: 1,852.98 Kcals

At this point I’ve started to realise that being British is a pain in the arse, we have a messed up system where we measure some things in imperial measurements and some in metric.

Now we need to work out how many calories our human will burn whilst running for 1 mile. At this point I want to give our human a name. According the the internet the most popular name for boys in 1985 was ‘Michael’ so that’s how we’ll now refer to our human.

We need to know how long it will take Michael to run his mile. According to running websites the average pace for a normal person is 8 Minutes per mile. This means he’ll be running at a speed of around 7.5MPH

To work out how many calories Michael will use when running his mile, we need to know how much energy Michael will be metabolising whilst running. Apparently the measurement for this is done in METs (Metabolic Equivalent of Task) According to “The Compendium of Physical Activities, 2011” running at 7.5MPH uses 11.8 METs.

According to the good people at Casio we can work out the amount of calories Michael uses during his run with the following equation:

Kcal = BMR x METs/24 x hour

When rounded up to the nearest Calorie, we can say that Michael will burn 121Kcal whilst running 1 mile, and it’ll take about 8 mins.

The internet tells me that petrol has an energy density of 32.4MJ (Megajules, not Michael Jacksons) per litre. Google converter is absolutely sure that 1MJ = 238.85 Kcal. 

So 1 Litre of petrol = 238.85 * 32.4 = 7738.74 Kcal

Google converter is also insisting that 1 Imperial gallon  = 4.55 Litres, which means in one 1 gallon of petrol there is 35,211. 27 Kcal (but no carbs so it’s ok!)

Now we need to simply work out:

Calories in a gallon of petrol / Calories that Michael burns from running 1 mile in 8 mins (at a rate of 11.8Mets)

Which is… 291 

If Michael, our 30 year old man that weighs 12 Stones and 10lb and is 5ft 10″ tall, runs at a speed of 7.5MPH, then he can get 291 MPG of petrol.

The BBC fuel price calculator thinks that the average UK price of petrol is currently £1.14 a litre.

So for Michael to run his mile, he’ll need to spend a grand total of 1.8 pence

It would cost Michael..

1.8 Pence to run 1 mile.

£14.62 to run from Lands End to John O’Groats (using the preferred Google maps walking route)

£448.22 to run around the world in a straight line on the equator.

It’s already been pointed out to me that it may be a little sexist of me to base these calculations on the assumption that the average human is a male. I think we all know that men will be more likely to drink petrol should the option be available.

Some figures are rounded up/down to make sense… I know that Michael’s BMR is based on him not doing *anything* not even sitting on the couch watching TV.











My 15 Minutes with the Apple Watch

I was lucky enough to grab a 15 minute try on appointment at the Apple Store in Regent Street, and thought I’d share some thoughts about my brief experience with the watch.

Firstly – it’s better in person than compared to what you’ve seen in photos and videos. The interface is snappy and intuitive and naturally controlled via the touch screen and the digital crown.

The taptic feedback feels really cool – it’s like magic (those with a 2015 13″ MBP – yea, it’s just like the touchpad)

Apple are going to sell millions of these and its becomes obvious very quickly that this thing will replace the iPhone one day.

It’s really a personal device. Those in enterprise that are struggling to define BYOD/COPE strategies, this watch is going to give you nightmares when your users start to ask for it. Salesforce are releasing an app for release day.

I’m excited to start building apps for this thing!

Some answers to questions I’ve been asked;

Sport vs Steel vs Edition

There is definitely a jump in quality between the sport and steel versions of the watch. The polished metal looks great and really shows off the detailing on the digital crown. The Edition is a piece of fine jewellery, the gold is just… golden!

Screen & Size

Just like celebrities, they look smaller in person. The retina display is just great, the blacks are deep ‘ink like’ blacks and the graphics are crisp, bright and sharp. You can’t spot a pixel.


Flurastima (Rubber)

This band does not feel cheap and nasty (how I imagined it would) it feels durable and like a premium product.

Milanase Loop (Mayonaise Loop)

The photos don’t do this band justice, they are lovely. They are very light and feel like fabric made from metal, and feel very secure on the wrist for something that is held in place by a magnet.

Leather Magnet Loop

The only band I didn’t like. It feels lumpy. That is all.

Steel Link Bracelet.

This is the best band of all, It feels premium and has some weight to it. The clasp feels like it was made to standards I haven’t seen in a watch before.

IMG_0318.JPG IMG_0319.JPGIMG_0320.JPG IMG_0316.JPG-1IMG_0325.JPGIMG_0321.JPG

Choob App for iPhone – A Side project

I came up with the idea for Choob whilst standing on the eastbound central line platform at Bank station. I’d been standing there for about 45 minutes and the station was at bursting point. I connected to the free wifi to check the TFL website only to see that the central line had a ‘Good Service.’

I immediately checked Twitter and found fellow commuters also stranded on platforms all complaining about the delays.

So I created Choob – an app that listens to social media to find delays on the London Underground.

The backend runs on a component that I’ve developed, named ‘The Winge Engine’ which listens to social media to find tweets about London Underground then try to understand those tweets to to figure out whether delays are occurring,

It’s currently free on the Apple App Store… check it out 🙂


Choob – App Store

Dear Amazon, Please Kill TicketMaster.

‘A band you follow is touring in your area!’ Catches my attention from the corner in my eye as a push notification appears on my computer desktop.
I’ve been waiting for this band to return to London for a while, and due to a new single release earlier in the year, my hopes of a tour coming to fruition were getting pretty high over the last couple of months. You would think that idbe excited, but you’d be wrong.
A dark feeling rises from my stomach, I can taste the dread caused by what excrutiating experience this tour announcement ultimately means. I’m going to have to go to
Over the years I don’t think I’ve had one good experience with this godawful company. Pick a couple of the following points and you will have a typical TM experience
  • Website is down
  • Website is overloaded
  • Charge you a mortgage of a typical 3 bedroom house to get your tickets mailed to you
  • Charge you  a mortgage of a typical flat to get the ticket emailed to you
  • Make it impossible for you to regain access to an account with lost details
  • Make it impossible to create a fresh account because your grandmas neighbour’s dog has an account and contains a bit of information that is similar to yours
  • Send you your tickets 4 milliseconds before the event starts
  • Provide so many Turing tests that you’ll actually convince yourself that you’re a robot
I think you get the point.
If only there was a company that not only copes with selling third party goods by the million, can cope with obscene amounts of web hits and still be the provide the best shopping experience on the web.
Amazon please start selling tickets to music, sports, theatre events – and show the ticket master how it’s done.

Let’s Stop Making Faster Horses

 The demand for consumer devices to access internal corporate systems is very strong. This is helping to evolve ‘work anywhere’ initiatives in companies, giving employees the freedoms that come with not being tethered to a desk.
An observation that is shared among most IT departments is that despite being able to secure data and applications, creating new content on these devices suck – and they are right.
In response to this feedback Microsoft have created their Surface tablet which gives IT departments the comfort blanket of   using their Windows environments they have invested millions of pounds in, but no one knows what the hell the device is. It’s a laptop and a tablet but it’s crappy laptop and a crappy tablet.
Infographics and reports are coming from IT Managers and MDM/MAM providers declaring that tablets are ‘consuming’ devices that aren’t suitable to create content, and I don’t agree.
We are still trying to shoe horn the desktop way of creating content into tablets, with software that was designed to work with a monitor, mouse and keyboard. Citrix are trying to deliver virtual applications with mobile friendly skins, which delivers a solution which ignores feature sets gained with tablet devices.
When you really think about it a word processor is still a gloryifed typewriter.
 “If I had asked my customers what they wanted they would have said a faster horse”
Henry Ford (Apparently)
 I’m convinced word processors and office applications are the ‘faster horses’ of the computing world.
It takes a little imagination to imagine creating content with voice, gestures, location and other offerings that our new devices give us. It may seem strange but if you look at the way we still create content for digital consumption using traditional office suites  a virtual piece of paper on a screen – then it makes sense to find a more modern way of working. All we’ve done is created a typewriter  that allows you to save documents and delete your mistakes.
Business applications on the iPad need to be radically redesigned. We should be finding innovative ways to create content as opposed to awkwardly using ported versions of desktop software. A great example of someone who is doing this is the team at Roambi, a data visualisation tool, by using lots of data sources users are able to manipulate and create visual representations of data rather than the strange Excel document manipulations being offered to users in most business.

Mobile Networks & The Internet of Things

‘The Internet Of Things’ is one of the hottest topics in tech right now, and for good reason. The idea of objects and appliances being able to connect to the Internet has some really exciting applications.  We’ll be able to control our appliances when out of the house, keep secure and safe with smart alarms and, of course, there’s the fabled ability to have meals ready when we walk through the door after a long day.


Connecting these devices to an account, pairing them with a phone, and then connecting to a home WiFi network is a pretty crappy experience at the moment. WiFi passwords are complex and typically live on the back of a router that lives behind a bookcase or some other obstacle.


There are solutions out there that require a base station, but why should we have to do this when 99% of the UK is covered with GSM connectivity? There are products and ideas that would much better suit 3G/4G connectivity, products that operate outside the reach of our home wireless connection.


Eighteen months ago I tried to create ‘Rocko Collar’, a pet collar that used the GSM network to transmit the exact location of your pet and to show it on a mobile app. I wasn’t the first to try this, but set out on a mission to do it right… and ran into the same problems as similar projects.


I have come to the conclusion that there are two fundamental reasons why people won’t buy connected products that rely on mobile networks:

1. Too expensive due to the manufacturers covering the cost of the mobile contracts.

2. Cheaper products come with a monthly subscription.


When building Rocko Collar, I originally dealt with two mobile networks in the UK, EE and Telephonica, and both could only offer a solution based on a monthly line rental fee per registered device. This way of doing business creates some difficulties for manufacturers, as it’s difficult to estimate the life span of a product in order to absorb the cost in the RRP or to convince customers that a monthly fee is a good idea. People aren’t used to paying a monthly fee to use something like a pet collar, a kettle or a thermostat. Some might say that a £5 monthly fee to use a connected device isn’t really that much but, in time, connectivity in our appliances will become an expected feature and those monthly fees will soon rack up.


So what is the answer? Quite simply, mobile networks need to leave the Stone Age.  The days of charging a fixed line rental cost per little plastic SIM card need to be put behind us. Mobile networks should be able to offer packages that meet the needs of businesses building products where connectivity is a non-visible feature.  If manufacturers are able to provide mobile networks with an estimated life span of the product, how many products they aim to sell and what network resources they will use, the mobile networks should be able to offer a blanket billing plan based on actual usage instead of line rental and allowances. They may not make as much money as they would like, but it would give the tech industry a massive incentive to create all sorts of devices that will ultimately become a key revenue stream for mobile operators.


However, I realise I may be asking a lot from an industry that still believes using your mobile device in another country warrants a 25000%* mark-up fee.