Security Blogger Q&A - Graham Cluley

Posted on by Ally Lorentson Dunn

This week we're highlighting the new blog of someone who is very familiar with the format. Industry veteran and prolific blogger Graham Cluley joins the network.

Graham Cluley, Graham Cluley Security News:

Describe your blog in one sentence: The latest computer security news, opinion, advice and research. 

Complete this sentence: “The RSA Conference is …a big deal!

How did you become interested in information security?

I’ve been working in the field of computer security for over 20 years, having started programming anti-virus software for Dr Solomon’s software.  In the last 14 years I have been a senior technology consultant at Sophos, regularly appearing in the media discussing computer security issues and giving presentations to raise awareness amongst the general public.  It was during that time that I also helped found and contribute to Sophos’s award-winning “Naked Security” blog.

This summer I decided it was time to get brave and “do my own thing”, so I have taken the plunge and am now writing my own independent blog about computer security issues.  It’s great to have no one to answer to but myself.

What advice would you give a young person who is thinking about entering the security industry?

Number one recommendation: don't break the law.  Although hacking into someone's system or writing a piece of malware can gain you notoriety, which you *might* be able to use as a launching pad for your career, it's a very risky move.  There are security companies who will eye you with suspicion if you have acted unethically or immaturely, and will question whether they can trust you in the future and how customers might react to you.

You can establish a reputation as a world-class researcher by behaving responsibly, for the good of the whole internet community.  If you are desperate to show the world just how clever you are, you don't need to tell everyone else just *how* you are able to exploit a vulnerability for instance.  Instead, you could just responsibly show a journalist and get them to pressure the software vendor into fixing the problem without* others being put at risk.

Do you like/love what you do?

I love helping people.  I love making (sometimes) complicated topics easy for anyone to understand.  We can’t win at security through technology alone.  We need to change the way that people behave – and it’s a fascinating challenge to change people’s behaviour and find a way to make their lives safer.

What would you like your legacy to be?

I don’t care about leaving a big impression on the world, but if I can help people that’s a terrific reward.  I’d just like people to think I was a nice guy who was fun to be around, and for my son to think I was a good dad.  That’ll be enough.


Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community