Ollie Whitehouse
@ollieatnowhere.bsky.social
📤 2470
📥 16
📝 154
CTO at the UK's National Cyber Security Center
pinned post!
We know more about what is in our sausages than our software. SBOMs tell us that 3rd party libraries are patched but not that the 1st party code is 25 years old, in a memory unsafe language of which only 8% has been touched in the last 4 years. Transparency has a way to go..
over 1 year ago
0
8
2
Weekly summary is out...
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending April 19th.
As AI accelerates vulnerability discovery, organisations must raise their security baselines to safeguard their cyber security.
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-april-6f7
1 day ago
0
2
1
Weekly summary is out...
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending April 12th
Technical and operational debt now the talk of the town..
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-april-1b0
8 days ago
0
1
2
There is no easy 'just do' in response to the surfacing of latent vulnerability in technology. Vendors must make the investment to address, test and then release. Customers then need to patch. There is no magic - just a sequence of events which now need to take place..
11 days ago
1
0
1
reposted by
Ollie Whitehouse
Weekly summary is out..
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending March 22nd
UK registered organisations can apply for a share of up to £5 million for collaborative projects that enable adoption of the Government's Software Security Code of Practice
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-march-1bf
30 days ago
0
3
2
Weekly summary is out..
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending April 5th
Alongside international partners, the NCSC has issued actions for individuals at risk of targeted attacks against messaging apps
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-april-36d
15 days ago
0
0
0
Weekly summary is out...
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending March 29th
UK organisations encouraged to take immediate action to mitigate two recently disclosed vulnerabilities, CVE-2026-3055 and CVE-2026-4368, that affect Citrix NetScaler ADC and Citrix NetScaler Gateway.
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-march-09e
23 days ago
0
3
0
Weekly summary is out..
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending March 22nd
UK registered organisations can apply for a share of up to £5 million for collaborative projects that enable adoption of the Government's Software Security Code of Practice
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-march-1bf
30 days ago
0
3
2
reposted by
Ollie Whitehouse
Weekly summary is out..
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending March 15th
SQL injection in AI systems in 2026...
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-march-b16
about 1 month ago
0
2
4
reposted by
Ollie Whitehouse
NCSC UK
about 1 month ago
No business is too small to be a target for cyber attackers. The Cyber Action Toolkit is a free, easy-to-use government service designed to help your business avoid being one of the millions that experience a cyber attack every year. Try it now:
https://cybertoolkit.service.ncsc.gov.uk/
0
8
5
Weekly summary is out..
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending March 15th
SQL injection in AI systems in 2026...
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-march-b16
about 1 month ago
0
2
4
Weekly summary is out..
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending March 8th
NCSC advises UK organisations to take action following conflict in the Middle East
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-march-e9f
about 1 month ago
0
1
1
reposted by
Ollie Whitehouse
Weekly summary is out..
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending March 1st
Agencies strongly encourage immediate investigation of potential compromise of Cisco Catalyst SD-WAN, and full updating and hardening.
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-march-a25
about 2 months ago
0
1
3
Weekly summary is out..
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending March 1st
Agencies strongly encourage immediate investigation of potential compromise of Cisco Catalyst SD-WAN, and full updating and hardening.
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-march-a25
about 2 months ago
0
1
3
reposted by
Ollie Whitehouse
Exploitation of Cisco Catalyst SD-WAN Agencies strongly encourage immediate investigation of potential compromise of Cisco Catalyst SD-WAN, and full updating and hardening.
www.ncsc.gov.uk/news/exploit...
loading . . .
Exploitation of Cisco Catalyst SD-WAN
Agencies strongly encourage immediate investigation of potential compromise of Cisco Catalyst SD-WAN, and full updating and hardening.
https://www.ncsc.gov.uk/news/exploitation-cisco-catalyst-sd-wans
about 2 months ago
0
2
4
Exploitation of Cisco Catalyst SD-WAN Agencies strongly encourage immediate investigation of potential compromise of Cisco Catalyst SD-WAN, and full updating and hardening.
www.ncsc.gov.uk/news/exploit...
loading . . .
Exploitation of Cisco Catalyst SD-WAN
Agencies strongly encourage immediate investigation of potential compromise of Cisco Catalyst SD-WAN, and full updating and hardening.
https://www.ncsc.gov.uk/news/exploitation-cisco-catalyst-sd-wans
about 2 months ago
0
2
4
reposted by
Ollie Whitehouse
Weekly summary is out..
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending February 22nd
Malicious cyber activity is a burden on business and the way this burden and cost is minimised is through increased resilience...
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-february-e3f
about 2 months ago
0
3
5
Weekly summary is out..
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending February 22nd
Malicious cyber activity is a burden on business and the way this burden and cost is minimised is through increased resilience...
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-february-e3f
about 2 months ago
0
3
5
reposted by
Ollie Whitehouse
Weekly summary is out..
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending February 15th
Organisations with experience in external attack surface management can help NCSC UK shape future Active Cyber Defence 2.0 services
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-february-550
2 months ago
0
2
1
Weekly summary is out..
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending February 15th
Organisations with experience in external attack surface management can help NCSC UK shape future Active Cyber Defence 2.0 services
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-february-550
2 months ago
0
2
1
At the
@ncsc.gov.uk
we have today released reflections on how to ensure the ‘organisational memory’ of past vulnerabilities is not lost in technology producers.
www.ncsc.gov.uk/blog-post/im...
loading . . .
Improving your response to vulnerability management
How to ensure the ‘organisational memory’ of past vulnerabilities is not lost.
https://www.ncsc.gov.uk/blog-post/improving-your-response-to-vulnerability-management
2 months ago
0
1
0
reposted by
Ollie Whitehouse
Weekly summary is out..
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending February 8th
Nation-state threat actors exploit end-of-support (EOS) edge devices -ncluding, but not limited to, load balancers, firewalls, routers, and virtual private network (VPN) gateways
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-february-c25
2 months ago
0
2
3
Weekly summary is out..
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending February 8th
Nation-state threat actors exploit end-of-support (EOS) edge devices -ncluding, but not limited to, load balancers, firewalls, routers, and virtual private network (VPN) gateways
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-february-c25
2 months ago
0
2
3
Weekly summary is out..
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending February 1st
Cyber incidents targeting organisations – particularly those against critical national infrastructure (CNI) – are becoming more frequent, sophisticated and potentially destructive.
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-february-df7
3 months ago
1
3
2
Weekly summary is out..
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending January 25th
NCSC issues warning over hacktivist groups disrupting UK organisations and online services
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-january-bc1
3 months ago
0
5
4
reposted by
Ollie Whitehouse
NCSC UK
3 months ago
Today the NCSC has issued a warning highlighting Pro-Russian Hacktivist groups are targeting sectors across the UK. All organisations are urged to act now by reviewing and implementing our free guidance to protect against DoS attacks.
loading . . .
Pro-Russia hacktivist activity continues to target UK organisations
The NCSC encourages local government and critical infrastructure operators to harden their ‘denial of service’ (DoS) defences
https://www.ncsc.gov.uk/news/pro-russia-hacktivist-activity-continues-to-target-uk-organisations
0
12
12
reposted by
Ollie Whitehouse
Weekly summary is out..
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending January 18th
We have time to ensure and assure we get the outcome we want, but we don’t have limitless time. As such urgency, pace and relentless focus are the imperatives when it comes to technology security..
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-january-84d
3 months ago
0
4
2
Weekly summary is out..
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending January 18th
We have time to ensure and assure we get the outcome we want, but we don’t have limitless time. As such urgency, pace and relentless focus are the imperatives when it comes to technology security..
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-january-84d
3 months ago
0
4
2
reposted by
Ollie Whitehouse
NCSC UK
3 months ago
Passkeys provide an easier, faster and more secure way to log into online accounts than passwords.🗝️ Read more about how the NCSC is keeping pace with evolving technology⬇️
https://www.ncsc.gov.uk/collection/ncsc-annual-review-2025/chapter-03-keeping-pace-with-evolving-technology
3
61
28
At
@ncsc.gov.uk
supported by international partners released guidance on Secure connectivity principles for operational technology (OT) - go forth and secure.. Blog:
www.ncsc.gov.uk/blog-post/de...
Guidance:
www.ncsc.gov.uk/collection/o...
#OT
#CyberSecurity
loading . . .
https://ncsc.gov.uk/blog-post/desi…
3 months ago
1
3
1
Weekly summary is out..
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending January 11th
DSIT, with the support of the NCSC, has refreshed the Government’s Cyber Security Strategy (GCSS) to form the Government Cyber Action Plan (GCAP)..
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-january-2fc
3 months ago
0
2
0
Weekly summary is out..
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending January 4th
Happy New Year...
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-january-f48
4 months ago
0
2
1
reposted by
Ollie Whitehouse
Weekly summary is out...
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending December 28th
Addressing fundamentals move dials - be it architectures (cross-domain, privileged access workstations etc), approaches (external attack surface management, deception), or solutions (passkeys).
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-december-683
4 months ago
0
2
2
Weekly summary is out...
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending December 28th
Addressing fundamentals move dials - be it architectures (cross-domain, privileged access workstations etc), approaches (external attack surface management, deception), or solutions (passkeys).
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-december-683
4 months ago
0
2
2
reposted by
Ollie Whitehouse
NCSC UK
4 months ago
If you're looking out for good Boxing Day deals, stay ahead of scams by enabling 2-Step Verification (2SV). Keep the fraudsters out of your online accounts with an extra step to verify your identity after a login attempt. Learn more:
https://stopthinkfraud.campaign.gov.uk/
0
8
5
reposted by
Ollie Whitehouse
Weekly summary is out...
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending December 21st - nearly Christmas edition ❄️🎄🎅🤶🎄❄️
“Alongside the grinding war, Russia is testing us in the grey zone with tactics that are just below the threshold of war."
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-december-0ba
4 months ago
0
4
3
Weekly summary is out...
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending December 21st - nearly Christmas edition ❄️🎄🎅🤶🎄❄️
“Alongside the grinding war, Russia is testing us in the grey zone with tactics that are just below the threshold of war."
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-december-0ba
4 months ago
0
4
3
Weekly summary is out...
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending December 14th
“One of the most promising aspects of cyber deception is its potential to impose cost on adversaries." - NCSC
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-december-ebd
4 months ago
0
2
0
reposted by
Ollie Whitehouse
At
@ncsc.gov.uk
we have been running cyber deception experiments across 121 organisations from across the UK.. .. the team have just shared our insights ..
www.ncsc.gov.uk/blog-post/cy...
loading . . .
Cyber deception trials: what we’ve learned so far
An update on the NCSC's trials to test the real-world efficacy of cyber deception solutions.
https://www.ncsc.gov.uk/blog-post/cyber-deception-trials-what-weve-learned-so-far
4 months ago
0
9
4
At
@ncsc.gov.uk
we have been running cyber deception experiments across 121 organisations from across the UK.. .. the team have just shared our insights ..
www.ncsc.gov.uk/blog-post/cy...
loading . . .
Cyber deception trials: what we’ve learned so far
An update on the NCSC's trials to test the real-world efficacy of cyber deception solutions.
https://www.ncsc.gov.uk/blog-post/cyber-deception-trials-what-weve-learned-so-far
4 months ago
0
9
4
Prompt injection != SQL injection - There are crucial differences between prompt and SQL injection which – if not considered – can undermine mitigations.
add a skeleton here at some point
4 months ago
0
2
2
reposted by
Ollie Whitehouse
Weekly summary is out..
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending December 7th
Patch those React and Next.JS servers... please..
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-december-e1e
4 months ago
0
3
3
Weekly summary is out..
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending December 7th
Patch those React and Next.JS servers... please..
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-december-e1e
4 months ago
0
3
3
Weekly summary is out..
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending November 30th
“A lack of liability for software vendors is among the most pressing issues putting Britain’s economic and national security at risk"
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-november-4ff
5 months ago
0
3
2
reposted by
Ollie Whitehouse
Weekly summary is out..
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending November 23rd
CHERI a hardware solution to memory safety vulnerabilities gets £21 million from UK Government
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-november-3f4
5 months ago
0
3
2
Weekly summary is out..
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending November 23rd
CHERI a hardware solution to memory safety vulnerabilities gets £21 million from UK Government
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-november-3f4
5 months ago
0
3
2
reposted by
Ollie Whitehouse
Weekly summary is out..
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending November 16th
Motivating small organisations to take action - Using an evidence-based approach in the development of action-based guidance for the UK’s small organisations
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-november-799
5 months ago
0
1
1
Weekly summary is out..
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending November 16th
Motivating small organisations to take action - Using an evidence-based approach in the development of action-based guidance for the UK’s small organisations
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-november-799
5 months ago
0
1
1
reposted by
Ollie Whitehouse
Weekly summary is out...
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending November 9th
It is clear that AI will drive a generational shift in productivity - the trick is not letting it distract us from the fundamentals which ensure cyber security outcomes we seek.
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-november-821
5 months ago
0
3
2
Weekly summary is out...
ctoatncsc.substack.com/p/cto-at-ncs...
loading . . .
CTO at NCSC Summary: week ending November 9th
It is clear that AI will drive a generational shift in productivity - the trick is not letting it distract us from the fundamentals which ensure cyber security outcomes we seek.
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-november-821
5 months ago
0
3
2
reposted by
Ollie Whitehouse
At
@ncsc.gov.uk
we have just launched the CyberUK tech talks call for papers across three topics - Cyber applications of AI - What works: approaches that reduce cyber harm - The evolving threat
www.cyberuk.uk/2026/call-fo...
loading . . .
Tech Talks - Call for Papers
https://www.cyberuk.uk/2026/call-for-papers
5 months ago
0
5
9
Load more
feeds!
log in
