Phil Massyn

AI Risk Metholodogy

Phil Massyn — Tue, 24 Mar 2026 00:00:00 +0000

Dealing with AI Risk

Every few years, something new comes along and the infosec community collectively loses its mind. AI is no different. Businesses are moving fast, GRC teams are scrambling to catch up, and everyone is asking the same question - how do we manage this risk?

I've been in this space long enough to know that the answer is usually simpler than it looks.

My Experience with CFMoto

Phil Massyn — Tue, 30 Dec 2025 00:00:00 +0000

When "Complimentary" Becomes a Subscription: My Experience With CFMoto

I am writing this for future riders, not to vent, and not because I think CFMoto is going to suddenly change course because of one unhappy customer.

They will not.

But if you are researching CFMoto bikes, especially the 800MT, you deserve to understand what changed after purchase, and why that change matters.

Social Media Ban

Phil Massyn — Wed, 10 Dec 2025 00:00:00 +0000

Social Media Ban

Welcome to December 10, 2025, the day of reckoning for Social Media Platforms and under 16 year olds across Australia, where they are booted off social media networks. Is this the right call?

claude-code-review

Phil Massyn — Wed, 30 Jul 2025 00:00:00 +0000

Agentic coding - a review of Claude Code

I wrote previously about some thoughts on ai coding, and today I'd like to expand on my recent experience. Earlier this month, I took the plunge and bought the Pro subscription to Claude.ai.

Australian ASX Domain Security Report

Phil Massyn — Sat, 26 Jul 2025 00:00:00 +0000

Australian ASX Domain Security Report

I do a lot of work with Australian ASX companies, so naturally I've been inspired by Scott Helme's Crawler Ninja project to get a sense of where the security posture of all these companies sits. There's a ton of information that every website reveals about itself, so by simply looking at what they publicly tell the world, let's do a bit of a deep dive for the month of July.

Zero Trust for Applications

Phil Massyn — Tue, 08 Jul 2025 00:00:00 +0000

Zero Trust for Applications

The Zero Trust methodology has been around for a while, and many organisations have been implementing Zero Trust principles. When considering applications deployed in an enterprise, organisations typically implement zero trust at the infrastructure layer, protecting access to and from applications and securing network communications.

Infrastructure-level protection is essential, but there's another threat vector: the application itself. While SDLC processes and security tools help secure code, there's an opportunity to implement Zero Trust principles directly within applications.

Reporting Tools

Phil Massyn — Sat, 14 Jun 2025 00:00:00 +0000

Reporting Tools Overview

As a Cyber specialist, I have had to develop quite a few security dashboards over the years. This has lead me down a path of data engineering, combining my expertise in Cyber engineering with data. While working with different reporting tools, I have come to know some of them quite well, and in this blog post, I will share some of my thoughts on the different tools, and give you a bit of insight to which one to choose for your next project.

Host your own reporting platform

Phil Massyn — Sun, 13 Apr 2025 00:00:00 +0000

HOWTO: Host your own reporting platform on AWS

Metabase and Grafana are both quite capable reporting platforms. Both vendors offer you the ability to run the software for free on your own infrastructure, so it's quite an attractive option for companies who would like to have some business intelligence capability without breaking the bank. In this guide, I will show you how can use the Cloudformation template to deploy these reporting tools on your aws environment.

The Metric Library: Practical Security Metrics for Real Dashboards

Phil Massyn — Sat, 12 Apr 2025 00:00:00 +0000

The Metric Library: Practical Security Metrics for Real Dashboards

"Build my cyber security dashboard, and put metrics on the board" - A statement I have heard all too often, and when you go into the design phase to choose the metrics, there are blank stares all around the room. We want to measure something, but we don't know what.

Security is not Compliance

Phil Massyn — Sun, 06 Apr 2025 00:00:00 +0000

Security is not Compliance

Some companies like to combine their Security and Compliance teams into one entity. I've worked in environments like that before, and I can tell you from experience that it is usually a bad idea to mix the two. Let's dig into it.

Who's using my certificates?

Phil Massyn — Sun, 23 Mar 2025 00:00:00 +0000

Who's using my certificates?

A few weeks ago, aws informed me that it was unable to renew some of my ACM, naturaly because I moved it all over to Cloudflare a few months ago. Things got interesting when I tried to clean it up..

Coding with AI

Phil Massyn — Sun, 09 Mar 2025 00:00:00 +0000

Coding with AI

Tools like ChatGPT have been a game changer in a lot of industries. There is a fear floating that AI will replace programmers, displacing more jobs. Over the past year I have been using these tools in my own coding journey, and I learned a few things along the way.

The Art of Troubleshooting

Phil Massyn — Sat, 15 Feb 2025 00:00:00 +0000

The Art of Troubleshooting

As technicians, we often have to solve some difficult problems. I've had my fair share of whoppers, were I thought the world is coming crashing down. After a while, I started learning a process for dealing with technical problems.

Jinja 2 templates with Python

Phil Massyn — Sun, 17 Nov 2024 00:00:00 +0000

Generate documents with Jinja2 in Python

There are cases where you record data in a number of data sources, and then need to generate documentation from that data. One case I get involved in from time-to-time is to generate documentation from data collected in various data sources. Rather than copying-and-pasting, we can use code to dynmically generate documentation. In this post, I will show you some examples in how we can use jinja2 to generate markdown in Python.

Update Route 53 dynamically

Phil Massyn — Sat, 16 Nov 2024 00:00:00 +0000

Update Route 53 dynamically

Route 53 is the DNS service on Amazon Web Services. It does everything from domain registration to the hosting and management of domain names.

Security for Engineers

Phil Massyn — Fri, 11 Oct 2024 00:00:00 +0000

Security for Engineers

Many of us have the need to develop code, code that may have access to very sensitive data, or code that has the ability to wreck havoc on an environment. Whatever the development requirement is, there is a need to be vigilant with the code you develop, and ensuring that you do not inadvertently introduce security issues that could otherwise have been avoided.

Involuntary Data Breaches

Phil Massyn — Tue, 24 Sep 2024 00:00:00 +0000

Involuntary Data Breaches

An involuntary data breach is a data breach where you information got compromised without your direct involvement. This is typically where your information is stored in a data location that you're unaware of, or have no control over. In a recent security incident, my own contact details have been exposed, through a friend's compromised phone. This is the story of that event.

Single Sign On

Phil Massyn — Mon, 02 Sep 2024 00:00:00 +0000

Single Sign On

Single Sign-On (SSO) is an authentication process that allows users to access multiple applications or services with one set of login credentials—typically a username and password. Instead of having to log in separately to each application, users authenticate once through a central identity provider, which then grants access to connected systems. This approach simplifies the user experience by reducing password fatigue and improving productivity, as users no longer need to manage multiple accounts or remember numerous passwords. SSO also enhances security by centralizing authentication and allowing for more robust controls, such as multi-factor authentication and centralized monitoring, thereby reducing the attack surface for potential breaches.

Security Breach Transparency

Phil Massyn — Fri, 14 Jun 2024 00:00:00 +0000

Security Breach Transparency

Another security breach has made the news. This time the folks at Ticketek are having a hard time explaining why ...customers' names, emails and dates of birth may have been accessed in cyber security breach.

Intro to Google Cloud

Phil Massyn — Sat, 08 Jun 2024 00:00:00 +0000

Introduction to Google Cloud

I will always have a soft spot for AWS as my preferred cloud provider. A few weeks ago I was asked to develop a solution on Google Cloud, and while at first I had my reservations, it didn't take long for me to start liking it.