What’s this site about?

This is yet another security blog of which I appreciate there are many but I’m hoping to find a way to differentiate myself while acknowledging the high quality writing of many other experts. The original intention was to focus purely on information security, but I decided to expand the scope of this blog to include interesting life hacks. Some of the articles will be technical in nature, while others will be about people and processes. I am aiming for a mix of practical security and theoretical security. There are a great number of security blogs out there of varying quality that tend to focus either on the technical aspects or on people and processes. This will be one of the few blogs that will discuss both aspects.

I will do my best to highlight the problems that exist at the interface of practical and theoretical security, but I will caution the reader that I’m likely to fall towards the stricter side of security advice which in some real world scenarios may not be preferable. Pushing for better security, sometimes at the cost of availability, is not to be obtuse but rather as a naive idealism to promote better security on the whole for everyone. I will try to elucidate trade offs and practical issues and ultimately leave the reader to manage their own security and risks, but will always encourage to take the more secure approach.

Some of what I write will also be instructional. These are intended to be guides which are as simple as possible without losing the meaning of what needs to be conveyed. These are real world / practical guides rather than theoretical or philosophical ramblings.


Odinn — what’s with the name and spelling?


The spelling is from Old Norse (and also Icelandic) and should really be Óðinn, but the URL is close enough. Part of the reason for such a name is that I have a ‘thing’ for Germanic languages in particular the Nordic languages. I have some comprehension of Icelandic, Norwegian, Swedish, Danish and German. My strongest is probably Norwegian (Bokmål) though.

According to some interpretations he is a god of wisdom but in most accounts he is acknowledged as the chief of the gods in Norse mythology. I just thought that was cool and provided a catchy name.


About Me
I’m originally an Astrophysics PhD graduate but decided to make the switch to Information Security. Part of the reason for the switch is that job security is far better (no pun intended): the industry is growing and has a wealth of interesting problems. I did an MSc in Information Security at Royal Holloway University of London and I’m now working as an information security consultant. I’ve done penetration testing of web apps and infrastructure, as well as GRC consultancy (governance, risk, compliance). I hold the following certificates: CPSA, CRT, ISO 27001 Lead Implementer, and ISO 27005 Risk Management. I plan to take the Lead Auditor exam sometime soon.

If you read articles on my old blog you will see some articles about hacking. It has been an interest for years I just didn’t expect to be where I am now.

My personal website is: edthomson.com

Disclaimer: all views are my own and not of my employer (past, present, or future).