Zero Bull$ec
Posts
ZeroBull$ec: Issue 03

ZeroBull$ec: Issue 03

What's new with Tech & Cyber - Cyber must do's

Rohan Wickremesinghe
September 18, 2025 • Estimated Reading Time: 7 minutes

🌟 Editor's note

Technology continues to evolve at a pace many of us haven’t seen before. Creating end to end digital solutions has never been more accessible. As always though with great power comes great responsibility.

🚀 Network Security - The non-negotiables for any business

What you need to know!

Firewall Configuration:
1. What does your perimeter look like? Do you have visibility of what the exterior of your business looks like?
2. Do you have visibility of what traffic is coming in and out of your business
  1. Asset discovery on the network - Using agents to identify all assets on your network
  2. Mobile Device Management (MDM) for devices like mobile phones, tablets etc
  3. Traffic Mapping - What are systems doing, and which ones are talking to each other?
  4. Identify entry and exit points (ingress and egress) - identify any potential vulnerabilities
Default Password & Security Settings :
1. Identify and replace any default passwords - especially vendor ones
Network Segmentation:
1. Direct paths to crown jewels (AKA critical and sensitive assets), should be removed - Make it hard to gain access
2. The more sensitive / critical the asset the more granular the segmentation
Access Control(s)
1. Principle of least privilege - Least amount of access required to complete a job - this applies to both system and user roles
Logging & Monitoring
1. Track and monitor all activity within the network
2. Review anomalous behaviour
3. Monitoring and alerting tools are a must - Some are even free to start with
  1. Tool Configuration is key - This ensures false positives are minimised
  2. Data fatigue - smaller teams don’t have the resources to review significant data dumps - Configure for prioritised information, not volume

Asset Discovery tools worth checking out

Spiceworks

There is a great community vibe to Spiceworks and it is riddled with great advice, and a number of free opensource tools. One of them specifically is the Asset discovery tool.

I have personally installed the agent on my devices to see how they work, and I must say the communication back to the dashboard is quite seamless.

Yes - you do have to configure your Access Control Rules to allow an agent scanner to look at your network. These are internal rules, so there is no exposure to the external world.

Yes - communication with the external cloud site is external to your network, and again it requires appropriate configuration. Yes - a separate rule is required to allow the dedicated scanner to send inventory information back to the Spiceworks server.

🗓️ Interesting events coming up - Singapore & Australia

Tech Week Singapore

📅 Dates: October 8–9, 2025
📍 Location: Marina Bay Sands, Singapore
🧠 Focus: AI, Cloud, Cybersecurity, DevOps, Big Data, eCommerce
Tech Week Singapore | 8-9 October 2025

ETCIO SEA Events

📅 Ongoing series of tech and cyber events across SEA
📍 Locations: Singapore, Bangkok, Kuala Lumpur, Jakarta
🧠 Focus: AI, cybersecurity, digital transformation, e-invoicing
Technology Events South East Asia | Upcoming Tech Events & Conferences SEA

TECHSPO Singapore

📅 Dates: October 3–4, 2025
📍 Location: Sands Expo and Convention Centre, Singapore
🧠 Focus: SaaS, telecom, IT innovation
IT & Technology Events in Singapore, List of all Singapore Technology Business Expo & Events

CyberCon Melbourne 2025

📅 Dates: October 15–17, 2025 (just beyond next week, but major!)
📍 Location: Melbourne Convention & Exhibition Centre
🧠 Focus: Cybersecurity strategy, threat intelligence, resilience
🔗 CyberCon Info

🦄 This weeks top Read

Cognitive Calibration

I thought this was a great article by James Kavanagh, so if you want to read more articles around AI governance I suggest you subscribe to his newsletter. Alternatively, we will always drop a summary here of great articles that he publishes.

This article focuses on our biases and our overreliance on automation, and now automation + AI. It begins with the crash of Air France 447, whereby the Airbus 330 suffered a sensor issue providing false airspeed data to the pilots. This inevitably caused the pilots to stop using their intuition and skills and force the plane into a stall, killing all onboard.

The pilots as skilled as they were, were not trained to apply scepticism towards the automation and fail to notice that something was wrong with their instruments.

We see this regularly today with AI, with users trusting blindly the outputs produced.

This is a great article that goes into depth about the challenges humans face now that we have very capable technologies to do work for us, BUT what do we do when technology gets it wrong.

Read the full article below.

🏆 Reader of the Week

Rohan W: Tech Risk & Cyber Innovator & Triathlete

🌉 Background: BComm. / BIT - Majors Software Engineering / Accounting / ICAA

👑 Achievement: Developing a suite of risk systems & protocols anyone can use - reducing labour time by >50%

🙈 Quirk: I wear Papaya Coloured barefoot shoes (everywhere)

Lets do Risk Management differently - Lets shake it up

As we continue to launch the newsletter with an intention to provide as many useful tips and tricks around tech and cyber - I thought the best person to talk about first is me.

I don’t really like talking about myself but I think it is important to communicate why we started our company (SafeSync), and why I decided to leave the world of corporate technology and risk management.

I am a graduate of the Australian National University (Australia), and I have a Bachelors in Commerce and Information Technology. I spent a large chunk of my career with KPMG Sydney and London working in their Technology divisions. Later moving onto banks and life insurers. During covid I started my advisory business, and now here in Singapore I founded SafeSync.

The risk principles of old whilst many stand true academically, the application needs to be vastly different - given the dynamism of technology change and enhancement.

We started SafeSync to not only simplify technology and risk language - BUT make it available to everyone, not just corporate enterprise.

We are still applying old risk management principles to modern day technology - Its like trying to fit a 6.2 litre V8 Petrol engine into a Tesla - It just doesn’t work, nor does it make sense. (Apologies if you’re not into cars)

Modern day risk management is like trying to hit a moving target. What works today doesn’t necessarily work tomorrow. Risk management today is like a like a football team, one minute in offense, the next in defence. When you score, you celebrate briefly, but you know the other team is going to come at you even harder. Cyber and tech infiltrations are just the same.

Unfortunately many businesses are still playing league football and haven’t graduated to the premiere league with the big boys. (Again apologies if you don’t play football!)

Risk professionals need to be technology savvy and aware of the continuous changes and pivots that are constantly occurring. One example includes the current hype of AI - New AI models and tools are coming out daily - and each represents a potential new risk to business and society as a whole.

Many businesses still need to crawl before they can walk - but the world is in a hurry so the goal is how do we implement foundational risk and security principles for businesses quickly before moving onto the next thing.

If you are still sticking your passwords on stickies on your computer, or using password = 1234 OR #$Password - then you might be in a little bit of trouble.

Quote of the week.

"Amateurs hack systems. Professionals hack people." - Bruce Schneier (Security Guru, Cryptographer).

Till next time,

Rohan