HOOP Cyber
Menu
HOOP Cyber

Hoop Cyber

About Hoop Cyber

https://www.hoopcyber.com

Posts by Hoop Cyber:

Copy of Blog Image Header - HOOP Cyber

HOOP Cyber Congratulates Lisa Ventura MBE FCIIS as she Receives Quadruple Finalist Recognition in Prestigious Awards

,

HOOP Cyber is proud to celebrate the outstanding achievements of our Head of Strategy and Communications Lisa Ventura MBE FCIIS, who has been named a finalist in four major awards recognising excellence, leadership, and impact in the cyber security and AI sectors.

Lisa has been announced as:

  • Finalist – Cybersecurity Woman of the World Awards 2025
    Recognising exceptional female leaders in the global cyber security industry, this prestigious accolade celebrates innovation, leadership, and impact. Lisa’s work in cyber security awareness, ethical AI adoption, and diversity in technology has earned her a place among the top leaders worldwide. Winners will be announced at the gala in Lake Como, Italy, on 23 September 2025.

  • Finalist – National Cyber Awards 2025 (Cyber Citizen of the Year)
    This award celebrates individuals who make a significant impact in protecting the digital landscape. Lisa’s dedication to raising cyber awareness, her long-standing contributions to the sector, and her leadership within the newly established AI and Cyber Security Association have placed her in the national spotlight once again. The awards will be held in London on 29 September 2025.

  • Finalist – National AI Awards (AI Citizen of the Year)
    This award recognises individuals who have made outstanding contributions to the responsible and ethical development, deployment, and promotion of artificial intelligence. Lisa’s commitment to ensuring AI is used safely and inclusively, her advocacy for AI policy and education, and her leadership within the AI and Cyber Security Association have earned her national recognition. The awards will take place in Ipswich on 16 October 2025.

  • Finalist – The Women’s Awards 2025 (Outstanding Woman in STEM, West Midlands)
    Honouring women making exceptional contributions across science, technology, engineering, and mathematics, this regional award recognises Lisa’s pioneering work in cyber security and her commitment to diversity and inclusion. The winners will be revealed at the gala in Warwickshire on 3 October 2025.

Speaking about these recognitions, Lisa Ventura MBE FCIIS said: “To be named a finalist in four such prestigious awards within weeks of each other is truly humbling. Cyber security and AI is not just my profession, it’s my mission. I am committed to raising awareness, inspiring the next generation, and ensuring that AI and cyber technologies are developed and deployed safely, ethically, and inclusively. I hope my journey shows that there are no barriers to what we can achieve in STEM, AI and cyber.”

Lisa’s accolades add to an already distinguished career, which includes being awarded an MBE in King Charles III’s Birthday Honours List in 2023 for services to cyber security and diversity, and her recent Fellowship of the Chartered Institute of Information Security.

HOOP Cyber congratulates Lisa on these exceptional achievements and looks forward to celebrating her continued impact on the industry.

 

ball-63527_1280

Data Source Mapping 101: What to Connect, Why, and How

Modern enterprises are drowning in data while starving for insights. The average organisation manages data across 400+ different applications, yet most struggle to create meaningful connections between these disparate sources. This isn’t just a technical challenge, it’s a strategic imperative that separates data-driven leaders from those left behind in today’s competitive landscape.

Rethinking Essential Telemetry: Beyond the Obvious

The conventional approach to data source mapping often focuses on the loudest signals—application logs, server metrics, and business intelligence dashboards. However, the most valuable insights often emerge from unexpected connections between seemingly unrelated data sources.

  • Application Performance Data reveals more than system health; it exposes user intent, seasonal patterns, and market dynamics. When correlated with external factors like weather patterns or social media sentiment, performance metrics become predictive indicators of business opportunities.

  • Infrastructure Monitoring transcends operational management when viewed through a strategic lens. Resource consumption patterns can predict budget cycles, geographic expansion needs, and technology adoption curves before they become obvious to competitors.

  • Business Intelligence Sources represent the traditional heart of data strategy, but their true value emerges when combined with operational data. Customer relationship management systems gain depth when enriched with support ticket sentiment analysis and product usage telemetry.

  • User Experience Data becomes transformative when mapped against the entire customer journey. Rather than isolated metrics, this telemetry reveals the emotional arc of customer relationships and identifies intervention points that drive loyalty and retention.

The Strategic Discovery Framework

Effective data source mapping requires moving beyond technical inventories to strategic discovery. The most successful organisations approach this as an anthropological exercise, studying how information flows through their culture and decision-making processes.

Begin with outcome mapping rather than source identification. Define the strategic questions your organisation needs to answer, then work backward to identify the data sources that could provide those answers. This approach reveals non-obvious connections and prevents the common trap of mapping data simply because it exists.

Conduct cross-functional workshops that bring together domain experts, data professionals, and business stakeholders. These sessions often uncover informal data practices, shadow IT implementations, and tribal knowledge that formal audits miss. The goal is not just to document existing sources but to understand the stories they tell when connected.

Consider temporal dimensions in your discovery process. Data sources that seem irrelevant in isolation may become crucial when analysed across different time scales. Quarterly financial data might correlate with daily support ticket volumes, revealing customer satisfaction patterns that predict revenue retention.

Beyond Common Pitfalls: Systemic Thinking

Traditional data mapping approaches fail because they treat symptoms rather than causes. The real challenge isn’t technical complexity; it’s organisational readiness and strategic alignment. Here are some of the most common pitfalls faced with systemic thinking:

  1. The Integration Trap occurs when organisations focus on connecting systems rather than connecting insights. Technical success in data mapping doesn’t guarantee business value. The most sophisticated integrations are worthless if they don’t inform better decisions or enable new capabilities.

  2. The Governance Paradox emerges when organisations implement rigid data governance frameworks before understanding their data landscape. Effective governance grows from understanding usage patterns and business needs, not from theoretical compliance frameworks imposed from above.

  3. The Change Resistance Reality reflects a deeper truth: data mapping changes power structures within organisations. Information accessibility shifts decision-making authority and can threaten established hierarchies. Successful mapping initiatives anticipate these dynamics and design change management strategies accordingly.

The Future of Intelligent Data Mapping

Leading organisations are moving beyond manual mapping exercises toward intelligent, adaptive approaches that evolve with their business needs. This shift requires new thinking about automation, validation, and strategic alignment. The future of intelligence data mapping can be seen in the following

  1. Automated Discovery capabilities are becoming table stakes, but the real value lies in pattern recognition and relationship inference. Advanced platforms can identify data sources that share common attributes, suggest logical connections, and predict the business value of potential mappings.

  2. Continuous Validation transforms data mapping from a project into a process. Rather than periodic audits, modern approaches include real-time monitoring of data quality, relationship accuracy, and business relevance. This continuous feedback loop ensures that mapping efforts remain aligned with evolving business needs.

  • Strategic Recommendation Engines represent the next frontier in data mapping. These systems analyse business context, industry benchmarks, and organisational capabilities to suggest high-value connections that might not be obvious to human analysts.

Designing for Competitive Advantage

Data source mapping is not a technical exercise—it’s a strategic capability that can create sustainable competitive advantages. Organisations that master this discipline don’t just manage data more effectively; they see opportunities and threats earlier, respond to market changes faster, and create customer experiences that competitors struggle to replicate.

The key is approaching data mapping as a continuous learning process rather than a one-time implementation. The most successful organisations invest in platforms, processes, and people that can adapt to changing business needs while maintaining the strategic focus that turns data into decisive action.

Today data is often called the new oil, and data source mapping is the refinery that transforms raw information into valuable insights. Organisations that master this capability will define the future of their industries.

Final Thoughts

The journey towards effective data source mapping is not merely about connecting systems—it’s about connecting possibilities. As we’ve explored, the organisations that will thrive in the data-driven future are those that view mapping not as a technical task but as a strategic discipline that requires anthropological insight, systems thinking, and continuous adaptation.

The most profound realisation for many leaders is that data source mapping reveals as much about organisational culture as it does about technical architecture. The connections you choose to make, the sources you prioritise, and the governance frameworks you implement all reflect your organisation’s values, priorities, and vision for the future.

As artificial intelligence and machine learning continue to mature, the quality of your data source mapping will increasingly determine the effectiveness of your automated decision-making systems. The investments you make today in thoughtful, strategic mapping will compound over time, creating data foundations that enable breakthrough innovations tomorrow.

Are you ready to ensure your data is mapped correctly, securely and efficiently? Contact us today via  to begin your journey today.

 

cyber-security-7996399_1280

Modernising Legacy SIEMs: Why the Future Lies in Amazon Security Lake

For over a decade, organisations have relied on traditional SIEM platforms to centralise logs, monitor threats, and maintain compliance. Initially, they were revolutionary and finally offered a way to bring disparate telemetry into one single place. But today, those same platforms are showing their age.

As the cyber threat landscape has evolved and cloud adoption has exploded, legacy SIEMs have become more of a constraint than an enabler. Escalating licensing fees, sluggish search performance, limited retention windows, and inflexible architectures are now some of the most common pain points security teams report. In an era where real-time visibility and scale are non-negotiable, organisations are beginning to ask a critical question: is there a better way?

The Tipping Point for SIEM Modernisation

The catalyst often comes in the form of cost pressure or operational friction. For many security teams, growing ingest volumes lead to spiralling expenses under traditional licensing models. At the same time, analysts find themselves waiting minutes, sometimes longer, for queries to complete, particularly during incident response or threat hunting.

Retention is another critical pressure point. With many legacy SIEMs offering only 30 to 90 days of hot storage, forensic investigations are routinely cut short. Add to that the growing challenge of ingesting cloud-native telemetry, normalising data from diverse sources, and managing alert fatigue from shallow correlation logic, and the limitations of traditional platforms become stark.

Organisations are increasingly coming to the same conclusion: the traditional SIEM model is no longer fit for purpose.

Rethinking Security Architecture Around the Data

Modern security demands a different approach, one that puts data at the centre. This is where Amazon Security Lake has emerged as a powerful alternative. By shifting from SIEM-centric architectures to data lake-centric models, organisations can regain control over their telemetry, their costs, and their detection capabilities.

Security Lake is built on open standards, particularly the Open Cybersecurity Schema Framework (OCSF), which allows logs and events from different sources to be ingested, stored, and analysed in a common format. This eliminates vendor lock-in, streamlines correlation, and improves interoperability across the security stack.

Because data is stored in formats like Parquet and queried via services like Amazon Athena, organisations can separate storage from compute, allowing long-term retention without incurring massive costs. It also unlocks faster queries, scalable analytics, and seamless integration with threat intelligence, compliance frameworks, and automation tools.

From Theory to Execution: The Migration Journey

For many organisations, the path to a modernised, cloud-native SIEM begins with running a parallel ingestion stream. Rather than immediately retiring their existing SIEM, they start by duplicating log sources into both environments. This allows for side-by-side comparison of visibility, performance, and detection fidelity without introducing risk.

Once this parallel pipeline is established, the next step is data normalisation. Through converting logs into OCSF or another common schema at the point of ingestion, teams lay the groundwork for cross-source correlation and future-proofed analytics. Enrichment can then be layered in. adding context from identity systems, asset inventories, threat intelligence feeds, and geolocation services.

With normalised and enriched data flowing into a secure lake that can be queried, teams can begin building and tuning real-time detection logic. Unlike traditional SIEM correlation engines that rely on pre-indexed, tightly coupled data, this model supports dynamic, federated queries across both hot and cold storage. That means detections can span months or even years of history, critical for uncovering slow-moving, persistent threats.

The final piece is compliance. If data is tagged and mapped to regulatory frameworks like ISO 27001, NIS2, or PCI DSS, organisations can automate evidence generation, streamline audits, and ensure visibility over who accessed what, when, and why.

The result is not only a more responsive and intelligent SOC, but also a more sustainable one. Teams reduce their reliance on brittle rules, unlock richer insights, and avoid punishing cost models based on ingest or licensing tiers. Crucially, they gain flexibility, able to adapt their architecture as the threat landscape evolves, without being held hostage by rigid platforms.

A Future-Ready Security Operating Model

This shift isn’t simply about technology; it’s about enabling a new kind of security operating model. One where detection is informed by context, response is guided by intelligence, and compliance is embedded from the start. It’s a model built for scale, speed, and complexity.

Amazon Security Lake offers the foundation for this transformation. But success depends on more than the toolset, it requires strategic implementation, thoughtful orchestration, and a deep understanding of how to weave enrichment, correlation, automation, and governance into a single, cohesive pipeline.

At HOOP Cyber, we specialise in helping organisations make that transition. From initial design to full operational maturity, we build modular data pipelines around Amazon Security Lake that enable faster detection, deeper insights, and measurable ROI. If you’re ready to modernise your SIEM, contact us today via , we’re ready to help.

Blog Image Header - Cyber Geek Girl

BSides Cheltenham 2025: Cyber Community Meets Cyber Intelligence

Our Head of Communications, Lisa Ventura MBE FCIIS, attended Bsides Cheltenham on Saturday 19 July 2025. She provided some insights as to what she learnt at the event, and why the Bsides movement is so important in the cyber security industry.

BSides Cheltenham 2025 delivered on its core mission of building a safer digital world through community collaboration, a principle that directly aligns with HOOP Cyber’s data-driven approach to security operations.

I’m a huge fan of the Bsides movement, it is one of the cyber security industry’s most important grassroots initiatives. Bsides is a global network of community-driven security conferences that prioritise accessibility, collaboration, and knowledge sharing over commercial interests.

What Is the Bsides Movement?

Born from the recognition that mainstream security conferences had become increasingly expensive and vendor-focused, BSides events operate on a “by the community, for the community” philosophy, providing platforms where both seasoned professionals and newcomers can share real-world experiences, emerging threats, and innovative defensive strategies. These events deliberately maintain an intimate, inclusive atmosphere that encourages genuine dialogue and relationship-building, often featuring content that’s too cutting-edge, too niche, or too community-focused for larger commercial conferences. Indeed, this was very true of Bsides Cheltenham which included a series of “fireside chats” including a hard-hitting one on the phenomenon of Infosec influencers complete with a twist – the organisers handed out marshmallow s’more’s biscuits to the audience to complement the “fireside chats”, which was genius.

With hundreds of Bsides events now held annually across six continents, the movement has become an essential ecosystem for cyber security intelligence sharing, professional development, and the kind of organic collaboration that strengthens collective defence capabilities. The BSides model proves that some of the industry’s most valuable insights emerge not from vendor presentations or formal research papers, but from practitioners sharing their experiences, failures, and discoveries with peers who face similar challenges in the cyber security and infosec industry.

Key Intelligence from Top Industry Leaders

The event featured exceptional insights from Ollie Whitehouse, NCSC’s Chief Technical Officer, who reinforced a fundamental truth we champion at HOOP Cyber: transparency in software development is critical for effective security architecture. His observation that “we know more about what is in our sausages than our software” resonates deeply with our data lake methodology, where visibility and enrichment at point of ingestion creates the transparency needed for proactive threat detection.

Whitehouse’s emphasis on passkeys over passwords and making the UK “the most hostile place to target” aligns with our orchestrated defence approach of using enriched data streams to create adaptive, intelligence-driven security postures.

The Human Element in Data-Driven Security

Joe Tidy’s presentation on teenage hacking evolution highlighted a crucial gap in our industry: while we excel at building sophisticated detection systems, we must address the social and psychological factors that create threats in the first place. This mirrors our philosophy at HOOP Cyber that technology alone cannot solve cyber security challenges.

The most effective security operations combine advanced data processing capabilities with human intelligence and community knowledge sharing, exactly what BSides represents. I was also thrilled to meet Joe, get a selfie with him and have my copy of his new book “Ctrl Alt Chaos” signed by him.

Community Intelligence as a Security Asset

The networking and knowledge exchange at BSides Cheltenham demonstrated how community-driven intelligence enhances individual organisational defences. When cyber security professionals share real-world threat insights, attack patterns, and defensive strategies, it creates a collective intelligence that no single SIEM or data lake can replicate.

At HOOP Cyber, we integrate this community intelligence into our client architectures through threat intelligence enrichment and collaborative defence strategies. The conversations at BSides, from students to seasoned practitioners, represent the kind of diverse perspective that strengthens security operations across the entire ecosystem.

Operational Resilience Through Collaboration

Events like Bsides Cheltenham prove that cyber security is fundamentally a community endeavour. The technical presentations, combined with organic networking and knowledge transfer, create the collaborative foundation necessary for building truly resilient security operations.

This community-driven approach to cyber security intelligence perfectly complements the data-centric methodologies we deploy at HOOP Cyber. When human insight meets advanced data processing and orchestration, organisations achieve the kind of adaptive, intelligent defence that modern threats demand.

The future of cyber security lies not just in better technology, but in better collaboration between people, between organisations, and between the technical capabilities that enable both.

ai-generated-8136169_1280

One Weak Password: Why Data-Driven Security Is No Longer Optional

The £5 Million Question: Could Better Data Visibility Have Saved Knights of Old?

A shocking BBC Panorama investigation has revealed how a 158-year-old British haulage company was destroyed by hackers who cracked just one employee password. Knights of Old (KNP), which operated 500 lorries and employed 750 people, was forced into administration within weeks of a ransomware attack that demanded £5 million. The human cost was devastating: drivers are still owed wages, with some losing their homes and marriages as a result.

But here’s the critical question that every business leader should be asking: could comprehensive data visibility and real-time threat detection have prevented this catastrophe?

The Alarming Reality: 19,000 UK Businesses Under Attack

The BBC Panorama programme “Fighting Cyber Criminals” exposes a cyber pandemic sweeping across British businesses. The statistics are staggering:

  • 19,000 ransomware attacks on UK businesses last year alone
  • The National Cyber Crime Agency handles one new ransomware attack daily
  • Average ransom payments to groups like Akira: £1.5 million
  • Major retailers including Marks & Spencer, Co-op, and Harrods have all been targeted

Yet perhaps most shocking of all: only 6% of UK businesses have Cyber Essentials certification, despite organisations with this certification being 92% less likely to make cyber insurance claims.

Why Traditional Security Fails: The Data Blind Spot

The Knights of Old tragedy illustrates a fundamental problem with traditional cybersecurity approaches. Despite having “industry-standard” IT security and cyber insurance, the company was still vulnerable to a basic brute force attack. Why? Because they lacked the comprehensive data visibility needed to detect and respond to threats in real-time.

As HOOP Cyber’s CEO and Founder Simon Johnson explains: “Effective security is fundamentally a data challenge. When businesses can’t see, understand, or act on their security data effectively, they’re essentially flying blind through a storm of cyber threats.”

The HOOP Cyber Approach: Security Through Data Intelligence

At HOOP Cyber, we believe that cyber security is fundamentally a data problem that requires a data-centric solution. Our approach transforms how organisations detect, investigate, and respond to threats by:

Stream & Enrich: Real-Time Threat Intelligence

Our data processor automatically receives log information from your data sources and enriches it with threat intelligence in real-time. This means potential attacks like the one that hit Knights of Old would trigger immediate alerts, not weeks-later discoveries.

Store & Search: Natural Language Security Operations

Using our federated search capability, security teams can query their data using natural language, dramatically reducing the time from threat detection to response. Instead of waiting for specialists to craft complex queries, any team member can ask: “Show me all failed login attempts from external IPs in the last hour.”

Comply & Report: Built-In Regulatory Frameworks

Your data is automatically categorised against NIST and MITRE frameworks, providing real-time compliance dashboards. This isn’t just about meeting regulatory requirements, it’s about having the visibility to spot attack patterns before they become breaches.

The Business Continuity Imperative

Paul Abbott, the former KNP director who lived through the Knights of Old disaster, now works as a cybersecurity consultant. His message is stark: “There needs to be more understanding of the risks at board level.”

This isn’t just an IT problem, it’s an existential business threat. Companies like Knights of Old prove that cyber-attacks don’t just disrupt operations; they can destroy century-old businesses and devastate communities within minutes.

Why Amazon Security Lake Changes Everything

HOOP Cyber’s partnership with Amazon Security Lake represents a paradigm shift in how organisations can approach cyber security. Through leveraging Amazon’s cloud-scale infrastructure with our data intelligence platform, businesses can:

  • Detect threats in real-time across all data sources
  • Respond faster with automated threat intelligence
  • Scale effortlessly as your business grows
  • Reduce costs through efficient data management

As highlighted in the Panorama investigation, the National Cyber Security Centre is overwhelmed, dealing with exponentially rising cyber-attacks. Organisations can no longer rely solely on government agencies for protection, they need their own sophisticated, data-driven defence systems.

The Bottom Line: Act Before It’s Too Late

The Knights of Old story is a wake-up call for every British business. A company that survived 158 years through two world wars, economic depressions, and countless challenges was destroyed by cyber criminals in a matter of weeks.

The lesson is clear: whatever you think you’ve done to protect your business; it’s time to get it checked by data security experts.

At HOOP Cyber, we don’t just install security tools, we transform your data into a strategic defence system that can detect, analyse, and respond to threats before they become business-ending disasters. Don’t become the next Knights of Old.

Watch the full investigation: BBC Panorama: Fighting Cyber Criminals is available on BBC iPlayer.

Ready to transform your cyber security approach?

Contact HOOP Cyber today via to learn how our data-centric security solutions can protect your business from the growing tide of cyber threats.

laptop-6948268_1280

Remote Work Cyber Security: Separating Real Risks from Manageable Challenges

The shift to remote work has fundamentally changed how we think about cyber security. During the COVID-19 global pandemic, we saw a huge shift to working remotely and from home. While this offers flexibility and productivity benefits, it also introduces a complex web of security considerations that organisations need to consider. Understanding which risks pose genuine threats versus those that are manageable with proper planning can help businesses maintain security without stifling remote work opportunities.

The Real Dangers: Where Remote Work Creates Genuine Risk

Your Home Network Isn’t Fort Knox

Perhaps the most significant vulnerability in remote work setups is the home network itself. Unlike corporate networks with dedicated IT teams monitoring every connection, home Wi-Fi networks are often secured with default passwords, running outdated firmware, and shared with a parade of smart TVs, gaming consoles, and IoT devices that may have never received a security update.

When your work laptop connects to the same network as your teenager’s gaming PC or your smart doorbell, you’re essentially extending your corporate perimeter to include every device in your household. A compromised smart speaker could potentially become a stepping stone for attackers to reach sensitive business data.

The Wild West of Personal Devices

The bring-your-own-device trend that seemed convenient pre-pandemic has revealed its dark side during remote work. Personal laptops and phones lack the security controls that IT departments carefully maintain on corporate devices. They might be running outdated operating systems, missing critical security patches, or infected with malware from personal browsing habits.

Even company-issued devices face new challenges when they leave the protected corporate environment. Without the safety net of network monitoring and automatic security updates, these devices become more vulnerable to attack.

Communication in the Open

Remote work has led to an explosion of communication tools, many adopted quickly without proper security vetting such as Zoom, Teams and Google Meet. That new video conferencing app everyone loves might not encrypt data properly, or that file-sharing service could be storing documents in unsecured cloud storage.

Public Wi-Fi compounds these risks dramatically. Working from that trendy coffee shop might feel productive, but transmitting sensitive business data over shared networks is like having confidential conversations in a crowded room where anyone could be listening.

When Physical Security Disappears

The controlled environment of an office building with badge access and security cameras is replaced by kitchen tables, co-working spaces, and coffee shops. Shoulder surfing becomes a real concern when sensitive information is displayed on screens visible to anyone walking by, especially when working from coffee shops or in public places. Device theft transforms from a rare office occurrence to an everyday risk when laptops travel to multiple locations daily.

The Shadow IT Explosion

Remote workers, faced with productivity challenges, often turn to tools and services to get their jobs done that are not authorised for use. That cloud-based service that makes file sharing easier such as WeTransfer, or the project management tool that streamlines collaboration, might be outside your organisation’s security oversight and compliance requirements.

Each unauthorised service represents a potential data leak or unauthorised access point that your security team doesn’t even know exists.

The Manageable Challenges: Security Issues You Can Actually Solve

Access Control Done Right

Modern identity and access management systems have evolved to handle remote work effectively. Multi-factor authentication, single sign-on solutions, and zero-trust network architectures can provide strong security regardless of where employees are working.

These systems verify not just who is accessing your data, but also the device they’re using and the context of their access request. An employee logging in from their usual home setup gets seamless access, while the same employee attempting access from an unusual location or device triggers additional verification steps.

Cloud Security as Your Friend

Counterintuitively, well-configured cloud services often provide better security than traditional on-premises solutions. Major cloud providers will often invest heavily in security infrastructure that most organisations couldn’t afford to implement internally. Professional-grade encryption, automated threat detection, and continuous monitoring are standard features rather than expensive add-ons.

The key here is “well-configured” as cloud security requires proper setup and ongoing management, but when done correctly, it can provide enterprise-grade protection for remote workers anywhere in the world.

Training the Human Firewall

While there is a myth that employees can be the weakest link in your security chain, they are actually your strongest defence with proper training. Most cyber security incidents involving remote workers stem from lack of awareness rather than malicious intent.

Regular training on recognising phishing attempts, using secure communication tools, using AI securely, safely, responsibly and ethically and following remote work security protocols can dramatically reduce your risk profile. When employees understand why certain practices matter and how to implement them easily, compliance becomes natural rather than burdensome.

Technology That Travels Well

Mobile device management (MDM) and endpoint detection and response (EDR) solutions have matured to provide comprehensive security oversight for remote devices. These tools can enforce security policies, monitor for threats, and even remotely wipe devices if they’re lost or stolen.

Modern endpoint security solutions can maintain the same level of protection and visibility whether a device is connected to your corporate network or working from a beach in Bali.

The Bottom Line: Risk Management, Not Risk Avoidance

Remote work cyber security isn’t about eliminating all risks, as that’s neither possible nor practical. Instead, it’s about understanding which risks are genuinely dangerous and require immediate attention versus those that can be managed through proper planning and tooling.

The organisations that succeed with remote work security are those that implement comprehensive policies, provide the right tools and training, and maintain the same security rigor remotely that they would in a traditional office environment. They recognise that the convenience of remote work doesn’t have to come at the expense of security, but it does require thoughtful planning and ongoing vigilance.

The future of work is likely to remain flexible, making remote work security not just a temporary concern but a permanent part of organisational risk management. The good news is that with proper preparation, remote work can be every bit as secure as traditional office environments, and sometimes even more so.

Are you ready to ensure the security of your remote and home based staff? Contact us today via to begin your security journey today.

cyber-security-3443628_1280

The Importance of the Human Firewall: Training Your Team to Complement Tech

In the cyber security industry today, conversations are often dominated by acronyms, automation, and architectural blueprints. From SIEM optimisation to security data lakes, the focus tends to land squarely on technology, that is, on the tools, platforms, and code designed to keep organisations secure.

But beneath all of that, at the very heart of every breach and every defence, lies a constant: the human factor.

Technology alone can’t protect an organisation. It can alert, detect, and even respond autonomously but if the workforce behind that technology isn’t educated, engaged, and empowered, the whole system is vulnerable.

At HOOP Cyber, we help organisations modernise their security operations, but we never lose sight of a fundamental truth: people are your first and last line of defence.

The Role of People in Modern Cyber Security

A common phrase in cyber security is: “humans are the weakest link.” But that mindset is dangerous and outdated. People aren’t inherently weak links, they’re untrained links, unsupported links, or under-informed links. When employees are given the right tools and the right knowledge, they can become a highly effective part of any security strategy.

Think about the most common breaches we see in the wild. Phishing, credential theft, misdirected emails, accidental data exposure – none of these result from advanced persistent threats or nation-state attacks. They’re caused by everyday human error. And not because people aren’t smart, but because organisations haven’t invested in relevant, real-time, role-specific awareness.

At HOOP Cyber, we believe awareness isn’t just about information, it’s about behaviour. It’s about building a security-conscious culture where everyone understands how their role contributes to organisational resilience.

Why Traditional Awareness Training Falls Short

Despite growing cyber budgets, many organisations still rely on outdated models of security training. Annual e-learning modules. Generic presentations. Passive compliance checkboxes.

The result? Minimal engagement. No behavioural change. And a workforce that remains vulnerable not through malice, but through monotony.

Real awareness training must evolve to match the pace of modern threats. Today’s attackers aren’t waiting for your next awareness campaign, they’re sending deepfake voicemails, crafting context-rich phishing emails, and exploiting team collaboration platforms. If your training doesn’t reflect these realities, and if it doesn’t include real world examples that your employees can relate to, your people are flying blind.

Effective awareness must be continuous, adaptive, and grounded in the threats your organisation is actually facing. At HOOP Cyber, we incorporate live attack simulations, real-time feedback loops, and behavioural analytics to not only educate staff but to shape how they act in high-pressure moments.

The Feedback Loop Between Humans and Technology

Security awareness isn’t a standalone activity, it’s part of a larger ecosystem. The way people behave impacts what your SOC sees. Conversely, what your SOC detects should influence how you train your people.

We see awareness not just as education, but as telemetry. When phishing simulations are run, or when risky behaviour is detected, that data feeds into our orchestration systems. Our clients use this intelligence to update detection rules, reprioritise response plans, and tailor future awareness content.

It becomes a virtuous loop. Awareness strengthens detection. Detection strengthens response. Response informs better awareness. And over time, the entire system becomes smarter—not just through machine learning, but through human learning.

This is the core of what we do at HOOP Cyber: we integrate human insights into your data lakes and your broader security telemetry, ensuring that awareness isn’t an afterthought, but a living, measurable part of your security architecture.

Embedding Cyber Maturity at Every Level

Security awareness is not just a frontline function. It must be embraced at every level of the organisation, from C-suite to contractors. Leaders set the tone, while managers reinforce it, and your teams carry it out.

That’s why we work with clients to define and build out maturity models that don’t just track phishing click-through rates, but measure cultural adoption, leadership advocacy, and business impact.

We align training content with regulatory frameworks like NIST and MITRE, but we go further through enabling organisations to tie awareness efforts directly to KPIs like Mean Time to Detect (MTTD), Mean Time to Respond (MTTR), and incident volume reduction.

This isn’t about awareness for awareness’ sake. It’s about strategic enablement that moves the needle on operational outcomes.

The Cultural Shift: From Compliance to Ownership

For security to become embedded in a company’s DNA, it must move beyond compliance. Too often, awareness is treated as a box to tick, an exercise in risk mitigation, not risk transformation.

But when awareness becomes part of the everyday rhythm of work and when employees feel responsible for security, not burdened by it, something changes. Incidents drop, collaboration improves, and confidence grows.

This shift happens when security is no longer something “owned by IT” but is instead co-owned across the business. Marketing teams that question suspicious links. Finance teams that pause on strange invoices. Developers who challenge insecure defaults. That’s the kind of cultural transformation that deflects breaches before they even begin.

Final Thought: Humans Complete the Picture

HOOP Cyber is known for enabling modern security architectures. We deploy powerful data lakes, optimise SIEMs, and orchestrate detection pipelines across complex environments. But even the most advanced technical stack will fall short without a team that knows how to interpret alerts, respond to threats, and act with awareness and intent.

That’s why we don’t just build systems, we build resilience.

Your people are not the problem. They are the solution. With the right training, insights, and cultural reinforcement, they become your strongest line of defence and your all-important human firewall.

Are you ready to operationalise human resilience? Contact us today via to begin your human maturity journey.

 

1750452488461

AWS re:Inforce 2025: The Complete Guide to Cloud Security Innovation

,

AWS re:Inforce 2025 delivered groundbreaking security innovations, transformative AI security guidance, and practical hands-on learning for over 5,000 security professionals. The event showcased how security at scale becomes a business accelerator, not a barrier to innovation.

From June 16-18, 2025, Philadelphia’s Pennsylvania Convention Centre became the epicentre of cloud security innovation as AWS hosted its third annual re:Inforce conference. Unlike other security conferences, re:Inforce prioritizes experiential learning, bringing together security specialists who build the AWS services organisations rely on daily.

The Vision: Security as a Business Accelerator

AWS Chief Information Security Officer Amy Herzog delivered her first keynote as CISO, demonstrating how AWS is helping customers simplify security at scale. Her central message challenged a fundamental assumption: security doesn’t have to slow down innovation, when done right, it accelerates it.

Drawing on real-world success stories from Comcast, RedShield, and BMW, Herzog showed how proactive, automated AWS security tools help teams identify and remediate issues faster and more efficiently. The keynote emphasised that organizations with mature security foundations across four key pillars, identity and access management, data and network security, monitoring and incident response, and continuous migration/modernisation are actually moving fastest in their cloud journeys.

Major Security Announcements: Simplifying Security at Scale

The conference unveiled significant security innovations focused on reducing complexity while enhancing protection:

Identity and Access Management Advances

AWS IAM now enforces Multi-Factor Authentication (MFA) for root users across all account types, preventing over 99% of password-related attacks. The system supports FIDO-certified security keys and FIDO2 passkeys, allowing up to 8 MFA devices per root and IAM user.

A particularly noteworthy addition was new internal access findings for AWS IAM Access Analyser, which uses automated reasoning technology to analyse complex permission layers across diverse policy types, giving security teams comprehensive visibility into who within their organizations has access to what resources.

Enhanced Threat Detection and Response

Amazon GuardDuty Extended Threat Detection expanded coverage to Amazon EKS clusters, while AWS Security Hub received enhancements to transform security signals into actionable insights, helping security teams prioritize and respond to critical issues at scale.

The introduction of Shield network security posture management automatically discovers and analyses network resources across AWS accounts, prioritizes security risks based on AWS best practices, and provides actionable remediation recommendations.

Simplified User Experiences

AWS WAF’s new console experience reduces security configuration steps by up to 80% through pre-configured protection packs, while Amazon CloudFront simplified web application delivery and security with a new user-friendly interface that automates TLS certificate provisioning, DNS configuration, and security settings.

Advanced Threat Intelligence

AWS Network Firewall introduced a new managed rule group that uses the Amazon threat intelligence system MadPot to continuously track attack infrastructure, including malware hosting URLs, botnet command and control servers, and crypto mining pools.

The AI Security Focus: From Possibility to Production

One of the most compelling aspects of re:Inforce 2025 was its dedicated focus on securing AI workloads. The rapid advancement of generative AI has ushered in unique opportunities for innovation, but it also introduces a new set of security challenges that organizations must address.

Key AI and Security Sessions/Talks

Innovation Talk: From Possibility to Production

Speakers Hart Rossman and Becky Weiss from AWS demonstrated how AWS removes the heavy lifting of AI security, enabling organizations to accelerate from development to production.

Behind the Shields: AWS and Anthropic’s Approach to Secure AI

This session featured Anthropic’s Head of Risk Governance alongside AWS security leaders, revealing how AWS and Anthropic collaborate to deliver enterprise-grade security for large language models and generative AI workloads.

Workshop: Defend Your AI: Mitigate Prompt Injection with Amazon Bedrock

This hands-on workshop allowed participants to master the art of identifying and mitigating prompt injection vulnerabilities in generative AI systems, including completing an interactive ‘capture the flag’ style challenge and learning to implement defensive controls using Amazon Bedrock Guardrails.

Key Takeaways for Security Professionals

  1. Security Enables Speed

The overarching theme throughout re:Inforce 2025 was that properly implemented cloud security doesn’t slow down innovation, it accelerates it. Organisations with mature security foundations across the four key pillars are moving fastest in their digital transformation journeys.

  1. AI Security Requires Proactive Planning

As generative AI adoption accelerates, organizations need comprehensive strategies that address everything from prompt injection vulnerabilities to data protection in AI training pipelines. The conference provided practical frameworks for implementing secure AI systems at enterprise scale.

  1. Automation is Critical for Scale

The announcements around GuardDuty Extended Threat Detection and enhanced Security Hub demonstrate AWS’s focus on using AI and machine learning to detect sophisticated threats and provide actionable insights automatically.

  1. Identity Foundation Matters Most

Identity and access management underpins every aspect of cloud security, and success requires both rigorous authentication controls and comprehensive visibility into access permissions.

  1. Experiential Learning Drives Results

The conference’s emphasis on hands-on workshops, builders’ sessions, and direct collaboration with AWS experts highlighted that practical implementation experience is crucial for effective security learning.

Looking Forward: The Future of Cloud Security

re:Inforce 2025 painted a picture of cloud security’s future where security becomes increasingly automated, AI-powered, and seamlessly integrated into development workflows. The event demonstrated that when security scales naturally with business operations, teams can focus on building what’s next instead of managing infrastructure.

For organisations beginning their cloud security journey or looking to enhance existing capabilities, the conference provided clear guidance: start with strong foundations across the four key pillars, embrace automation and AI-powered security tools, and prioritise experiential learning that builds practical implementation skills.

The message from re:Inforce 2025 was clear: the organisations that will thrive are those that view security not as a constraint, but as an enabler of innovation and growth.

AWS re:Inforce 2025 took place June 16-18, 2025, at the Pennsylvania Convention Centre in Philadelphia. The keynote and innovation talks are available on-demand for those who couldn’t attend in person.

pexels-tima-miroshnichenko-5380642

Revolutionising Security Data Operations: How HOOP Stream and Tenzir Transform Real-Time Threat Detection

Organisations today face an overwhelming challenge when it comes to processing large volumes of security data while maintaining the speed and agility needed to detect and respond to threats in real-time. The integration between HOOP Cyber’s streaming platform and Tenzir’s security-native data pipeline represents a significant leap forward in addressing this challenge, particularly for organisations building comprehensive security data lakes.

The Challenge of Modern Security Data Management

Security teams today are drowning in data. Log sources proliferate across cloud environments, on-premises infrastructure, and hybrid architectures, each generating information in different formats and schemas. Traditional approaches to security data management often involve collecting this data, storing it, and then analysing it, a process that introduces critical delays between when a threat occurs and when it’s detected.

Amazon Security Lake has emerged as a powerful solution for centralized security data storage, but it primarily focuses on Amazon-native log sources. Organisations using diverse technology stacks need robust solutions to normalize and process data from non-Amazon sources into the Open Cybersecurity Schema Framework (OCSF) format that Security Lake requires.

HOOP Cyber: Streamlining Security Data Operations

HOOP Cyber addresses these challenges through its comprehensive “Stream, Store, Search” approach. The platform’s data processor automatically receives log information from various sources and transforms it into target formats, with expertise in OCSF standards.

What sets HOOP apart is its focus on high-throughput data manipulation that’s tailored to how different log sources need to be treated. The platform can enrich streams with regulatory data (information that organisations are required to collect, maintain, and report to comply with laws, regulations, and industry standards set by governing bodies) and threat intelligence data, truncate keywords, and consolidate duplicate records with unique timestamps, all while maintaining extremely high-performance levels.

The platform’s architecture includes two key components that work in harmony:

Efficient ASL Storage: HOOP can provide high-level compression and performance indexing, with automatic compress/uncompress capabilities that optimise storage costs while maintaining rapid access.

Natural Language Search: The federated search capability (through Query) allows users to query centrally stored or distributed data using natural language, which is automatically converted into optimized query strings in formats like DQL or KQL.

Tenzir: The Security-Native Data Pipeline Platform

Tenzir complements HOOP’s capabilities with its focus on breaking free from vendor lock-in while providing full control over security data flows. The platform’s strength lies in its comprehensive approach to data transformation, from collection through action.

Tenzir’s capabilities span the entire data pipeline:

  • Collection and Parsing: Seamlessly gathering data from any source and transforming unstructured data into structured formats.
  • Optimisation and Normalization: Reducing data volume to slash costs while mapping to standards like OCSF, ASIM, or ECS.
  • Enrichment and Detection: Adding context from threat intelligence, assets, and vulnerabilities while executing Sigma, YARA, and Python rules in streaming mode.
  • Storage and Search: Encoding data in Parquet format for object storage while providing rapid search and materialization capabilities.

The platform’s Tenzir Query Language (TQL) enables users to compose powerful pipelines with ease, making it efficient for both interactive data exploration and scalable deployment scenarios.

The Power of Integration: Real-Time Detection at Scale

The integration between HOOP Stream and Tenzir creates a powerful synergy that addresses critical gaps in modern security operations. HOOP Stream powered by Tenzir provides essential data normalization to OCSF for non-Amazon log sources, making it a critical component for organizations building comprehensive security operations on top of Amazon Security Lake     .

However, the real game-changer lies in Tenzir’s real-time detection capabilities. By embedding enrichment, matching, and rule-based analytics directly into the streaming pipeline, the integration enables on-the-fly detection of suspicious activity before data reaches storage. This “shift-left” approach significantly complements the data lake-based detections by shortening      the time to respond to threats, potentially catching malicious activity within seconds rather than minutes or hours.

Transforming Security Operations Through Stream-Based Detection

Traditional security architectures follow a “collect, store, then analyze” model that introduces inherent delays. The HOOP-Tenzir integration flips this paradigm by performing analysis in the stream itself. This means:

Immediate Threat Detection: Security teams can identify and respond to threats as they occur, not after they’ve been stored and indexed.

Reduced Storage Costs: By filtering and processing data in real-time, organisations can reduce the volume of data that needs to be stored, leading to significant cost savings.

Enhanced Context: Real-time enrichment with threat intelligence and asset information provides security analysts with richer context at the moment of detection.

Compliance Benefits: Automatic categorization and enrichment at the point of ingestion simplifies compliance reporting and ensures data is properly classified from the start.

Looking Forward: The Future of Security Data Operations

The partnership between HOOP and Tenzir represents more than just a technical integration—it’s a vision for how security data operations should evolve. Through combining HOOP’s high-performance streaming and storage capabilities with Tenzir’s sophisticated data pipeline and detection features, organizations can build security architectures that are both more effective and more cost-efficient.

As cyber threats continue to evolve in speed and sophistication, the ability to detect and respond in real-time becomes increasingly critical. The HOOP-Tenzir integration provides organizations with the tools they need to stay ahead of threats while maintaining the flexibility and control necessary for complex, multi-vendor environments.

For security teams looking to maximize the value of their Amazon Security Lake investments while extending capabilities to non-Amazon log sources, this integration offers a compelling path forward, one that promises to keep HOOP Lake at the forefront of security data operations for years to come.

Ready to transform your data lakes? Get in touch with HOOP Cyber today via and let’s talk.

 

Copy of HOOP Cyber - CyberUK Partner Spotlight - AWS

HOOP Cyber at Infosecurity Europe 2025: A Phenomenal Start to the Week

,

Infosecurity Europe 2025 at ExCeL London was nothing short of exceptional this week! Our CEO & Founder Simon Johnson was there for the first 2 days, engaging with industry leaders and exploring the latest in cyber security.

His key highlights of the event includes:

  • Cyware’s Insightful Session: Attendees were captivated by Cyware’s presentation on transforming threat intelligence into collective defense, emphasising the importance of unified cyber strategies.

  • Silent Push’s Innovations: Silent Push showcased their cutting-edge approach to pre-emptive cyber intelligence, offering solutions to stay ahead of emerging threats.

  • VulnCheck’s Vulnerability Intelligence: VulnCheck impressed with their predictive vulnerability intelligence, helping organisations outpace adversaries with speed and accuracy.

  • Ten Eleven Ventures Reception: Tuesday evening was marked by the Ten Eleven Infosec London drinks reception, providing a relaxed atmosphere for networking and discussions on the future of cyber security.

  • Intel 471’s Pizza Bus: A unique and delightful experience, Intel 471 hosted attendees at the Heroica Lounge with their renowned Pizza Bus, combining delicious food with engaging conversations on cyber threat intelligence.

  • Cyber House Party: And finally, a good time was had by all at the legendary Cyber House Party event on Wednesday night, with DJ extraordinaire Marc Avery working the decks to provide an incredible party experience.

Thank you Infosecurity Europe, we’re already looking forward to next year’s event!

Load More