secreci.com · est. 2009 · Edinburgh, Scotland

Field notes on security, technology, and whatever else needed written down.

I'm Andy Younie, a security consultant in Edinburgh, Scotland. I help organisations reduce their attack surface for a living, and I've kept notes here — on security, tinkering, and the occasional detour — for 17 years.

Latest notes

  1. Why the PeopleSoft Victims Were Scanned and Not Chosen

    ShinyHunters found exploitable PeopleSoft servers by scanning the internet for reachable instances. With no fix available until after the attacks began, exposure determined the victims.

  2. Reading the 2026 DBIR Beyond the Patching Headline

    Everyone is quoting the DBIR's headline stat about vulnerability exploitation. The findings that should change how you prioritise are further in.

  3. How to Outwit Attackers with Cyber Deception

    What a magician's toolkit can teach you about keeping attackers away from what matters.

  4. My Rules for Work

    Things that I find make things better when working with colleagues

  5. A Markdown Personal Knowledgebase

    Managing all your notes as markdown

  6. Create a Software Bill of Materials (SBOM)

    Creating a list of installed software and their version numbers

  7. Back to Blogging

    After a long break, I'm back!

Browse all 73 notes

Topics

Follow along

No newsletter, no algorithm — this site still believes in RSS. Point your reader at the feed, or find me on Mastodon.