Author Archives: Wayne Horkan

About Wayne Horkan

I’m a technologist and engineer, typically working in enterprise architecture and systems engineering.

How CVSS Works: A Guide to Vulnerability Scoring

The Common Vulnerability Scoring System (CVSS) is a widely used framework for evaluating and communicating the severity of software vulnerabilities. First introduced in 1999, CVSS has become the standard scoring method for organisations to prioritise security efforts and manage vulnerabilities systematically. By assigning numerical scores to vulnerabilities based on their characteristics, CVSS enables teams to assess risks and allocate resources effectively.

Continue reading

Let’s Encrypt, But Let’s Not Regret: Linode CLI Updates Keep Breaking Our SSL Renewal Flow

I’ve been a loyal fan of Linode for over a decade. Through thick and thin, bare-metal or virtual, they’ve offered a rock-solid platform for hosting infrastructure that scales, delivers, and, most importantly, works. Even now, under the Akamai umbrella, Linode remains a breath of fresh air in an industry bloated with marketing noise and sub-par developer experience.

But there’s one persistent issue that keeps coming back like clockwork, breaking our systems and making us look like amateurs.

Every time the linode-cli is updated, it breaks our Let’s Encrypt certificate renewal flow for NodeBalancers.

And I mean every time.

This isn’t a mild inconvenience or a little warning in a log somewhere. This is production websites going down, customer trust taking a hit, and the dreaded “Not Secure” label slapped across your brand’s front door. It’s embarrassing. It’s damaging. And it’s entirely avoidable.

Let’s break it down.

Our Setup: Clean, Simple, DevOps-Approved

  • We use Linode NodeBalancers to front our app servers.
  • We use Let’s Encrypt and Certbot for free, trusted SSL/TLS certificates.
  • We’ve automated the entire process—from issuing to renewal to updating the NodeBalancer via linode-cli.

This works beautifully until Linode updates the CLI.

Suddenly, endpoints change, authentication flows shift, parameters are renamed, or dependencies break. We wake up to expired certs, customer complaints, and a firefight that no one needed.

The Hidden Cost of Broken Automation

Every time the CLI update breaks our renewal flow:

  • Public-facing services display SSL errors.
  • Clients and partners start asking questions.
  • Downtime means damage to our brand and potentially lost business.
  • Engineers are yanked off real work to fix what was once a fire-and-forget automation.

We’re not a garage startup. We’re handling sensitive data, coordinating across complex enterprise systems, and striving to build trust in a world full of cyber threats. When your SSL breaks, even for a few minutes, you don’t just lose uptime; you lose credibility.

A Call to Action for Akamai/Linode

This is a plea to the folks at Akamai: stop breaking the CLI in ways that cripple certificate renewal processes.

Give us:

  • A stable interface for interacting with NodeBalancers, especially for certificate updates.
  • Clear, upfront changelogs that call out breaking changes.
  • Deprecation warnings and migration paths, not silent breakage.
  • Better test coverage and backwards compatibility for mission-critical operations.

Your platform has earned our trust. Don’t erode it with careless breakages that knock out SSL and damage reputations.

Until Then…

We’ll continue firefighting. Writing brittle wrappers. Running certbot renew jobs with crossed fingers. Watching expiry dates like hawks. Phoning Rob Heap and asking for his help to sort it.

But we shouldn’t have to.

The infrastructure is solid. The potential is huge. But we need Linode to take developer experience seriously, especially where security and automation intersect.

The Evolution of FAIR: Cyber Risk in Financial Terms

The Factor Analysis of Information Risk (FAIR) framework has emerged as a cornerstone in cyber risk quantification, enabling organisations to measure and communicate risk in financial terms. FAIR’s evolution represents a shift from traditional qualitative assessments to a structured, quantitative model that aligns cybersecurity strategies with business objectives. By breaking down risk into probability and impact components, FAIR provides decision-makers with actionable insights to prioritise investments and mitigate threats effectively.

Continue reading

Thomas Pynchon Returns: What Shadow Ticket Means for Me

What’s that you say? Thomas Pynchon announces a new book to be released in October 2025? No frigging way, Dude. Will it be multi-episodic, akin to Gravity’s Rainbow? Mason and Dixon, Against the Day? V even? Or more accessible, Inherent Vice, Vineland, or Bleeding Edge? Am I buying a copy? Of course I am.

Continue reading

Magic Mouse My Arse… Apple Doesn’t Build for the Neurodiverse… They Build for Neurotypical Convenience

For me, and for many neurodivergent people, the way we interact with technology isn’t just a matter of preference. It’s about accessibility, functionality, and ease-of-use in a world that too often ignores our needs. People like me who aren’t great at coordination or balance, and who have Autism, ADHD, Asperger’s, or Dyspraxia, struggle to use “simplified” products.

Continue reading

More Cybersecurity Skills Gap Bollocks: The Myth of a Crisis

If you’ve followed cybersecurity headlines, you’ve probably heard about the “skills gap.” The narrative goes like this: organisations are under constant attack from cybercriminals, but there just aren’t enough qualified professionals to protect them. This shortage, we’re told, is a dire crisis threatening businesses and governments alike.

Continue reading

Plato, Democracy, and the Path to Tyranny

Plato famously (and controversially) argued that all democracies inevitably collapse into tyranny. For a modern reader, raised on ideals of popular sovereignty, civil rights, and universal suffrage, this sounds alarmist or even offensive. But to dismiss Plato’s warning outright would be to miss a deeper meditation on the fragility of political systems and human nature itself.

Continue reading

Steering Regional Resilience: Reflections on Two Years Supporting DSIT’s Cyber Local Programme

As Chair of the West Midlands Cyber Working Group, I’ve helped lead DSIT’s Cyber Local steering group for the region over the past two years. Working alongside regional experts, I’ve supported the selection of projects that strengthen cyber resilience on the ground, including Aston University’s powerful work on cyber violence against women and girls. This experience has reinforced just how critical locally informed funding is to building practical, inclusive, and impactful cyber capability.

Continue reading

Mapping Cyber Risk Approaches: Bridging Quantification and Scoring

The diverse landscape of cyber risk methodologies, ranging from technical scoring systems like CVSS to financial quantification frameworks like FAIR—offers organisations multiple tools to manage threats. However, these tools often operate in isolation, creating challenges when aligning technical, operational, and financial risk perspectives. Mapping between these approaches bridges the gaps, enabling organisations to unify risk management strategies and enhance decision-making.

Continue reading

Goodbye Anne Marie

So Monday we said goodbye to Anne Marie, sadly taken from us and her loving family too quickly.

Sorry I wasn’t always there, Anne. I’ll see you on the other side.

Thanks to Nick and Teresa and Grace and all Anne’s family and friends. Bless you all.

Continue reading
CyberASAP 2025 - Day 1 - photo by Sevgi Aksoy

Inside the CyberASAP 2025 Kickoff: Mentoring, Learning, and Supporting the Next Generation of Academic Cyber Innovators

I recently attended the CyberASAP Year 9 Kickoff as a mentor, and also took the opportunity to experience the first two days alongside the academic teams to better understand what they go through. This blog captures my reflections from all three days, covering IP, value propositions, stakeholder mapping, and some of the truly impressive innovations coming from UK universities. It also looks at the history and purpose of the programme and why it continues to matter in bridging the gap between research and real-world impact.

Continue reading

A Beginner’s Guide to Cyber Risk Scoring

Cyber risk scoring is a critical tool for organisations to measure their cybersecurity posture, prioritise risk mitigation efforts, and communicate threats effectively. Unlike broader risk quantification methods, which often involve financial modelling and probability analysis, cyber risk scoring assigns a numerical or categorical value to risks based on their severity, likelihood, and potential impact.

Continue reading

The Memory and Noise Tetrology

What began as an exploration of two strange non-songs, “Apes Ma” and “Fitter Happier”, quickly unfolded into something larger: a meditation on memory, loss, defiance, and the strange work of sound in the spaces where meaning breaks down.

This tetralogy gathers three connected essays and the one you are reading now, not as conclusions, but as echoes. Not as closures, but as signals still carrying across time.

Continue reading

Do Not Go Quietly into That Dark Night: A Response to Two Sides of the Same Coin

A quiet manifesto for memory, resistance, and the voices that refuse to vanish. From whispered warnings to machine-read prophecies, this piece explores how songs like “Apes Ma”, “Fitter Happier”, “Trans Am”, and “Can’t Put Your Arms Around a Memory” carry defiance through static, grief through silence, and presence through time.

Continue reading

The Veil, the Soul Mirror, and Reflective Chrome Ghosts: On Memory, Music, and the Ones We Carry Onwards

Some works don’t end. They echo. “Apes Ma” and “Fitter Happier” gave us the edge of language, the moment just after sense unravels. But what follows? What lingers in the silence after the static? What shapes itself in the quiet? Memory. Not the nostalgic kind. Not warmth. Something stranger. Something inherited. Every time I hear “New Rose”, Dave, I salute you, brother.

Continue reading

Two Sides of the Same Coin: Captain Beefheart’s “Apes Ma” and Radiohead’s “Fitter Happier”

Some works scream. Others whisper. “Apes Ma” and “Fitter Happier” do both in a frequency that bypasses the conscious brain. What remains is a residue. A shape. A hush at the end of language. An old lover kisses slow, dayglo blue scorpions.

Continue reading

More Gaming Bollocks: The Hype, Scams, and Unrealistic Promises of the Gaming Industry

The gaming industry has transformed into a multibillion-dollar behemoth, with blockbuster releases, competitive esports, and sprawling virtual worlds dominating the cultural zeitgeist. But behind the glitz, glamour, and explosive trailers lies a reality filled with overpromises, shady practices, and outright nonsense.

Continue reading

A History of Cyber Risk Quantification

The field of cyber risk quantification has undergone significant evolution, mirroring the increasing complexity of digital ecosystems and the growing importance of cybersecurity in modern organisations. Quantifying cyber risk is the process of assessing the likelihood of threats and estimating their impact, often in monetary or operational terms. Over time, this discipline has expanded from basic technical assessments to sophisticated financial and probabilistic models that inform decision-making at all organisational levels.

Continue reading

Innovation Incoming in Space: Notes from the Royal Academy of Engineering Panel, 31 March 2025

The Royal Academy of Engineering’s Innovation Incoming in Space (31 March 2025, Prince Philip House) offered an insightful and fact-rich exploration of the technologies shaping the future of the space economy. With topics ranging from space-based solar power and crystallisation in orbit to modular infrastructure and lunar habitation, the panel discussed how innovation is driving space from the experimental to the operational. Set against the backdrop of geopolitical shifts and commercial competition, the event underscored the UK’s strategic opportunity to lead in agile engineering, cyber resilience, and space-enabled industrial capability. A dawning theme throughout the evening was the growing realisation that space is becoming commercial, contested, and critically dependent on cyber resilience.

Continue reading