Goodbye Naked Security?

Goodbye Naked Security?

I’ve been working in the computer security industry for almost thirty years.

Quite what I was doing in all those years up until 25 October 2007, I’m not quite sure. But that’s the day when I wrote my first ever blog post.

It appeared on the SophosLabs blog, a blog set up for the malware researchers at the company I worked for at the time. Normally it consisted of nerdy posts about malware.

For my first ever post on the SophosLabs blog, I wrote about a plastic toy frog called Freddi Staur – and specifically how I felt a BBC TV program had stolen one of our ideas to demonstrate the dangers of accepting fraudulent friend requests on Facebook.

In time, the guys at SophosLabs got (quite reasonably) fed up with me blogging about this sort of nonsense, and so in April 2008 I was spun off into another blog imaginatively titled “Graham Cluley’s blog,” but still hosted on Sophos’s website.

My first article on my very own blog wished Trojan horses a happy 3193rd birthday. You can tell it was my first blog post (and that I was quite a rookie) as the url has the slug /2008/04/23/hello-world/

Despite it’s terrible name, Graham Cluley’s blog proved quite popular. In fact, it proved so successful that there existed the very real danger that if one of my blog posts caught folks’ imagination it might take the entirety of down. This did happen on a few occasions, and didn’t make me anyone’s favourite person around the office.

To try to handle that clearly sub-optimal scenario, the IT department asked me if I could give them a day’s warning “if I was going to post a popular article” so they could make sure that the servers could handle it.

I’m sure you’ll understand, that wasn’t something I could help them with.

So, another solution was needed. And under the organisational wizardry and sheer energy of my colleague Carole Theriault a new website was built on much stabler infrastructure.

Sign up to our free newsletter.
Security news, advice, and tips.

Naked Security officially launched on October 28, 2010.

I wasn’t the only writer for the new blog – there was also Carole, Paul Ducklin, Chet Wisniewski, and later Lisa Vaas and others, but I was probably the most prolific.

In my opinion no other security vendor was doing anything like it. It was the best site for explaining computer security issues and threats in language that anybody could understand, and with personality. And that’s why it proved so popular.

I wrote over 2,500 articles for Naked Security before leaving Sophos in 2013.

And now… well, as The Register reports, Naked Security might be in its dying days. I certainly hope that’s not the case, but my sources tell me that Sophos is intending to mothball the site to save costs.

Kind of ironic that just two days ago Naked Security won the title of “Legend of Cybersecurity: Best Overall Blog” at the EU Security Blogger awards.

My best wishes to old friends at Sophos facing possible redundancy. That’s terrible news, especially in the current climate.

And I raise a glass to my old blogging home, Naked Security. So many vendors over the years were jealous of the power that Naked Security commanded, and how it helped Sophos punch far above its weight in terms of brand awareness and thought leadership.

What a dumb idea it is to kill it off.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

28 comments on “Goodbye Naked Security?”

  1. Jason

    Naked Security is one of my favorite blogs. Sad :(

  2. gary227

    literally my favourite infosec blog always kept things in the middle of speaking english and having alot of infosec awareness its the perfect mix i think. killin naked security is a BAD idea!

  3. Paul Jones

    That'll be the end of an era! :(

    1. Graham CluleyGraham Cluley · in reply to Paul Jones

      As I said in a comment on The Register article:

      Maybe the name will be kept, maybe they’ll mothball the content, maybe they’ll post occasional pieces of research under the Naked Security banner. Maybe they’re merge it with the technical SophosLabs Uncut blog? (Naked Security Uncut? Ewww. Not sure that’ll go down well with puritanical management)

      But it doesn’t sound to me like Sophos has a plan to continue it in its current form.

      And yeah, I take it a little personally. But mostly I feel sorry for the people who worked on the site after I left. They did good work.

  4. Lisa Vaas

    Oh, Graham, Oh, Carole, it is indeed the end of an era. Have your ears been burning? We've been reminiscing about you two. You started something smart, and fun, and, what we all have most sincerely hoped was valuable to readers: information in plain English that people could understand and use. I was honored to write among you and all the other great, smart, talented writers that have come and gone. It's been a glorious ride!

    1. Graham CluleyGraham Cluley · in reply to Lisa Vaas

      Well done for keeping the flame alive for so long Lisa! Don't be a stranger and be sure to let us know where else you're writing so we can keep an eye on you. :)

      1. Lisa Vaas · in reply to Graham Cluley

        I've done what I could, Graham! I won't be a stranger, no, no, no. I'll probably keep writing just to be annoying. I'll stay in touch, please do the same! :)

  5. David Schwartzberg

    You are legendary! You edited one of my articles for Naked Security and it got something like 15K views in 24 hours. Nothing, I believe, that would have happened on my own, so thank you! Glad to see that you will still be going strong!

    I memory serves well, this is the article you edited.

    1. You're too kind David. I just applied a little lipstick I'm sure.

  6. Jerome Vosgien

    You and Carole were the spirit of NS. We localised more than 1000 NS posts on the French blog and some in Spanish and Italian. OMG, can’t believe that baby will end.

    I have no other words : “What a dumb idea it is to kill it off.”

    1. Graham CluleyGraham Cluley · in reply to Jerome Vosgien

      You guys were amazing. What a thankless job it must have been to translate my drivel into French, Spanish, and Italian. I can only wonder what you thought when you saw me mention thinks like flappertanknibbles…

  7. Maria Varmazis

    I'm raising that glass with you all. Writing for NakSec was one of my absolute favorite gigs, and I'm so proud of the work I got to do there. I can't understand the thinking behind killing it off.

    1. Graham CluleyGraham Cluley · in reply to Maria Varmazis

      You were fab Maria, and you're still fab!

      I'm sure the changes they're making at $opho$ all come down to one thing. :(


    It's one of our favorite assignments – working with you and Carole and the entire Naked Security team. We still talk about it with clients as an example of thought leadership done so well. We also loved that there was never holding you, or your colleagues, back and you were always ready to put your hand in the flame. The legacy will live on!

    1. Graham CluleyGraham Cluley · in reply to SANDRA FATHI

      Ha! Was fun working with you and your colleagues Sandra.

  9. Brittany Bevacqua

    What a shame. Doing PR for Naked Security was a career highlight. There was nothing out there like it. We had blast, worked on a lot of great stories and hopefully, made people a bit smarter about security issues. The end of an era!

    1. Cheers Brittany. You helped make it fun. Hope you're keeping well!

  10. Anne

    As we are all on our screens more and more – we need Naked Security more than ever. What a loss! I remember when the name was first announced….hilarious conversations.!!

  11. travis ormandy

    my personal fav naked security moment was when you stupidly baited a senior google researcher into exposing the sophos software for bugfilled claptrap it always was

    1. Graham CluleyGraham Cluley · in reply to travis ormandy

      If you're going to try to spoof a famous vulnerability researcher, at least try to spell his name correctly.

      1. travis ormandy · in reply to Graham Cluley

  12. cruachan

    "In my opinion no other security vendor was doing anything like it. It was the best site for explaining computer security issues and threats in language that anybody could understand, and with personality. And that’s why it proved so popular."

    The main reason I subscribed to Naked Security (and to GCHQ!), I've cited it so many times to senior managers to explain why something needs to be addressed. It may seem like a small thing, but at the most extreme case a failure to properly explain the scope of an issue to management was cited as one of the primary causes of both the Challenger and Columbia Shuttle Disasters.

  13. Spryte

    What a dumb idea it is to kill it off.

    Aside from your blog it is/was(?) one of the most readable for the average non-commercial user.


  14. Victor Leon

    It is sad news, very worrying as well. Naked Security is one of my favorite places to get serious security information. Thanks Graham!

  15. peter

    This is quite a backwards move for such a (or any) company.
    I have really enjoyed listening to the Naked Security team on all the topics they discuss….I'm not in the infosec industry (although I would like to be) -the content is well presented and topical and a must listen to for this industry….anyone know of any other decent podcasts? Gutted.

    1. Graham CluleyGraham Cluley · in reply to peter

      The Smashing Security podcast is pretty good (I'm possibly biased).

      We've had many of the shining stars of Naked Security appear on it as guests.

      1. peter · in reply to Graham Cluley

        Graham – I'm listening to your podcast now….your co-host has quite a potty mouth ;-)
        In all seriousness it'll be one of my go to security podcasts to listen. Glad I've discovered it despite Naked Security's demise!

        1. Graham CluleyGraham Cluley · in reply to peter

          Lockdown, if anything, has made Carole worse…


What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.