Contact Us

How to Secure a Cup of Black Gold (coffee, not oil)

Sep 4, 2025

A long time ago in a coffee shop far, far away, I was having some of the black gold with some colleagues, when a business leader stopped me half-way through the conversation to ask “what do you mean exactly by a control?”

I then proceeded to explain things using the best analogy I could, using what was around me.
“You like coffee right? Well have you ever thought about how you would secure your cup of coffee against a would-be adversary?”

This was the moment when the conversation I was having with a business person took a turn. Their initial expression of “who is this madman” soon changed - the more they role-played, the more they understood. By end of the conversation, they understood and realised that all the first-half of the conversation meant was things that could primarily prevent, detect, or help recover, that if implemented early could help reduce the likelihood or impact of something bad occurring.

Incorporating a defence-in-depth strategy can be hard to understand for non-security folk. However, when you use analogies of everyday important things like coffee, its amazing how quickly people can understand what adding multiple layers of security controls means and how they can apply it to suit their context to a tea.

Static image below - YouTube link will be released once the video has been published

How to Secure a Cup of Coffee

You can download a copy of the slides here.

Below are the important points from the talk:

Control Categories

  • Preventative - avoids an incident by stopping activities occurring
  • Detective - identifies activities leading up to or during an incident
  • Recovery - enables you to return to BAU operations after an incident
  • Corrective - fixes after an incident has occurred (ideally before)
  • Deterrent - intended to discourage a potential attacker
  • Compensating - provides an alternative measure of control

How You Could Secure a Cup of Coffee

  • Prevention - Data Encryption - change from glass to paper cup
  • Prevention - Data Classification - label your assets (coffee)
  • Prevention - Data Catalogue - what’s in your cup (ingredients)
  • Prevention - Data Retention - reduce sensitive data (drink)
  • Prevention - Data Masking - hide the true underlying data (milk)
  • Prevention - Isolation - segment from other things (moat)
  • Prevention - Data Loss Prevention (sipper lid)
  • Prevention - Limit traffic/WAF/rate limiting getting to the cup (sipper lid)
  • Prevention - Authenticate who is getting near it (name on lid)
  • Prevention - Authorised to get to it (drivers licence video)
  • Prevention - Buy our attacker coffee (Responsible Disclosure Programme/Bug Bounty)
  • Prevention - Instructions (training)
  • Deterrent - banner (warning sign)
  • Deterrent - discourage people from getting to it (fan/fence)
  • Deterrent - discourage people from getting to it (dog/toy)
  • Detection/Deterrent - honeypot (honey)
  • Detection - audit who went near it (camera)
  • Detection - events recorded (logs)
  • Detection - check/alert on logs (monitor)
  • Recovery - disaster recovery (mug/glass)
  • Recovery - high availability (additional cup)
  • Recovery - backup (pot of coffee)
  • Recovery - full rebuild (granules)
  • Corrective - patch (band-aid)

Need advice on cybersecurity topics?

Whether it be one-offs, ongoing projects or consultancy on demand, we’re here to help.

Let's chat