Compromising Positions - A Technology Podcast

What happens when the welfare state designs its technology to side-eye first and ask questions later?
In this episode, we take a ride into the world of self-driving cars and ask: What happens to trust when your car gets hacked?
Drawing upon a 2025 autonomous car-hacking experiment, we explore how trust is built, broken, and crucially, whether that trust can be repaired once a system puts you in harms way.
This isn’t just about cars. It’s about what happens when we hand over control to a system we don’t fully understand.
Expect human factors, socio-technical theory, real-world cyber scenarios, and the uncomfortable reality that fixing the system isn’t the same as fixing trust.
In This Episode, We Discuss:
The Attack Surface is Trust: Why the real vulnerability in autonomous systems isn’t the code, it’s human belief.
Hack vs Bug: Why a malicious attack hits differently than a system error (and why that distinction matters).
Transparency After a Breach: Does telling people the truth about a cyber attack actually rebuild trust or just make them more nervous?
The Social Truth about Trust: Why you’re not just trusting the car, but the company, the regulators and the entire system behind it.
LINKS
The Impact of Cybersecurity Attacks on Human Trust in Autonomous Vehicle Operations by Cherin Lim, David Predez, Linda Ng Boyle and Prashanth Rajivan (2025)
Foundations for an Empirically Determined Scale of Trust in Automated Systems by Jiun-Yin Jian, Ann Bisantz, Colin Drury, and James Llinas (1998)
Test your morals with the Moral Machine game.

What happens when the welfare state designs its technology to side-eye first and ask questions later?
In this episode of Compromising Positions, we get hands-on with Big Brother Watch’s “Suspicion by Design” report, unpacking how the UK Department for Work and Pensions (DWP) uses algorithmic profiling and AI systems to detect Universal Credit fraud and why defaulting to suspicion is a dangerous position for any government to take.
This episode is a measured examination of welfare AI, algorithmic decision-making, and what happens to trust, consent, and dignity when systems are built to watch first and explain never.
Expect socio-technical theory, legal realities, real-world harms, and the kind of uncomfortable questions policymakers really don’t like being asked.
In This Episode, We Discuss:
Suspicion Architecture: What happens when suspicion is a design choice.
The Algorithmic Gaze meets Dataveillance: What happens when you can’t opt out of AI lead services that are inherently bias against you.
Why “Security Through Obscurity” Fails: We show why secrecy doesn’t equal safety.
Fraud Detection that Punishes the Many, not the Few: How to design AI systems that protect public funds without criminalising the people who need it most.
Show Notes
Suspicion by Design: What we know about the DWP’s algorithmic black box, and what it tries to hide by Big Brother Watch (2025)
Surveillance as Social Sorting: Privacy, Risk and Digital Discrimination by David Lyon (Ed) (2003)
Information Technology and Dataveillance by Roger Clarke (1988; 3015)

Is cybersecurity just a technical problem, or a human one?
In this episode, we debut our new format: bridging the gap between deep academic research and boots-on-the-ground security practice. We dive into Zoe M. King et al., 2018 paper, "Characterising and Measuring Maliciousness for Cybersecurity Risk Assessment," to uncover why we need to stop looking at code and start looking at intent.
From the "Dark Triad" of personality traits to the rise of the "patriotic hacker" in global geopolitics, we peel back the layers of the human onion to understand what actually drives a person to cause harm.
In This Episode, We Discuss:
The Maliciousness Assessment Metric (MAM): Why traditional risk assessments fail by ignoring "intent to harm" and how to integrate human factors into your security posture.
The Four Layers of Maliciousness: A deep dive into the Individual, Micro, Meso, and Macro levels—from personal psychology to national narratives.
Hacking as Patriotism: How cultural contexts in the US, Russia, and China dictate whether a hacker is seen as a criminal or a hero.
The "War Games" Effect: How 80s cinema shaped US cybersecurity legislation (CFAA) and continues to influence public perception.
Insider Threats & Organizational Hygiene: Why disgruntlement is a security vulnerability and how the "Principle of Least Privilege" is your best defense.
Risk as a Moral Construct: Why the risks your company chooses to mitigate reveal your organisation's true values and concept of justice.
Show Notes
Characterizing and Measuring Maliciousness for Cybersecurity Risk Assessment by Zoe M. King et al., featured in the journal Frontiers in Psychology (2018)
Risk and Blame: Essays in Cultural Theory by Mary Douglas
Risk and Culture: An Essay on the Selection of Technological and Environmental Dangers by Mary Douglas and Aaron Wildavsky

Did you know the best way to bring down hackers is to punch them in the face? That if you don’t have a seven screen set up you’re a rogue amateur? Or that the best hackers have fins?
This Episode we are joined by Simon Painter a senior software engineer with nearly 20 years of experience in the industry and author of the book Functional Programming with C#.
In this episode, Hack The Movies! The Best And Worst Hacker Movies Part 2! Our regular programming has been hijacked to bring you a discussion on the best, and worst, hacker movies! In this episode we cover The Beekeeper (2024), Swordfish (2001), Jonny Mnemonic (1995), Paper Man (1971) and The Italian Job (1969).
So boot up that modem, turn off the lights and enter the deepest darkest web of hacker forums, and try not overload your memory bank, as we explore this sometimes brilliant and sometimes bonkers sub-genre!
Show Notes
A Developer Goes to The Movies! Simon’s fantastic history on how technology features in films
Paper Man (1971)
About SIMON PAINTER
With nearly 20 years of software engineering experience across various industries, Simon is a Senior Software Engineer at Talos360. Simon is also a Microsoft Most Valuable Professional (MVP) since 2023, an O'Reilly technical book author, and a public speaker at IT events worldwide.
His core competencies include C#, JavaScript, React.js, and Microsoft Azure, as well as ITIL and computer security.
LINKS FOR SIMON PaINTER
Simon’s Website
Simon’s Linkedin
Simon’s Book, Functional Programming with C#

We all know running a cybersecurity function is expensive and many of us have a hard time successfully negotiating the budgets we need to keep our organisation safe.
But what if we let you in on the secrets of successfully securing your cybersecurity budget?
This week we are joined by Scott Robertson, CFO of CreateFuture and he gives us the insights on what you should ask for when it comes to your next yearly budget, how to ask for it and crucially (because timing is everything when it comes to money!) when to ask for it!
Key Takeaways:
What Does a CFO do? A CFO is not just about managing financials but also safeguarding assets and ensuring future stability through effective risk management.
Time Your Requests Strategically: Discover the optimal timing to approach your CFO for budget increases and how to align your requests with the organisation's financial planning.
Quantify the Cost of Risk: Learn how to effectively communicate the potential financial impact of cyberattacks and the value of preventive measures.
Build Strong Relationships: Cultivate relationships with key stakeholders, including the CFO and other executives, to foster trust and support.
Prioritise and Justify: Identify critical security needs, prioritise investments, and present a compelling business case to secure the necessary budget.