What do you think this is?

just thoughts of a restless mind...

What to do with the center of security?

What to do with the center of security?

Some years ago, during a (quite extended) phishing avalanche in the company I was at the time, the (then) CIO said: Let’s fire every user that falls for a phishing mail! That will solve the problem for good.
I considered it a joke, and I replied pretty much with a rhyme: Let’s train them before we blame them and I didn’t give it a second throught. We went on to deploy some training modules, but never really implemented the technical controls on the mail server; an activity that if had been implemented, several of those phishing mails would never have entered the company. I think that this is not strictly a user failure and I’m inclined to blame the IT deparment more than the user.

Read more ...

Tagged in : security, awareness, management, leadership, social engineering

Who will sit on the Iron Throne?

Who will sit on the Iron Throne?

Chances are you are familiar with the phenomenon called Game of Thrones. I expect that everybody who watches the series has a perspective and a preference on the person they wish to sit in the Iron Throne. But let’s be honest; only science can forecast the outcome!

Read more ...

Tagged in : movies, series, password management

CyberCentral 2019

CyberCentral 2019

On April 4th and 5th I had the honour to participate in the 2019 CyberCentral Summit in Prague. A conference brilliantly organized by Michaela Stranovska and Alexander Nevski of EBCG. It is the first big conference I attend in Prague although this is the city I live in the last five years!!!

The conference was nicely balanced. The content included some very technical presentations such as Milan Pikula’s presentation about the lack of security in IoT and Solomon Sonya’s “Securing the perimeter - one IDS at a time”.

Read more ...

Tagged in : presentations, incident response