What do you think this is?

Networking concerns in virtual environments

• 2 minutes to read
• Thursday, 2nd of April 2020
• • networking
  • virtualization
  • security

Some months ago I bought a desktop system. I hadn't had one for years, but a very strange and unexpected need came up; I wanted to play games with my son who lives in Greece, in an attempt to spend a bit more time with him, even virtually. I bought and built a desktop system based on AMD's excellent Ryzen line, but that's for another time. On that computer, and as it would be used predominantly for games, I installed MS Windows. That is another thing that hadn't happened in my household for decades!

SSL certificate revocation gotchas

• 2 minutes to read
• Wednesday, 4th of March 2020
• • web
  • security

As you may have heard, Let's Encrypt revoked several certificates today that were issued through a faulty process. Read on for the details, and on how to identify the revoked certificates themselves.

How to budget for security?

• 6 minutes to read
• Friday, 8th of November 2019
• • business
  • security
  • budget
  • management

I often get into discussions about budgets and how much a company should invest in its security program. There is no easy answer because the problem we are trying to solve has many unknowns.

There are many ways one may address this question, the main one being a rule of thumb.

What to do with the center of security?

• 7 minutes to read
• Monday, 17th of June 2019
• • awareness
  • management
  • leadership
  • social engineering
  • security

Some years ago, during a (quite extended) phishing avalanche in the company I was at the time, the (then) CIO said: Let's fire every user that falls for a phishing mail! That will solve the problem for good. I considered it a joke, and I replied pretty much with a rhyme: Let's train them before we blame them and I didn't give it a second throught. We went on to deploy some training modules, but never really implemented the technical controls on the mail server; an activity that if had been implemented, several of those phishing mails would never have entered the company. I think that this is not strictly a user failure and I'm inclined to blame the IT deparment more than the user.

Cyber Security for Critical Infrastructure 4.0

• 1 minute to read
• Wednesday, 27th of March 2019
• • security
  • conferences
  • presentations

On 26th and 27th of March I was invited to participate in the [Cyber Security for Critical Infrastructure 4.0 https://www.cybersenate.com/new-events/2019/3/26/critical-infrastructure-cyber-security] conference organized by Cyber Senate in Amsterdam. It was a very nice conference, organized brilliantly by Alex Matthews and James Nesbitt. Chris Blask was in charge of the coordination of the conference, and we all enjoyed a nice flow of the talks, panels and breaks.

Fighting bias in security analysis

• 8 minutes to read
• Tuesday, 19th of March 2019
• • management
  • artificial intelligence
  • machine learning
  • security

I am a huge fan of automation; I strongly believe that automation, machine learning and / or artificial intelligence (whatever these terms mean for different people) are our best chance to tackle one of the biggest problems we have in the cyber security industry: the human limitations.