Recent Posts

GISD 2018 - Spring Edition

GISD 2018 - Spring Edition

On Thursday, the 31st of May I was invited to participate in a panel discussing artificial intelligence and machine learning. The event, Geneva Information Security Day 2018, was organized by High Tech Bridge. If you don't already know High Tech Bridge, it's a Geneva - based security company which constantly gets awards and recognition for their AI technology. Just this week, High-Tech Bridge's ImmuniWeb was named the Winner in "Best usage of Machine Learning / AI" category at SC Awards Europe 2018.

Whiners will be whiners

Whiners will be whiners

I think we have all recentrly received one (and probably more) of these wonderful mails stating "we have your data, if you want us to keep talking to you let us know". In case you were wondering, this is a side effect of GDPR; and in my opinion an excellent one. Yet many people - including some respected and high profile GDPR experts and "experts" - take the opportunity to attack the senders. But I think this is the wrong reaction.

Steps in no-man's land

Steps in no-man's land

Some major breaches have seen the light of day lately, and everybody agrees that they will keep coming. I don't believe you will find any security professional respecting himself to tell you that this will stop. The reasons are many, but the most important one is the (lack of) security design. Systems, processes and services have been moving to production without security design for years. And unfortunately in many cases they still do.

In our (security) profession it is becoming common to jump on each other's throat; and the result is the public blaming of the CISO involved - like leaving them alone to take some hard steps in the middle of no man's land.

Geneva Information Security Day 2018

Geneva Information Security Day 2018

I'm invited in the Geneva Information Security Day 2018 to participate in a panel in which we will discuss myths and reality around artificial intelligence and machine learning. You may request to join us if you are interested in either this subject, or GDPR or GRC strategy on a IOT and Cloud era. Respected colleagues will share their knowledge and experience and I personally cannot wait to discuss and engage in open discussions around all these topics.

The expectation of privacy

The expectation of privacy

Everybody has something to say about the Facebook / Cambridge Analytica case. And I am annoyed by people saying that when you give your data to Facebook, you forego some parts of your privacy (true) so you should not be surprised (false). In simple terms, it was an actual data breach. Individuals who had not consented, had their data exposed. This was not supposed to happen. There are two aspects I would focus on regarding this issue:

Building up a SOC - the candidate challenge

Building up a SOC - the candidate challenge

Building a Security Operations Center from scratch is not an easy thing. But since it's not the first time I'm doing it, I am familiar with the challenges. These challenges include the building of the processes in a company-adjusted manner, the selection of the toolset and integrations to match the company's enterprise architecture, network architecture and of course my own security architecture, but nowadays, and due to the significant skill shortage in cybersecurity the major challenge is finding the right people.