What do
you
think this is?

Auditing AI systems

• 1 minute to read
• Thursday, 21st of November 2024
• • artificial intelligence
  • education
  • leadership
  • machine learning
  • management

My journey with Machine Learning and AI started back in 2017; my first article about AI in this blog was in 2019. And I believe that Governance is of utmost importance in many things, AI being one of them.

A leader uses DNS to educate

• 2 minutes to read
• Monday, 30th of August 2021
• • security
  • management
  • leadership

Once upon a time I spent a total of 4 hours (over three days) in meetings, stating that I will definitely not approve a security exception. At least, not until someone demonstrates that the exception requested, removes the root cause or is a valid workaround.

What to do with the center of security?

• 7 minutes to read
• Monday, 17th of June 2019
• • awareness
  • management
  • leadership
  • social engineering
  • security

Some years ago, during a (quite extended) phishing avalanche in the company I was at the time, the (then) CIO said: Let's fire every user that falls for a phishing mail! That will solve the problem for good. I considered it a joke, and I replied pretty much with a rhyme: Let's train them before we blame them and I didn't give it a second throught. We went on to deploy some training modules, but never really implemented the technical controls on the mail server; an activity that if had been implemented, several of those phishing mails would never have entered the company. I think that this is not strictly a user failure and I'm inclined to blame the IT deparment more than the user.

Sailing as an infosec lesson

• 2 minutes to read
• Monday, 24th of September 2018
• • sports
  • leadership
  • management
  • education

Last Thursday I took my CRISC exams and - the restless person I am - I had already arranged to take sailing classes over the weekend. I always wanted to take sailing classes, and I had gone sailing once several years ago when I was still living in Greece. My idea was that when I grow old I will buy a small sailing boat and sail around my beloved Crete.

Steps in no-man's land

• 3 minutes to read
• Tuesday, 8th of May 2018
• • business
  • security
  • leadership
  • management

Some major breaches have seen the light of day lately, and everybody agrees that they will keep coming. I don't believe you will find any security professional respecting himself to tell you that this will stop. The reasons are many, but the most important one is the (lack of) security design. Systems, processes and services have been moving to production without security design for years. And unfortunately in many cases they still do.

In our (security) profession it is becoming common to jump on each other's throat; and the result is the public blaming of the CISO involved - like leaving them alone to take some hard steps in the middle of no man's land.

Building up a SOC - the candidate challenge

• 2 minutes to read
• Saturday, 10th of February 2018
• • interviews
  • management
  • leadership
  • multinational management
  • globalisation
  • business

Building a Security Operations Center from scratch is not an easy thing. But since it's not the first time I'm doing it, I am familiar with the challenges. These challenges include the building of the processes in a company-adjusted manner, the selection of the toolset and integrations to match the company's enterprise architecture, network architecture and of course my own security architecture, but nowadays, and due to the significant skill shortage in cybersecurity the major challenge is finding the right people.