What do you think this is?

just thoughts of a restless mind...

What to do with the center of security?

What to do with the center of security?

Some years ago, during a (quite extended) phishing avalanche in the company I was at the time, the (then) CIO said: Let’s fire every user that falls for a phishing mail! That will solve the problem for good.
I considered it a joke, and I replied pretty much with a rhyme: Let’s train them before we blame them and I didn’t give it a second throught. We went on to deploy some training modules, but never really implemented the technical controls on the mail server; an activity that if had been implemented, several of those phishing mails would never have entered the company. I think that this is not strictly a user failure and I’m inclined to blame the IT deparment more than the user.

Read more ...

Tagged in : security, awareness, management, leadership, social engineering

Cyber Security for Critical Infrastructure 4.0

Cyber Security for Critical Infrastructure 4.0

On 26th and 27th of March I was invited to participate in the Cyber Security for Critical Infrastructure 4.0 conference organized by Cyber Senate in Amsterdam. It was a very nice conference, organized brilliantly by Alex Matthews and James Nesbitt. Chris Blask was in charge of the coordination of the conference, and we all enjoyed a nice flow of the talks, panels and breaks.

Read more ...

Tagged in : conferences, security, presentations

Fighting bias in security analysis

Fighting bias in security analysis

I am a huge fan of automation; I strongly believe that automation, machine learning and / or artificial intelligence (whatever these terms mean for different people) are our best chance to tackle one of the biggest problems we have in the cyber security industry: the human limitations.

Read more ...

Tagged in : security, management, artificial intelligence, machine learning