There is a lot of discussion lately about multi-factor authentication and how this will upgrade everyone's security. Indeed, it is an improvement and it was about time we start becoming more conscious about the security issues related to authentication. As usually though, these discussions generated a lot of confusing and "why it didn't work" moments when we see cases such as Reddit's hack in August of 2018.
I think it's more than 20 years since I last planted tomatoes. It must have been in my second year when I was studying Agriculture in TEI of Heraclion. Since then many things have happened, among which the fact that I now live in a completely different country.
The idea to grow tomatoes in Prague was intriguing, so I got some Greek tomato seeds from my father, a small glass structure for the flat to pretend it's a greenhouse, and put them there. Some (several) months later, I'm happily eating my huge tomatoes. No pesticides of course, and only a little bit of organic calcium to deal with calcium deficiency resulting to blossom end rot.
I enjoy learning new things. Everyone who knows me can attest to that. I also have fun taking tests and quizzes. So it's not a surprise that I always try to find ways to combine these two activities.
I have pursued one academic degree per decade (approximately). I got my BSc in 1993, my MSc in 2000 and my MBA in 2007. Maybe it's time for another academic degree, but it's getting more and more difficult due to time constraints and, of course, the fact that I'm getting old. Not to mention the cost.
On Thursday, the 31st of May I was invited to participate in a panel discussing artificial intelligence and machine learning. The event, Geneva Information Security Day 2018, was organized by High Tech Bridge. If you don't already know High Tech Bridge, it's a Geneva - based security company which constantly gets awards and recognition for their AI technology. Just this week, High-Tech Bridge's ImmuniWeb was named the Winner in "Best usage of Machine Learning / AI" category at SC Awards Europe 2018.
I think we have all recentrly received one (and probably more) of these wonderful mails stating "we have your data, if you want us to keep talking to you let us know". In case you were wondering, this is a side effect of GDPR; and in my opinion an excellent one. Yet many people - including some respected and high profile GDPR experts and "experts" - take the opportunity to attack the senders. But I think this is the wrong reaction.
Some major breaches have seen the light of day lately, and everybody agrees that they will keep coming. I don't believe you will find any security professional respecting himself to tell you that this will stop. The reasons are many, but the most important one is the (lack of) security design. Systems, processes and services have been moving to production without security design for years. And unfortunately in many cases they still do.
In our (security) profession it is becoming common to jump on each other's throat; and the result is the public blaming of the CISO involved - like leaving them alone to take some hard steps in the middle of no man's land.