Some notes following the Identity Management Europe event, 14 March 2019, Frankfurt.

  • Ever wondered which are the biggest risks that we face? According to the World Economic Forum, a massive data fraud/theft or a large scale cyber attack rank in Top 5 most likely global risks, while the large scale cyber attack has the 7th most devastating impact. Worrying, no?
  • The fraud triangle: pressure (motive) – rationalisation – opportunity
  • Need-to-know – has strictly limited use cases (it comes from the military). In real life, we want the information to flow – don’t kill the business. There is always a fine balance between over-entitlement (leading to security risk) and under-entitlement (business risk).
  • MFA with yubikeys is the Graal of authentication – superior to everything else.
  • NIH: Not invented here: the strong bias against ideas from the outside.
  • Build vs buy: the main advantage of ‘buy’ is the fact that it allows the customer to concentrate on their core business.
  • In the cloud infrastructure there is the concept of zero trust. Deny all by default. Never trust. Always verify. Never trust the client. Never trust the server. Never trust the network.
  • Friendly reminder that the cybercrime became a 1.5 trillion business

Some emerging technologies:

Finally, some notes on automation:

  • Robotic process automation can be used for automatic testing (auto-filling of forms)
  • DevOPS (combining responsibilities of DEV, Q&A and OPS) – only possible if a big chunk of the work is automated
  • Workflow: Code > Build > Test > Deploy > Monitor – all of this automated (maybe except for the coding part 🙂 )
  • Remediation using automation: service not responding: auto-restart; load spike: auto scale instances; service fail: redeploy a new instance
  • Use automatic monitoring tools to detect bugs before your users (Splunk)
Rainy Frankfurt

Enterprise Cyber Security – post-event notes

Written on 23 September 2018, 04:22pm

Tagged with: , , ,

Some notes following the Enterprise Cyber Security Europe event, 19 September 2018, Amsterdam.

  • @ThomLangford: When trying to hire, look for passion. Technical skills can be taught later on. Also, look for the people who care about what they do, who are full of energy, who are constantly pushing their limits and who are filled with passion. 
  • Humans are indeed the weakest link in any security system, because brains are hard to upgrade and because emotional manipulation is easy. 
  • So how do you deal with the human risk? 3 possible avenues:
    • throw technology at it
    • improve your internal processes (ex: out of band validation)
    • or develop a continuous and adaptive security awareness program, where people at Terranova seem to know what they are doing. 
  • Awareness is for everybody, training is for similar groups of people (ex. a department), education is for the ones who genuinely want to learn
  • The story of the women codebreakers at Bletchley Park is fascinating
  • Total cyber crime revenues: in the region of $1.5 trillion annually
  • Time to detect a data breach: between 99 and 197 days depending on who you ask. Either way, it feels like an eternity
  • You can actually turn a data breach into a positive development for your organisation if you manage to be humble, transparent and willing to improve things
  • Booking.com is having an interesting ‘everything is a test‘ culture (over 1000 experiments going live at any given time). The company brands itself as a ‘developer-first enterprise’. You must make an effort to find a compromise solution between security and usability
  • Preparing for the GDPR should have been easy as long as you have a user-oriented mindset. Don’t forget about the tools for user data export and user data deletion.
Over Amstel, close to the venue

SmashingConf 2014 – the slides

Written on 17 September 2014, 10:32pm

Tagged with: , ,

Day 1:

1. Marcin Wichary (@mwichary)
post
2. Yesenia Perez-Cruz (@yeseniaa)
No slides?
3. Phil Hawksworth (@philhawksworth)
slides
4. Josh Emerson (@joshe)
slides
5. Mathias Bynens (@mathias)
post, related presentation
6. Patty Toland (@pattytoland)
slides
7. Paul Bakaus (@pbakaus)
post
8. Kevin M. Hoffman (@kevinmhoffman)
No slides?
9. Christopher Murphy (@fehler)
No slides?
~~~~

Day 2:

1. Dave Shea (@mezzoblue)
slides
2. Phil Coffman (@philcoffman)
slides
3. Sara Wachter Boettcher (@sara_ann_marie)
slides
4. Gerry Leonidas (@gerryleonidas)
slides
5. Peter Smart (@petewsmart)
slides
6. Matt Andrews (@andrewsmatt)
No slides?
7. Josh Payton (@jpay)
No slides?
8. Jason Grigsby (@grigs)
slides

See also the full coverage on Lanyrd.com