Finance 2.0 – After Event Movie
If you are interested in some impressions of the recent Finance 2.0 event, have a look here: http://www.finance20.ch/official-aftermovie-finance-2-0-conference/ – you will find the official after-event-movie
Women in Security – Event in Zürich
Unfortunately, we do not see too many women in security – even though there are huge opportunities irrespective of the gender. Over the years, I had the pleasure to work with great women in this business. We will run an event on Thursday, April 28, 2016 at 6.30pm at the Accenture Office in Zurich with…
Details
Security Detection – The Next Generation
You might be aware of the fact, that I am not a too big fan of classical SIEM tools. In my opinion, they often fail to deliver good results efficiently, deliver too many false positives and need quite a team of engineers to keep the ruleset/use cases current. Typically, I use these environments to monitor…
DetailsTry to Understand My World – An Open Letter to CEOs
Dear CEOs, I know that you feel that security is important – something which was not always the case in all the years I am working in the industry. But you changed your mind and this is great. But I know as well that you rarely feel comfortable, when it comes to working with your…
Details
Homomorphic Encryption – the Silver Bullet to the Public Cloud?
When we talk about the Cloud, encryption is typically not far. There are different challenges with encryption, one of them – besides usability, key management etc – is the loss of functionality. In other words: If we would assume that we can manage the keys with reasonable efforts and the user is able to use…
Details
Juniper Backdoors and the 4 Questions to Ask
This morning – going through my RSS feeds – I read the following article looking into the latest Juniper backdoors: 4 Juniper Questions Congress Should Be Asking – Did NSA Create a Backdoor in U.S. Networking Giant’s Gear? The article covers the background of the event a bit and then raises four questions: How did…
Details
Identity Management in the Future
I guess we all agree on certain challenges in the future: Our businesses as well as our IT will become more and more digital and therefore security will need to change. The pace of a compliance-based approach will simply be too slow to come up with reasonable solutions in a light of new, dynamic and…
Details
The Cyber Security Leap: From Laggard to Leader
Sometimes I read papers and think that they seem to be fairly good. But this one kind of blew me away – let me give you the reason before I give you the link… There are some constants in my security life: I am deeply convinced that the CSO needs to have a thorough security…
DetailsSeriously? Hard coded password? Someone Just Leaked Hard-Coded Password Backdoor for Fortinet Firewalls
Recommendations for Intelligent Public Transportation
We talked a lot about critical infrastructure protection – especially in the light of failures thereof. Therefore I really like some of the work ENISA does on recommendations for them.
Here is a new one for intelligent public transportation: Cyber Security and Resilience of Intelligent Public Transport. Good practices and recommendations
Blackout of Critical Infrastructure – it will be about Resilience this year
Remember the prediction we have seen in a lot of “what security brings us in 2016” that we will see failure of critical infrastructure due to security incidents. Well, it seems that news just waited for the year to turn 2016 to appear (not exactly, the US news appeared late December): The US Power grid…
Details
Time for Adobe Flash is more than over
The initial security discussion was all about browsers: Which one shows less vulnerabilities, which one is more secure? There were even government agencies in Europe recommending the use of a different browser every other week based on the “vulnerability de jour”. This changed a bit and modern browsers are more or less out of focus…
Details
Security and the Internet of Things
A challenge, which we have to address: How will we secure the Internet of Things in the future? Swisscom (“my” former security architecture team) just published an interesting paper called Integrity and trust in the Internet of Things. We need new approaches on how we will deal with security – interestingly, the ones Swisscom is…
DetailsIs this my new life as a consultant now 😉 http://dilbert.com/strip/2015-12-20
The most important security criteria? Usability!
I read this article (Surviving an Insecure Cyber Workforce) this morning about “the user” (and was once more disappointed – initially. They talk about the importance of awareness, the technology to make sure that the user does not access anything outside their business needs and only well audited etc. and at the very, very end…
Details
Top 15 Security Predictions for 2016
No, they are still not coming from me but this article is actually really interesting: Top 15 security predictions for 2016. A few of them are remarkable: At your criminal service (Kaspersky/Seculert) The profitability of cyber-attacks means sophisticated criminal gangs with modern organizational models and tools will replace common cyber criminals as the primary threat.…
Details
Lessons from Morgan Stanley – is monitoring outgoing data the silver bullet?
A lot of articles are looking into the Morgan Stanley breach case, which is definitely an interesting story all by itself. An employee illegally accesses information and stores it on his home server. Obviously not a very smart thing to do but initially it rested there. It would be interesting to understand what he planned to…
Details
Security in 2016?
This time of the year typically two things happen: I am asked several times to either have a presentation or write an article about “Security in 2016”. The second thing is that everybody who writes a blog or otherwise thinks that they have to say something look into the crystal ball and writes an article…
Details