Amongst banks going bankrupt and the economy ever-spiralling downwards, the one thing you can bet on will happen all the time is data loss. Whether it be a payment firm being breached, a retailer with an unsecured network, or employee’s walking out of the office with gigs worth of company sensitive information.
As I saw Internet as a marketing and communication tool, I soon realized that it mean information management - as in controlling what to put where, who has access, and also who did actually access the information. This, combined with my playing around with modems and colored boxes back in the ’80s, made it easy for me to focus on security. I worked with some of the largest multinational corporations in Europe, within Oil&Energy, Telecom and defense.
So by now most people would have seen the news from ICANN that International Domain Names (IDNs) will support non-Latin characters including Mandarin, Arabic, Hindi and Cyrillic. ICANN is also discussing Generic top-level domains (such as .com and .org) which will eventually be expanded from its current list of 21 to include almost any word, in almost any language.
So today was one of those rare days I came up with a good business plan. I was so excited about it I phoned up my boss to run the idea past him. Transcript of the call is below:
As part of my feeble attempts to lose weight I’ve been trying to cut down on my calorie intake, work out a bit and try to walk wherever I can. Unfortunately, walking up stairs stills gives me a near cardiac arrest so I’m still taking the lift. Much to my surprise, I found myself stuck in a lift yet again. This time with the infamous Anton Chuvakin, the former director of PCI compliance solutions at Qualys.
After being declared having the best infosec song ever with “Smooth Criminal”, Michael Jackson took some time out of his busy schedule to speak exclusively with the cynic. Moonwalking its way right onto this site, the full unedited text of how it went down:
There seems to be much debate ongoing these days regarding the effectiveness of PCI DSS. There have been several high profile cases such as Heartland and RBS WorldPay where these companies had PCI DSS certification, yet still suffered card data breaches. Some commentators are of the opinion that the standard is flawed, useless, merely a paper exercise to tick boxes which has everything to do with gaining a certificate and little to do with security.
I was at a social event the other day and got chatting to a few people sat around my table. People are curious creatures, so the topic of conversation quickly moves onto what you do for a living. I tend to adopt a formula to determine if they are worth continuing having a conversation with. A lot of times people reply with “oh I work in banking”. So I take a look at them, T.M Lewin suit, a Rolex watch and yes, they’re either a trader or senior manager, definitely worth having a chat with. But if it’s a suit from Next with a Casio watch, I put them in the ‘cashier’ category and move swiftly on.
As the CTO of a data protection and encryption company I hear many a tale of woe as other CTOs and CEOs confess to me the stories of how various laptops within their companies have gone astray and the destruction these lost laptops have caused in their wake. With this in mind, here is one such tale of woe, albeit fictional, that I have heard time and time again.