Saturday, 24 October 2015

Four years wiser

It's been over four years since I last posted to this blog. Since then my skills, knowledge and career have taken some very interesting directions.

Currently I am working as a Network Architect and loving every ounce of it. I get to be creative in a truly enterprise environment, and due to the nature of my employer I also get to do stuff that helps people. Pretty mega huh?

So anyway. I figured this update wouldn't be yet another women in tech rant... We all know there are BIG cultural problems there, we can't fix those in a day.

However recently, in the news in the UK, its transpired that a large service provider (TalkTalk) has had reams of sensitive client (the unassuming publics) data stolen, and much of it published online by yet-another-threatening-jihadist-group. Sigh.

Queue the calls across the conglomerate of business leaders to 'clamp down' on crime, calls for our policing and judicial systems to get gnarlier on the script kiddies. Another sigh.

Security is a beautiful part of technology. In fact it's probably my favourite. Its dynamic, and it forces us to be creative. The people who constantly poke and prod and push those envelopes are the people who will ALWAYS be one step ahead. Corporations will never win by 'fighting cyber criminals' because they will never know enough about them to be able to get ahead. So what do they do? They blanket the geeks, punish the clever guys because they don't understand the difference between the NEED for creative thinking and crime. There is a huge difference between some jaded religious nut downloading some scripts and running it against some insecure servers to steal data and someone who is able to use their wit to push beyond what technology is out there, that guy isn't a thief - in fact, we NEED that guy.

TalkTalk are doing just this. Instead of admitting that their security was simply not up to scratch - they are dishing out that blame.

I don't think what the 'hackers' did was right, at all. Innocent people should never suffer by this, it is not how any true hacker would operate.

However what I think these corporations should be doing is innovating - get hold of some clever guys, test their security over and over and over. Brutally rip it apart so it can be fixed better next time. Review their staff, a large percentage of corporate leaks come from social engineering and internal staff - often its not technology that's the struggle, its the mind. Who do we trust?!

So there's my rant. The world is evolving and with it our security. We all need to take the right level of responsibility for that. :)