Mornings With Mark // Week 1
It took me a really long time to write my “About” page. I find it really difficult to describe what I see as my role within the community.
My day-to-day role with Trend Micro is to research security and privacy as it applies to cloud with a focus on artificial intelligence and operational technologies (think robots, vehicles, cities, etc.). With that work, I get to think about a lot of different technologies and solutions.
Expanding out, I end up creating for two audiences; the public and builders.
My goal is;
- To help educate the larger community about security and privacy issues in a manner that’s approachable & understandable
- To help builders make the right choices and build security and privacy into their technology
This week I started a new effort to document and solidify my thinking. Each morning (Monday―Friday), I take a few minutes in a Facebook Live broadcast to share a bit of what I’m working on at the start of my day.
The idea is that after the broadcast, I would end up fleshing out the idea in some other form but more often, something else comes up and I pivot midday. Here are the results of the first week.
Perspective is a continuing theme for me. I regularly see teams on red alert reacting to the latest research when then still can’t patch their critical systems in under a month. I didn’t follow up on this directly as (of course) other things popped up during the day.
Lots of lessons to be learned from the first broadcast! The wrong microphone was selected, lighting was meh, lot’s of fix.
Reacting to the cyberattack on the Winter Games, I had spoken to Peter Armstrong on CBC’s On The Money about the issue which lead to me bringing it up on the show.
The Olympics have been hacked. Officials confirmed the Games were the subject of a cyberattack during Friday's opening ceremonies It hit IT systems, WiFi, and television displays. Mark Nunnikhoven @MarkNCa of @TrendMicro says it's not a surprise the Games were a target. pic.twitter.com/WC2lgvwnIh— On The Money (@OnTheMoneyCBC) February 13, 2018
Attribution comes up time and time again. I get it. It really drives the story. The problem is that proper attribution is extremely difficult. More at that in this video, “Who’s To Blame? The Trouble With Attack Attribution”.
Building on the theme of attribution (it’s apparently all big themes this week), I dive into the how to assess risk. Right now we’re almost entirely basing assessments on anecdotal evidence because we just don’t have the right data to make quantitative assessments.
Ugh, I hate buzzwords. Still, I felt it necessary to tackle blockchain in this episode mainly because of the work Microsoft announced digital identities backed by a blockchain architecture. This is a good use of the technology. Can’t wait to see where this goes.
Apple had a critical issue that needed to be addressed. Sending a simple Telegu character to an Apple device causing most applications that processed that character to crash continuously. This brings up the bigger issues of software quality and integrating security into your technology and teams.