Author: Andrea Monti

Posted on

Become an IT security guru in 10 steps

Become a legal IT security expert doesn’t need a lot of effort and, with the due care, you can build your legend in a short time-frame following ten easy steps:

  1. learn the lingo (security is a process, not a product; don’t use simply-to-guess password, is your company ISO-27000-1 compliant? and so on),
  2. give yourself an “authoritative” demeanor and look (always talk in a “visionary” way, making people feel like they still live in the stone age) and dress accordingly,
  3. Talk legalese with techies, technical with lawyers,
  4. attend (possibly) international IT technical, legal/management conferences and try to get as much pictures as possible? of you with reputable people although they don’t know you, and regularly update your facebook/google+/blog with those pictures,
  5. try to give a speech at some university students association, so you can claim to be an “invited speaker” at the university (without mentioning the name, of course),
  6. create your own “digital-something organization”, become its chairman (and sole member, BTW) and champion for digital human rights,
  7. flood the newspapers with press-releases that will be regularly ignored until some journalist that is out of time to finish an article stumbles upon your statement, thus promoting you at the level of “source”
  8. try to catch-up with some low-level civil servant involved in trivial stuff related to the trade, give him some vapourware hint that makes him look smart at work, and use him as a source of petty-information that let you look like you’re part of the “inner circle”,
  9. try to have as much as possible Linkedin connection,
  10. get the European Computer Driving License (at least, you must know how to switch on a computer to work in this field, don’t you?)

By following these steps you start a loop where your legend become more and more solid up to a moment when you will be considered a “guru” and nobody will ever check your actual background.

And don’t worry, if you ever get a client, as soon as you stay stick to these ten commandments you’re safe: nobody will ever challenge the outcome (if any) of your work, because nobody will ever admit to having being fooled into hiring a fake…

Posted on

Why Italy Already Lost the World(Cyber)War

We (Italians) can of course continue to lure ourselves into believing that dealing with “password policies”, “critical infrastructure committees” and “mandatory security measures” – just to name a few buzzwords – is enough to grant a decent level of security for our networks.

We can continue, after twenty years, to listen at – and say – the very same bull… stuff we used to say in the pre-internet era about ICT security (don’t use easy passwords, don’t write it on a post-it, use an anti-virus, etc.)

We can, definitely, keep going in waiting for the next “IT guru” or “magic box” that will make the bad guys disappear from our computers.

But we still continue using flawed software and operating systems without making the software houses pay for their faults (disguised as “features”.)

We still buy things and boxes (read: hardware) believing that just because of that “we are safe”.

And we still keep a blind eye to the actual quality of the IT security in public institutions.

Two options as a conclusion: we’re either stronger than we appear to be or we are incredibly lucky.

But luck doesn’t last forever, and we need to be lucky every single minute of the day, while the attackers, just once.

Posted on

Mocking All Blacks’ Haka to sell a toothpaste. Does it worth it?

Strictly speaking, the boaring mock of the New Zealand’s and world’s most famous rugby team All Blacks and of its “war chant”, the Haka made by an Italian toothpaste manufacturer works. In fact, as much as I dislike it, here I am talking about it and sharing the link to the ad.

True, this is not the first questionable advertising campaign, and we all have seen fairly worst examples of exploitation out in the (media)wild.

I just wonder what could happens if one day either the toothpaste maker or its advertising agency should meet somebody from the Team…

Posted on

They Never Said It

Fake quotes, misquotes and misleading attributions (Italian version here) is a short essay that made me stop and think about the role of quotes into the politics and business arena. As the author writes:

Wrong attributions may seem just silly. But they aren?t irrelevant ? even if they are not deliberate cheats. There is a change in perspective when a thought or an opinion is perceived as coming from a different source.
It can be interesting to find that something sounding ?modern? was said or written, with the same meaning, three hundred or three thousand years ago ? or something that seems traditional is actually quite recent.
Or to notice the differences, or similarities, in sayings originated in other, close or remote, environments. Or to discover that ancient (or recent) nonsense (or lies) are being broadly and endlessly repeated without ever checking if they make any sense.
A dirty trick, when there is a disagreement, is to attribute to opponents something they never said ? placing them in the uncomfortable position of having to deny it. Historians are busy trying to sort out problems of this kind.

A rather ample source is They Never Said It, by Paul Boller and John George, published in 1989 by Oxford University Press. A bit old, but still deserving a read.