Tag Archives: tech

Cyber security needs to consider both technology and human factors.

Cyber Security – Back to Basics

This week I finished the Open University’s “Introduction to Cyber Security” online course which is available through the FutureLearn platform.

Why, I hear you ask, am I going back to basics to learn about a subject in which I am already pretty well versed?

It is true that I have been exposed to cyber security principles and practice for almost 20 years by virtue of my primary degree in Computer Science, internship and subsequent career in both technical and non-technical roles. Heck I’ve even spent the last three years as Technical Marketing Manager of QUB’s Centre for Secure Information Technologies (CSIT), the UK’s Innovation & Knowledge Centre for Cyber Security, a role which sees me regularly speak to businesses, students and contributing to TV, radio and print media on the subject of technology vulnerabilities, threats and breaches. The role also involves bringing new cyber security technology, the output of much of our ground-breaking research, to market.

Why participate?

I participated in the 8 week long online course for three reasons:

  1. I’m big enough to admit that I don’t know it all – even in my own field of expertise there is always scope to learn new approaches and relearn concepts that I may have forgotten. This course offered me a chance to look at cyber security with fresh eyes.
  2. Working day to day in a research and innovation environment at the very bleeding edge of cyber security technology it is all too easy to forget how the person on the street views my area of expertise. This course allowed me the chance to step back from that edge, think about cyber security from an end user perspective and consider how our research and technology could be applied to solve the simple and mundane as well as grander challenges.
  3. Lastly, I wanted to kick the tyres on it. Prior to this course launching I had been asked by a number of organisations if we at CSIT could deliver similar entry level training. We had already delivered some internally to the wider QUB staff body and the question was whether or not we should package that up and produce an offering to business and community groups. I wanted to assess if the OU course would rule that effort worthless.

Did it pass muster?

In a word – yes.

The course surpassed my expectations to be honest. It wasn’t patronising, while it assumed no prior knowledge it explored more complex aspects of cyber security explaining them in an engaging way.

Those charged with information and cyber security in organisations and the wider world can often be seen as bad guys and girls in their own right. Blocking access to fun stuff on the internet and not allowing the latest whizzy consumer devices onto corporate networks without a satisfactory reason from an end-user stand-point. The first week explored the threat landscape in depth, explaining why cyber security matters to everyone and laid a solid foundation for the remaining seven weeks.

Over the last number of years many of the times I have been invited by the media to provide analysis on cyber security events has been due to password breaches.

It’s one of the reasons I’m so passionate about bringing our LIOPA lip biometric technology to market. Week two covers the whole gambit of authentication even going so far as covering salting, hashing as well as multi-factor which is thankfully becoming the norm for most online services.

One area where I disagree with the course is its highlighting of password manager applications as a solution to remembering multiple usernames and passwords. Personally I see them as a significant risk and prime target for cyber criminals. Hack those and you have the master key for an individual’s whole online life.

Weeks 3 and 4 cover Malware and Networking & Communications adequately but it was Week 5’s focus on Cryptography which drew my attention. It’s an area which we at CSIT carry out significant research in areas such as Post-Quantum Cryptography,Physical Uncloneable Functions (PUF)-PKI and Fully Homomorphic Encryption.

The practical application of PGP is taught through the use of Mailvelope, a plug-in for Google’s Chrome browser that uses an implementation of the Open PGP standard. This is welcome but it goes to show that straightforward ways for the man/woman in the street to use PGP to encrypt communications is still a little way off in terms of user experience.

As the family IT go to guy weeks 7 and 8 coverage of what to do when things go wrong and managing risks is welcome. Its also a timely reminder for everyone to fully consider their own vast stores of digital information, prioritising which bits are most important and putting in place a regular backup routine to protect against loss.

Have I changed how I think about my own cyber security after completing this course?

Absolutely. Will I tell you the changes I have implemented as a result? Absolutely not. Why make it easier for the cyber criminals? Individuals and organisations are under constant attack. It is a case of when and not if your cyber security defences will be probed and breached – why make it easy for them.

Wider lessons for going back to basics.

Sometimes subject matter experts can be a little reluctant to admit that they may not be across all the basics in terms of their field. Instead they baffle the uninitiated with the more advanced aspects of their product or service. Looking once again from an amateur’s perspective can be enlightening.

Participating in this course has also opened my eyes to interesting use cases for some of CSIT’s innovations.

While this course may close off opportunities for us as an organisation to deliver similar training ultimately it educates a greater number of people in respect of cyber security who will demand greater security from service providers and technology providers. If it encourages more students to consider applying for our MSc Cyber Security or consider carrying out PhD research with us then even better.

Ultimately this will stimulate further the burgeoning global cyber security market benefiting CSIT and the wider industry in which we operate.

This blog post post was originally published by me on LinkedIn Pulse on 2nd Dec 2014 and can be found here.

What is a Technical Marketing Manager?

I started this morning writing a long post about my second 30 days in my new Technical Marketing Manager (TMM) post with The Centre for Secure Information Technologies (CSIT).  I found myself explaining how a TMM is similar to a Product Manager (PM).  It probably deserves a post of its own.  So here it is.

Some of you might be wondering why I take advice from a product management blog (On Product Management) when my job title is Technical Marketing Manager.  So what does a Technical Marketing Manager do?

In a sentence I see it as taking overall responsibility for marketing the product of a hugely technical organisation; something that is much more than the 4 P’s.

I see my current role as sitting on a spectrum of similar roles spanning from Technical Product Manager, Solution Specialist, Product Manager, through to Analyst, Product Marketing Manager and finally Technical Marketing Manger.  I’m probably a much better communicator than technologist, therefore the marketing aspect just feels like a better fit.

Ultimately all varieties of PM need most or all of the following skills:

  • Just doing it
  • Domain experience
  • Communication skills
  • Decision making ability
  • Environment scanning
  • Business understanding
  • Technical experience
  • Negotiation (both internally and externally)
  • Selling
  • Networking (of the human variety, not 802.x)
The list isn’t exhaustive but I reckon I use all of those every day.

Hat tip to onpm again for the skills list.  I’ve added a few of my own.

Thoughts on Mobile Word Congress 2012; Why you should be there #mwc12

The CSIT booth at MWC 12

I returned from Barcelona on Friday after a week of lead generation, market positioning research and generally being a booth bloke at Mobile World Congress for my employer The Centre for Secure Information Technology (CSIT), an innovation and knowledge centre specialising in cyber security research based at Queen’s University of Belfast.  I have spent the weekend mulling over the experience and trying to distill a few thoughts regarding the Congress which I share here.

There’s no austerity or lack of confidence in mobile industry

The GSMAs event attendance figures speak for themselves.  67,000 visitors from 205 countries.  The number of attendees was up 11% on last year.  Business is not just as usual, it’s booming.  It is ten years since I was last at MWC with Jinny Software when it was in Cannes.  The growth in that decade has been phenomenal.

The level of investment in stands and presence by exhibitors both large and small exuded a level of confidence in the future of the economy currently not shared by many across this continent.  I have no doubt that the level of investment here will be followed by growth in consumer confidence and spending in the coming years.

Mobile security is gonna be massive next year

This is the first time we at CSIT have exhibited at the event though all three of our commercial team have represented previous employers at it.  While we had a number of pre-arranged meetings lined up beforehand this for us was about dipping the toe in the water of the mobile space and see what turned up.

With limited marketing activity prior to and during the event we were simply astounded by the numbers and calibre of companies and organisations who sought us out at the event based on our “Breakthrough technologies for mobile security” pitch to speak to us about our research into things like Physical Uncloneable Function, ITACA, Intrusion Prevention and SCA.  Our activity there was very targeted – sponsoring the Network Intelligence Alliance networking evening where we could engage with prospective partners and customers away from the hustle and bustle of the halls. This was a great opportunity to raise our profile in a niche area were we can add most value.

Mobile security will be a huge market.  If you are working in this area speak to us.

Its about so much more than mobile

If you are building solutions that communicate over IP protocols you are now a mobile company – you should be at next years Congress.  No excuses.  With the phenomenal growth in smartphones and the advent of FTE, Wimax and other wireless data standards if you are involved in any sort of solution that communicates data you need to be there if only to unearth opportunities which may not be entirely obvious if you only think of it as a mobile trade show.

In the last week we spoke to companies about opportunities in utilities, banking, transportation, satellite communications, fixed line operators, government and more.

It doesn’t cost the earth

We exhibited on the Northern Ireland pavilion with a number of other local companies.  The Invest Northern Ireland team did an excellent job in supporting us before and during the week.  It’s the perfect mechanism for getting a low(er) cost presence at the event.  Speak to them about going next year.  You can’t afford not to be there.

The Lord moves in mysterious ways; Another first for Northern Ireland tech #projectathene

ICM Books iPhone App

One of my favourite Northern Irish tech companies has just scored a world first. Those web and mobile application wizards at Lisburn based GCD Technologies have only went and helped ICM Books Direct become the first Christian bookstore worldwide to launch an iPhone app! Continue reading The Lord moves in mysterious ways; Another first for Northern Ireland tech #projectathene

Industrial placement; Unpaid internship or start a business?

A degree of common sense?

As financial pressures continue to bite, and with many more students and graduates chasing after work experience, employers have found themselves in a strong position with regards to offering unpaid work placements.  Many degree courses expect their students to have completed some element of industrial placement enable them to proceed to final year.  In the current environment demand for placements outstrip supply.  Are the universities missing a trick? Continue reading Industrial placement; Unpaid internship or start a business?