J4vv4D

It’s more than your salary

by javvad Malik with no comments

How many times has someone tried to employ you with the line “There are other things to consider outside of your salary!”

Granted there are some people who agree with that statement. They’re the type of people who will view their employer as extended family and will normally be the ones making that statement.

But if you’re like the rest of the population who wish you had a bit of extra cash at the end of the month, you’d probably want to slap them upside the head for making such a statement.

Ultimately, it all boils down to how much money you get. Sure, paid holidays and sick days have a value. But does 25 days holiday equate to £15k less a year? Probably not. Which is why so many people move for more money or alternatively go contracting.

It’s simple, we want to maximise our earning potential and realise tangible benefits. It’s like we’re our own individual business. We have income and outgoings and a certain amount of resource. So we manage as best as we can.

Read the rest of this entry »

filed under Security

Keeping up with the Joneses

by javvad Malik with no comments

I was going to write about something else but that couldn’t have been too important because I’ve forgotten what it was. Strange how that happens. What seems important one moment, is trivial the next. One day USB encryption is the current flavour and the next day it’s all about Trojans.

So what are security departments doing all the time? One thing they do quite a lot of is keeping up with the Joneses.

Like most social rituals, I’m not sure how the whole phenomenon of keeping up with the Joneses started. Someone can probably trace it back to cavemen times where Mr Caveman saw the another had a nice looking club so sought out to carve himself a more impressive one. Being the proud owner of a far superior club, Mr Caveman could look down on his neighbour. Not only that, he could probably find that he became a far better hunter because of his better formed club. Naturally, being a better hunter would mean that he would attract the best looking cavewomen and have the most children, hence contributing greatly to the gene pool… all because he thought his neighbour had a better looking club.

Read the rest of this entry »

filed under Security

Divine Security Policy

by javvad Malik with 1 comment

So companies spend countless hours writing their security policies and this isn’t an easy task. Each policy has to be drafted, proof read, re-drafted, re-proof read and then published. It’s at this point that the real fun begins where users have to be educated in the ways of the new policy. Gap analysis have to be conducted and new baselines set.

Then, just as it’s all beginning to make some sense… it’s time to re-draft your security policies.

Of course work like guarantees that policy writing consultants can make their monthly mortgage payments, but it does seem like a lot of effort. Therefore, I’ve been doing some of my own research into what would be the best way to write a security policy that would withstand the test of time.

After spending many hours researching the best authors on the planet, I finally found the answer in Divine texts. Yes, you see, Holy books have been around for centuries and act as a policy, guiding its followers towards the truth. For one to truly make the ultimate security policy, one must follow the logic such as is used in the Bible.

Follow these simple steps to make your own physical manifestation of your company’s security word!

Rule one: Paradoxes

The only way your policy can be successful is if it cannot be disproved. The only way to make sure this can’t happen is to build a few logical dead ends. By suggesting that your CISO is always right, you get people pointing at hackers and environmentalists. You should instead say that your company is always going to test their employees. Have your CISO always answer questions with a question.

Read the rest of this entry »

filed under Security

Gang signs and more

by javvad Malik with 1 comment

In my daily research I come across many different types of photo’s, some are sent through to me and some I create myself. So for your amusement, here are some of the best this week.

Geek Gang Signs:

 geek_gang_signs

Read the rest of this entry »

filed under Uncategorized

Twitter Risks

by javvad Malik with 1 comment

Twitter is probably the most unique of the web 2.0 sites. People either ‘get it’ or they don’t. Sites like facebook are understood by everyone regardless of whether they use it or not.

So, should twitter be treated the same as other social networking websites? I mean, a lot of companies don’t allow their staff to use twitter. Their whole risk assessment is based upon issues such as information leaking out of the company, 140 characters at a time. But that’s just lazy risk assessment. The real dangers of Twitter are far beyond that. Using the world renowned Infosec Cynic methodology © here are some of the threats posed by Twitter.

1. Faking Sick

Ask any HR droid and the one thing that vexes them the most are slacker employee’s faking sick days and wasting valuable company time and money. Here’s how the employee normally pulls it off,

Let’s say they are going to go out on a Thursday and will be in no condition to work on Friday. It starts out with a few Tweets Thursday morning about how excited they are for the Thursday night event. At 5:00pm they Tweet that they aren’t feeling so hot. At 9:00pm when they are getting ready to head out, they Tweet that they just puked. There is usually no more Tweeting for the next 12 hours and when they call in sick the next morning, the sympathetic boss will say that they caught the Tweets and wish the employee better.

I don’t have the calculations, but I believe one can easily make the case that this results in 3 million lost days of productivity a year.

Read the rest of this entry »

filed under Security

Becoming the ultimate CISO

by javvad Malik with 1 comment

Every organisation has one. The ones that don’t; definitely need one. We’re talking about a Chief Information Security Officer. The alpha dog of security professionals within any given organisation. The person who sits at the board and convinces all them other executives to make sure the company protects their and their customers information.

It’s not compulsory that the CISO comes from an information security background. But they should have a good awareness of what infosec is and have a competent team of infosec professionals working for them.

Looking through Linkedin it seems CISO’s are a dime a dozen. How do young budding CISO’s looking to differentiate themselves from the rest of the pack and become a true badass CISO? If you want to know, simply follow these tips:

clip_image0021. Become a religious leader

No one would ever suspect that a religious leader would be a bad CISO. This identity will allow you to hide your flaws AND persecute others who are brave enough to question your leadership. Be careful about over persecution… you don’t want someone to really call you out to a fist fight.

2. Wear Jeans

First things first, you gotta ditch those womens sold as mens clothes you get from GAP, Top Man etc. They’re made for a specific type of man. Generally those who want to attract the attention of another man. Secondly, you want to stand out right? Make your own rules, don’t wait for jeans for genes day to wear yours. Rugged ripped jeans show a real CISO is too cool for any other clothes.

Read the rest of this entry »

filed under Security

War on drugs and social media

by javvad Malik with no comments

Although some of my ramblings may suggest otherwise, I have never taken drugs in my life and quite frankly I have no intention of doing so.

Neither have I ever been employed to stop drug trafficking, arrest drug dealers or help rehabilitate a drug addict.

Which makes me a perfect candidate to comment on the topic of drug use and the war on drugs. Why? Because I’m a totally impartial person with no allegiance to either side.

The war on drugs is an interesting one. Like many of these “war on fill in the blanks” they are built upon a moral high ground. Show some pictures of dying young kids whose lives were taken before their time, parade out some grieving parents and no-one will disagree that drugs are a bad thing. But decades have passed and billions have been spent trying to stem the problem, yet little or no success has been achieved.

Read the rest of this entry »

filed under Security

Why do you work in Information Security?

by javvad Malik with no comments

I was at a social event the other day and got chatting to a few people sat around my table. People are curious creatures, so the topic of conversation quickly moves onto what you do for a living. I tend to adopt a formula to determine if they are worth continuing having a conversation with. A lot of times people reply with “oh I work in banking”. So I take a look at them, T.M Lewin suit, a Rolex watch and yes, they’re either a trader or senior manager, definitely worth having a chat with. But if it’s a suit from Next with a Casio watch, I put them in the ‘cashier’ category and move swiftly on.

So at this table one guy mentions he’s a police officer. My ears perk up, as a couple of other people around the table begin to take interest, knowing all too well that it’s always useful to know a copper. I looked over at him and applied my formula, he looked around 50, overweight to the degree that he couldn’t fully tuck in his XL shirt into his trousers and chewed his food loudly with his mouth open. It was clear this guy was probably just one of the office admins who spent his life fetching coffee and doughnuts for the others. This farce of a policeman lived off my taxes and people around this table were actually listening to his waffle.

Cynic mode set to stun. “I hear police end up spending most of their time filing paperwork these days” I said from across the table. 

“Well I co-ordinate armed units tactical responses so yes, you need to be aware of every shot fired, by whom and why.” He retorted. OK so my judgement was slightly wrong, but I wasn’t going to let this one slide.

Read the rest of this entry »

filed under Security

Trailer – White Hat Rally

by javvad Malik with no comments

So you think you know what it’s like to drive across 3 countries in 3 days? Think again. Check out the trailer for the journey of Team Cynic. Remember, you can still donate to the charity… and maybe if we reach our target, we’ll release the full film :)

filed under Security, Video

No dogs allowed

by javvad Malik with no comments

image This is a post for the guy who bought his dog into the kiddies play area of the park today. It caught no less than 3 kids off balance by startling them and resulted in them falling down (one of whom happened to be one of my daughters). So as any parent would do, I reacted in a calm and collected way, “hey f*&^er get your dog out of here!”

Much to my surprise he retorted by stating:

A. His dog was harmless

B. He’d read the sign and nothing about no dogs.

Lucky for him I had one of those squeezy stress balls in my hand which I’d picked up from Infosec Europe earlier in the year… and I can say that little sucker saved his life.

Anyway, another parent told him off and he took his dog and left. But come on people, if it wasn’t on the sign use your brain a little bit. Take a risk-based approach to life. Or are you such morons that you need everything written down in clear instructions as to what you can and can’t do and when you should and shouldn’t do. I have to put up with people like that in my day job all the time. Now I have to deal with them in my free time?

How many people do you have to remind on a daily basis that no dogs are allowed?

filed under Security