17.11.17

Think you deleted that embarrassing WhatsApp message you sent? Think again


At the end of last month, to the undoubted delight of many users, WhatsApp began rolling out a long craved-for feature: the ability to “unsend” those messages that you almost instantly regret as soon as you hit the Send button.
The feature, which was rolled out on the latest versions of WhatsApp for iOS, Android, Windows Phone and desktop, simply requires the regretful messenger to tap and hold on the offending message, choose “Delete” and then select “Delete for everyone”.
As long as you did this within seven minutes (and the recipient was also running the latest version of WhatsApp) the message would be successfully deleted, the company promised.
But, if there’s one thing we should all have learnt from our years on the internet, once you say something somewhere – it’s very hard to take it back and pretend it never happened.
And there’s good reason to not get too excited about WhatsApp’s new “Delete for everyone” option.
Although it promises to zap the embarrassing messages you’ve already sent to one of your contacts, the truth is that they may not actually be gone at all.
Within days of the new feature being incorporated into WhatsApp, the Android Jefe blog found a way to read “deleted” messages.
On Android, WhatsApp messages are stored in the device’s notification list – regardless of whether they are subsequently deleted by their sender or not. All a user has to do if they wish to remind themselves of a “deleted” message that they have been sent, is check the notification log where the first 100-or-so characters are stored.
If that’s too much of a palaver, there are even apps in the Google Play store that will provide a simple clickable link to to the notification history.
It’s important to stress that Android Jefe did find some limitations in its method of viewing “deleted” WhatsApp messages:
·         Only messages that have already been seen or interacted with can be retrieved from the notification log. This does include any interaction with a WhatsApp notification, so the message itself does not have to have been opened.
·         Only text sent via WhatsApp can be “undeleted” in this way, and even then it is limited to the first 100 characters or so. The notification log will not contain any images that you were sent.
·         Only messages that generated a notification will have created an entry in the notification log – logically enough. In other words, if you were chatting on WhatsApp at the time the message was sent a notification will probably not have been created.
Nonetheless, it feels like this discovery is a timely reminder for all of us that once we send a message it is effectively out of our control. Always think hard before pressing “Send”!
Oh, and while we’re on the subject, Android Jefe also found a way to “delete” WhatsApp messages up to 7 days (rather than 7 minutes!) after they were sent, by simply fiddling with their smartphone’s clock.

15.11.17

Americans’ unease about cybercrime towers over conventional crimes

 Americans are more concerned about possibly falling victim to a crime made possible by the internet than any one “conventional” crime, a recent poll has shown.
As many as 67% of adult Americans are anxious, be it frequently or occasionally, about “having their personal, credit card or financial information stolen by computer hackers”, according to the annual Crime poll conducted by Gallup. Fear of identity theft came in a close second at 66%.
Meanwhile, the next worst-feared crime – having one’s car stolen or broken into – came in a distant third in the 13-item worry list, raising concern on the part of 38% of a random sample of 1,028 respondents queried between October 5–11.
Indeed, Gallup itself was quick to note that “since 2009, Americans’ anxiety about identity theft has consistently topped their fears about other crimes by at least 19 percentage points”.
It was in that year that Gallup began to canvass Americans’ sentiments on identity theft, with the concerns about this crime consistently between 66-70% ever since. The question regarding hackers stealing personal information was added to the survey this year, “though prior surveys included questions on narrower cybercrime-related issues”.
The high level of fear of cybercrime dovetails with the self-reported rates of victimization, as 25% of the respondents reported that their personal information or that of their household member has been stolen by hackers over the past 12 months. When it comes to identity theft, the same was true for 16% of those asked.
These findings also echo those of ESET’s own research, which revealed that Americans believe “criminal hacking into computer systems” is now a top risk to their health, safety and prosperity.
In a survey conducted this summer, ESET researchers Stephen Cobb and Lysa Myers found that US adults rated criminal hacking as more of a risk than other significant hazards, including climate change, nuclear power, and hazardous waste.
Yet again, reports of a conventional form of crime, “money or property was stolen from you or another member of your household”, only came in third on 12 percent.
The FBI’s Internet Crime Complaint Center reported an average of 280,000 complaints a year from 2000-2016, Gallup noted.
The poll was conducted in the wake of a massive data breach at US credit checking company Equifax, which occurred from May through July 2017 but didn’t make headlines until Equifax’s confirmation of the incident on September 7.
This breach, which saw hackers make off with the data of 143 million people, was itself preceded by reports of a rash of other high-profile data breaches in recent years.
The hacking of infidelity site Ashley Madison – while not the largest, it was unprecedented given the nature of the site’s service – affected 37 million people. The list of US-based businesses to have suffered major data breaches in recent years includes home improvement retailer Home Depot in 2014 and retail giant Target in late 2013.
Arguably, Yahoo has eclipsed them all, having suffered from two massive breaches in recent years, including one in 2013 that turned out last month to have affected all three billion user accounts on the service.
All told, the prevalence of large-scale security incidents – and the extensive media coverage thereof – are seen as having contributed to the Americans’ worry of cybercrime.

13.11.17

InterSystems reconnu comme Challenger dans le Quadrant Magique 2017 de Gartner pour les Systèmes de gestion de bases de données opérationnelles



Le rapport récompense InterSystems pour le Caractère complet de sa vision et son Aptitude à concrétiser sa stratégie

Dans un groupe comportant une trentaine de fournisseurs, InterSystems est l’une des deux sociétés technologiques à avoir été reprises comme “Challenger” dans la dernière version du Quadrant Magique Gartner. Produit concerné: sa base de données hautes performances Caché. Ce classement  “Magic Quadrant for Operational Database Management Systems” (OPDBMS)  évalue les sociétés et leurs produits en fonction des critères de “caractère complet de vision”  et de leur “aptitude à l’exécuter”. Depuis 2013, première année de sa publication, ce rapport annuel a toujours positionné Intersystems comme Challenger ou comme Leader.

Le quadrant des Challengers identifie les sociétés qui font preuve d’une “forte aptitude à concrétiser”, selon les termes utilisés par Gartner, et qui procurent stabilité, simplicité d’installation et de support, ainsi que des performances robustes. Le rapport souligne également la solidité des fonctions et la loyauté de la clientèle d’InterSystems, ainsi que la popularité de la société, le degré réduit de défaillances et la qualité globale du support.

Le classement est effectué sur base d’une évaluation approfondie, structurée en 200 points, et d’une enquête auprès de plus de 50 clients des solutions base de données de chacune des sociétés candidates. Caché est utilisé par 6 des 10 principales banques d’investissement dans le monde, ainsi que dans le secteur des soins de santé, de la distribution et dans bien d’autres secteurs d’activité.

Gartner a par ailleurs annoncé un nouvel outil, baptisé Peer Insights, qui permet aux clients d’attribuer eux-mêmes une note aux sociétés sur base de leur propre expérience. InterSystems a obtenu le meilleur classement — avec une note de 4,8 sur 5 –- parmi toutes les sociétés figurant dans le Quadrant  Magique. Les 10 autres fournisseurs repris dans le Quadrant  Magique de cette année incluent notamment Microsoft, Google, Oracle et IBM. Selon  Peer Insight, InterSystems se distigue par ses services de support technique.

Le Quadrant Magique de Gartner de cette année reconnaît la puissance de notre plate-forme de données, sa fonctionnalité et sa flexibilité, ainsi que notre engagement en faveur du support à la clientèle”, déclare Paul Grabscheid, vice-président Stratégie d’InterSystems. Avec le lancement récent d’InterSystems IRIS Data Platform, nous allons encore progresser dans cette voie en proposant aux clients, tant nouveaux qu’existants, des technologies robustes leur permettant de créer des solutions critiques, riches en données.”

Annoncé en septembre de cette année, InterSystems IRIS est une solution unifiée et complète qui procure un ensemble cohérent et exhaustif de composants, couvrant la gestion des données, l’interopérabilité, le traitement transactionnel et le décisionnel. La plate-forme de données, conçue pour supporter des solutions critiques recourant massivement aux données, sera disponible au début 2018.


Le Quadrant Magique 2017 pour Systèmes de gestion de bases de données opérationnelles peut être consulté via le site www.InterSystems.com/Magic. Pour toute information complémentaire concernant InterSystems IRIS, consultez le site www.InterSystems.com/IRIS.

11.11.17

Experts share perspective on the state of journalists’ cybersafety

The Inter America Press Association (IAPA) recently hosted journalists from around the US and Latin America for their 73rd General Assembly in Salt Lake City; for the first time this year there were cybersecurity panels, with almost an entire day dedicated to the topic.
These days, journalists and publishers are increasingly concerned about protecting themselves, their work, and their sources. Rightfully so, for we live in a time when nearly every aspect of publishing occurs online, from data gathering and file sharing, to researching and writing, even phone calls. Journalists sit at the confluence of many cyberthreats that are becoming more sophisticated. Nation-state attacks and cyberespionage campaigns are proliferating.
Michael Kaiser, Executive Director of the National Cyber Security Alliance moderated this year’s IAPA cybersecurity panels that included cybersecurity experts from Google, ESET and Utah Valley University.
Stephen Somogyi, a product manager at the Security and Privacy division at Google, began his remarks by acknowledging that, while this panel is about digital threats, the physical threats which journalists face are enormous and should not be overlooked.
Journalists targeted by cybercriminals
Then the discussion moved into why journalists are targeted by cybercriminals. The panel agreed that journalists hold a lot of power because they act as the voice of the people and working with critical information puts a target on their backs. Cybercriminals or cyberespionage groups can attempt to either withhold key information, or reveal it in a time and manner that is advantageous for them, and/or the group they represent be it a nation state, or criminal enterprise.
According to ESET security researcher Stephen Cobb, some of the greatest threats come from well-funded cybercrime and cyberespionage groups that will go to great lengths to accomplish their objectives: “Really the most dangerous groups are well-funded attackers, or threat actors with resources; the more resources the more dangerous they can be.”
Cobb gave as an example the Mexican government purchasing commercial spyware and reportedly using it to target journalists, like Carmen Aristegui, a reporter who exposed the biggest government corruption cases to date. These types of hacking tools in the hands of well-funded organizations can be used against reporters through intimidation and harassment.
Robert Jorgensen, Cybersecurity Program Director at Utah Valley University, expanded on the point of threat actors seeking personal information, “There is a true and present danger of people impersonating journalists or discrediting them and their sources;  when the press is the voice of the people and its integrity is compromised, the effects can be so far reaching.”
Kaiser then asked the panel what can be done – even in the face of well-funded organizations: “When you put yourself in the shoes of a journalist or someone like a publisher, how do you begin to understand the risks and build protection around those risks?”
For journalists there could be a broad range of directions from which attacks may come, so the concept of risk management is an important one. Also, publishers and heads of news organizations should be involved and ask questions about their security, as should the teams that manage their security, whether that be outsourced IT or in-house.
Knowing the risks that exist, and how to mitigate those risks is critical. “You need to constantly reevaluate the assessment of what is the risk,” said Cobb. It’s an ongoing process that journalists and publishers should be engaged in, and in which they should have regular training and education. Somogyi pointed out that you need to ask what are you protecting, and how long it needs to stay protected.
“When I interact with journalists they get excited about the James Bond stuff,” said Somogyi, “but what is going to get you and your sources in trouble, is the mundane stuff”
Somogyi, gave the example of DDoS attacks, that he explained using this analogy:  “You have not slept for days and you have 15 children demanding attention from you, you can keep up.” Technically, this type of attack floods a server with traffic that renders the website inaccessible.  That means the publisher of the site is no longer able to get their news across. This is one class of attack that is relatively easy to execute Somogyi said, adding, “It’s a very cold, calculating, and ruthless thing.”
Understand the risks
The panel agreed that the supply chain creates a lot of risk. Attacks can occur or originate not inside an organization, but somewhere in the supply chain, where you have little control over the security of your suppliers. The supply chain issue is common in the entertainment industry, but is a serious risk for publishers and news organizations as well.
“There are also risks in the software supply chain,” said Cobb, adding “If you are running software – which all companies do – be aware that the bad guys will keep evolving attacks that abuse software at its source, which underlines the need for threat intelligence.”
Matthew Sander, President of the Inter American Press Association in the audience pointed out that we are at a cyber nexus, and asked where to begin in this “sophisticated cybersecurity public health problem.”
“There are a number of frameworks you can look at,” said Jorgensen. “Really it starts with taking an inventory of devices and software. Start small and worry about larger stuff as time goes on.”
“Communication among peers is a very good thing,” said Somogyi, “Find a way to help employees and empower them to adopt good practices.”  Simple things matter, like software updates, because “if you don’t update and then get compromised, you become the vector for which your colleagues become compromised.”
Jorgensen suggested that you should start with education, “Anything you do to impart security knowledge to your employees is going to help.”
Cobb agreed that education is a key factor, and these days you can make it about personal computing as well as work computing. When everyone has a computer or smartphone, cyber education and training benefits both home and personal life.
When asked about security standards, the panelists warned that a checklist approach is not enough. Merely checking boxes or complying with standards is not the same as being secure, said Somogyi, “Do not labor under the illusion that that compliance gives you security.”

8.11.17

Groei en investeringen: AEB geeft de toekomst vorm


       Investeringen in research & development, digitalisering van interne processen en een nieuwe generatie IT-oplossingen – allemaal gefinancierd uit de dagelijkse operatie
       Nieuwe orders en omzet op recordniveaus
       Nieuw hoofkantoor van €32 miljoen euro weerspiegelt toekomstgerichte strategie

 AEB GmbH, een leverancier van software voor internationale handel en logistiek, verwelkomt de toekomst met open armen. Het bedrijf investeert stevig  in research & development (R&D), digitalisering van interne processen en training en opleiding voor medewerkers. Het doel is om de gezonde groeicurve van de afgelopen jaren door te zetten en het fundament voor succes op lange termijn te verbreden.

In dit kader investeert AEB meer dan 5 procent van zijn jaarlijkse omzet in de ontwikkeling van medewerkers en meer dan 10 procent in R&D. Een van de belangrijkste doelstellingen is uitbreiding en verdere internationalisering van het huidige software portfolio. Een nieuwe douane-oplossing bijvoorbeeld stelt bedrijven in staat om hun douaneaangiftes voor veel landen met slechts één oplossing af te handelen – geautomatiseerd en gestandaardiseerd.
AEB vergroot daarnaast het portfolio met high-performance cloudoplossingen, die eenvoudig online aangeschaft en snel voor gebruik geconfigureerd kunnen worden. De softwareleverancier heeft daarnaast een eigen startup opgericht met het doel om nieuwe businessmodellen, technologieën en oplossingen te ontwikkelen.

Software gebaseerd op standaarden – klantspecifiek
Een ander doel van AEB’s R&D-investeringen is het ontwikkelen van een nieuwe generatie IT-oplossingen die flexibele, klantspecifieke ondersteuning voor bedrijfsprocessen biedt. “Het idee is dat we de rol van logistiek voor onze klanten versterken om innovatie te stimuleren en groei te versterken. Logistiek is een factor waarmee bedrijven zich kunnen onderscheiden van hun concurrentie”, verklaart Markus Meissner, Managing Director van AEB.
De software is grotendeels gebaseerd op standaard componenten uit het AEB-portfolio. De nieuwe componenten kunnen worden geïntegreerd in een flexibel aanpasbare proceslaag, waarin klanten hun eigen unieke processen tot op het kleinste detail kunnen modelleren. “Gebruikers krijgen een oplossing die is gebouwd op best practices en zo gemakkelijk te configureren is dat aanpassingen zelf doorgevoerd kunnen worden”, voegt Meissner toe. “Standaard componenten met speciale features zorgen voor de noodzakelijke stabiliteit. De module voor douaneaangiftes bijvoorbeeld volgt de normale onderhoudscyclus van standaard software, zodat die alle updates ontvangt en op elk moment aan alle eisen van douaneautoriteiten voldoet.” De eerste projecten op basis van deze nieuwe oplossingen verkeren nu in de implementatiefase.

Nieuwe orders en omzet op recordniveaus
AEB heeft een sterke financiële positie en financiert alle investeringen uit de cashflow die de dagelijkse operatie genereert. De meest recente financiële rapportage van het softwarebedrijf laat – net als voorgaande jaren – een stijgende omzet, een robuuste cashflow en een recordaantal nieuwe orders zien. De omzet in het fiscale jaar 2016 is met bijna 9 procent gestegen tot €40,8 miljoen, terwijl het aantal nieuwe orders met 12 procent is gegroeid tot een bedrag van €18,4 miljoen.
AEB rapporteert een vergelijkbare positieve trend in het huidige fiscale jaar. “We zoeken succes dat we ons kunnen veroorloven. De huidige trend loopt volledig synchroon met onze planning en onderstreept onze focus op de lange termijn”, legt Meissner uit. “Dit is geworteld in onze bedrijfsfilosofie: we laten winst op korte termijn graag liggen als ons dat op lange termijn sterker maakt.”

Nieuw hoofdkantoor hét voorbeeld van de focus op groei en investeringen
AEB’s bedrijfscultuur en de succesvolle groei van de afgelopen jaren wordt ook weerspiegelt in het nieuwe hoofdkantoor. Het bedrijf heeft €32 miljoen geïnvesteerd in een nieuw hightech gebouw in Stuttgart.
Het hoofdkantoor meet 8.950 vierkante meter kantoorruimte en biedt ruimte aan 500 medewerkers. Het gebouw heeft een open en transparante, centraal gelegen atrium en meer dan 400 werkplekken in heldere, flexibele, open kantoorruimtes – zonder vaste werkplekken voor de verschillende leden van een team. Het idee is om de communicatie, samenwerking en creativiteit onder de medewerkers te bevorderen. De open ruimtes worden afgewisseld met ‘denktanks’, privéruimtes, projectkamers en creatieve ruimtes. Het buitenterrein is ingericht met kruidentuinen, een sportveld en werkplekken in de open lucht.


6.11.17

Businesses and GDPR: What they need to do to be compliant? By Editor

By Editor
Enforcement of General Data Protection Regulation (GPDR) is now just few months away. The media have intensively examined and written about this topic from practically every angle since it became legislation. Businesses continue to struggle with both understanding and implementation of what they need to do to be compliant.
WeLiveSecurity sat down with ESET’s Global Security Evangelist, Tony Anscombe, to better understand the essentials of GDPR .
GDPR comes into force on May 25, 2018. What do you expect to see happening the most – companies making sure they are compliant or companies delaying development of an action plan?
Speaking at multiple conferences this year – both in Europe and outside, I have witnessed the same issue everywhere: businesses all over the world are unsure of how GDPR will actually work in practice. They do not understand the requirements in detail, do not know if all of them are applicable to their businesses, and they do not understand either the key Data Subject Rights, or the role personal data will play in this regulation.
 An understanding of all of these seems critical to meeting the requirements of GDPR once it comes into force. If you manage a business, are the remaining seven months long enough to define what your company needs to do in order to comply?  
Well, you can get a lot done in seven months. The majority of European businesses within the European Union (EU) have been compliant with the previous Data Protection legislation, such as Directive 95/46/EC, since 1995. Some of the EU countries implemented local legislation beyond this directive, adding further requirements to give citizens additional protection. For many it is a matter of applying the same principles with greater precision so as to comply with the new requirements that GDPR has added.
Being ‘close’ to compliant can still result in fines of thousands, maybe millions, of euro. What have you seen companies do to accelerate their preparedness for GDPR and what do you think they should be doing?
“They need to understand there is no general approach applicable to all companies.”
First, I would recommend that businesses have a privacy professional explain the basic requirements of GDPR in relation to their businesses. They need to understand there is no general approach applicable to all companies. In particular, they need to understand that the critical part of being compliant is based on what type of personal data the organization is working with, how the information is being collected and processed, and finally, where and how the same information is being stored, they are all key to meeting GDPR requirements. This is a very good starting point for the next steps, such as the creation of a personal data inventory.
Once the inventory is created, data will need to be categorized for all the data types you are both collecting and processing, including data coming from citizens of the European Union. It’s incredibly important to note that if you are a company not based in the EU, for example a company based in the USA, you must recognize the requirement to comply with GDPR if you are doing business with EU citizens.
With all the options given to us by online shopping, for example, almost every business selling to the European Union needs to comply. That makes for a long list of businesses doesn’t it?
Yes, you are right (laugh). Any company that sells or provides goods or services to European citizens and collects data needs to comply. That is true whether they have an office or legal entity in the EU or not. There are questions about how the EU will enforce or impose fines relating to non-compliance on companies not located in the EU but I am sure they will move quickly to make examples of companies not in compliance to encourage others to comply.
Are there any exceptions? Can I be just selling my handmade soaps to people in EU without being compliant?
Yes and No. GDPR is a requirement for all companies, regardless of size. If you are selling directly through your own website then you need to comply. However if you sell through a general online store such as Amazon and you are only providing goods to Amazon which is then responsible for fulfilling and shipping the order, then you may not need to comply. If a company has over 250 employees or its business transactions are based on the handling of personal data, then it requires to employ a data protection officer. The maximum fine for non-compliance is 20 million euro or up to 4 percent of a company’s annual global turnover, which is – for any company – a high number.
While this may sound daunting and the consequences of non-compliance are significant, it’s considered unlikely that regulators will make an example of small businesses that can demonstrate they have a plan and have attempted to comply fully with requirements. It is more likely that the regulator will work with these companies on the additional steps needed to achieve full compliance.
What else can businesses do to make sure they step into the new era of protecting personal data?
I strongly recommend that companies engage the services of a privacy professional, and provide training to their employees focused on instituting a proper plan on how to store and protect data, and that it encompasses the entire company. One of the key requirements is to deploy an encryption solution with access controls, protecting data everywhere you go – even for employees not located on the businesses’ main premises.
Are you still nervous about being non-compliant with GDPR? Don’t worry, there is still enough time to demonstrate that your company is taking the right steps to protect personal data and learn the core skills needed for surviving the new age of data protection.
___________________
For more information on the General Data Protection Regulation, ESET has a dedicated page to help ensure that you have everything covered before 25 May 2018 . 

3.11.17

Would you like to get involved in cybersecurity? Take the test and discover your ideal job!

This week we began the celebration of the first ever Antimalware Day, a global ESET initiative to reinforce the importance of protection against computer threats. Why did we choose November 3 as the date to establish it? Because on that day, in 1983, Dr. Fred Cohen created one of the first computer viruses as we now know them today, and inspired his professor, Prof. Leonard Adleman, to coin the term for the first time.

Fred Cohen's experiments proved that viruses could replicate quickly in and to other systems, and also that it was necessary to develop multiple layered computer defense techniques against them. From that moment, the search for countermeasures to protect the systems was born and it became clear that we must work to improve them continuously. This search for a safer technological environment is the same one that, some years later, inspired ESET to develop its solutions, with the aim that users can enjoy safer technology. Today we celebrate Antimalware Day hoping that more and more people will join this search and contribute to achieve a more secure environment.

Being one step ahead of cybercriminals is a 24/7 job, 365 days a year, and no one can do it alone. Apart from us, there are many experts, specialists, researchers, analysts, hackers, even executives and government officials who work to make our digital world safer. Of course, we always need more hands and we are facing a scarcity of professionals in cybersecurity, but we know it is only a matter of time until more people decide to join this mission.

Today we want to suggest that maybe you can try it. If you are interested in our content and you see yourself often taking precautions to protect yourself, teaching your friends to do so or being curious about the behavior of computer threats, maybe it's time you consider getting involved in cybersecurity. Of course, there are different profiles in this area and not everyone enjoys the same activities. So we have prepared a quiz to help you discover what your ideal job would be in the field of cybersecurity — according to your abilities and interests. Your contribution is more necessary and valuable than you think: so take the test and be a part of the antimalware celebration!

Cybersecurity profiles: Discover your ideal job!
[Outcomes]
·         Security Researcher
o   You have amazing analysis and research skills and an unstoppable curiosity, a need to always find out a little more. You enjoy finding flaws that nobody had spotted before, studying and communicating them. In addition to the technical behavior of threats, you are interested in their impact on users, society, and organizations. You would make a great Security Researcher.
·         Malware Analyst
o   Your relationship with malicious codes is one a love/hate one. You are passionate about learning about them, amazed by their tricks, and they inspire you to keep digging because nothing can get past your radar. But you hate them, so bad, because of everything they ruin. You are an expert in reverse engineering and an enthusiastic detective. Your mission in this world is to unravel the behavior of threats and be a step ahead of cybercriminals.
·         Security Evangelist
o   You were born to be a medium: you communicate what happens in the technical world to the users out there who are not so much related with it, or are simply not interested (their miss!). Just because they do not have technical knowledge does not mean that users should be left out of security awareness, and your mission is to translate complex concepts into friendly messages for them, so that they are also part of it and learn why and how they should protect their data. You think everyone deserves to know and you are interested in teaching, sending a message so that people understand you. However, if you encounter an equally skilled expert, you won’t hesitate to lecture them as well!
·         Detection Engineer
o   You are a logical person with detective skills, who loves finding logical and behavioral patterns in the threats you analyze. Your passion is not the behavior of the malware but the patterns behind it, and luckily, your mathematical mentality allows you to calculate hashes and define signatures for everything you see.
·         Pentester
o   You love the risk of being caught, but are confident it won’t happen. You are a white hat smooth (not)criminal. You like to break everything! Always finding the secret, hidden path to make your way to enter any system. Your laptop and your pentesting tools are all you need to survive.
·         CISO/SysAdmin
o   Your mission is to protect the datacenter and the network, like a perimeter guardian. If you are in charge, no one will pass. You are careful not only that the systems are safe at the technical level, but that you also follow the management closely. For you, security is not a concrete action but a process.


1. What’s more fun to do in front of a PC?
·         Finding security flaws to report
·         Analyzing the behavior of a malicious code
·         Teaching friends and family to protect against cyber threats
·         Identifying patterns to carry out a registry of malicious codes and matching them according their behavior
·         Testing the security level of a system or organization
·         Managing the security of a system or organization
2. Your favorite type of malicious code to work on is:
·         The one that has capabilities never seen before
·         The one that has an interesting programming logic
·         The one from which you can learn a lot of lessons
·         The one that imitates the behavior of others
·         The one that allows an easy way into a system
·         The least harmful and easier to protect from
3. The malicious code you hate the most is:
·         The one you have been seeing for a while and has nothing new
·         The one with anti-debugging techniques
·         The one that is very hard to explain
·         The one that is hard to identify and doesn’t fit any previous description
·         The one that doesn’t do any real harm
·         The one that can infect the whole network and disrupt the services of an organization
4. What would be your ideal work environment?
·         A laboratory with many recent metrics and statistics
·         Any room where you can read security news and use your PC loaded with hacking tools
·         A laboratory with many malware samples and test environments
·         Anywhere with many potential victims to use your laptop with Kali Linux
·         An auditorium or classroom full of people eager to learn more about something
·         A datacenter and many endpoints to protect
5. Pick one of these:
·         Steve Wozniak
·         Sherlock Holmes
·         Sheldon Cooper
·         Alan Turing
·         Profesor Xavier
·         Mr. Robot’s Elliot Alderson
·         Optimus Prime
·         The IT Crowd’s Maurice Moss