top of page

Interviews from The Underground Economy Conference – Part 2

Industry Improvements

Underground Economy (UE), our threat intelligence, cyber security and cyber crime conference, is slated for November 2-4 in Strasbourg, and we are taking attendance applications now. You can learn about how to apply for admittance and how to submit a proposal here.

Below is Part 2 of our interviews from UE 2019.


What keeps you up at night? What concerns you most about Information Security today?

If you could “fix” one thing, what would that be? How can the community work together to accomplish this?

Sharing data is one of the biggest benefits within our trusted community, how can we improve this?

Q: What keeps you up at night? What concerns you most about Information Security today?

A: “The issue that worries me the most is the distribution of child security material online. It is growing out of control and I think we are losing the fight. Fifteen years ago, criminals against children were isolated, but now they can connect online, share photos, videos, tools, techniques, and fantasies. Law enforcement agents are already doing an incredible job, but this type of crime is way more widespread and critically more severe than most people think even in the security industry. We need a response from the entire community, there needs to be a cultural shift for this to happen. As professionals I do think we have a collective responsibility in this area.”

Romain Wartel – Romain has worked at CERN, the European Organization for Nuclear Research, is one of the world’s largest and most respected centers for scientific research for the last 14 years.

Q: If you could “fix” one thing, what would that be? How can the community work together to accomplish this?

A: “If I could fix one thing it would be to do multi-factor authentication, which is to add what’s called a second factor, which is beyond just username and password but can be some other thing to authenticated person. This will limit a vast majority of the attacks that most of the users are subjected to and it’s relatively easy, but the adoption rate is about 10% for a lot of these capabilities. So, if I could fix one thing, it would be to help the community, help users in general put in some sort of multi factor or second factor authentication for their email accounts.”

Stephen Boyer – Steven is the co-founder and CTO at Bitsight, a company based in the United States, but Stephen works globally.

A: “The one thing I would like to fix is human frailty to be honest. I think we’ve seen a recent trend towards human error and trickery behind the rise of things such as business email compromise and it’s probably teams such as BEC causing more financial loss at the moment than traditional banking Trojans. Humans can be a lot harder to harden against attack than technology and humans are often slower to learn than technology. So, I think there’s been a real trend and a real shift towards human error and human exploitation of cybercrime, and I would like to see a lot more education and organizations taking more responsibility for their staff particularly when it comes to phishing emails and the like…being more responsible and accountable for their actions. I think once organizations start to do that then they’ll be less compromised by phishing emails and the like.”

Scott Mellis – Scott is an Australian Federal Police Cybercrime Liaison Officer to the United Kingdom. He is originally from Melbourne and currently lives in London. Scott has been in cybercrime and cybercrime intelligence for around 17 years.

Q: Sharing data is one of the biggest benefits within our trusted community, how can we improve this?

A: “Data sharing is a very important topic for information security. I run a threat information sharing group for Brazil for many years now and we also participate from different trust groups. I believe that it’s very hard to guarantee that everybody will have the consent after they are into a group and then they will just TLP Red information for instance and they must give you a written consent on this. I think that you had to put that on paper and not email. The guy has a copy of it, and he knows that there will be some rules that have to be followed. If he doesn’t follow the rules, he will be put out of the trust group. You must enforce that because it’s very hard to trust a relationship and give the possibility to share information in a very open way. One out of a thousand people do not respect that, so I think that it’s natural for that reason. Usually trust group are very small in nature with people that know each other for decades so that keeps newcomers out which is very bad for the industry. So, somehow, we must solve this issue. Sharing is very important and one of the things I like most about Team Cymru events especially the Underground Economy Conference is that you have the opportunity to share and to know people from dozens of different countries. People that really work with security and have the expertise and the ability to share if needed.”

Sandro Suffert – Sandro is the CIO for Apura Cyber Intelligence. Sandro has been a digital forensics and incident response practitioner for 25 years. @suffert

A: “Data sharing between companies is something that most industries are very open with, but our industry likes to hide behind and say, we’re going to share data. We’ll share data as much as possible. But, in reality, it’s tucked away behind contracts and things like that. So, for the industry to keep growing at the rate it should be and to stay as positive as it can be, we need to have open data sharing and just trust people willingly and not say, we’ll trust you if your lawyers agree with our lawyers ..and our lawyers say , yeah, you are ok.”

Josh Carney – Josh is a software developer from Alabama. Josh currently works for Shadow Dragon and has been doing infosec and software development for the past five years.

A: “About data sharing and focusing it as a real strategy, I think that is one of the pending topics for a consolidated trust community represented in some international forums. Currently, there are some active working groups developing tools, taxonomies, data sharing platforms, data models and standardization but what are the real requirements and risks to put all the meat on the table and go forward, AI in some way is waiting :). Here, from my own experience I think that research and education networks like Géant and through its Security and Identity Task Forces could go in this challenge becoming possible testbeds with real and interesting use cases.”

Jordi Guiljarro – Jordi is from Barcelona and has been working in the security field as field manager in the research allocation network of Catalonia. @jordiguijarro @cloudadms

A: “Absolutely, sharing threat intelligence and information is very important. One of the reasons that every security vendor has some view and some angle or some exposure to cybercrime. Some focus on certain geographies or certain markets or their technology allows them to see specific type of traffic and so on. The reality is that even the biggest vendors don’t have a full view and full understanding about what’s going on and by working together and exchanging information we can help each other to better protect our collective group of customers and consumers around the world. The key for an intelligence exchange is that all the parties that are involved must feel that there’s mutual value. That they get value from that exchange and that they get types of intelligence that don’t have. And, in return, they provide their data which can help other parties. And, if that mutual value exists, that threat intelligence exchange is going to be successful long term.”

Ziv Mador – Ziv Mador, is the VP of Security Research at TrustWave. Ziv has been in this business for over 20 years leading a global security research team with many intelligent people.

A: “There’s still a lot of work to be done in terms of information sharing, we are quite frankly not good at it. One of the issues that I find in the security industry is that there were many people that like the idea of naming and shaming I very much dislike that concept because I think it also causes the problem of people not wanting to share information. If there’s a breach, there’s a lot that can be learned about different breaches, but if somebody is willing to be transparent and is willing to disclose some information than what I’ve seen is that in social media people just start vilifying without even knowing the facts and it’s crazy because when I think about the consumer industry and recalls for certain products you really don’t see people shaming the other industries but it’s very very widely done in the security industry so I think to have better information sharing we need to allow for people to have transparency to raise issues, to discuss breachers, and talk about lessons learned, and really we need to help each other.”

Merike Kaeo – Merike has been in the security industry for over 25 years, she was born in Germany and is of Estonian decent. She currently lives in the US. @estodoubleshot


bottom of page