Month: June 2022

The CNIL’s Privacy Research Day

/ bugejajoseph / Leave a comment

The first CNIL’s International Conference on Research in Privacy took place in Paris yesterday, June 28, and was broadcast online for free. In addition to providing a great opportunity to consider the influence of research on regulation and vice versa, this conference facilitated the building of bridges between regulators and researchers.

During the day, experts from different fields presented their work and discussed its impact on regulation and vice-versa. I attended it online — there were many interesting topics covered by the different panelists. The topics ranged from the economics of privacy, smartphones and apps, AI and explanation, and more. Surely, one of the panels that I liked was that on AI and explanation. 

Machine learning algorithms are becoming more prevalent, so it is important to examine other factors in addition to optimal performance when evaluating them. Among these factors, privacy, ethics, and explainability should be given more attention. Many of the interesting pieces I see here are related to what I and my colleagues are working on right now and what I have planned for my upcoming projects.

You are welcome to contact me if you are curious about what I am working on and would want to collaborate.

Never Underestimate the Power of Networking: Tips for Connecting with People at Conferences

/ bugejajoseph / Leave a comment

Successful people are good at networking. The value of effective networking can be seen in the job market. Many application forms ask for references from several people. If you have an effective network, these people could also be your referees, and you can choose those who would be best placed to be asked about your suitability for a role.

Networking at conferences is a great way to make connections and find out about what other businesses are doing. It is always best to meet as many people as possible, but one should not be afraid to target their networking efforts at those who seem more interesting or relevant to them.

Here are five tips to be effective at networking at these important events:

1) Planning for the conference. You should be prepared before you even arrive at the conference. Make sure that you are familiar with the program, who is speaking, and what topics will be covered. This will help you decide where and when it would be most useful for you to meet people and make connections. Also, check out the website of the organization hosting the event so that you can see if there are any extra events taking place during the breaks (e.g., after lunch), which might provide further opportunities for networking.

2) Figure out who you need to meet and find them. If you do not know what they look like, ask a colleague. Highlight their names and search for them on the Internet so that you know what they look like.

3) Introductions. Introductions can be made in many ways – when you first arrive at the conference venue, walk around and introduce yourself to people who may benefit from knowing more about what you do or could offer them. Instead of hovering around one person and waiting for them to approach you, make the first move yourself.

4) Take part in the dinner. It is important to remember that it is the coffee/tea breaks, lunches, and dinners that are the prime networking opportunities, so do not stick all the time with your friends and colleagues. Also, remember not to drink too much or choose something really messy to eat.

5) Wear appropriate attire. If you want to be viewed as a serious professional, wear smart clothes. Wearing jeans to a networking event may not be ideal for the type of people you want to meet.

Networking is a skill that can be learned and developed, but it takes time to get good at it. Effective networking means being proactive about your own career progression and developing the skills to be a good networker. It is not difficult to do, but it does require some effort, thought, and planning. I hope that with this post you have learned some useful tips for building your network of connections. 

Threat Modeling: Some of the Best Methods

/ bugejajoseph / Leave a comment

Threat modeling methods are a set of general principles and practices for identifying cyber threats to computer systems and software. These methods can be applied during the design phase of new systems or when assessing existing security controls against new threats. There are several threat modeling methodologies in use today, ranging from informal processes to formalized models that can be captured within software tools. A summary of some of the most popular threat modeling methods is provided below:

• Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of privilege (STRIDE) 

• Process for Attack Simulation and Threat Analysis (PASTA)

• Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)

• Trike

• Visual, Agile, and Simple Threat modeling (VAST)

• Common Vulnerability Scoring System (CVSS)

• Attack Trees 

• Persona non grata (PnG) 

• Security Cards 

• Hybrid Threat Modelling Method (hTMM)

• Quantitative Threat Modelling Method (QTMM)

• Linkability, Identifiability, Non-repudiation, Detectability, Disclosure of information, Unawareness, and Non-compliance (LINDDUN)

All of the above methods are designed to detect potential threats, except for CVSS. The number and types of threats will vary considerably between the different methods, as well as the quality and consistency of the methods. Which one is your favorite threat modeling method? Are you interested in using some of the methods above for your company or research project?