About me

I have been in the network and information security field since 2004. Currently I am at the European Commission, supporting the director of IT security, developing the corporate IT security strategy and policy.1524938_553187968088837_1881002771_n

Before joining the Commission I worked for ENISA, the EU’s Network and Information Security Agency, leading the work on cloud security and EU-wide security breach reporting legislation.

In the past I worked for KPMG as an IT architect where I designed the interfaces and protocols of several national online electronic identity/authentication systems: the backbone of the Dutch e-government. I became a Certified Information System Auditor (CISA) in 2010. I received a PhD degree in Computer Security in 2010 and I have a Master’s degree in Theoretical Physics. I started working in IT in 2003, as a computer programmer in a small Italian software company in Pisa.

My Linkedin profile has more details.

About this website

You can find here a blog about computer security, network and information security, slides from infosec talks, interviews, magazine articles,  and the start of a basic infosec tutorial for starters and some of my academic publications. Disclaimer: This is a personal blog and my opinions and views here are my own, and do not reflect those of my current or past employers. 

My credo

For me usability and security are closely related and they almost always go hand-in-hand. Consider the design of the water tap in your shower, as an analogy: the hot water knob is always right, the cold one always left. This way you can pick the right one blindly – even with soap in your eyes. This for me is security: The system does exactly what you expect it to do. And nothing else. It is clear how it operates and you do not need manuals or technical knowledge.

Safety is a related but fundamentally different concept. Using the analogy of the water tap again: Safety would be a valve limiting the hot water to below 40 degrees Celcius, so you can’t ever get burned. So in some settings security and safety could even be at odds. Kids know this by experience: Safety caps on toxic bottles are impossible to open. For kids at least. But for everyone else it is a bit of fumbling (and goes against usability).

I believe many cybersecurity problems are due to insecure computer systems. Computer system not doing what they are supposed to be doing and/or doing things they are not supposed to be doing. Take email. Simply opening an email can put your entire PC, all your family photos, and your bank account at risk. Not to mention your family, friends, colleagues, etc. Instead of just opening the email, your PC has started to do many other things you did not ask for and did not want. In fact I often find myself blaming technology and rarely the user. I see too many in my field who point the finger at the “dumb” user. I would blame the technology for having even basic sandboxes to make sure every email can be opened “safely”.

And last but not least: I see new technology trends, such as cloud computing, smartphones, app stores, social media as major opportunities for improving cyber security, as solutions. And I think it is wrong to view new technology as a threat or a risk.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s