Story image

HP recruits former GCSB researcher for new Security Advisory Board

20 Sep 2017

An ex-GCSB researcher has scored a role in HP’s new Security Advisory Board and will be part of a major effort to reinvent the company’s approach to cybersecurity.

The board will work as a reconnaissance team, according to HP, and they will provide insights from their experiences to help HP reinforce its own security processes.

The board will also talk with HP executives and the market about the shifting security landscape.

According to HP’s blog, inadequate security cannot be ignored because hackers are far more sophisticated and always looking for exploitable vulnerabilities.

Justine Bone, now CEO of medical security analyst firm MedTec, previously worked on reverse engineering and vulnerability research at the GCSB before leading security for Bloomberg LP.

“For years, software and hardware makers were able to rely on security by obscurity. There was no upside to building in this quality all the way through the product because nobody was asking questions. Now, though, people are definitely asking,” Bone says.

Bone joins as one of three board members outside of HP. She joins ex-hacker and now HP Board Chairman Michael Calce, who conducted a cyber attack against Amazon, eBay and Amazon at the age of 15. His work resulted in $1.7 billion in damages.

Robert Masse also joins the advisory board as an independent partner at a major consulting firm.

According to HP’s chief technology for system security research and innovation, Boris Balacheff, the company wants to sharpen its efforts in understanding the future cyber landscape and potential problems.

From NotPetya to Shamoon to botnets, HP says that it’s clear any connected device can be attacked.

With the rise of connected gadgets, 20 billion of which are expected to be used by 2020, the security challenges will get bigger.

Masse adds that cybersecurity used to be an IT problem, but now it’s a problem for audit and risk committees, as well as boards.

“I think now's the time where we really have the opportunity to improve things at a much better level than before.”

Calce believes that every device must have security and adaptability at its core ‘from the ground up’, a phrase often taught but rarely practiced.

He says that when computers boot up, more than a million lines of code in firmware are loaded before a user sees anything on the screen.

HP is looking to implement security on anything and everything they develop. That’s the type of mindset we need if we ever want to have some level of security in this world,” Calce concludes.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.