SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
HP recruits former GCSB researcher for new Security Advisory Board
Wed, 20th Sep 2017
FYI, this story is more than a year old

An ex-GCSB researcher has scored a role in HP's new Security Advisory Board and will be part of a major effort to reinvent the company's approach to cybersecurity.

The board will work as a reconnaissance team, according to HP, and they will provide insights from their experiences to help HP reinforce its own security processes.

The board will also talk with HP executives and the market about the shifting security landscape.

According to HP's blog, inadequate security cannot be ignored because hackers are far more sophisticated and always looking for exploitable vulnerabilities.

Justine Bone, now CEO of medical security analyst firm MedTec, previously worked on reverse engineering and vulnerability research at the GCSB before leading security for Bloomberg LP.

“For years, software and hardware makers were able to rely on security by obscurity. There was no upside to building in this quality all the way through the product because nobody was asking questions. Now, though, people are definitely asking,” Bone says.

Bone joins as one of three board members outside of HP. She joins ex-hacker and now HP Board Chairman Michael Calce, who conducted a cyber attack against Amazon, eBay and Amazon at the age of 15. His work resulted in $1.7 billion in damages.

Robert Masse also joins the advisory board as an independent partner at a major consulting firm.

According to HP's chief technology for system security research and innovation, Boris Balacheff, the company wants to sharpen its efforts in understanding the future cyber landscape and potential problems.

From NotPetya to Shamoon to botnets, HP says that it's clear any connected device can be attacked.

With the rise of connected gadgets, 20 billion of which are expected to be used by 2020, the security challenges will get bigger.

Masse adds that cybersecurity used to be an IT problem, but now it's a problem for audit and risk committees, as well as boards.

“I think now's the time where we really have the opportunity to improve things at a much better level than before.

Calce believes that every device must have security and adaptability at its core ‘from the ground up', a phrase often taught but rarely practiced.

He says that when computers boot up, more than a million lines of code in firmware are loaded before a user sees anything on the screen.

HP is looking to implement security on anything and everything they develop. That's the type of mindset we need if we ever want to have some level of security in this world,” Calce concludes.