The first sentence: I’m disgusted.
Hi folks, today I’ve been very frustrated after a security talk in Bologna University @ Cesena. Today a Ravenna’s “big” company took a talk in our university about their security vision. The talk was a totally mess. The talker ( security chief ) used a poor and wrong security language miss-understanding some of fundamental security words, like for example: Hacker, Intruder, Exploit Kid and so forth. He presented a non clear vision, jumping from one slide to another without any logical step, he talked about state firewall and about “Http Firewall” ( what’s that??) tracing some definition of Intrusion detection saying that is the same thing of a state firewall (are you crazy?). He presented the Security Engineering professional profile as a man who has to use some already made products, called bricks ! He didn’t understand what a penetration testing is, he didn’t realize what a red teaming is and what kind of security engineering is required in the world so far. He presented a totally wrong graph where he explained that BoF is the more dangerous rather then a “sql-injection” (it’s just a stupid example) because most spread without thinking that is through sql-injection that an attacker may cause an BoF [Marco Ramilli, Buffer Overflow Technique, ICT-Security]. Again, lots of wrong graphs and lots of wrong sentences that I don’t wanna write in my blog.
I’m really sad, this company (I dont wanna say the name) is working for Ferrari, Banca Intesa, Banca San Paolo, lots of big and rich Italian companies. It’s unbelievable that big companies like that are abandoned to this “security company”.
Again, I’m really sad. Lots of companies that wanna make security but don’t know anything about it. They (he) didn’t know any kind of security books and they didn’t know about any kind of security literature. The security chief is a physician converted into an security engineer. Actually I’m thinking on a technical paper written by Stefano Zanero about a similar topic. I don’t remember which is the paper and where you can find it but he said something like that:
” In our country lots of companies wanna make security, but only few are able to think in security, being a good security companies ” (It’s not the exact sentence, just a little memory about his technical report). I totally agree with him.
Yet, another bad history.