The first ever SaimaaSec meetup was organized last week and had three presentations from the infosec and cybersecurity industry. The event was held at LUT University which also sponsored it. Here are my (very) short notes from the presentations.
War stories from Incident Response – key takeaways
Juho Jauhiainen talked about incident responses and war stories. We heard about how the famous Vastaamo case happened and many more stories. Nothing in my notes though.
TLS is fine and why we should really care about it
Encrypting network traffic is great but as Tomi Koski talked in his presentation you should also really care about it. This was an interesting story of how MDM can be a vulnerability if it isn’t done right.
This time it was about how the application checked TLS certificate of the server it communicated with. Due not verifying the certificate there was place for MITM attack. Also some not so good practices in the application development which leaked secrets and lead to spoof legit update package and possibility to install whatever the attacker wanted.
First year as Director of Information Security in a unicorn cloud company – Lessons learned
Riku Tarkiainen from Visma Solutions had some lessons to share from the manager point of view about information security.
Some of his points were:
- “It’s all about customers. You need to understand what you’re protecting and why you’re protecting them.”
- “Know your status and know what you don’t know. Do you have data?”
- Security is part of business.
- People and communication are key factors.
- Understand how you learn and do it. Daily. And teach also.
The field of Cyber Security is broad:
And last, what areas should a CISO concentrate on 2023, told by ChatGPT: