now browsing by tag


Telling fortunes in information security?


I’m actually in London to attend BSidesLondon and InfoSecurity Europe. I had the great opportunity to write a guest blog article for the InfoSecurity blog. My article has been published here. Happy reading!

Introduction to Social Engineering

Social Engineering Banner

Some very motivated IT Students from the Erasmus Hogeschool Brussels organized today (and tonight) an event around information security called EHackB2014 with online games, demos and workshops around security. I was contacted a few weeks ago by Bert Van Rillaer, the professor helping students to organize the event as a keynote speaker.

Instead of speaking “bits & bytes“, I decided to present some facts about human hacking or “social engineering“. Indeedn, why spend huge amount of time to break into a system, if it can be accomplished by “abusing” a human? XKCD has a wonderful example about this: xkcd.com/538.

My slides are available on slideshare.net:

It was a nice experience. Lot of students attended my keynote. I also got interesting questions about jobs in information security. Good to see that some fresh blood will jump on the bandwagon in the coming years.

I would like to congratulate the organizers for the warm welcome, the excellent organization! Good job for a first shot!

You have a SIEM! And now?

Cyber Threat Intelligence

The 2014 edition of InfoSecurity.be is over. I was invited and received a speaker slot. I talked about one of my favourite topic: log management and SIEM but from another perspective. For a few years, SIEM solutions were pushed in front of the stage! Presented as the “security threats killer”, we must be honest: Still today, it’s very difficult to get the best of such expensive tools! Not that they are bad but they remains “tools”. Creating and maintaining correlation rules or filters is an endless game. Based on my experience, I reviewed the current situation and explained why SIEM solutions failed. The second part focused on ideas to improve the detection of threats inside the organisation.

The slides have been publised on slideshare.net:

You want to discuss about this topic? Feel freel to contact me!

Unity Makes Strength

Last week, I was in Dublin to attend the SOURCE conference. I was invited as a speaker and talked about “Unity Makes Strength“. My presentation was about an overview of the current weaknesses introduced by the multiple security solutions deployed to protect infrastructures. All of them achieve a quite good job but how could we improve the overall knowledge by making them talk to each others? My slides are available on slideshare.net:

I also published a wrap-up of the conference on my blog (day one & two).

(ISC)2 SecureAmsterdam Workshop

Yesterday I attended the (ISC)² event in Amsterdam about mobile devices security. I was invited as a speaker and talked about the mobile apps security. The whole day covered the classic topics around mobile devices.

My slides are available on SlideShare: