Biography
The moment I graduated from school and received my diploma in accountancy, I received a job offer to start as a junior system and network administrator. Simultaneously I got introduced to the world of cybersecurity. However, back then things were not as complicated as they are today. Like any other system and network administrator, I implemented various security controls like firewalls, IDS/IPS solutions, and anti-virus solutions. And sure, from time to time I needed to deal with a security incident, luckily mostly virus related. But it got me thinking.
Why is it so problematic to design, implement, and maintain a secure environment? Is a secure environment really a utopia?
Okay, true you can only invest your money once, and budgets are not unlimited. But what about the cost of downtime caused by a security incident? Or the cost of remediating the security incident? Okay, I recognize that a company needs to make money to keep the shareholders satisfied, but the shareholders will be extremely disappointed if the company is severely affected by a security incident.
Just an example, companies took the Y2K bug really seriously. But that bug will in fact occur in the year 2049. And not as predicted on January 1st, 2000. Why? That answer is a bit technical and nerdy. Beneath the hood, most applications will save date and time values as a 16-bit integer value. This system is…