Perhaps one of my biggest challenges is to try to keep a routine, I know it is something which comes natural to most people but for me it is next to impossible due to the small inconveniences of my days.
From my point of view I try to divide my day between what I have to do and what I want to do, then I choose what absolutely must do during the day and split my time accordingly.. pretty simple right?
But everyday there is always a surprise, an emergency, something I forgot which absolutely throws my day out the window and forces me to ditch my carefully chosen path.
I know I want to keep posting interesting topics and I will, but projects come and go, hope you will forgive a seeminly random rambling
Wednesday, August 28, 2019
Tuesday, August 13, 2019
How much is our data worth ?
Now that is an interesting question is it?
For the average person is no longer so but if you are reading this it is a safe bet you are already wondering so. Like any of the deepest questions in our world, this topic needs context to be correctly analyzed so let's begin:
What is "data"?
Data is a very volatile concept which is easily shaken by the social media companies and government, basically it is any information they can take from you and compile.It doesn't sound so vile right? But start taking in account how much of your life they are disclosing either directly or indirectly and it will amaze you.
A big part of their information gathering starts with your name, age, address ,etc. this will constitute your profile, which will serve as a header for the next steps which will be:
- who are your friends
- where do you go to eat
- what do you like
- what do you hate
- Which ideas do you support
- what do you buy
Still doesn't sounds ominous? Let's continue:
This profile will classify you into different categories easily searchable and catalogued which will be used for diverse purposes
So let's get in context: in the old days if a business wanted to advertise on their products they would buy space in the radio or in a TV spot where most people are watching and hope for the best.
That is until demographics came into the scene.
Then people started studying who watched what and when and the market started changing.
Let's take the example of the TV show "Matlock".
"Matlock" was a TV series about a senior citizen who was an amazing detective and every week he would solve a mystery, most of the time related to other senior citizens.
Now it would be a show which would attract senior citizens mostly right?, well it did but it also attracted people who were interested in mystery and investigation series.
So a company selling products and services for senior citizens would buy time for their ads at "Matlock" and hope for the best.
But how about if you could filter out people not interested in your product and filter in people interested in whichever age band there is?
Enter social media, now companies did this using questionnaires at malls and supermarkets, nowadays they don't need to do so, we do it for them.
Filling out your profile for your friends to see also do so for the company to fill out the blanks, they allow political movements to join in and use their platform to organize, just so they can get a list of who joins what, even your shopping and wish list is shared so they know what do you want and they can sell ads to the companies who want to sell it to you.
Just the service of focused advertising makes Facebook ads worth between $0.50 to $4 a click (which would mean it got the interest of one person)
An average Ad campaign for a small company would mean at least $10.000 a month and the best part, it is for each company so the information is sold once and again and again and again....
Facebook has made more than $1 billion per quarter just from ads alone which certainly tell us more from the financial value of our data than any other points of worth, but there is more....
Political Value
Cambridge Analytica, currently a bad word in the commercial world, but not so a few years ago it was one of the most successful advisors in regards of... political campaigning using focused advertising.
The financial gain in politics is enormous and as per their results the ammount of data they brought in from our social networks did paid its due.
So as far as getting paid for your data it might be worth around $100 - $200 but as companies go each person data can be monetized for million
Reference
https://www.adweek.com/digital/facebook-lookalike-audiences-help-advertisers-reach-users-similar-to-current-customers-others-in-their-database/
https://www.technologyreview.com/s/427941/the-biggest-cost-of-facebooks-growth/
https://adespresso.com/pricing/
https://www.usatoday.com/story/tech/2019/07/14/facebook-twitter-how-much-data-worth/39677311/
https://www.aljazeera.com/ajimpact/data-worth-bill-google-190624204901419.html
http://stenor.github.io/
https://www.huffingtonpost.ca/carlos-de-torres-gimeno/big-data_b_4817705.html
https://blog.hubspot.com/marketing/where-do-marketers-get-leads-data
https://www.theatlantic.com/technology/archive/2012/03/how-much-is-your-data-worth-mmm-somewhere-between-half-a-cent-and-1-200/254730/
https://medium.com/wibson/how-much-is-your-data-worth-at-least-240-per-year-likely-much-more-984e250c2ffa
https://fee.org/articles/how-much-is-your-data-worth-to-tech-companies-lawmakers-want-to-tell-you-but-they-have-no-idea/
https://www.forbes.com/sites/stephanzoder/2019/08/06/how-much-is-your-data-worth
https://fitsmallbusiness.com/how-much-does-facebook-advertising-cost/
So a company selling products and services for senior citizens would buy time for their ads at "Matlock" and hope for the best.
But how about if you could filter out people not interested in your product and filter in people interested in whichever age band there is?
Enter social media, now companies did this using questionnaires at malls and supermarkets, nowadays they don't need to do so, we do it for them.
Filling out your profile for your friends to see also do so for the company to fill out the blanks, they allow political movements to join in and use their platform to organize, just so they can get a list of who joins what, even your shopping and wish list is shared so they know what do you want and they can sell ads to the companies who want to sell it to you.
But how much is all this worth?
In online marketing there is no way to actually control who has "seen" your advertising so the way they charge for it is for the people who actually clicked on your ad (cost per click or CPC)Just the service of focused advertising makes Facebook ads worth between $0.50 to $4 a click (which would mean it got the interest of one person)
Average Facebook CPC & Other Benchmarks by Industry in 2019
| Industry | |||
|---|---|---|---|
| Apparel | |||
| Automotive | |||
| B2B | |||
| Beauty | |||
| Consumer Services | |||
| Education | |||
| Employment & Job Training | |||
| Finance & Insurance | |||
| FItness | |||
| Home Improvement | |||
| Healthcare | |||
| Industrial Services | |||
| Legal | |||
| Real Estate | |||
| Retail | |||
| Technology | |||
| Travel & Hospitality |
(Source: WordStream)
An average Ad campaign for a small company would mean at least $10.000 a month and the best part, it is for each company so the information is sold once and again and again and again....
Facebook has made more than $1 billion per quarter just from ads alone which certainly tell us more from the financial value of our data than any other points of worth, but there is more....
Political Value
Cambridge Analytica, currently a bad word in the commercial world, but not so a few years ago it was one of the most successful advisors in regards of... political campaigning using focused advertising.
| Countries where SCL Elections claims to have worked |
|---|
| US |
| UK |
| Argentina |
| Colombia |
| Guyana |
| Uruguay |
| Trinidad and Tobago |
| Grenada |
| St Vincent and the Grenadines |
| Saint Lucia |
| St Kitts & Nevis |
| Antigua and Barbuda |
| Cyprus |
| Nigeria |
| Gabon |
| Kenya |
| Zambia |
| South Africa |
| Latvia |
| Lithuania |
| Ukraine |
| Romania |
| Italy |
| Moldova |
| Albania |
| India |
| Pakistan |
| Nepal |
| Thailand |
| Indonesia |
| Philippines |
| Mauritius |
The financial gain in politics is enormous and as per their results the ammount of data they brought in from our social networks did paid its due.
So as far as getting paid for your data it might be worth around $100 - $200 but as companies go each person data can be monetized for million
Reference
https://www.adweek.com/digital/facebook-lookalike-audiences-help-advertisers-reach-users-similar-to-current-customers-others-in-their-database/
https://www.technologyreview.com/s/427941/the-biggest-cost-of-facebooks-growth/
https://adespresso.com/pricing/
https://www.usatoday.com/story/tech/2019/07/14/facebook-twitter-how-much-data-worth/39677311/
https://www.aljazeera.com/ajimpact/data-worth-bill-google-190624204901419.html
http://stenor.github.io/
https://www.huffingtonpost.ca/carlos-de-torres-gimeno/big-data_b_4817705.html
https://blog.hubspot.com/marketing/where-do-marketers-get-leads-data
https://www.theatlantic.com/technology/archive/2012/03/how-much-is-your-data-worth-mmm-somewhere-between-half-a-cent-and-1-200/254730/
https://medium.com/wibson/how-much-is-your-data-worth-at-least-240-per-year-likely-much-more-984e250c2ffa
https://fee.org/articles/how-much-is-your-data-worth-to-tech-companies-lawmakers-want-to-tell-you-but-they-have-no-idea/
https://www.forbes.com/sites/stephanzoder/2019/08/06/how-much-is-your-data-worth
https://fitsmallbusiness.com/how-much-does-facebook-advertising-cost/
Tuesday, August 6, 2019
Blockchain, Is it time to adopt it as a new Standard?
When Bitcoin came up a decade ago it was set to create a revolution but it seems it did in more than one front.
Blockchain, its node based decentralized database, was easily overlooked in the early days, but it is now profiled to be the latest trend in secured and indestructible open source databases in the market.
I actually love the explanation given by Forbes Columnist Mark Zilbert
"" Imagine that you and your best friend Bob are standing on a stage in
an auditorium, and there are 1,000 people in the audience. In front of
these 1,000 people, you hand your car keys to Bob, and Bob hands you his
Rolex. You declare, “Bob, you now own my car.”
Bob declares back to you, “You now own my Rolex.” There are 1,000
witnesses who can each declare, without doubt, that your car now belongs
to Bob, and the Rolex belongs to you. If anyone in the audience later
tells a conflicting account of who owns the car or the Rolex, the other
999 people will refute it. And, if you take a spare set of your keys and
try to give that same car to someone else, the 1,000 audience members
will confirm that Bob owns the car, as each of them witnessed the
“transaction.” This is the essence of how the blockchain works. ""
What are the perks of Blockchain?
Both Etherium and Hyperledger are open source and share the best perks of blockchain which are:- Scalability: The Blockchain architecture creates a "node" which is a server or Virtual Machine where the database is hosted, the trick is, the database can add or remove these nodes without hassle so computing power, authenticity checking, etc. can grow as much as needed
- Indestructibility: This is relatable to the internet itself, as long as a single node is working the database will be available, so let's say the database gets attacked and one of the servers goes down (gets rebooted, stalls or the network goes down on the data-center), the other nodes have everything they need to keep working and when the previously damaged node comes online again they'll update him.
- Confidence: One of the main concerns right now is confidence on the database, What happens if someone defaces my data?, If someone deletes my database? If someone adds false data as real?, Blockchain adds native protection to these concerns by adding security headers to the information blocks which will make it next to impossible for hackers to insert false information, also no information gets deleted from a blockchain database ever, every new change is saved as a new version and every update is digitally signed so every audit will tell you exactly who replaced the information and worst case scenario will give you the opportunity to go back to a previous version.
- Non-Repudiation: I mentioned every record is digitally signed, what it means is if you use Blockchain's native security system you can see the signature of the user which is not replicable as it is a digital certificate unique for each device usable by the user.
Blockchain's potential as a ledger is unmatched and it escalates in a myriad of ways when we start comparing the amount of applications which need an inviolable controlled space.
Excellent... But what does this mean..
It means blockchain is an inexpensive technology to effectively create a real ledger for legal, financial and important documents.
For legal documents it provides a way to record any kind of documents in a way they cannot be changed, deface or repudiated (kind of a bureaucratic task nowadays), it can lower the costs of registering and would bring much needed visibility and transparency to these procedures.
Now don't get me wrong, it doesn't mean everyone will have access to add records but it means that whoever is adding these records will be recorded and digitally monitored by the platform.
As an example South Korea has already started this endeavour, they have stressed it's uses in public safety, finance, tourism and logistics.
In the same way logistics is a prime example of what blockchain is capable as a plethora of companies have started to use and enforce it.
We can see Walmart, Samsung, Fedex, IBM, Microsoft, etc. adopting blockchain as a trusted way to recording and controlling their transactions.
Using blockchain, Walmart employees are tracking shipments from the source to their warehouses. After scanning the lots with the store's app, employees can see which farm the fruit came from and where it's stored in the backroom. The technology could help customers understand where their food comes from and could streamline the restocking process as well as saving time and money in recall processes.
My motto is when the cost is comparable the most secure option is the option to go, blockchain is an affordable, escalable and secure database with a design set to save processing power, it is an amazing technology and must be taken advantage of it, reduce time and cost, raise trust and take out irrelevant controls.
Related Links
https://cointelegraph.com/news/south-korean-president-regulatory-innovation-is-question-of-survival
https://www.hyperledger.org/resources/publications/walmart-case-studyFor legal documents it provides a way to record any kind of documents in a way they cannot be changed, deface or repudiated (kind of a bureaucratic task nowadays), it can lower the costs of registering and would bring much needed visibility and transparency to these procedures.
Now don't get me wrong, it doesn't mean everyone will have access to add records but it means that whoever is adding these records will be recorded and digitally monitored by the platform.
As an example South Korea has already started this endeavour, they have stressed it's uses in public safety, finance, tourism and logistics.
In the same way logistics is a prime example of what blockchain is capable as a plethora of companies have started to use and enforce it.
We can see Walmart, Samsung, Fedex, IBM, Microsoft, etc. adopting blockchain as a trusted way to recording and controlling their transactions.
Using blockchain, Walmart employees are tracking shipments from the source to their warehouses. After scanning the lots with the store's app, employees can see which farm the fruit came from and where it's stored in the backroom. The technology could help customers understand where their food comes from and could streamline the restocking process as well as saving time and money in recall processes.
My motto is when the cost is comparable the most secure option is the option to go, blockchain is an affordable, escalable and secure database with a design set to save processing power, it is an amazing technology and must be taken advantage of it, reduce time and cost, raise trust and take out irrelevant controls.
Related Links
https://cointelegraph.com/news/south-korean-president-regulatory-innovation-is-question-of-survival
https://techcrunch.com/2018/09/24/walmart-is-betting-on-the-blockchain-to-improve-food-safety/
https://www.bloomberg.com/news/articles/2018-04-15/samsung-jumps-on-blockchain-bandwagon-to-manage-its-supply-chain
https://www.forbes.com/sites/forbesrealestatecouncil/2018/04/23/the-blockchain-for-real-estate-explained/#1ffdf5d2781e
https://www.blockchain-council.org/blockchain/top-10-companies-that-have-already-adopted-blockchain/
https://www.techrepublic.com/article/5-companies-using-blockchain-to-drive-their-supply-chain/
Tuesday, July 30, 2019
Security Automation: The end of the InfoSec Professionals?
Fear, one of the most powerful drivers of all time. Movies, novels, companies, even I had the unfortunate chance to hear the following phrase directed to a coworker: " I can replace you with a script and I will save money".
Automation is the new catchy word in the industrial environment, we see it everywhere: in car factories, coal mines, banks, even in the airports where tasks related to security are being transferred to automatic tellers. But is this suitable for all commercial environments?, the answer is partially.
Humans are valuable (not costly as some executives like to view them) by their decision making capabilities and a new evolution process has been taking place all over the world, thinking people are getting hired, and mechanical people are getting displaced. It is not a matter of justice nor survival, it is a matter of cost vs profit.
Yes it is but in a partial way, everyday hackers all over the world bypass security controls designed and maintained by fellow humans, automated systems are predictable (which is a terrible word in the business), we can automate tools and monitors but security intelligence? that's not automatable.
No matter how complex is the algorithm (computer process), the fact that all possible routes are programmed means there will be a thousand ways to bypass it, human ingenuity and logic is paramount to stop cybercriminals.
Don't take me wrong, every company should invest in security means and tools to aid the process and some automation is necessary to analyze the tens of thousands of transactions the average enterprise performs daily, but every machine, every analyzer in the market will depend on search patterns and every search pattern will cause a situation known to security professionals: false positives and negatives.
A false positive is an event which triggers an alarm but is not a situation worthy on it, like a common employee performing a click on a file he is not authorized to and not getting access.
A false negative is a situation where the alarm should be triggered but it is not like the employee in question getting access to the file he has not been authorized to read/change/delete.
These factors are part of the everyday work of a cybersec engineer and a great deal of our training, human instincts become the differentiator to detect the anomalous behavior.
In words of Eran Barak, CEO and Co-Founder, Hexadite: "All of these security automation technologies free up overtaxed security resources, allowing security teams to be less focused on mundane – but essential – tasks, and more focused on strategic initiatives that will make their organization more secure. " [1]
Automation needs to be seen as a tool and as any tool it is only good for the person trained to use it, we cannot expect to take in someone trained to be a network technician and takeover cybersec whithout so much than a manual.
https://www.dflabs.com/blog/security-automation-vs-security-orchestration-whats-the-difference/
https://www.darkreading.com/operations/the-best-and-worst-tasks-for-security-automation/d/d-id/1332074
https://www.helpnetsecurity.com/2019/04/16/it-security-automation-skills/
https://www.information-age.com/staff-skill-shortages-security-study-123473231/
Automation is the new catchy word in the industrial environment, we see it everywhere: in car factories, coal mines, banks, even in the airports where tasks related to security are being transferred to automatic tellers. But is this suitable for all commercial environments?, the answer is partially.
Humans are valuable (not costly as some executives like to view them) by their decision making capabilities and a new evolution process has been taking place all over the world, thinking people are getting hired, and mechanical people are getting displaced. It is not a matter of justice nor survival, it is a matter of cost vs profit.
Is automation in security viable?
Yes it is but in a partial way, everyday hackers all over the world bypass security controls designed and maintained by fellow humans, automated systems are predictable (which is a terrible word in the business), we can automate tools and monitors but security intelligence? that's not automatable.
No matter how complex is the algorithm (computer process), the fact that all possible routes are programmed means there will be a thousand ways to bypass it, human ingenuity and logic is paramount to stop cybercriminals.
Don't take me wrong, every company should invest in security means and tools to aid the process and some automation is necessary to analyze the tens of thousands of transactions the average enterprise performs daily, but every machine, every analyzer in the market will depend on search patterns and every search pattern will cause a situation known to security professionals: false positives and negatives.
A false positive is an event which triggers an alarm but is not a situation worthy on it, like a common employee performing a click on a file he is not authorized to and not getting access.
A false negative is a situation where the alarm should be triggered but it is not like the employee in question getting access to the file he has not been authorized to read/change/delete.
These factors are part of the everyday work of a cybersec engineer and a great deal of our training, human instincts become the differentiator to detect the anomalous behavior.
Then what can automation do?
To detect these factors which allows us to identify the possible intrusions, we would have to manually check all servers under our watch. which would severely raise the amount of people involved, instead the security orchestration tools allow us to see the activity in various fronts even in a graphical way enabling a major coverage on our duties.In words of Eran Barak, CEO and Co-Founder, Hexadite: "All of these security automation technologies free up overtaxed security resources, allowing security teams to be less focused on mundane – but essential – tasks, and more focused on strategic initiatives that will make their organization more secure. " [1]
Automation needs to be seen as a tool and as any tool it is only good for the person trained to use it, we cannot expect to take in someone trained to be a network technician and takeover cybersec whithout so much than a manual.
Resources
https://www.securityweek.com/five-steps-security-automationhttps://www.dflabs.com/blog/security-automation-vs-security-orchestration-whats-the-difference/
https://www.darkreading.com/operations/the-best-and-worst-tasks-for-security-automation/d/d-id/1332074
https://www.helpnetsecurity.com/2019/04/16/it-security-automation-skills/
https://www.information-age.com/staff-skill-shortages-security-study-123473231/
[1]. Explaining security automation and its evolving definitions, Network World September 2016
https://www.networkworld.com/article/3121275/explaining-security-automation-and-its-evolving-definitions.html
Monday, July 22, 2019
Subscribe to:
Posts (Atom)
Exploring the Differences between Red-Teaming and Blue-Teaming in Cybersecurity: Why Red-Teaming is Sexier; but Blue-Teaming is More Crucial
When it comes to cybersecurity, there are two teams that often get confused: redteams and blueteams. Redteams are the hackers, the ones w...
-
Para trabajar en JSON se utiliza el objeto TJSONObject, de la siguiente manera: Si uno está generando la información a enviar puede usar...
-
Ayer me llegó ésta pregunta y en el momento me pregunté si Embarcadero tenía un componente para hacerlo automágicamente, la respuesta es: ...
-
Un mapa de calor o "Heatmap" es un mapa que cambia de color por zonas dependiendo de un dato, es muy usado para estadísticas de pr...