sb-au logo
Story image

HP recruits former GCSB researcher for new Security Advisory Board

20 Sep 2017

An ex-GCSB researcher has scored a role in HP’s new Security Advisory Board and will be part of a major effort to reinvent the company’s approach to cybersecurity.

The board will work as a reconnaissance team, according to HP, and they will provide insights from their experiences to help HP reinforce its own security processes.

The board will also talk with HP executives and the market about the shifting security landscape.

According to HP’s blog, inadequate security cannot be ignored because hackers are far more sophisticated and always looking for exploitable vulnerabilities.

Justine Bone, now CEO of medical security analyst firm MedTec, previously worked on reverse engineering and vulnerability research at the GCSB before leading security for Bloomberg LP.

“For years, software and hardware makers were able to rely on security by obscurity. There was no upside to building in this quality all the way through the product because nobody was asking questions. Now, though, people are definitely asking,” Bone says.

Bone joins as one of three board members outside of HP. She joins ex-hacker and now HP Board Chairman Michael Calce, who conducted a cyber attack against Amazon, eBay and Amazon at the age of 15. His work resulted in $1.7 billion in damages.

Robert Masse also joins the advisory board as an independent partner at a major consulting firm.

According to HP’s chief technology for system security research and innovation, Boris Balacheff, the company wants to sharpen its efforts in understanding the future cyber landscape and potential problems.

From NotPetya to Shamoon to botnets, HP says that it’s clear any connected device can be attacked.

With the rise of connected gadgets, 20 billion of which are expected to be used by 2020, the security challenges will get bigger.

Masse adds that cybersecurity used to be an IT problem, but now it’s a problem for audit and risk committees, as well as boards.

“I think now's the time where we really have the opportunity to improve things at a much better level than before.”

Calce believes that every device must have security and adaptability at its core ‘from the ground up’, a phrase often taught but rarely practiced.

He says that when computers boot up, more than a million lines of code in firmware are loaded before a user sees anything on the screen.

HP is looking to implement security on anything and everything they develop. That’s the type of mindset we need if we ever want to have some level of security in this world,” Calce concludes.

Link image
Webinar: Best practices for managing disparate security solutions
As budgets get more constrained, the emphasis shifts from merely finding threats to increased efficiency in managing security operations. Learn how to juggle a crowded field of solutions.More
Story image
APAC organisations struggle to find balance between digital adoption and cybersecurity
Organisations in the Asia Pacific (APAC) region are significantly concerned about security threats, but nevertheless are looking to advance operations through digital adoption.More
Story image
Fortinet’s ‘zero trust’ approach redefining security
Cornelius Mare, Fortinet A/NZ Director, Security Solutions, explains why taking a ‘zero trust network access’ approach to cybersecurity requires fully-integrated and comprehensive security services and policies.More
Story image
ConnectWise launches bug bounty program to bolster cybersecurity strategy
“Crowdsourcing in this way represents a solid additional layer of security, and we clearly value the community's expertise and participation in helping us keep our products secure."More
Story image
Shlayer malware proves Apple devices aren't as secure as you think
"Apple never talks about malware publicly, and loves to give the impression that its systems are secure. Unfortunately, the opposite has been proven to be the case with great regularity."More
Story image
Revealed: The behaviours exhibited by the most effective CISOs
As cyber-threats pile up, more is being asked of CISOs - and according to Gartner, only a precious few are 'excelling' by the standards of their CISO Effectiveness Index.More