Interview with Chema Alonso Hi everyone!
From now on, and on a monthly basis, we will devote a little space to interview security experts from Microsoft and other companies. Try to be a different space, more collaborative with the readers of the blog, so be open to your participation.
You can propose topics and suggestions guided you to the following email: i-merma@microsoft.com
opens first interview Chema Alonso, Technical Director of Information Technology 64 and Microsoft MVP. What be MVP? For those of you who are not very familiar with the term, the program Most Valuable Professionals (MVPs) consists of a community of technical leaders throughout the world, who were rewarded for voluntarily sharing knowledge. Persons of recognized standing, absolute reliability and accessible have extensive experience in one or more Microsoft ® products who actively participate in online communities to share their knowledge, experience and help others.
1. How were your beginnings in the world of computer security?
My involvement in this world were from an approach from the world of computer systems. I came to work with databases, networks and technologies with Microsoft's servers and get to the security world was a simple way and almost mutual attraction. I loved and had a great need professionals at the time.
2. You you're a person of etiquette ... your holidays are known around the world: China, Argentina, the U.S. ... How think that is Spain compared to other countries in terms of security?
This is a question I get asked many times and always I have to qualify it in sections. I think we have great professionals and a large community of experts. Just look at English as there are professionals in key safety equipment of big business. Case of Fermín in the MSRC Microsoft, Palak in Yahoo and many more. Also, you just have to see that we have representation of English professionals in major international conferences such as Defcon Sexy Panda and David Barroso at the last RSA.
This is noted in regard to security companies in Spain, groups like Hispasec, Panda Security's laboratory, safety equipment or S21Sec SIA, to cite one of many that there are very high level.
For companies in general, few have taken awareness of safety. Have made progress, especially large ones, investing in technologies, products and audits, but have not yet gotten the safety culture in their processes. As for the medium and small, begin now to think about it very cautiously.
3. How do you think the crisis is influencing decision making in the area of \u200b\u200bsecurity?
is a difficult question. I think that curb investment in security is counterproductive, but I suppose that those responsible for budgets should be much thinner now. It is clear that the alignment with the business by IT teams must be especially careful at this time to help generate more productivity for businesses, but a lack of investment in security can come out more expensive to generate a new path investment security risks do not remove it. Do not forget The security teams are not only affected by lack of business continuity, image or scams, but there is also an existing legislation to meet that obligation to maintain a secure infrastructure.
4. What do you think are the security trends for companies in the long term?
For long term I do not know, but in the short and medium term have many challenges ahead. The first of these will remain the classical threats to defend against new mafias performed by using malware and botnets. Next, companies are challenged to defend themselves, and more at the moment, against the risk of information leakage, theft, espionage, etc. .. caused by attacks or internal negligence.
addition, we have technological challenges at the country level, the integration of e-ID, the final implementation of the Data Protection Act, standardization, ISO 27001 and the impending arrival of e-administration with the law Access makes the security landscape is in a frenzy of activity.
Stand in this race may involve delaying a competitive company or organization.
5. What advantages do you think provides proprietary software against open source software compared to ensuring the privacy and information security?
really do not think that proprietary software is better or does not provide a structural basis. What is certain is that there are commercial software products have no competition in the free software world simply because the business model of free software in this field has not generated enough money to stay competitive.
free software projects have good, reliable and safe, but these are very few compared with the vast majority of them do not have the resources to maintain a constant developments are a real uncertainty in the immediate future.
I believe that a commercial software provides an assurance of support and continuity in a future line of work. A company can not upgrade their systems every six months, or update your software every day and, of course, change the architecture of its services because a product is discontinued.
Free software and software can and should coexist in a balanced search for adequate investment in technology higher productivity of both the company and the administration of this country.
6. Often security is not taken into account as a factor for business competitiveness What do you think about it?
who do not take security as a determinant factor for the competitiveness of the company is a danger in managing budgets and should send him to do other work.
In my occupation, performing penetration testing companies, I have seen many companies lose money on insecure systems. Companies that have not been able to work for days because they have settled their mail servers and could not communicate with customers and suppliers, companies that have not been able to pay taxes on time because of computer viruses and directory companies that have robbed money through insecure sites.
The need to explain this should be put on a list of managers that should never be employed in an undertaking.
7. you participated proactively in volunteering Microsoft Security online giving safety talks to children in different schools What has been your experience in this initiative?
Well I had a great, kids are fun and spontaneous. Their reactions are shock, fear and discovery. When you explain the possible problems, risks and what happens on the Internet if precautions are not taken they feel identified. We tell their stories and ask you advice. It's amazing the intensive use give kids Internet today.
always try to make them understand them and parents that the Internet is great and you have to enter, discover, learn, use and take advantage of this gift the Internet, but do so safely.
I enjoyed the experience and repeat insurance.
8. What security measures implemented as an end user? Are you one of the paranoid obsessed with malware that can be inserted into your PC, or rather are those of "home of the blacksmith knife stick?
Well on my computer implemented a political genius. Do not open any mail that comes from who do not know, never use a user privileged or privileges when working with programs or browsing the Internet. All updated. Firewall on. Do not install any software I do not know where it comes from (I have the opportunity to have the TechNet and MSDN subscription to enjoy the software directly from the root) and enjoy a Windows Vista where I have protections active from the beginning. It's pretty easy to keep a Windows Vista or Windows 7 security without much effort. I feel sorry for those poor reinstall your system every six months. My Vista is installed once and do better each day.
9. What is planning conferences recently?
For
now the tour ahead of Summer Of Security four English cities.
Then we have a summer course fantastic at the University of Salamanca where he will gather 15 birds of care in the month of July.
And after this I'm going to Colombia to participate in another international course and then to Las Vegas to participate in the Defcon 17 with a group of English there. As you can see I do not get bored. ;)
10. guess you have asked so many times ... but it is amazing the dedication that you pay to your blog. Where do you get this record to write on a daily basis?
Well I think because after having worked as a painter, bricklayer coating and I think it's a luxury the job I have and really love my job. Like much, but it is a pleasure. In addition to my blog I write what I live, learn, discover, design or pass me. It is a very personal blog where I have many times more to post than actually get, but ... I do not want to be heavier than I already am. If you do it with pleasure ... there is always a minute to post and do not forget that I'm connected to the Internet all the time I am awake;)
11. Why do you think there are so few women in the world of security?
I do not think there are so few, the ratio is more or less the same as in computer science in general. The issue is that the word has spread in the computer career no cute guys (that was totally false because here I am to myself and the rest of the frik ... say .. in engineers) and prefer to throw it more glamorous careers. There really are some very, very, very good, but I think they prefer to remain anonymous. Many of those nicks that are out there are girls, but is difficult to know when Nick is ka8bu_kiFX!
12. give us permission to publish this famous photo of the calendar .... ¿¿????
course, but ... what is corporate and post a photo in Spectra? Lest you run out of work just for showing off. ;)
Chema Thanks for everything, if you see that this blog continues to publish articles, you'll know why ...:)
Mercedes Martin
Enterprise Manager Security and Privacy
Microsoft Spain
