“We generate so, so much data that we’re losing visibility in most matters related to security”

One of the best things about cybersecurity is that everyone brings their own flavor, experience, and perspective to the table. Building on top of each other’s observations, we keep the community growing and reaching beyond its confines, especially since it’s our responsibility to make people care about their security (and act on it).

It’s not an easy job but, if you’re reading this, you’re probably not in infosec because you like taking the path of least resistance.

One way we keep learning is by asking questions. If you browse through our collection of interviews, you’ll find nuggets of wisdom, intriguing hypothesis, and daring aspirations.

Our plan is to keep probing the experiences of the leaders, specialists, and enthusiasts in the community to surface the best and most useful observations about the state of the industry.

The interview below is no exception!

Learn how the value chain is changing in the telecom industry and how telcos are placing cybersecurity at the center in this insightful interview with Ioan Constantin, Cyber Security Expert at Orange Romania.

This complex attack is not getting enough attention

There’s no shortage of cyberattacks that leverage social engineering but SIM jacking is one of the most devious out there. That’s why Ioan believes this issue should get a bigger share of mind.

SIM jacking is one of those important topics for which information should be better disseminated both in the community and through the general public.

We’re somewhat lucky to live in a geography where most operators and service providers moved away from the particular piece of technology that makes this threat plausible (Vulnerable SIM Applications and execution environments) but the fact that such a threat exists and can be exploited should make the front cover in at least a few magazines.

This proves that such complex attacks are within reach for a determined adversary and that most of the advanced security mechanism and tools we rely on on a daily basis such as biometrics, encryption, and access control prove inefficient against an age-old vulnerability in a ubiquitous piece of equipment such as a SIM card.

As I was saying, fortunately, in Romania, and for sure at Orange, customers are secure from such a threat.”

Geography influences the types of attacks we see around the world because they all focus on manipulating people through various means, both technical and non-technical. Cybercriminals make significant profits from their malicious activities because this challenge still persists:

“As my activity revolves around R&D, mostly, I’ll shy away from operational challenges and I’ll name one specific challenge that – unfortunately – reigns above all else, in all activities related to information security: the lack of awareness on cyber threats.

Tackling this is not an easy job but we definitely feel like we’re making progress.

Our involvement in education is a key factor as we can reach today’s youth and their digitally-centered ecosystems.

I strongly believe that cybersecurity, in some form, should be taught starting with primary school and that private entities should get involved in this process, provide tutorship and material support.”

The importance of cybersecurity education

We can’t emphasize enough how much we support Ioan’s statement! Education is one of the most important vectors for positive change not only in cybersecurity but in all the essential areas of our lives.

That’s why we’re getting together at DefCamp in a few short days: to learn from each other and get better in the process.

And there’s a lot of ground to cover! Some of the talks cover the infosec advancement that Ioan deems essential for the past few years:

“Machine Learning. In all forms and shapes.

This didn’t stem from cybersec per se but using neural networks to label, classify and further identify data is – in my opinion – the foremost advancement in Cyber Security.

We’re at this point where we generate so, so much data that we’re losing visibility in most matters related to security.

Everything starts looking like huge haystacks when your precious piece of information regarding some malicious activity has the size of a needle.

Organizations are at the very base of this huge mountain of logs, metrics, flows and – finally – events. Log management doesn’t cut it anymore. Training machines to recognize patterns and act upon the findings is an essential step in scaling security to the requirements of future-gen networks.”

As you can tell, Ioan is truly passionate about cybersecurity, which is why he’s also an active contributor to the community. Not only has he shared his experience in previous interviews but he’s also presented his work at DefCamp before.

If you’re looking for a practical piece of advice about infosec work, Ioan always has (at least) one handy. This one’s all about threat intel:

“Stay consistent in regards to the open-source threat intel feeds you’re using.

I’ve fiddled with building this threat intel sharing platform as an internal tool where we can keep track of specific threats targeting our resources. I’ve started with ingesting data from pretty much every free feed out there only to learn that most information is inconsistent between different sources which lead to confusion and uncertainty.

I managed to narrow down my list of ‘trusted’ feeds – of course, as per our use-cases – to resources such as DHS’s AIS, @abuse.ch, the free Talos feeds, Google’s Safe Browsing, and the free ISAC members’ feeds. While you might think that more is better when it comes to intel, it’s often the case that less is more, in terms of sheer volume. :)“

It’s interesting to see how a pro like Ioan connects the dots from the wider infosec industry and the point where it interacts with the telecom industry.

Telcos need to constantly improve cybersecurity

We couldn’t miss the opportunity to ask how the role of the telecom company has changed as security gradually became a core business concern for companies worldwide.

“I believe that this change in perspective, which brought security down to the core business of most companies, has led to a change in paradigm for most service providers.

Telcos outgrew their principal role of data carriers and moved to provide complex services to their customers such as managed security services or specialized professional services.

It started with SMEs looking to outsource security to a trusted partner and continued to develop up to the point where most of the services provided by a telco, irrespective of the consumer, have a strong cybersecurity component. This, in turn, led to most telcos building exceptional capabilities in the field of security and technology providers scaling their equipment and tools to ‘fit’ the requirements at the network level.

I see this at Orange, as we’re constantly improving the security services we offer to our customers and prepare for the advent of next-gen networks like 5G and their challenges.”

We really believe that 5G is also not getting the attention it deserves. We’re about to have a lot more work on our hands with its onset.

“5G opens the door to new use-cases for mobile networks that leverage the enhanced throughput and low latency. Everything from edge computing to connected vehicles becomes possible for the next decade but this, in turn, will raise challenges regarding the myriad of connected devices.

This new, vast surface of attack and compromise means that telcos will have to step up their cybersecurity game considerably and further push technologies such as Device Profiling, Network Access Control on all borders, and SD-WAN, Monitoring and automated response or automated vulnerability assessments.

This will, in turn, lead to a new change in paradigm as security will become M.L.-bound and service providers – including telcos – will rely on automation more than before.”

There’s a lot more we would’ve asked Ioan but we’re saving the rest of our questions for next week, when he takes the stage on Track 1, Day 1 at the conference!

Join us to see Ioan live and ask him what’s on your mind! He’s just as excited as we are that it’s finally time for DefCamp!

“It’s THE cyber sec gathering. You get to experience everything from interesting keynotes and presentations on really, really cool topics to the Hacking Village and the D-CTF (if you managed to qualify, that is).

The Cyber Security community here in Romania tends to fragment easily and DefCamp always has had this key role in bringing this community together.

DefCamp is the ‘go-to’ cybersecurity event of the year.

 Get your ticket

This year, we’re taking DefCamp to the next level with the help of our main, long-time partner, Orange. With support from IXIA – a Keysight Business, Secureworks, UiPath, Bit Sentinel, Thales, and other selected tech companies that value the power of community, we’re building valuable, hands-on learning experiences for 2000+ attendees from all over the world!

Join us to educate, secure, and change the world!

Meet our DefCamp 10 partners 2019

    Related articles​

    DefCamp 2019 – Live blogging from Bucharest

    BY ioana.rijnetu
    It’s finally happening!! Our 10th DefCamp anniversary starts today and we’re super excited about this ..

    “See as much of what’s going on in the InfoSec..

    BY andra.zaharia
    It’s often the things you don’t see or know that cause the biggest anxiety when you’re trying to figure ..

    “Meeting with family is important” (the hacker..

    BY ioana.rijnetu
    Almost everyone can be part of a community but it takes a special kind of person to lead one, to support it ..