Jaya Baloo is the CISO of KPN Telecom in the Netherlands, and since 2017 she is recognized as one of the 100 most influential people on security issues worldwide. She shared her expertise and her vision on quantum computers and their importance on issues related to security and data protection, during Codemotion Rome 2018.
She has worked in the field of security for more than 18 years, working especially with large telecommunications companies such as Verizon and France Telecom. She has often been a guest of international conferences in which she presented her ideas on topics such as legal interception, mass surveillance and cryptography.
Jaya believes that in order to develop secure systems and software, an “old-style” approach in which security checks are carried out downstream of development is deprecated, so we need to start thinking about these issues from the early design stages.
The most important advice I can give to developers is to be proactive when it comes to security.
Jaya told us that is crucial thinking about security checks right away in order to avoid realizing only during the final stages the risk of incurring problems and therefore minimize the need to make expensive restructuring of software architecture.
Software security arises from defeating its most common vulnerabilities.
Jaya stressed out the concept by stating that if developers were more proactive in addressing security issues, they would risk far less drama coming from the late detection of potentially dangerous holes.
One of the key topics about security recently has been of course data protection.
Regarding this trigger point and quoting the Cambridge Analytica scandal, Jaya is very critical. She has been definitely more surprised by the fact that people did not realize that the issue was not concerning the Cambridge Analytica use of the data, but the allowance Facebook permitted to third party parties about collecting and using users’ data.
Moreover, talking about her 18 years’ experience Jaya shared with us a great lesson:
We must not waste our time devoting ourselves to trying to manage unlikely and fantastic scenarios of cyber-attacks but keep our feet on the ground and focus on more concrete and common issues.
The most surprising thing is to realize that developers know very well how to handle security issues but nevertheless, they prefer not to deal with them or, even worse, to postpone the checks when remedy can be very complicated and/or expensive.
Jaya finally describes her experience in Codemotion:
Codemotion is bubbling! In any place I go, I see excitement and open-mindedness.
We hope to have the opportunity to host again Jaya in one of our upcoming Codemotion! 🙂