The Infosec Cynic: Q&A with Javvad Malik, IT security consultant & cynical superhero

June 16, 2011

Q.  Tell us a bit about yourself. 

I’m a security consultant, blogger, part-time reporter, vlogger and full time cynic.

 Q. Tell us a little bit about the blogs you write for and their interest in data security. 

I write a lot for Quantainia in terms of providing security whitepapers and opinion pieces. I also write and publish video blogs on my own website – where I use more of a creative license. Although I generally maintain some connection with security, the topics are very broad. Especially with the videos; I think since I wrapped up season 1 of the Infosec Cynic show last year, none of my videos have been very security focused, or very serious for that matter!

I also take the opportunity to write for other publications and websites, so will nearly always cross-post my posts to Infosec Island as it has a large security following. I’ve also written articles for Security Middle East magazine and hakin9 magazine.

 Q. What’s hot in IT security this year? 

We started off the year with the regular cloud security concerns and compliance issues, but following the Sony hacks, Citibank, IMF, Codemasters, etc., the whole cyber threat from organised groups like Anonymous and LulzSec is white hot. Whether or not organisations truly understand the root causes and how to defend themselves is another issue. I fear a lot of knee-jerk reactions and rash decisions being made in the process.

 Q. How many security events do you attend each year? 

Not enough and too many depending on who you ask. I probably aim to attend a couple of big events a year, but more look out for smaller specialised networking groups and individuals.

Q. Which one are you most looking forward to? 

I’m going to be a bit biased because I was a co-founder of Security BSides London and say I really enjoyed it this year. The informal networking event and in-depth talks were a real breath of fresh air and a great chance to meet a whole load of people who are way cooler than me.

Q. What types of stories or companies are likely to attract your attention this year? 

 I’m going to be keeping a close eye on the financial and government sectors. I think previously they haven’t been targeted much because people either assumed they were already secure, or they feared reprisal so they went after the smaller fish. However, I think this year we’ve already seen some big companies been hit hard and it’s only a matter of time till attackers focus more towards these institutes. It will be interesting to see how good the defences really are.

Q. How many interviews do you do per week? 

Not many – last year I was averaging a couple a week, but this year so far interviews have taken a back seat to other commitments.

Q. What’s the best way to pitch a story to you? Email? Phone? Twitter? By mail?

Email is the best way – Javvad@j4vv4d.com or Javvad.malik@quantainia.com

 Q. Who is worth listening to (about IT security)? 

Too many to count. I apologise in advance to people I may leave out.

From an application security development perspective, David Rook aka Security Ninja is great. Aaron Finux Finnon of the Finux Tech Weekly podcast. Brian Honan of BH Consulting.

 Q. What’s your favourite blog?

Non-security wise, my favourite blog is www.thebloggess.com. It’s a satirical blog and Jenny is one of the funniest writers ever. Warning – don’t go there if you’re easily offended or don’t understand humour.

Security blogs I follow the most are Infosec Island and Infosec Ramblings – both of which are great resources.

Q. What is your favourite piece of technology?

My iPhone. It keeps me connected to the world all the time no matter where I am. Emails, Facebook, Twitter, LinkedIn, the web, maps – it was the one device I’d been waiting all my life for.

Q. What do you think is the most important development in IT security to date? 

That’s a tough one. There’s been much innovation and development in IT security and for all its flaws I still believe the most important development in IT security ever was the introduction of the password. It’s something that gets in your face. It reminds people that beyond this page, the code is meant for their eyes only. Of course this also tempts people to try to bypass. But authenticating users to resources is a fundamental building block of IT security and I don’t see any viable alternative. Yes, you can say they are broken and useless and all that good stuff. But the reality is that they’re cheap and quick to implement and give you a certain level of protection. At the very least it draws the line in the sand that beyond this point, it’s a members only club.

 Q. What is the best piece of advice for companies pitching stories?

Don’t be afraid to be personal, crazy, funny or take risks. You want to connect with your audience and being intimate in the manner you communicate can build so much trust.

Secondly – try to remain impartial. I’m a strong believer that there’s no point in telling a story where you continually remind people “and our firewall stopped the big bad wolf”. Just tell a story and if the readers enjoy it, they will automatically link that to your company and your product.

Q. What’s your favourite restaurant?

I’m not really a restaurant person. I’d much rather a takeaway or a local coffee shop. I think Nando’s is the poshest place I go to out of choice so I think I make a pretty cheap date.

Q. Are you a social media lover? Which ones are you on? FB? LinkedIn? Twitter?

I am absolutely addicted to social media. With a young family I don’t always get a chance to get out and about. Social media helps me connect and communicate with all kinds of people all the time. Twitter = @J4vv4D, LinkedIn =  http://uk.linkedin.com/in/javvad

Q. Tell us something no one knows about you. Do you have any unusual or unexpected hobbies/interests? Do you have a claim to fame?

I enjoy filming and editing with a bit of photography. I’m also a big fan of mixed martial arts and occasionally train, although I’ll never be at a level where I can compete at any sort of level, nothing gets your mind off security more than spending an hour punching, kicking, grappling and submitting one another… then thanking each other for the experience at the end of it all.

 I’m scared of heights.

 I once a contestant on a Ch4 programme called “Without Prejudice”. I lost in the very first stage so I was on TV for a total of 30 seconds.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: