Finding The Hidden InfoSec Story

Rafael Lachi

Rafael Lachi has been the head of Abril Midia’s security team since 2011. His main focus has been on balancing the need for a cost-effective solution with the need for a robust, threat-oriented security strategy for the company.

His aim is to get people to understand what they are really fighting against so they have the best chance to defend themselves.

For example one problem Rafael helped solve was a series of trolling attacks.  Year after year a seasonal project was trolled, and each time the technology department was blamed and labeled as “unable to prevent the attack.” However when the problem was analysed the conclusion became clear:  the trolls themselves lacked the expertise to unleash a highly technical attack. So what was happening was not in fact a failing of the technology but merely a case of the proper procedures not being in place.

The solution was to include a moderation step, where the “unwanted” applicants get removed before having the chance to post live comments on the Internet. Seems obvious now, but for two years the business was unable to “understand” the threat. Once modeled however the solution became obvious and the project still continues today without suffering any further successful attacks.

Running projects such as this alongside training and awareness programs has meant an increase in the sharing of best practice throughout the company’s multidisciplinary teams, (architecture, support, operation, development areas, and even senior management etc.) This increase in security behaviours has also had a positive effect on the quality of the final digital products.

Rafael has naturally gravitated towards creating a secure development lifecycle – from the initial design stage all the way through to final product release. Tactic such as implementing threat modeling and code reviews has proved the best way to keep up with security awareness, ensuring the same secure build process. So, as time goes by, even if teams change and people come and go, an impressive security culture remains.

Why I Joined The Analogies Project

“I joined because I strongly believe that security is a mindset, and one that can be shared and taught. And as with anything you try to teach, what matters most is what people take away from you’ve said, not the actual words you use. An analogy to me seems the very best way to “paint” a picture in the minds of the audience, and therefore the most efficient way to get the message delivered!”

My Analogies

Mudanças … são as únicas constantes!
 Changes… are the only Constants! Macacos de Laboratório – “Aqui, é Assim Que as Coisas São Feitas” Laboratory Monkeys – “This Is How Things Are Done Here” Sapo na Panela Fervente! The Art of Boiling Frogs (And Teaching Executives)
Share This Post On