How do you describe your job to average people?
Initially I used to describe my job as “I am paid to stay all day and watch porn websites,” but then, people started asking me to recommend the most interesting sites. Now I just tell them I'm a security researcher, which sounds geek-ish enough to stop any further questions. But for those more resilient, I would have to say that I portray myself as “the gatekeeper” against internet threats.
What do you think needs more attention from the industry?
Parental control and security techniques that focus on protecting our newest and at the same time more at-risk users: children and teenagers. One should keep in mind that the internet is a grey area where a lot of danger co-exists with useful information, and distinguishing right from wrong can prove quite challenging to the category of users to which I am referring. So, it is our duty to prevent these types of situations and keep the new generation at bay from IT menaces.
What security threats are overblown?
One cannot be too careful about security threats, so better be safe than sorry. Nevertheless, each situation should be treated accordingly and we need to try and come up with the appropriate solution.
What annoys you?
People not paying attention and not actually listening to what we, as security advisers, are saying. For example, at the university where I teach, most of the computers are still infected with Conficker.
Of what are you most proud?
I would have to say the fact that I was directly involved in designing and developing anti-spam and anti-phishing technologies and actually see that my work has paid off for our customers.
What would you use a magic IT security wand for?
I would have to say: world (IT) peace! I wouldn't mind being unemployed someday.