Tech Days: insights on quantum cryptography, privacy engineering, and more

One of these events - the Nord Security Tech Days: Summer session - took place just last week. During it, our company’s experts shared their latest insights, work findings, and tips with other colleagues to help them build leading cybersecurity tech. The topics ranged from quantum computing, privacy issues and engineering, JSON and CAPTCHA, team formation, data analytics challenges, and even coping with mental health problems in the tech industry. Take a look at the key findings from seven event presentations:

The future of cybersecurity: the challenge of quantum cryptography

Presented by: Marijus Briedis

Role: Chief Technology Officer

Summary:

Quantum cryptography can bring both rich opportunities and raise serious cybersecurity challenges. To give a better picture of its power, M. Briedis started with the history of quantum computers: from their theoretical inception and first examples to present-day quantum devices that attract huge investments from companies and states.

He also highlighted the possibilities of quantum computing and its risks to the existing cryptography and the current internet protocols. However, there are ways to mitigate these threats. And that's the NIST PQC Standardization Project, which is expected to be ready by 2024. At the end of the talk, Marijus presented some open-source implementations of existing post-quantum cryptography solutions to experiment with.

Key findings:

• Post Quantum Cryptography is still in its early stages but already poses a threat to existing cryptography and raises many implementation challenges to present solutions.

• Engineers who work in the cybersecurity field have to know the current challenges, benefits, and history of quantum cryptography, as well as already available solutions that are ready to be experimented with.

JSON & microservices. What can go wrong even if your code is secure

Presented by: Astrid Bytes

Role: Security Expert

Summary:

The popularity of JSON has increased so much that parsing a JSON object is usually treated as a trivial development task without thinking much about its security. However, with microservice architecture, this might introduce serious security vulnerabilities if several different JSON parsing implementations are being used. During the presentation, Astrid Bytes looked at how JSON parsing quirks can lead to hard-to-spot security bugs and how to mitigate them from a secure development perspective.

Key findings:

• JSON is not a data format you can rely on blindly as official and alternative JSON specifications have open-ended guidance on a few topics, e.g., how to deal with duplicate keys.

• Same JSON payload can be parsed differently across microservices, leading to serious business logic vulnerabilities.

• It is important to have an inventory of all third-party libraries and follow secure development practices to mitigate the possible JSON parsing risks.

Coding and mental illness. A survival guide

Presented by: Christopher John Ward

Role: Android Engineering Manager

Summary:

Being a coder with mental health problems can pose unique challenges. Especially if you don't know you have them. That's the story of Chris, who, after 8 years of medication for depression and anxiety, at the age of 37, got diagnosed with ADHD. Since then, the treatment prescribed has completely changed his life.

During his speech, Chris highlighted that the IT industry is rife with imposter syndrome, and here mental health "quirks" are often perceived as professional flaws or gaps in knowledge. He shared his experiences, gave concrete, helpful suggestions to overcome these challenges, and explained what "neurotypical" people could do to support their colleagues with an ADHD diagnosis.

Key findings:

• Things can change dramatically with the right diagnosis and treatment.

• Society needs to start taking the “ugly” truth of mental illness seriously instead of camouflaging it.

• Right diagnosis and treatment, daily life gamification, and meticulous to-do-listing can help someone with ADHD survive in the software development workplace.

• While there are many ways in which people without ADHD can help colleagues who suffer from it, a supportive environment and empathy are key.

Your privacy, it is just an engineering problem

Presented by: Adrianus Warmenhoven

Role: Defensive Strategist

Summary:

Privacy infringement is very pervasive in current days technology. Very often, it is due to the actions of malicious actors. However, sometimes even developers could become accomplices in such a crime without even knowing it. More alarming is that a solution to this problem is hard to find because of different ethics in different parts of the world and the fact that people's primary needs come before their morality.

Key findings:

• The tensions between the fourth industrial revolution, where the world is today, and the fifth industrial revolution, which has just begun, are leading to paradigm paralysis. It means that the older generation of managers will stick to the tried, tested, and proven methods, ideas, and practices of the previous generation, whilst the younger generation will begin to understand the implications of the current one.

• This leads to ethical dilemmas that could be easily hidden (e.g., the Diesel engine emission fraud) so that the developer or engineer wouldn’t know that they’re doing anything wrong.

• In essence, the current state of software development's privacy implications is like previous generations' plastics and fossil fuels. It propels productivity and prosperity to great heights, but the effects will only be really felt and have to be dealt with by future generations. So, could the present generation of engineers see and understand the possible (negative) consequences of their current way of working?

DA dreams (are made of this)

Presented by: Marta Valkavičienė

Role: Data Analyst

Summary:

Some data analysts might dream that all data would be supplied to them cleaned and on a silver platter. However, it is unlikely that such a dream will ever come true. The whole essence of this work is filtering data and analyzing it, which is time-consuming and involves complex processes. During the speech, Marta Valkavičienė demonstrated how many steps it takes to complete a seemingly simple task and what the reality of data structure, data management, and the overall workflow should look like. She also explained how to get closer to the preferable DA's workflow reality by making it more efficient and beneficial not only for the specialist but also for the whole company.

Key findings:

• One of the major reasons for slowing down work processes is tools. For instance, the ones used for monitoring are not always suitable for analysis or reporting. So choosing the right ones can be crucial.

• Even though the workflow is functional, finding the most time-consuming or complex areas and improving them can make a huge difference.

• Taking the proper steps to improve the situation is not difficult. Still, it would bring a lot of added value, like the increased speed of getting insights, independence of users, automation possibilities, and more.

From ground zero to a fully structured development team

Presented by: Martynas Paškauskas

Role: Head of Development

Summary:

Building a fully working multi-functional team with clear processes and defined roles is difficult, especially when you start from ground zero and have to build a team almost from scratch. Martynas Paškauskas shared his experience on how he managed to overcome this challenge:

1. First, he highlighted the importance of vision, which should be aligned with the goals and needs of the product, team, and company.

2. Then, he introduced a model he used to form his multi-functional team and explained its major elements.

3. Finally, he suggested how others could apply it to their areas of work or products and summarized his speech by presenting the key lessons learned from this challenge.

Key findings:

• Operating with limited human resources sometimes requires making drastic decisions that are expensive, temporary, or not sustainable.

• When planning a team structure, it’s important to make it a future-proof solution that is flexible, scalable, reusable, and easily adjustable to any situation.

• Indicating major roles and responsibilities, forming squads, and planning the resources are the three key things that should be carefully considered when forming a multi-functional team.

CAPTCHA - created for bots, hated by users

Presented by: Ieva Teodora Muliuolė

Role: Infrastructure Project Manager

Summary:

Initially created to distinguish bots from humans, CAPTCHA can make humans question whether they actually are real human beings. It's very frustrating for those who have to re-prove their origins after the first unsuccessful attempt.

In her presentation, Ieva shared how her QoS team of NordVPN is trying to solve this problem. She described the strategies used and how these solutions help reduce the inconvenience of CAPTCHA tests. Ieva also revealed her team’s future plans - to filter not only bots but also abusers, who are one of the main reasons behind the CAPTCHA rate increase.

Key findings:

• CAPTCHA is a security test designed to distinguish people from bots. However, it's very annoying to keep proving you're human multiple times in a row.

• There are ways to reduce excessive questioning of human existence while maintaining the same high level of protection against bots.