“I worked with Christiaan at Google while I was supporting the sign in and security product team. Christiaan’s deep understanding of security technology and his ability to quickly analyze system flows to detect problem triggers is truly exceptional. I learned a lot from him. I can highly recommend Christiaan as a product leader with a true passion for his work.”
About
In 2009 I co-founded financial services security company, Entersekt. I have since moved…
Activity
-
Corporate board members take note: In 2020, attackers bypassed Twitter's internal MFA and used staff credentials to access Twitter’s internal…
Corporate board members take note: In 2020, attackers bypassed Twitter's internal MFA and used staff credentials to access Twitter’s internal…
Liked by Christiaan Brand
-
Greetings from the future! Time is short, but I’m allowed to reveal just one crucial insight before I am snatched back to the future: if your…
Greetings from the future! Time is short, but I’m allowed to reveal just one crucial insight before I am snatched back to the future: if your…
Liked by Christiaan Brand
-
Putting on my personal OSS developer hat for a sec, a HUGE thank you to Platinum sponsor Okta and Gold sponsor Authsignal for sponsoring…
Putting on my personal OSS developer hat for a sec, a HUGE thank you to Platinum sponsor Okta and Gold sponsor Authsignal for sponsoring…
Liked by Christiaan Brand
Experience
-
-
-
-
-
-
-
-
-
Education
-
-
-
Golden Key International Honour Society
Publications
-
Retiring One Time Passwords for good
PaymentsSource
See publicationSecurity breaches at trusted global corporations, such as Target and eBay are becoming a regular occurrence. Valuable customer data serves as a new currency of sorts for fraudsters, prompting the digital underground to stage well thought out attacks on a scale previously unheard of.
-
Who are you? The impact of security breaches on authentication
(IN)Secure Magazine
See publicationAs businesses that rely on the Internet continue reeling from the recent Heartbleed bug incident, the question remains when, not if, another SSL bug will emerge and wreak havoc on Internet users.
-
Traffic Class Prediction and Prioritization on a Diversified IP Network Using Machine Learning
GLOBECOM Workshops, 2009 IEEE
As more homes are becoming broadband enabled, a huge strain is placed on the underlying IP infrastructure. In being able to predict the types of traffic that nodes might generate, preference can be given to high priority, latency sensitive traffic. Traditionally, a home had a single computer utilizing a link to the Internet. In recent years this single computer was replaced by a multitude of smart devices with the same ultimate goal: embedding the user into the social fabric of the Internet…
As more homes are becoming broadband enabled, a huge strain is placed on the underlying IP infrastructure. In being able to predict the types of traffic that nodes might generate, preference can be given to high priority, latency sensitive traffic. Traditionally, a home had a single computer utilizing a link to the Internet. In recent years this single computer was replaced by a multitude of smart devices with the same ultimate goal: embedding the user into the social fabric of the Internet. With the home still connected via a single link, these nodes are all contending for bandwidth and a novel QoS scheme is needed. In this paper, various models characterizing packet flow on a network will be developed. These are subsequently used to predict as accurately as possible, the immediate future traffic classes to be expected from nodes. This will eventually be used as a dynamic QoS criteria for pre-emptively assigning transmission slots to specific hosts. A number of techniques to accomplish this important task of node traffic pattern prediction, are presented. Lastly, evaluation of our approach, based on an 802.11b/g SOHo implementation, is also covered.
Other authors -
-
The Development of an ARM-based OBC for a Nanosatellite
University of Stellenbosch
See publicationNext-generation nanosatellites are becoming a very cost effective solution to gain access to space. Modern manufacturing technology together with low power low cost devices makes the development of nanosatellites, using standard industrial components, very attractive. A typical nanosatellite will have only one microprocessor, capable of performing all the computing tasks onboard the satellite - housekeeping, AODC (Attitude and Orbit Control) and instructing the different payloads aboard the…
Next-generation nanosatellites are becoming a very cost effective solution to gain access to space. Modern manufacturing technology together with low power low cost devices makes the development of nanosatellites, using standard industrial components, very attractive. A typical nanosatellite will have only one microprocessor, capable of performing all the computing tasks onboard the satellite - housekeeping, AODC (Attitude and Orbit Control) and instructing the different payloads aboard the satellite. One of the major requirements was to choose a processor from a dominant manufacturer in the market that will still be available for future satellite missions. Just as the 8051 dominated the 8-bit market, the ARM7 processor is fast becoming a market leader in the segment for 16-bit applications. ARM processors has also been used much in handheld devices in recent years - which emphasize the low power requirements and stability of these processors in embedded applications. This thesis investigates the different processors that are currently available. A complete system design is done, taking into account all the different modules needed onboard a very small Low Earth Orbit (LEO) satellite. Finally, some test results are given showing how this system can be reliably used onboard a nanosatellite in future.
Patents
-
Identifying A Mobile Computing Device
Issued US 9,942,757
A mobile computing device, such as a cellular telephone or cellular network capable tablet or PDA, can be identified by a phone number associated with the mobile computing device. A mobile computing device can include a Subscriber Identity Module (SIM) card that can be used to identify the mobile computing device and to connect the mobile computing device to a communications network operated by the communications carrier or another communications carrier. The SIM card can include memory for…
A mobile computing device, such as a cellular telephone or cellular network capable tablet or PDA, can be identified by a phone number associated with the mobile computing device. A mobile computing device can include a Subscriber Identity Module (SIM) card that can be used to identify the mobile computing device and to connect the mobile computing device to a communications network operated by the communications carrier or another communications carrier. The SIM card can include memory for storing an International Mobile Subscriber Identity (IMSI). The IMSI can be used to identify the mobile computing device. A computing system can use the IMSI to request device authentication values and/or a phone number for the mobile computing device from a carrier associated with the mobile computing device.
Other inventors -
-
Secure transaction authentication
Issued US 8862097
A method and system for authenticating secure transactions between a transacting user and a secure transaction host is provided. The system includes a mobile phone software application installed on a transacting user's mobile phone which is configured to compose a digital fingerprint uniquely associated with the specific mobile phone on which it is installed. The system further includes an authentication service provider with which users of the system may be enrolled by registering at least the…
A method and system for authenticating secure transactions between a transacting user and a secure transaction host is provided. The system includes a mobile phone software application installed on a transacting user's mobile phone which is configured to compose a digital fingerprint uniquely associated with the specific mobile phone on which it is installed. The system further includes an authentication service provider with which users of the system may be enrolled by registering at least the digital identifiers composed by the applications installed on their mobile communication devices in an authentication database. The authentication service provider is configured to authenticate secure transactions on request from secure transaction hosts by sending transaction confirmation requests to mobile phones of enrolled users requiring them to confirm or deny secure transactions before such transactions are allowed to be finalized.
Other inventors -
-
Mobile handset identification and communication authentication
Issued US 8707029
A system and method for authenticating a communications channel between a mobile handset associated with a user and an application server, for uniquely identifying the mobile handset and for encrypting communications between the mobile handset and the application server over the communication channel is provided. The system includes a certificate authority configured to issue digital certificates to the handset and the application server, as well as software applications operating on both the…
A system and method for authenticating a communications channel between a mobile handset associated with a user and an application server, for uniquely identifying the mobile handset and for encrypting communications between the mobile handset and the application server over the communication channel is provided. The system includes a certificate authority configured to issue digital certificates to the handset and the application server, as well as software applications operating on both the handset and application server. The digital certificates may be used by the handset and application server to uniquely identify one another as well as to exchange encryption keys by means of which further communication between them may be encrypted.
Other inventors -
-
Batch transaction authorisation
Filed US US 20150006392
See patentA method and system for conducting batched transaction authorisations from a mobile device is disclosed. The method includes transmitting a batched transactions list including details of multiple transactions loaded against an account and awaiting authorisation, to the mobile device, over a secure connection between an authentication server and the mobile device, and receiving a batched transaction authorisation message from the mobile device over the secure connection including a positive or…
A method and system for conducting batched transaction authorisations from a mobile device is disclosed. The method includes transmitting a batched transactions list including details of multiple transactions loaded against an account and awaiting authorisation, to the mobile device, over a secure connection between an authentication server and the mobile device, and receiving a batched transaction authorisation message from the mobile device over the secure connection including a positive or negative authorisation result in respect of two or more of the transactions in the batched transaction list, each authorisation result in the batched transaction authorisation message having been individually signed with a private key associated with a unique digital certificate of the mobile device.
Languages
-
English
Native or bilingual proficiency
-
Afrikaans
Native or bilingual proficiency
Organizations
-
FIDO Alliance
-
- Present -
IEEE
-
- Present
Recommendations received
5 people have recommended Christiaan
Join now to viewMore activity by Christiaan
-
Secure by design takes dedication and years of hard work to get the balance right between velocity and safety. Read a bit about @Google’s commitment…
Secure by design takes dedication and years of hard work to get the balance right between velocity and safety. Read a bit about @Google’s commitment…
Liked by Christiaan Brand
-
Learned a ton and met so many impressive FIDO enthusiasts last week at Authenticate 2024, where the FIDO Alliance showcased groundbreaking…
Learned a ton and met so many impressive FIDO enthusiasts last week at Authenticate 2024, where the FIDO Alliance showcased groundbreaking…
Liked by Christiaan Brand
-
This week, Google stores in New York City and Mountain View held interactive events for consumers to learn about tools they can use to protect their…
This week, Google stores in New York City and Mountain View held interactive events for consumers to learn about tools they can use to protect their…
Liked by Christiaan Brand
-
Wat n voorreg om hierdie saam met jou te launch. Hoofstuk 1 ✅ Nog hope om te kom.
Wat n voorreg om hierdie saam met jou te launch. Hoofstuk 1 ✅ Nog hope om te kom.
Liked by Christiaan Brand
-
We had a blast 🚀 at last night’s #Authenticate2024 Passwordless Party! Share your favorite moments and tag us in your posts. We can’t wait to see…
We had a blast 🚀 at last night’s #Authenticate2024 Passwordless Party! Share your favorite moments and tag us in your posts. We can’t wait to see…
Liked by Christiaan Brand
-
Proud to work alongside Google’s Heather Adkins and her ongoing commitment to building a more secure future. Read more about her great work and…
Proud to work alongside Google’s Heather Adkins and her ongoing commitment to building a more secure future. Read more about her great work and…
Liked by Christiaan Brand
-
Congratulations to the research team from Stellenbosch University's Department of Electrical and Electronic Engineering who has won the 2023 Van…
Congratulations to the research team from Stellenbosch University's Department of Electrical and Electronic Engineering who has won the 2023 Van…
Liked by Christiaan Brand
-
Well, my #Authenticate2024 started with the FIDO Feud. Our team decided to wear pink in honor of Breast Cancer awareness month. Thank you for being…
Well, my #Authenticate2024 started with the FIDO Feud. Our team decided to wear pink in honor of Breast Cancer awareness month. Thank you for being…
Liked by Christiaan Brand
-
Let's keep the #passkeys momentum going! #Authenticate2024
Let's keep the #passkeys momentum going! #Authenticate2024
Liked by Christiaan Brand
-
Google is onstage at Authenticate discussing passkeys. The second point on the slide - credential managers are the root of trust - is absolutely…
Google is onstage at Authenticate discussing passkeys. The second point on the slide - credential managers are the root of trust - is absolutely…
Liked by Christiaan Brand
-
Exciting News: I've Joined SPIRL, the workload identity company! It is a great privilege to join the SPIRL team - a team of passionate, trail…
Exciting News: I've Joined SPIRL, the workload identity company! It is a great privilege to join the SPIRL team - a team of passionate, trail…
Liked by Christiaan Brand
-
Thrilled and honoured to share that our team has received the 2023 IEEE CSC Van Duzer Award! It's been an incredible journey collaborating with such…
Thrilled and honoured to share that our team has received the 2023 IEEE CSC Van Duzer Award! It's been an incredible journey collaborating with such…
Liked by Christiaan Brand
Other similar profiles
Explore more posts
-
Netography
Enable your multi-cloud Zero Trust security posture and other trust boundary controls with Netography Fusion. 🔐 The Fusion platform detects activity that should never happen anywhere in your modern network, in real-time. It's a 100% SaaS security observability platform designed to deliver a very low number of high-fidelity, high-confidence alerts that your security, network, and cloud operations teams can act on. In his blog post, Netography's Patrick Bedwell shows you how the Fusion platform can help you take some of the pain out of your Zero Trust architecture (ZTA) project, wherever you are on your ZTA journey. https://okt.to/qDQ6Rc #ZeroTrust #ZeroTrustArchitecture #ZTA #cloudobservability
-
Jonathan Care
BingoMod: the clean sweep RAT "At the end of May 2024, the Cleafy TIR team discovered and analysed a new Android RAT. Since we didn't find references to any known families, we decided to dub this new family BingoMod. The main goal of BingoMod is to initiate money transfers from the compromised devices via Account Takeover (ATO) using a well-known technique, called On Device Fraud (ODF). It aims to bypass bank countermeasures used to enforce users’ identity verification and authentication, combined with behavioural detection techniques applied by banks to identify suspicious money transfers. After installation on the victim’s device, BingoMod leverages various permissions, including Accessibility Services, to quietly steal sensitive information, including credentials, SMS messages, and current account balances. In addition, the malware is equipped with active features that allow it to conduct overlay attacks and remotely access the compromised device using VNC-like functionality. After a successful fraudulent transfer, the infected device is typically wiped, removing any traces of BingoMod activity to hinder forensic investigations. Another interesting element that emerged during the BingoMod investigation is related to target devices, which include three languages: English, Romanian, and Italian. At the time of writing, BingoMod is in a development phase, where developers are experimenting with obfuscation techniques to lower its detection rate against AV solutions. From the whole sample collected, what has emerged is the will to try multiple anti-analysis configurations rather than making the malware more complex in terms of functionalities. According to the comments identified within the malware code, developers may be Romanian speakers."
-
Ron F. Del Rosario
Andrew Ng’s take on California's proposed law SB-1047 is spot on: “There are many things wrong with this bill, but I’d like to focus here on just one: It defines an unreasonable “hazardous capability” designation that may make builders of large AI models potentially liable if someone uses their models to do something that exceeds the bill’s definition of harm (such as causing $500 million in damage). That is practically impossible for any AI builder to ensure. If the bill is passed in its present form, it will stifle AI model builders, especially open source developers. Some AI applications, for example in healthcare, are risky. But as I wrote previously, regulators should regulate applications rather than technology. Technology refers to tools that can be applied in many ways to solve various problems.Applications are specific implementations of technologies designed to meet particular customer needs. Safety is a property of applications, not a property of technologies (or models), as Arvind Narayanan and Sayash Kapoor have pointed out. Whether a blender is a safe one can’t be determined by examining the electric motor. A similar argument holds for AI.” #publicpolicy #policy #ai #machinelearning #ml #compliance #technology #society #sb1047 #opensourcesoftware #oss
-
The Hacker News
How much time does your security team waste on false positives? Inefficiencies in threat detection can drain your security resources and leave real threats unaddressed. Material Security clusters similar threats, simplifying investigation and remediation, saving hundreds of hours. Learn more: https://lnkd.in/gMx9Fuy9 #cybersecurity #infosec
2 Comments -
Blockchain Realm
Rounding Issue Exploits Exploits Targeting Newly-Deployed Lending Pools: There's been a recent surge in exploits targeting newly-deployed lending pools, particularly noted towards the end of 2023. These incidents predominantly impact pools in an uninitialized state, enabling attackers to manipulate the liquidity index of collateral assets significantly. Consequences of Manipulation: The manipulation of liquidity indices allows for the exploitation of rounding errors during withdrawals, resulting in attackers extracting nearly double the intended tokens in certain instances. As of 2024, these attacks have led to losses exceeding $8.4 million. Examples of Exploits: The Kyberswap incident illustrates how attackers exploit imprecision in tick-liquidity mapping, leading to erroneous counting of liquidity and subsequent fund draining from the aggregator. Similarly, the Starlay Finance incident on the Acala Network on 8th February demonstrated an exploit through a rounding issue, causing inflation of the reserve liquidity index and resulting in substantial losses. Root Vulnerabilities: Vulnerabilities stem from the use of certain Solidity math libraries like rayDiv math or tick math, which may not adequately address the complex mechanics of specific DeFi protocols. Minor rounding discrepancies, usually negligible, can evolve into potent attack vectors, necessitating meticulous attention in smart contract design and deployment within the DeFi ecosystem. Challenges and Solutions: Solidity's computational libraries aren't optimized for high-precision mathematical operations, leaving room for systematic exploitation of rounding errors. Lending projects have begun implementing precautions such as adding liquidity during initialization to mitigate liquidity-index manipulation. However, this solution doesn't entirely eradicate the threat, indicating a persistent challenge in DeFi security. #DeFiSecurity #SmartContractVulnerabilities #LendingPoolExploits #SolidityMathLibraries #RoundingErrorAttacks #CryptoSecurity #BlockchainSecurity KyberSwap Finance Acala Solidity Labs
-
Anshu Gupta
So I reviewed the Trust Center of Perplexity which is trying to raise at 9 Billion Valuation and I have nine observations https://lnkd.in/g8J3tMCc 1. They were founded on August 2022 and still have not gotten their SOC 2 Type 2 report which validates the effectiveness of controls over a period of time. 2. The penetration testing firm they used is decent but given how that firm operates not sure if people who were used, had advanced knowledge of AI system security testing . Would love to see the scope of testing and if it considered all the architectural considerations of AI systems or it was just general WebApp/API testing. 3. The Audit firm they have used for their SOC 2 is decent (they have the same auditor as OpenAI) but when we are talking Billions with a B, I would have loved to see a Big 4 firm doing the audit (same observation for OpenAI) 4. I would have liked them to already have or working towards ISO/IEC 42001:2023 (Information technology — Artificial intelligence — Management system). Maybe they are already working on it. 5. They are using models from OpenAI and Anthropic. I don't see any language on independent model safety testing from them. It seems they are relying on model safety testing from the underlying model providers. 6. They say that they use Claude from Anthropic but Anthropic is not listed in the list of sub processors so most probably they are using Amazon Bedrock which makes Frontier Models available via an API. 7. All their sub-processors including AWS and OpenAI, list US-East 1 as their data location so geo-redundancy might be a concern. 8. They don't seem to have a responsible disclosure or a bug bounty program. 9. They have no one working there, with security in their title. One person started there last week to do GRC.
14 Comments -
Gigamon
DYK: The Deep Observability market is projected to grow from $570M to $2.1B over the next four years 📈. Why? You can’t protect what you can’t see! 🔍 Dive into this report to learn about the Gigamon #DeepObservability Pipeline, competitors, and trends. Download now to stay ahead! https://ow.ly/aNF550SICMw
-
Gigamon Partners
DYK: The Deep Observability market is projected to grow from $570M to $2.1B over the next four years 📈. Why? You can’t protect what you can’t see! 🔍 Dive into this report to learn about the Gigamon #DeepObservability Pipeline, competitors, and trends. Download now to stay ahead! https://ow.ly/aNF550SICMw
-
Keyfactor
Download the 2024 Frost Radar™ report to get an unbiased look comparing 9 leading PKIaaS vendors. What’s in the Report? ✅ Understand why PKI as a Service is a strategic imperative. ✅ Learn the core capabilities to evaluate when choosing a PKIaaS solution. ✅ Gain insights into the top PKIaaS vendors in the market. ✅ Discover why Keyfactor stands out as the premier choice. Download the report now: https://okt.to/fc0PVY #PKI #PKIaaS #DigitalTrust #Cybersecurity
1 Comment -
Martin Duffy
Folks the recent “security issue” at OpenAI was an adversary who gaied access to a dev/internal discussion area(lots of questions to consider there) But let’s talk about what’s really important which is the three kinds of data OpenAI and, to a lesser extent, other AI companies created or have access to: high-quality training data, bulk user interactions, and customer data. The vast majority not directly owned by them. Consider the value and the reach they give OpenAI and indeed anyone who would gain access to this data when you use the services and do so with the proper controls and considerations…. /M
-
Tristan Gardner
ezWarrant is an app that connects officers directly with an on-call judge to process, sign, and submit search warrants within a short time frame. This eliminates travel and saves time and resources. Details: 🌐 Web-based 📲 Electronic Signing / Document Filing 📄 Preloaded Warrant Templates 🔔 Automated Notifications via (Text, Voice Call, or Email) 🗂️ Recorded Call or Video Swear-Ins 🙌 Unlimited Law Enforcement, Prosecutors, and District Attorneys 🔒 Is it secure? The system is completely cloud-based and hosted in the Amazon Web Services (AWS) government cloud. Documents stay in the secure portal, not in email inboxes, on fax machines, or carried by pigeons. 🤔 What about returns? Sealing? We got that, too. Upload the return documents to the search warrant sent from the court to create a "packet" to sign and send back. Additionally, sealing processes are built in to keep sensitive warrants secure. ⚖️ Can the District Attorney or Prosecutor Review it? Of course. Courts can allow the submitting officer to choose to submit for review first or send it directly to the Judge. Courts may also require that all documents be approved by the prosecutor before the Judges see the template. Prosecutors can even make changes and send them back to the officer. Ready for a FREE trial of ezWarrant for your court? Contact us at [email protected] #ezJustice #ezWarrant #CourtTech #LawEnoforcement #JudicialTech #CourtTech
-
TandemTrace
Recent data from Splunk found that: > Security analysts spend an average of 3 hours on alert investigations. > 41% of alerts are ignored because analysts don’t have the time to process them. > Mean time to respond to incidents is 15.5 hours. That’s not as bad as a few years ago, but certainly not where we need to be. If you feel the same, reach out to learn more about how to solve these big challenges - https://tandemtrace.ai/
1 Comment -
Alon Gal
Microsoft reveals four OpenVPN flaws leading to potential RCE and LPE - these flaws require credentials which are very common in Infostealer infections. It’s time to deal with the fact that “but you need credentials to do x” is no longer an argument when you just need one employee’s openVPN access to get RCE, especially when in big companies you have hundreds of employees infected by Infostealers. Just for the keyword “openvpn” I’m seeing 10,000,000 occurrences in Hudson Rock’s database (https://lnkd.in/deU59cgZ) Long story short - hackers will have a field day with this one. Article via BleepingComputer - https://lnkd.in/dK73rasA
2 Comments -
Julie Tsai
this is pretty disturbing - it looks like self-dealing where the fox is guarding the henhouse: * co-author of this bill stands to profit from providing exactly the services the bill is requiring AI companies to use * undercuts the ability of the community to self-police by making AI startups auditing costs a huge barrier to entry to even be in the market. eliminating open-source benefit where "many eyes make all bugs shallow." * this would also starve away the opportunity for the open source community to develop transparent standards for safeguarding AI and make the evolution of safety and security standards for it an insider game of lobbying and gatekeeping for profit
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Christiaan Brand
-
Christiaan Brand
-
Christiaan Brand
--
-
Christiaan Brand
-
Christiaan Pieter Brand
Aspiring Industrial Psychologist / Psychometrist
13 others named Christiaan Brand are on LinkedIn
See others named Christiaan Brand