Security Balance

My name is Augusto Barros (Augusto Quadros Paes de Barros), Brazilian, born in June 1977.

I work with Information Security since 2000, when I started to work for a consulting company called Modulo. Since then I worked not only as a consultant but also as security manager for a Bank, and later as CSO of a BPO Service Provider. I returned to the consulting side on 2007 to work for Tempest Security Intelligence, and now I’m working as a security specialist for a bank at Toronto, Canada.

Since I started on this field I have been expressing my opinions on several matters. In 2003, I coined the term honeytoken during a discussion with other esearchers on the focus-ids mailing list. My last research includes trojan horses and the evolution of botnets. I was also One of the first researchers to demonstrate the “Man in the Browser” class of attacks.

I was president of the Brazilian ISSA Chapter during 2006/2007.

In June 2008 I moved to Toronto to live there. It’s where I am now

Some of my papers, presentations and other remarks:

ISSA Journal – Security Blind Spots – April, 2008.

Simposio Segurança em Informática 2005 (SSI – Information Security Simposium) – The evolution of cryptography systems in authentication schemes of Microsoft Windows (Poster published), November, 2005.

Security Review Magazine – Fechando as Torneiras (“Closing the taps”, Article about data leaks) – August, 2005.

Certinews (Certisign company newsletter) – Ferramentas uteis, mas pouco conhecidas (“ Useful, but unknown tools” – about cryptography) – October,2004.

CSO Online Brasil (IDG) – Honeytokens, O próximo nível dos honeypots (“Honeytokens, honeypots next level”) – August, 2003.

ISSA Journal – Changing Paradigms in Network Security – April, 2003.

Modulo Security Magazine – Falhas de sites vem da cultura do desenvolvimento de aplicações (“Website vulnerabilities come from application development culture”) – 2001.

Modulo Security Magazine – Segurança em Aplicações: entrando em detalhes (“Application Security: going into details) – 2001.

Speaker in several Infosec local and  international events, as:

Black Hat Europe 2007 – New Botnets Trends and Threats – Amsterdam, March 2007.

XIV CNASI Sao Paulo – O futuro dos backdoors – O pior dos mundos (“The future of backdoors: the worst of all worlds” – including proof-of-concept code of malware capabilities seen only in 2008 with the “Silentbanker” Trojan) – Sao Paulo, September 2005.

1^st National CSO meeting – Monitoração Remota (“Remote monitoring”) – Sao Paulo, August 2003.

Linha de Frente – Honeypots e Honeytokens – Reforçando a detecção de intrusos (“Honeypots and Honeytokens – enforcing intrusion detection”) – São Paulo, August 2003.

Active Item writer for the (ISC)² CISSP-ISSAP Exam.

Winner of “Top 3 Best Academic Paper SECMASTER 2005” Award, by ISSA Chapter Brazil.

Nomination for Best Brazilian Information Security Professional at SECMASTER 2003 Award, by ISSA Chapter Brazil.

Winner of “50 Most Influent Infosec People Brazil” Award – 2004 and 2006.