{"id":462,"date":"2019-12-05T21:59:42","date_gmt":"2019-12-05T21:59:42","guid":{"rendered":"https:\/\/www.seven-stones.biz\/blog\/?p=462"},"modified":"2020-02-14T00:23:08","modified_gmt":"2020-02-14T00:23:08","slug":"fintechs-and-security-prologue","status":"publish","type":"post","link":"https:\/\/www.seven-stones.biz\/blog\/fintechs-and-security-prologue\/","title":{"rendered":"Fintechs and Security &#8211; Prologue"},"content":{"rendered":"\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow\">\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.seven-stones.biz\/blog\/fintechs-and-security-prologue\/\">Prologue&nbsp;<\/a>\u2013 covers the overall challenge at a high level<\/li><li><a href=\"https:\/\/www.seven-stones.biz\/blog\/fintechs-and-security-part-one\/\">Part One<\/a>&nbsp;\u2013 Recruiting and Interviews<\/li><li><a href=\"https:\/\/www.seven-stones.biz\/blog\/fintechs-and-security-part-two\/\">Part Two<\/a>&nbsp;\u2013 Threat and Vulnerability Management \u2013 Application Security<\/li><li><a href=\"https:\/\/www.seven-stones.biz\/blog\/fintechs-and-security-part-three\/\">Part Three<\/a>&nbsp;\u2013 Threat and Vulnerability Management \u2013 Other Layers<\/li><li>Part Four \u2013 Logging<\/li><li>Part Five \u2013 Cryptography and Key Management, and Identity Management<\/li><li>Part Six \u2013 Trust (network controls, such as firewalls and proxies), and Resilience<\/li><\/ul>\n\n\n\n<p><span style=\"font-size:26px;font-weight:600\">Fintechs and Security &#8211; A Match Made In Heaven?<\/span><\/p>\n\n\n\n<p>Well, no. Far from it actually. But again, as i&#8217;ve been repeating for 20 years now, its not on the fintechs. It&#8217;s on us in infosec, and infosec has to take responsibility for these problems in order to change. If i&#8217;m a CTO of a fintech, I would be confused at the array of opinions and advice which vary radically from one expert to another<\/p>\n\n\n\n<p>But there shouldn&#8217;t be such confusion with fintech challenges. Confusion only reigns where there&#8217;s FUD. FUD manifests itself in the form of over-lengthy coverage and excessive focus on &#8220;controls&#8221; (the archetypal shopping list of controls to be applied regardless of risk &#8211; expensive), GRC, and &#8220;hacking\/&#8221;[red,blue,purple,yellow,magenta\/teal\/slate grey] team&#8221;\/&#8221;appsec.<\/p>\n\n\n\n<p>Really what&#8217;s needed is something like this (in order):<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Threat modelling lite &#8211; a one off, reviewed periodically.<\/li><li>Architecture lite &#8211; a one off, review periodically.<\/li><li>Engineering lite &#8211; a one off, review periodically.<\/li><li>Secops lite &#8211; the result of the previous 3 &#8211; an on-going protective monitoring capability, the first level of monitoring and response for which can be outsourced to a Managed Service Provider.<\/li><\/ul>\n\n\n\n<p class=\"has-text-align-left\">I will cover these areas in more details in later episodes but what&#8217;s needed is, for example, a security design that only provides the answer to &#8220;What is the problem? How are we going to solve it?&#8221; &#8211; so a SIEM capability design for example &#8211; not more than 20 pages. No theory. Not even any justifications. And one that can be consumed by non-security folk (i.e. it&#8217;s written in the language of business and IT).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Fintechs and SMBs &#8211; How Is The Infosec Challenge Unique?<\/h2>\n\n\n\n<p>With a lower budget, there is less room for error. Poor security advice can co-exist with business almost seamlessly in the case of larger organisations. Not so with fintechs and Small and Medium Businesses (SMBs). <a href=\"https:\/\/www.inc.com\/joe-galvin\/60-percent-of-small-businesses-fold-within-6-months-of-a-cyber-attack-heres-how-to-protect-yourself.html\">There has been cases of SMBs going under as a result of a security incident<\/a>, whereas larger businesses don&#8217;t even see a hit on their share price. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Look For A Generalist &#8211; They Do Exist!<\/h2>\n\n\n\n<p>The term &#8220;generalist&#8221; is seen as a four-letter word in some infosec circles. But it is possible for one or two generalists to cover the needs of a fintech at green-field, and then going forward into operations, its not unrealistic to work with one in-house security engineer of the right background, the key ingredients of which are:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Spent at least 5 years in IT, in a complex production environment, and outgrew the role.<\/li><li>Has flexibility &#8211; the old example still applies today &#8211; a Unix fan has tinkered with Windows. So i.e. a technology lover. One who has shown interest in networking even though they&#8217;re not a network engineer by trade. Or one who sought to improve efficiency by automating a task with shell scripting.<\/li><li>Has an attack mindset &#8211; without this, how can they evaluate risk or confidently justify a safeguard? <\/li><\/ul>\n\n\n\n<p>I have seen some crazy specialisations in larger organisations e.g. &#8220;Websense Security Engineer&#8221;! If fintechs approached security staffing in the same way as larger organisations, they would have more security staff than developers which is of course ridiculous. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">So What&#8217;s Next?<\/h2>\n\n\n\n<p>In &#8220;<a href=\"https:\/\/www.seven-stones.biz\/blog\/on-hiring-for-devsecops\/\">On Hiring For DevSecOps<\/a>&#8221; I covered some common pitfalls in hiring and explained the role of a security engineer and architect. <\/p>\n\n\n\n<p>There are &#8220;fallback&#8221; or &#8220;retreat&#8221; positions in larger organisations and fintechs alike, wherein executive decisions are made to reduce the effort down to a less-than-advisable position:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Larger organisations: compliance driven strategy as opposed to risk based strategy. Because of a lack of trustworthy security input, execs end up saying &#8220;OK i give up, what&#8217;s the bottom line of what&#8217;s absolutely needed?&#8221;<\/li><li>Fintechs: Application security. The connection is made with application development and application security &#8211; which is quite valid but the challenge is wider. Again, the only blame i would attribute here is with infosec. Having said that, i noticed this year that &#8220;threat modelling&#8221; has started to creep into job descriptions for Security Engineers.<\/li><\/ul>\n\n\n\n<p>So for later episodes &#8211; of course the areas to cover in security are wider than appsec, but again there is no great complication or drama or arm-waiving:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Part One &#8211; Hiring and Interviews <\/strong>&#8211; I expand on &#8220;<a href=\"https:\/\/www.seven-stones.biz\/blog\/on-hiring-for-devsecops\/\">On Hiring For DevSecOps<\/a>&#8220;. I noticed some disturbing trends in 2019 and i cover these in some more detail.<\/li><li><strong>Part Two &#8211; Security Architecture and Engineering I <\/strong>&#8211;  Threat and Vulnerability Management (TVM)<\/li><li><strong>Part Three &#8211; Security Architecture and Engineering II <\/strong>&#8211;  Logging (not necessarily SIEM). No Threat Hunting, Telemetry, or Threat &#8220;Intelligence&#8221;. No. Just logging. This is as sexy as it needs to be. Any more sexy than this should be illegal.<\/li><li><strong>Part Four &#8211; Security Architecture and Engineering III <\/strong>&#8211; Identity Management (IDAM) and Cryptography and Key Management (CKM).<\/li><li><strong>Part Five &#8211; Security Architecture and Engineering IV<\/strong> &#8211; Trust (network trust boundary controls &#8211; e.g. firewalls and forward proxies), and Business Resilience Management (BRM).<\/li><\/ul>\n\n\n\n<p>I will try and get the first episode on hiring and interviewing out before 2020 hits us but i can&#8217;t make any promises!<\/p>\n<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Prologue&nbsp;\u2013 covers the overall challenge at a high level Part One&nbsp;\u2013 Recruiting and Interviews Part Two&nbsp;\u2013 Threat and Vulnerability Management \u2013 Application Security Part Three&nbsp;\u2013 Threat and Vulnerability Management \u2013 Other Layers Part Four \u2013 Logging Part Five \u2013 Cryptography &hellip; <a href=\"https:\/\/www.seven-stones.biz\/blog\/fintechs-and-security-prologue\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":473,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[89,1,11,167,41,16,151],"tags":[164,42,166,78,165],"class_list":["post-462","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-careers-in-security","category-general","category-information-risk-managment-strategy","category-information-security-management","category-information-security-skills","category-infosec-strategy","category-security-architecture","tag-fintech","tag-information-security-management","tag-information-security-recruitment","tag-information-security-skills","tag-small-medium-businesses"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Fintechs and Security - Prologue - Security Macromorphosis<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.seven-stones.biz\/blog\/fintechs-and-security-prologue\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Fintechs and Security - Prologue - Security Macromorphosis\" \/>\n<meta property=\"og:description\" content=\"Prologue&nbsp;\u2013 covers the overall challenge at a high level Part One&nbsp;\u2013 Recruiting and Interviews Part Two&nbsp;\u2013 Threat and Vulnerability Management \u2013 Application Security Part Three&nbsp;\u2013 Threat and Vulnerability Management \u2013 Other Layers Part Four \u2013 Logging Part Five \u2013 Cryptography &hellip; Continue reading &rarr;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.seven-stones.biz\/blog\/fintechs-and-security-prologue\/\" \/>\n<meta property=\"og:site_name\" content=\"Security Macromorphosis\" \/>\n<meta property=\"article:published_time\" content=\"2019-12-05T21:59:42+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-02-14T00:23:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.seven-stones.biz\/blog\/wp-content\/uploads\/download.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"266\" \/>\n\t<meta property=\"og:image:height\" content=\"189\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"itibble@gmail.com\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@seven_stones\" \/>\n<meta name=\"twitter:site\" content=\"@seven_stones\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"itibble@gmail.com\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/fintechs-and-security-prologue\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/fintechs-and-security-prologue\\\/\"},\"author\":{\"name\":\"itibble@gmail.com\",\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/#\\\/schema\\\/person\\\/dd7adbe0152f2279b133661b823e0c28\"},\"headline\":\"Fintechs and Security &#8211; Prologue\",\"datePublished\":\"2019-12-05T21:59:42+00:00\",\"dateModified\":\"2020-02-14T00:23:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/fintechs-and-security-prologue\\\/\"},\"wordCount\":924,\"commentCount\":3,\"image\":{\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/fintechs-and-security-prologue\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/wp-content\\\/uploads\\\/download.jpeg\",\"keywords\":[\"fintech\",\"Information Security Management\",\"information security recruitment\",\"Information Security skills\",\"Small medium businesses\"],\"articleSection\":[\"careers in security\",\"General\",\"Information Risk Managment Strategy\",\"information security management\",\"Information Security skills\",\"Infosec Strategy\",\"Security Architecture\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/fintechs-and-security-prologue\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/fintechs-and-security-prologue\\\/\",\"url\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/fintechs-and-security-prologue\\\/\",\"name\":\"Fintechs and Security - Prologue - Security Macromorphosis\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/fintechs-and-security-prologue\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/fintechs-and-security-prologue\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/wp-content\\\/uploads\\\/download.jpeg\",\"datePublished\":\"2019-12-05T21:59:42+00:00\",\"dateModified\":\"2020-02-14T00:23:08+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/#\\\/schema\\\/person\\\/dd7adbe0152f2279b133661b823e0c28\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/fintechs-and-security-prologue\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/fintechs-and-security-prologue\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/fintechs-and-security-prologue\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/wp-content\\\/uploads\\\/download.jpeg\",\"contentUrl\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/wp-content\\\/uploads\\\/download.jpeg\",\"width\":266,\"height\":189,\"caption\":\"banana skin\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/fintechs-and-security-prologue\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Fintechs and Security &#8211; Prologue\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/\",\"name\":\"Security Macromorphosis\",\"description\":\"Ian Tibble&#039;s Security Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.seven-stones.biz\\\/blog\\\/#\\\/schema\\\/person\\\/dd7adbe0152f2279b133661b823e0c28\",\"name\":\"itibble@gmail.com\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4efc9caa4c914912bcf9dd199b33f34a0d42e56752f4f713cd8d0c5416733603?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4efc9caa4c914912bcf9dd199b33f34a0d42e56752f4f713cd8d0c5416733603?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4efc9caa4c914912bcf9dd199b33f34a0d42e56752f4f713cd8d0c5416733603?s=96&d=mm&r=g\",\"caption\":\"itibble@gmail.com\"},\"description\":\"Author of Security De-engineering, CTO at Seven Stones (Indonesia)\",\"sameAs\":[\"http:\\\/\\\/www.seven-stones.biz\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Fintechs and Security - Prologue - Security Macromorphosis","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.seven-stones.biz\/blog\/fintechs-and-security-prologue\/","og_locale":"en_US","og_type":"article","og_title":"Fintechs and Security - Prologue - Security Macromorphosis","og_description":"Prologue&nbsp;\u2013 covers the overall challenge at a high level Part One&nbsp;\u2013 Recruiting and Interviews Part Two&nbsp;\u2013 Threat and Vulnerability Management \u2013 Application Security Part Three&nbsp;\u2013 Threat and Vulnerability Management \u2013 Other Layers Part Four \u2013 Logging Part Five \u2013 Cryptography &hellip; Continue reading &rarr;","og_url":"https:\/\/www.seven-stones.biz\/blog\/fintechs-and-security-prologue\/","og_site_name":"Security Macromorphosis","article_published_time":"2019-12-05T21:59:42+00:00","article_modified_time":"2020-02-14T00:23:08+00:00","og_image":[{"width":266,"height":189,"url":"https:\/\/www.seven-stones.biz\/blog\/wp-content\/uploads\/download.jpeg","type":"image\/jpeg"}],"author":"itibble@gmail.com","twitter_card":"summary_large_image","twitter_creator":"@seven_stones","twitter_site":"@seven_stones","twitter_misc":{"Written by":"itibble@gmail.com","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.seven-stones.biz\/blog\/fintechs-and-security-prologue\/#article","isPartOf":{"@id":"https:\/\/www.seven-stones.biz\/blog\/fintechs-and-security-prologue\/"},"author":{"name":"itibble@gmail.com","@id":"https:\/\/www.seven-stones.biz\/blog\/#\/schema\/person\/dd7adbe0152f2279b133661b823e0c28"},"headline":"Fintechs and Security &#8211; Prologue","datePublished":"2019-12-05T21:59:42+00:00","dateModified":"2020-02-14T00:23:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.seven-stones.biz\/blog\/fintechs-and-security-prologue\/"},"wordCount":924,"commentCount":3,"image":{"@id":"https:\/\/www.seven-stones.biz\/blog\/fintechs-and-security-prologue\/#primaryimage"},"thumbnailUrl":"https:\/\/www.seven-stones.biz\/blog\/wp-content\/uploads\/download.jpeg","keywords":["fintech","Information Security Management","information security recruitment","Information Security skills","Small medium businesses"],"articleSection":["careers in security","General","Information Risk Managment Strategy","information security management","Information Security skills","Infosec Strategy","Security Architecture"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.seven-stones.biz\/blog\/fintechs-and-security-prologue\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.seven-stones.biz\/blog\/fintechs-and-security-prologue\/","url":"https:\/\/www.seven-stones.biz\/blog\/fintechs-and-security-prologue\/","name":"Fintechs and Security - Prologue - Security Macromorphosis","isPartOf":{"@id":"https:\/\/www.seven-stones.biz\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.seven-stones.biz\/blog\/fintechs-and-security-prologue\/#primaryimage"},"image":{"@id":"https:\/\/www.seven-stones.biz\/blog\/fintechs-and-security-prologue\/#primaryimage"},"thumbnailUrl":"https:\/\/www.seven-stones.biz\/blog\/wp-content\/uploads\/download.jpeg","datePublished":"2019-12-05T21:59:42+00:00","dateModified":"2020-02-14T00:23:08+00:00","author":{"@id":"https:\/\/www.seven-stones.biz\/blog\/#\/schema\/person\/dd7adbe0152f2279b133661b823e0c28"},"breadcrumb":{"@id":"https:\/\/www.seven-stones.biz\/blog\/fintechs-and-security-prologue\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.seven-stones.biz\/blog\/fintechs-and-security-prologue\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.seven-stones.biz\/blog\/fintechs-and-security-prologue\/#primaryimage","url":"https:\/\/www.seven-stones.biz\/blog\/wp-content\/uploads\/download.jpeg","contentUrl":"https:\/\/www.seven-stones.biz\/blog\/wp-content\/uploads\/download.jpeg","width":266,"height":189,"caption":"banana skin"},{"@type":"BreadcrumbList","@id":"https:\/\/www.seven-stones.biz\/blog\/fintechs-and-security-prologue\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.seven-stones.biz\/blog\/"},{"@type":"ListItem","position":2,"name":"Fintechs and Security &#8211; Prologue"}]},{"@type":"WebSite","@id":"https:\/\/www.seven-stones.biz\/blog\/#website","url":"https:\/\/www.seven-stones.biz\/blog\/","name":"Security Macromorphosis","description":"Ian Tibble&#039;s Security Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.seven-stones.biz\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.seven-stones.biz\/blog\/#\/schema\/person\/dd7adbe0152f2279b133661b823e0c28","name":"itibble@gmail.com","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/4efc9caa4c914912bcf9dd199b33f34a0d42e56752f4f713cd8d0c5416733603?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/4efc9caa4c914912bcf9dd199b33f34a0d42e56752f4f713cd8d0c5416733603?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4efc9caa4c914912bcf9dd199b33f34a0d42e56752f4f713cd8d0c5416733603?s=96&d=mm&r=g","caption":"itibble@gmail.com"},"description":"Author of Security De-engineering, CTO at Seven Stones (Indonesia)","sameAs":["http:\/\/www.seven-stones.biz"]}]}},"_links":{"self":[{"href":"https:\/\/www.seven-stones.biz\/blog\/wp-json\/wp\/v2\/posts\/462","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.seven-stones.biz\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.seven-stones.biz\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.seven-stones.biz\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.seven-stones.biz\/blog\/wp-json\/wp\/v2\/comments?post=462"}],"version-history":[{"count":19,"href":"https:\/\/www.seven-stones.biz\/blog\/wp-json\/wp\/v2\/posts\/462\/revisions"}],"predecessor-version":[{"id":561,"href":"https:\/\/www.seven-stones.biz\/blog\/wp-json\/wp\/v2\/posts\/462\/revisions\/561"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.seven-stones.biz\/blog\/wp-json\/wp\/v2\/media\/473"}],"wp:attachment":[{"href":"https:\/\/www.seven-stones.biz\/blog\/wp-json\/wp\/v2\/media?parent=462"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.seven-stones.biz\/blog\/wp-json\/wp\/v2\/categories?post=462"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.seven-stones.biz\/blog\/wp-json\/wp\/v2\/tags?post=462"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}