Photographer: Gilles Cohen
Tiphaine Romand-Latapie is leading a team of hackers at Airbus. Tiphaine’s first love is cryptography. She previously worked as a telecommunications operator Orange, where she was in charge of new product security. Tired of meetings full of misunderstandings, she decided to 1) record the most absurd quotes she heard, and 2) design a role playing game to teach people about the basic principles of infosec that she published in 2016 at BHUSA. She likes to be the translator between the highly technical security team and the rest of the world.
If you had to choose one event that led you to work in information security, what would it be and why?
Tiphaine Romand-Latapie: I studied Mathematics applied to Computer Sciences, and during those studies, I discovered Cryptography. It was really my first glance at infosec, and I loved the technical challenges and the cat and mouse game that you find in infosec.
Why do you like working in the information security environment?
Tiphaine Romand-Latapie: There are so many reasons. First, you are in a position to help people. Second, you work with everyone, discovering so many different jobs or technology in the process. This leads to the third reason which is the “puzzle” aspect, discovering the way to answer a challenging issue. Finally, I love that you are forced to always put yourself in others’ shoes (what will the attacker do ? Why my business is asking me that? Will my user follow this recommendation? etc.)
If a n00b to the infosec world asked you for a piece of advice, what would it be?
Tiphaine Romand-Latapie: To a n00b entering the professional infosec world, I’d say: the rest of the world doesn’t care about the technicalities (even if they are beautiful and important), your job is to understand those for them. Most of practitioners come in infosec for the technical aspects and find themselves disappointed with their management/client for not caring about them. This makes them feel undervalued when it is not the point at all.
What is the most important issue facing professionals in the information security landscape today? Why?
Tiphaine Romand-Latapie: The gap between what infosec experts consider basic facts and what the rest of the world actually understands. And I am not talking about basic technical facts, but “life facts” like who are the attackers, the diversity of their profiles, what is sensitive information etc. The consequence is that we don’t speak the same language most of the time. It is frustrating for everyone. This is why I have created my role playing game, to make non security-practitioners aware of what we consider basic facts.
What is the most important issue facing consumers in the information security landscape today? Why?
Tiphaine Romand-Latapie: I’ll answer the same than for the previous question. When you don’t really understand why you need security, all infosec seems scary, or useless. The FUD communication doesn’t help at all. We need to teach people to ask themselves the rights questions: what do I want to protect? Against whom? So they feel empowered instead of crushed.
What are your three “guilty pleasures” that have nothing to do with information security?
Tiphaine Romand-Latapie: 1) Reading (I don’t feel very guilty about it) SciFi, Fantasy or Thrillers 2) Taking naps 🙂 3) Taking a day off to be all by myself to regroup (no husband no kid, just me and a book)
What’s your favorite book-to-movie adaptation and why?
Tiphaine Romand-Latapie: Outch, very hard question … the first that came to my mind (maybe because it is recent) is “Arrival”: the film is changing some elements of the story but do not betray at all the spirit of the book in my opinion. And for once, the end was not rewritten in favor of a “happy ending “ .