Alumni Discuss Best Practices in Online Cybersecurity
While continuing to concentrate on the St. Michael’s College School (SMCS) Alumni Association’s mandate to connect with the community, the most recent edition of the Alumni Information Series brought seven decades of former students together to learn about best practices for personal cybersecurity.
Featured guest Julian Pileggi ’07, a security engineer at a big tech company and a part-time instructor for the University of Toronto’s cybersecurity boot camp, shared his expertise regarding the risks of technology and methods to best protect yourself.
“I knew my online cybersecurity could be better and I wanted to find ways to improve it. I found the discussion on password length and how it relates to the exposure of sensitive information very interesting," shares Sean Khan ’93, a previous information series featured guest. "I was amazed at how easy it is to have my online security compromised and I will be getting a password manager to reduce the possibility of being hacked. I participate in these events to broaden my skill set and connect with like-minded individuals. The format was helpful because it struck the right balance between formal instruction and a conversational exchange of information.”
“I attended this session to have a better understanding of how to manage the many security facets of this online world,” shares Susan Gubasta, parent of a Grade 9 SMCS student. “Passwords, who knew it was more than just the complexity of the password. I didn’t learn just one thing, I learned many things that we can incorporate not only in our personal lives, but in my own business.”
Pileggi has spent his career in cybersecurity consulting, helping organizations that were breached to locate the attackers in their environment, figure out what they did, and determine how to remove them.
“Julian Pileggi was highly knowledgeable and experienced and transmitted his knowledge skillfully. The talk was highly useful, and at the same time, a showcase for St. Mike's, where the seeds for so many exemplary careers, such as Julian's, start to grow,” says Jerry Radziuk ’65. “The format of the event suggested that the talk would contain a lot of information about cybersecurity, usually scattered, in one place and in a palatable form. I was not disappointed.”
Pileggi began the discussion with tips on creating complex passwords that are difficult to crack, and how the length of the password is much more important than capital letters, numbers, and special characters. He recommended users access any of the password management tools which allow users to both generate passwords and store them securely. Some of the commercial tools also allow features such as family accounts that can share password vaults with loved ones in case of emergency or illness. In addition to password managers, Pileggi discussed how Two Factor Authentication (2FA) or Multi-Factor Authentication (MFA) mechanisms can drastically improve the level of security on the account.
“My son, Luca, (currently in Grade 10) and I have attended several virtual information series, I have always been impressed with the caliber of presenters and the relevance and timeliness of the topics of discussion,” shares Vince A. Pileggi ’83. “This session on cybersecurity was no exception. Julian’s expertise in cybersecurity was abundantly evident. He provided us with numerous strategies to mitigate online vulnerabilities in a clear and concise manner.”
It was surprising to attendees that using payment capabilities like Apple Pay/Google Pay are secure and offer benefits over traditional credit cards. Pileggi explained how the implementation is done securely, and to make a payment, it requires some form of password, FaceID, or TouchID to authorize it. The actual card number is not sent to the merchant, so there is a reduced risk of exposing credit card details. In contrast, a lost or stolen credit card could simply be tapped on a point-of-sale terminal to make unauthorized purchases.
“One of the most interesting things Julian mentioned was the convenience and security of using Apple Pay. I thought having your credit card on your phone or in the hands of Apple was less secure than using the PIN pad at the register. I will definitely be adding this payment strategy to my cybersecurity tactics,” shares Alexander Mayhew ’14, frequent information series attendee. “I wanted to participate in tonight's discussion because this was a topic everyone touches on, but no one really knows what it's about and how aggressively it's changed in the past few years.”
Another popular discussion focused on internet-connected smart devices. Pileggi stated the importance of reviewing all the security settings in the device and changing any default usernames/passwords and disabling any unnecessary features. He added that a good second step, after changing default usernames and passwords, is to connect your devices to a ‘guest network’ within the home Wi-Fi environment, making sure that the regular and guest networks have encryption enabled.
“I hope that attendees were able to take away some practical steps to improve their personal online cybersecurity. I wanted to ensure my fellow alumni were able to get some useful information on how to be more secure and have the opportunity to ask questions and engage with someone in the cybersecurity industry,” shares Julian Pileggi. “I really enjoyed participating in the session and thought that moderator Matt Montemurro ’05 did an excellent job leading the conversation.”
Plans are underway for the next Alumni Information Series on the topic of financial literacy, details will be available soon.