|Taking security seriously|
He wanted to know about privacy and how A&A do things. I'll leave him to make an article on that - I have done many before.
But I did like the question on equipment - how do we know that the equipment in our network does not have back doors, do we audit the code somehow or what?
I explained, "we build them", as in PCB design, code from first line of boot, and operating system and Ethernet drivers, and TCP stack and BGP and IPsec and LNS and everything with hardware made in UK (Newbury), so we know... I even explained that the team is small enough that we know we have no NSA/GCHQ moles. He asked if I was one, and I re-assured him that I am not! Good question!
As usual, I think it blew his mind slightly. That, or it made us sound like a bunch of tin foil hat wearers. But FireBrick does take things seriously...