As technology and software become more and more important to Portuguese society, it is time for Portugal to take them more seriously, and become a real player in that world.

1. Hacking Portugal
Dinis Cruz
Lisbon, 29 Nov 2016

2. Making Portugal a global player
in software development

3. I’m Portuguese ,
living in London for 20 years
Application Security consultant
and mentor (SMEs, FTSE 100)
Very technical with developers
very pragmatic with management
very strategic with boards

4. Extended version
• Book:
https://leanpub.com/hacking-portugal
• BSidesLisbon Keynote (103 slides)
https://github.com/DinisCruz/keynote-bsideslisbon/issues
• GitHub repo
https://github.com/DinisCruz/keynote-bsideslisbon
• All content released under
Creative Commons (CC BY 4.0)
• Even more ‘interesting’ ideas :)

5. Hacking Portugal
• As technology and software becomes more and more
important to Portuguese society it is time to take it
seriously and really become a player in that world.
• Application Security can act as an enabler, due to its
focus on how code/apps actually work, and its enormous
drive on secure-coding, testing, dev-ops and quality.
• This presentation will provide a number of paths for
making Portugal a place where programming, TDD,
Open Source, learning how to code, hacking and
DevOps are first class citizens.
5

6. Key concepts
6
• Portugal has sovereignty over it’s cyber network
• Portugal network and applications are NOT secure
• it’s safe due to lack of attackers
• the problem are criminals and their evolving business models
• Hacking is good and everybody should hack
• Portugal can become a leader in cyber and Application
Security
• Portugal should strategically embrace Open Source and
Creative Commons
• Government is key player in innovation and infrastructure
• Use Risk Workflows and Data to expose reality (and insure it)

7. Key suggested ideas
7
• Make Portugal's internet a hostile place to create, publish, and
host insecure applications and IoT appliances
• Create Ministry of Software
• Portuguese Hacking Service (instead of ‘Servico Militar Obrigatorio’)
• Portuguese Hackathon League
• Bug bounties for everything inside Portuguese cyber network
• Clear Software Act
• Software Testing Institute
• ASAE for Code
• Create ‘Code Made in Portugal’ brand
• All code created and bought by Government is Open Source
• Open Source Portuguese code

8. Portuguese Network to be
hostile to insecure code

9. Allergic to insecure code
• Make Portugal’s internet a hostile place to create,
publish, and host insecure applications and IoT
appliances
• Portugal has sovereignty over it’s network, it can pass
laws to protect it
• Supported by an collaborative commons
• Strong enforcement, regulation and market pressure
9

10. Attack vulnerable code
• I want vulnerable apps and appliances that are plugged
into the PT national network to be hacked within seconds
• Hacked by good guys who are trying to help, by fixing or by
disabling
• Mandate from government to authorise hacking to vulnerable
devices (computers, routes, IoT) and fix them
• This mandate is ‘given’ to us by the manufacturers, once
they push apps/code with vulnerabilities
10

11. Next generation of internet users
• We can’t allow them to:
• fear the internet
• allow fear to govern their actions
• lose trust on the Internet via repeated negative experiences,
for example:
• identity/credentials stollen
• maliciously hacked doll or light bulb
• malicious ‘trusted’ website attacks their computer
• lose control of email account or other online account
• car or phone malfunction
• ransomware attacks on files, doorknobs, fridges or even hospitals
11

12. Hackers

13. Hacking created the Internet
• It is important to state that hackers are the good guys.
• ‘Hack’ is to solve problems, to find innovative solutions in
a creative way.
• The press abuses the term ‘hacker’.
• Instead, they should qualify the word by saying ‘Malicious
Hackers’ or ‘Cyber Attacks’ or ‘Cyber Criminals’.
• The internet and just about most of the technology we
use today was dreamed and created by hackers
13

14. Hacker’s values
• The Software, InfoSec and Hacking community has a
strong ethical foundation, based on the following
qualities:
• sharing
• respect
• friendship
• trust
• non-discrimination
• humanity and companionship
14

15. Inspire next generation
• We want to inspire the next generation with these values.
• it is very important to have frames of reference for things that
work
• we need to provide an alternative narrative to the current
mainstream narrative of ‘lies’, ‘non-experts-welcome’ and
‘infotainment’.
15

16. Securing our future
• The ‘hackers’ that grow-up creating distributed bots to attack
insecure apps/code/appliance in the PT network (as part of the
Portuguese Hacking Service) …
• … are the same ones who will create a ’distributed peer-to-peer
drone network, to combat fires in Portugal’
• … or the ones that will create technology to sell Portuguese
products around the world
• … or the ones that will make Portugal a leader in alternative
energies
• … or the ones that will develop innovative financial services or
even currencies
• … etc…
16

17. Privacy and Liberty

18. Defend privacy
• Privacy and Anonymity are human rights
• All should be innocent until proven guilty.
• The US and the NSA redefined the notion of surveillance to
be ‘looking at data’, rather than ‘capturing data’.
• Large tech companies’ business models are often based
on their users having no, or reduced privacy
• Governments are actively making the internet less secure in
order to continue to easily access user’s data
• There is space for new global players that play by different
rules
• namely rules that defend the individual and civil society
18

19. “Arguing that you don’t care about
the right to privacy …
…because you have nothing to hide,
…is no different than saying that you
don’t care about free speech,
… because you have nothing to say”
(who said this?)

20. Cryptography
• Cryptography underpins Privacy which is essential for human
dignity
• Cryptography is a public service and capability. It is crucial to
protect user data
• Cryptography also has an excellent tradition of not relying on
security by obscurity, and expecting the attacker to have all
code and encrypted data (the only private data are the
encryption keys)
• Strong cryptography should be seen as a good thing, specially
if it enables the end-user to control their data.
• We need a healthy level of civil disobedience in society, or new
ideas will not get the space to flourish and gain wider
acceptance by society. 20

21. The Need for Disclosure
• We need disclosure of what is going on with technology in
companies.
• Companies today, even Open Source ones, don’t have to offer
full disclosure.
• The market doesn’t work, doesn't reward good, ethical players.
• To change this system, we need to use the power of disclosure
to make Government and companies play fairly and correctly.
• The government could use its purchasing power to define the
rules of engagement,
• … if EU laws don’t allow it, then Portugal should sue the EU :)
• … it’s time we pushed some of our rules and ideas onto the table.
21

22. Whistleblowers have an important role
• Whistleblowers are important because they can make the
markets more efficient.
• Whistleblowers are not needed when public actions, and
statements, match (the real) private actions.
• Of course, there will still be secrets, but in smaller
numbers, and they will be very well protected (as they are
today).
• “When everything is a secret, nothing is a secret”.
22

23. Important concept:
Integrity and availability are much
harder and dangerous than
confidentiality
Compare that with all the current
focus on data privacy or credit
cards leaks

24. Attacking Portugal

25. Cyber crime is the problem
• The real danger is from criminals who use the internet and
vulnerable code for financial gain
• They run highly professional and well staffed operations
• They have great customer service
• They have amazing technical skills (cryptography, peer-to-
peer networks, PaaS, marketplaces)
• Sophisticated business models (getting better all the time)
• Already making millions and billions of euros in revenue
• We need to make Portuguese network hostile to criminal
activity
• Police and Hackers (i.e. civil society) have a big role to play
25

26. Attackers ROI (return on investment)
• What can they do with $100K investment
• buy zero-days
• buy compromised machines inside .pt networks
• buy botnets to be used to attack .pt companies
• How much money
is it worth?
• What is the ROI for the
attacker?
• Who would survive?
26
Cost of to buy an zero day

27. Thank your attackers
• “If the attacker tells you about the attack, they are your
friends”
• The real attackers (namely criminals and nation states)
will not tell you since it is against their own interests.
• Once you know about it, you will find a way to protect it
and fix the vulnerability exploited.
• The positive side effects of any public attack (data
dumps, site defacing, DDoS) are bigger budgets, board-
level attention and demands for security, an increase in
AppSec staff hires, and more collaboration between
‘companies on the defence side of things’.
27

28. How Secure is Portugal?
• How secure and safe are Portuguese companies and
infrastructures?
• Portugal today is a very digital country, and most Portuguese
companies are software companies.
• If you look at how they operate, all of them use software and
controlled by software
• The question is, how secure are they?
• How well can they sustain an attack?
• How well can they detect and react to a possible attack on their
digital infrastructure?
• What is the probability of an attack happening in the short term?
• How safe are they?
28

29. Is Portugal safe?
• Yes!
• Is it secure?
• No!
• Portugal’s Government, Companies and citizens current ‘secure state’
(i.e likelihood of attack is low), depends on:
• A low number of attackers
• A low level of skills of existing attackers
• Unsophisticated business model of existing attackers
• Bottom line:
• Portuguese companies and individuals …
• … are not attacked because they are secure
• … they are not attacked
• … due to lack of ‘commercially focused’ attackers 29

30. The Emperor has no clothes
• To be clear, Portuguese government agencies and companies are NOT
secure, and have many high-risk vulnerabilities and exploitable assets.
• It is very important that we accept this fact so that we can find the
necessary political, economic, educational, and social solutions
• There are no silver bullets or easy solutions, and anyone who says so is a
snake-oil merchant.
• The ideas in this presentation are about making Portugal a player, rather
than being played, and giving Portugal a chance to defend itself, and
improve Portuguese society.
• The worst aspect of our status is that we are not prepared for what is
coming next, in terms of AppSec.
• Our response to terrorist incidents in the past shows how badly we
respond as a society to security incidents for which we are not prepared.
30

31. Think I’m wrong?
• If you don’t believe that Portugal is insecure, then prove me
wrong in your answers to the following questions:
• Where is the evidence of Security and AppSec practices?
• How big is the Cyber/App Security market in Portugal?
• How many threat models are created per week?
• How many lines of code are reviewed for security per week (aka
‘security eyeballs’)? (Bear in mind that secure code reviews are very
different from normal code reviews).
• Security, like Quality, just “doesn’t happen”
• It needs focused effort and strong feedback loops
• The current Portuguese security model is based on
‘Security Fairies magic pixie dust’.
31

32. Don’t worry, you’re safe
• Although these are contradictory concepts, my thesis is
that Portugal is both highly insecure, and, for the
moment, quite safe.
• Portugal is safe is because there are not enough
attackers targeting the current insecurities of the system.
• This will probably remain the case for the next couple of
years.
• The problem is what happens after that, when the
criminals improve their business models and start to
focus on Portuguese assets.
32

33. Be proactive and profitable
• The question is:
Does Portugal want to be like the rest of Europe and get
caught in the crossfire?
• Or does it want to be proactive, and create an industry which could
become very powerful, very effective, and very profitable for
Portugal,
• that could also help to secure Europe and help the world?
• Note that as attackers get more sophisticated they will gravitate to
countries/companies with weaker defences
• Massive worldwide Cyber/AppSec skills shortage today
• Big opportunity for countries like Portugal
33

34. Public health analogy
• Cyber Security is a public health problem
• We should be training cyber/AppSec specialists using
similar techniques to the ones we use to train doctors,
nurses, etc
• We have an epidemic at hand at the moment
• We need to gain immunity
• The decisions that we make in the next couple of years
will determine how well prepared we will be to deal with
wider outbreaks, and how quickly we can learn
34

35. Red or blue pill?
• We need to choose whether the paradigm for cyber
security is one based on:
• the military (offensive, top-down)
• or on public health (defensive, distributed)
• There is a reason why the army is not supposed to be
involved in civil activities such as crowd control or disaster
support
• the military is designed to defend us from our enemies
• police and other civil forces should focus on protecting the
individual
• We need to focus on Defence not on Attack
35

36. Hack like football

37. We are global ‘players’ in Football
• Portugal is one of the best teams in the world
• Portugal is currently 8th in the Fifa world ranking, and we
deserve to be there!
• Why is that?
• Is this an exception or can it be repeated in other
industries?
37

38. Why is Portugal so good at football
• Everybody can play football
• Because our kids play it all the time
• They love it when they play, so they are in the ‘zone’
• most optimal place to learn
• Supported by school’s activities
• Good social rewards and locally community support
• Great support system (to find, select and nurture talent)
• Good financial rewards for a large number of players (not
just the top)
38

39. Let’s do the same for hacking
• Everybody can hack (from the kids, to the unemployed, to
the convicted criminals, to the retired)
• Our kids should be hacking all the time
• They will love it when they hack, so they are in the ‘zone’
• most optimal place to learn
• Support those activities on school
• ‘Caputure the (school) flag’ should be an source of pride
• Provide good social rewards (vs treating them as criminals)
• Create support network to find, select and nurture talent
• There will be good financial rewards for a large number of
hackers (there is a massive skills shortage in our industry)
39

40. Portugal Hackathon League
• Organize Hackathons in Portugal
• Just like we do for Football
• Bring ‘PT Hacking’ teams to DefCon
• sponsored by PT Government and PT Companies
• See these teams as source of pride
• Best way to learn is to be asked to solve a problem from
all sorts of angles (and technologies)
• Solve maths problems using code and graphs (not ‘only’
on paper)
40

41. Portuguese Hacking Service
PHS

42. PHS
• In the past Portugal had a Military Service called ‘Servico
Militar Obrigatorio’.
• We should update this service to the 21st Century, and make
it a Portuguese Hacking Service, for 15 to 21 year olds,
with the following mission objectives:
• hack everything that is plugged-in into PT’s network
• hack companies with public bug-bounties
• code-review Open Source code developed in PT
• code-review code marked as ‘strategic interest for Portugal’ (i.e.
widely used by PT companies and mission critical for them)
• contribute to Open Source projects with patches and fixes
• help SMEs with their digital security and DevOps
42

43. Embrace criminals and elderly talent
• Teach convicted criminals how to hack (in jail or after release)
• good use of their ‘skills’
• give them a career
• show them a way to make money legally
• teach them ethics and the value of collaborating
• most criminals are there due to bad choices or unfortunate events (and
deserve a chance at a better life)
• Encourage retired people to hack
• we lose a lot by not using their expertise (and by not learning from them)
• In the past, the old ones, where the wise ones
• They are engineers, doctors, programmers, teachers, accountants, architects,
parents, etc.
• People grow old, not because of age, but because they stop being mentally
and physically active
43

44. Leader in Application Security

45. Past innovations
• Portugal has a great history of
inventions:
• Carrack (Nau) - the Oceanic Carrack
(a new and different model, and
largest carrack)
• Galleon (the Oceanic Galleon)
• Square-rigged caravel (Round
caravel). …
• The Nonius.
• The Mariner’s astrolabe.
• The Passarola, the first known airship.
• The Pyreliophorus.
• Tempura.

46. Drugs
Decriminalisation
• great success story of what
happens when bold decisions
are made.
• Portugal went from a very high
rate of consumption and
overdose, to one of the lowest
(in 14 years)

47. Portugal as a Leader in AppSec
• Portugal could be a leader in AppSec.
• Portugal has a rich history of providing leading innovators
and ground-breaking researchers in navigation, in
maritime research, and exploration.
• In the same way that Portugal navigated and lead the
seas, Portugal could now an lead in coding.
• Portuguese researchers are highly innovative.
• Let’s follow our great history of leading important change
and discovery.
47

48. “Code Made in Portugal” brand
• Code written in Portugal will make a massive difference
• Key to create supply chains of quality and talent
• Good software development teams (from developers to
management) are one of the most important assets of a company
and country.
• They are the ones who add value.
• They create reality, and ultimately they control your lives.
• “Made in Portugal” is the key for PT economy (and Europe’s
sustainability)
• key objective is to encourage and foment the Portuguese software
industry (which will have massive multiplier in other industries)
• The age of sustainability is upon us, let’s put Portugal in the middle
of it 48

49. What is Portugal the best at
• for PT it says “Portugal - rate - graduating high school”
• we can do better than that
• we should be world leaders in: software, craftsmanship,
cyber security, secure coding, devops, food 49

50. Government

51. Government’s role
• The Government has a big role to play in this
transformation, not as a ‘Command and Control’ entity,
but as a benign influence to level the playing field.
• A major problem at the moment is that many world
governments view technology as a way to exert more
control over their citizens.
51

52. Who controls the world
• The world is dominated by entities and companies who:
• control finance
• control technology
• control networks (made of technology)
• control intellectual property
• Unfortunately for Portugal, it’s strength does not lie in these
areas
• Portugal must challenge the rules of the game
• aligned with its strategy and sovereign interests
• Moving to Open Source values and activities, and embracing
secure coding/hacking will change how this game is played.
52

53. Code is law
• Software is made of Code
• Code is Law (since it defines the ‘rules of the game’)
• Code controls Portugal,
• … which means that Software controls Portugal
• The problem is, Portugal controls very little of the
software it uses
• It is time for Portugal to take control of the software.
• This should be a strategic objective of both Portuguese
companies and the Portuguese government.
53

54. Iterate Exponentially
• All ideas presented should NOT be implemented as a Big Policy or a Big
Vision!
• Anyone who sells a big, expensive solution, that only major companies
can implement, is selling a scam.
• Small changes, and marginal gains, are the right way to implement
DevOps and government policies:
1.Start small
2.Deploy
3.Learn from deployment
4.Make changes (enhance, fix or refactor)
5.Go to step 2, and repeat
• These are the solutions for SMEs, individuals, and small teams who work
on the ground, understand reality, and are accountable to their local
communities.
54

55. Ministry of Software
• Everything is software, i.e. code
• including all DevOps scripts and even things like Firewall rules
• Managed at high level within Government
• PT CTO and CISO
• Create Code For Portugal initiative using a collaborative commons
model (similar to the USA’s @codeforamerica)
• Manage the PHS (Portuguese Hacking Service)
• Commitment to only buy, commission and use applications/websites
that:
• have released their code under Open Source licenses
• have released all their info and schemas under non-restrictive Creative
Commons licenses
• Manage Portuguese bug-bounties and hacking championships
55

56. Clear Software Act
• Clear Software Act, like the ‘Clean Air Act’, but focused on code
quality and security, would go some way to changing the game and
how it’s played.
• Large numbers of our community are resistant to any kind of
regulation, and there are many companies that profit from this
resistance.
• As Upton Sinclair said, “It is difficult to get a man to understand
something, when his salary depends upon his not understanding it”.
• The problem however is not regulation and standards, but bad
regulation and standards.
• Good regulation, in areas like health and environment, has made
major improvements, and we need to do the same for software and
code.
56

57. Software Testing Institute
• We need to measure and visualize the side effects of code,
and we need to measure the ‘pollution’ created by insecure
code and apps.
• We need a focus on Quality and Services, where we want to
encourage innovation and make it easy and cheap to create
(secure) code in Portugal.
• Portugal could adopt, and use testing as a way to leapfrog
more advanced nations.
• A Software Testing Institute would allow us to measure and
capture this information. The work of such an institute should
focus on testing code and apps and creating labels for them.
• Embrace DevOps and Containers movement
57

58. Portugal wide bug bounty
• A Portuguese Software Testing Institute could also include bug-
bounties as a core activity.
• Today, there are bug bounties everywhere, and they are a sign of good
InfoSec and AppSec
• Portugal is already one of the top contributors to global bug bounty
programs
• Is there any public bug-bounties for a Portuguese company?
• Even the Pentagon has a bug-bounty program
• These must be a core activity of both business and government
• Receiving appropriate investment and publicity.
• Crowdsourcing the solution
• Lead the creation of standards and metrics for the Insurance
companies/industry.
58

59. ASAE for code
Autoridade de Segurança
Alimentar e Económica
Authority for Economic and
Food Security

60. When regulation loses the plot
• We need to learn from what worked and what didn’t
work with ASAE
• There was a severe lack of common sense and everything
that is bad with ‘security regulation’
• An ASAE for code mustn’t kill innovation and become a
‘TAX’.
• It needs to empower and reward good behaviour, and
have a common-sense approach to its operations.
• As cyber security gets worse, if we don’t have good,
positive alternatives, an ASAE is exactly what we will get.
This is not a good prospect.
60

61. Insurance
• The insurance industry is key to making this work. It will
push for good metrics to measure secure coding and
secure deployments (i.e. how code/apps/software are
used in the real world).
• It will provide a way to compare companies and
technologies, and this will make the market more efficient.
• Many companies will decide to insure insecure code, and
teams that create insecure code/apps.
• That is ok, as long as that information is disclosed.
• The insurance companies will increase the premiums
depending on how secure an Company or App is
61

62. Code Nationalisation
• Nationalising code is a nuclear option for cases where
companies refuse to share their code.
• It is essential to move to a world where good regulation allows
every line of code that is running and touches our data to be:
• public
• peer-reviewable by independent parties
• compilable by independent parties
• signed
• This not only includes websites and ‘traditional software’, but
also operating systems, device drivers, IoT devices, network
devices, microchips, etc.: in short, anything that can access or
manipulate data.
62

63. 63
• I’m a strong European and I believe in Europe
• But Europe needs to change and refocus on country sustainability
• Portugal should not have to ‘beg’ the EU for funds to support these ideas.
• EU, and other global organisations and companies, should choose to
invest in Portugal because they want to benefit from the perfect storm of
talent, energy, regulation, focus and activities that will exist here.
• They should invest and participate here because it is in their best interests,
and it is where they will get the best return on investment.
• This kind of collaboration and investment is what the EU should be all
about:
• a Collaborative Commons
• a global village
• shared care and respect for each other (and their contributions)
European Union

64. New currencies for southern Europe
• A good solution for the Euro Problem (for weaker
economies like Portugal) is to create alternative
currencies
• We know how to do this now (with blockchain technology)
• Multiple Fintech companies exploring all sorts of business
models and workflows
• These currencies should be 100% compatible with Euro
(so that they work side-by-side)
• Created by next generation of Portuguese Hackers
• Hacking a currency is quite a nice challenge
64

65. Open Source Portugal

66. Openness and transparency are key
• For most of the ideas defended here to work, and not back-
fire even if they create strong command-and-control systems/
environments, we need a very high degree of transparency
and openness.
• This is exactly what the Open Source and Creative Commons
worlds provide.
• OWASP is a good example of an organisation that has a very
strong open model, from what is created, to its governance
and fiscal transparency.
• Git is also a key part of this, since Git enables effective
collaboration, allowing others to contribute, even if they are
direct competitors in other products/services
66

67. Open Source is not communism
• Proven business model with Billion dollar companies
• Used by all major companies and governments in the world
• Proven community model with large successful enterprise
software developed by thousands of developers
• Open Source is not just code
• Open Source (and Creative Commons) is an approach to
how to communicate, live and share
• Embracing open source values makes markets more
efficient, fair and profitable (for a wider group)
• Use Open Source as a way to change the rules of the game
• Its a matter of when not if
67

68. FOSS values
• FOSS (Free and Open Source) programs are a good model to
use, as they allow users to share and collaborate programs.
• They empower users, and could potentially create thousands
of PT based FOSS companies.
• The positive values of Open Sourcing are as follows:
• access to code
• no lock in
• no discrimination
• liquid collaboration
• Of course, using Open Source code doesn’t mean that it will
be perfect.
68

69. Open Source is expensive
• We need companies to sell Open Source code
• The take-up of Open Source will help us to remove the
‘proprietary lock’ of closed software, which creates perverse
incentives and does not allow the peripheral countries (or
players) to have a strong role in the quality and security of that
code.
• Open Source software is not Free
• Any code has a cost and a side effect. Using Open source
code doesn’t mean that you don’t pay for it, it just means that
you pay in other ways than a direct financial transaction.
69

70. OpenSource.pt
• All code written (and paid) for Government agencies to be
released under an Open Source license
• All Government created documents to be released under
Creative Commons
• Portuguese companies to publish their code under Open
Source license, and technical documentation under Creative
Commons
• Pay for Open Source software (in license and per usage)
• The financial model for this needs careful consideration.
• The key is that the makers of Open Source code that is used, should
have a revenue stream equivalent to that use, so that they can spend
more time with that software, and even hire more devs to work on it
70

71. Open the source of Portuguese code
• Government and private companies to create venture
capital funds to buy existing software companies and
Open Source their code
• Those companies should use part of that money to
transform their business model into one based on the
Open Source stack
• they wrote it, so have a massive competitive advantage
• but local companies would also be able to provide those
services
• ROI of investment on PT economy would be much bigger
then amount invested
71

72. Why Portugal

73. Easier in small country
• It is easy on a smaller country, with less agendas and big
lobby groups
• we already have the power to make these changes
• this is an issue of sovereignty and independence
73

74. Big questions and answers
• We are currently faced with big questions and changes on
privacy, liberty, humanity, freedom, work …
• … which are all centered on technology (and secure code),
• … these questions need to be discussed, understood and
addressed:
• there are no perfect solutions
• we need to achieve a workable compromise and make sure we take
the best course of action
• I don’t claim that all my ideas are good, that they will work or are even
all realistic, especially in the current political and economic ecosystem
• but I know that big changes occur when we head in the right direction
and can experiment, adapt, refactor and improve
74

75. Raise the bar of the discussion
• We live in an era where ideas are not debated, experts
are ignored, science is not respected, and lies are
accepted
• this is very dangerous for us …
• … for our kids
• … for Portugal
• I want to discuss and act on ideas (not on events or people)
• we need a better, more informed, more knowledgeable, more
empowered media, to keep the system accountable
75

76. Protect the internet
• The internet is one of the biggest gifts given to humanity
• The first generation made it open and free (in both cost
and freedom)
• Internet’s success is a testament to those decisions and their
values
• Now the time has come for our generation to continue on
their footsteps and keep it that way (for the next
generation)
76

77. Portugal has…
• Strong sense of ethics and community
• Good engineering and math education
• Good ability to ‘solve problems’ (and make it work)
• Learned the hard way what it feels like to be the junior
player (financial markets’ speculation on PT’s economy
helped to create the situation that lead to the EU bailouts)
• we have hit rock-bottom with multiple financial crises and
several a European bailouts
• only way is up
77

78. Our turn to fight for what we believe
• Our parents fought against fascism, against racism, for
pensions, for human rights, for women rights, for rock &
roll, etc…
• it is our turn to realign society and shift the balance of power
• this is about removing control from central organisations
(governments, big companies) and give them to individuals
and collaborative commons
• currently the power is in the hands of who controls the
networks
• It’s time to change that
78

79. What is the future of Portugal
• to be a garden for Europe, a holiday destination
• to be a small pawn in the global forces that control the
world
or
• To work together with CPLP (Community of the
Portuguese Speaking Countries) in an united partnership
• To be a powerhouse that inspires and leads the world in
technology and secure coding
79

80. Sail the code
• Lets use code to create a generation
with strong work ethic and values
• Lets create a new reality for Portugal
• The same way that Portuguese
navigators once looked at the
unknown sea and conquered it
• Our new digital navigators must do the
same with code.
80

81. Thanks

82. Any questions?
• @diniscruz
• dinis.cruz@owasp.org
• http://blog.diniscruz.com/
• https://github.com/DinisCruz
• https://leanpub.com/u/diniscruz
82