Dan Gavriliu is a seasoned professional with a decade-long tenure at Maxcode, where he has flourished in various capacities. Renowned as a Senior Expert Software Engineer, Technical Lead, and distinguished cybersecurity expert, Dan’s expertise in safeguarding digital ecosystems stands as a cornerstone of his career. His dedication lies not only in crafting user-centric products endowed with optimal performance and economical solutions but also in fortifying them against evolving cyber threats.
Can you share a recent technological innovation or trend that excites you the most?
There are too many to count, the way tech evolves lately seems too big to even grasp. What I do find very appealing is the value passwordless authentication provides. I think it’s especially relevant for two categories of people – those with too many accounts and those that are still learning the ropes of the digital world. For both categories, having an easy to use and secure authentication system across most platforms is extremely beneficial. Online security shouldn’t be about how many complex passwords you know. Technology should make our lives easier.
What role does data privacy play in the development of banking and payment software, and how do you address it?
For any financial software system, I believe trust and compliance are mandatory for a successful product. Consequently, I consider data privacy and protection critical to establishing both trust and compliance. At Maxcode we always use well-defined processes to ensure and evaluate handling data privacy. We continuously improve these processes based on analysis and past experiences, which is why I believe this provides added quality. Some of the aspects I would usually address involve working closely with relevant stakeholders, using appropriate data protection techniques, ensuring transparency for both customers and consumers, and continuous monitoring and improvement.
How do you prioritize user experience while maintaining the highest level of transactional security in your software?
The focus of user experience is on ease-of-use. This seems to collide with the strict security requirements usually found in financial software. However, there is a balance to be found by using strategic planning and adopting appropriate practices across the entire development process. This can start with ensuring a user-focused security design – a simple UI with clear and easy to understand flow (ideally including something like a tutorial for using it). Another key point is the use of modern practices such as passwordless auth, MFA, SSO or E2E encryption that ensure both security and ease-of-use.
What security measures are crucial when developing software for financial transactions?
This is a very large topic as it depends on the risk apetite of the system. Ideally, security should be included in the entire process. It also requires stakeholders to have a security focused culture. The more common measures are to enforce code-reviews, integrate MFA in the application, use appropriate encryption, ACLs and least-privilege access rules, and a well-defined incident response plan. To ensure security controls are well implemented, I suggest recurring security training, automating security checks, and regularly employing 3rd party penetration testing and compliance checks.
How do you address the challenges of securing mobile banking applications and ensuring secure transactions while maintaining ease of use for customers?
With mobile applications, biometric identification should be the norm as it can provide significant ease of use while maintaining strong security. Also, mobile users tend to use public Wi-Fi networks more often. This can be addressed either by incorporating a VPN, disallowing transactions over public Wi-Fi or providing guidance to end-users. As always, these options and any others are to be used based on the risk apetite of the application.
How can you help plan for security breaches in banking and payments, ensuring minimal service disruption?
At Maxcode, we excel in collaborating with stakeholders to craft robust strategies for incident response, disaster recovery failover, and proactive continuous monitoring, which includes anomaly detection strategies. We are adept at both orchestrating and actively participating in the execution of these strategies. Our focus is on minimizing service disruption through thorough preparation, preventive measures, swift response protocols, clear and effective communication channels, and a dedication to continuous refinement and improvement.
How do you secure IoT devices or wearables for financial transactions despite their susceptibility to cyber threats?
The ecosystem of IoT and wearable devices is extremely diverse and usually with considerably constrained computing resources. A thorough and comprehensive security strategy is essential here. Security practices should be included in the entire life cycle. This should include standards compliance checking, regular penetration testing, strong authentication, regular security updates.
How can you help with banking and payment-specific penetration testing and red teaming to find and fix vulnerabilities?
I could define clear goals and objectives, research required compliance policies, collaborate with security experts, use threat modelling to identify realistic threats and targets. I could also do risk assessment for identified vulnerabilities, prioritize issues, and develop remediation plans. With some knowledge of actual exploits, I could also participate in pen-testing sessions.
What’s the most challenging project you’ve worked on, and what did you learn from it?
All projects I’ve worked on had their fair share of challenges, however one that springs to mind was a tool for securely migrating customer data on demand from a legacy finance system to a modern one. The two systems were extremely different, and the reliability and security requirements were quite significant as it involved sensitive financial customer data. This was a significant effort due to the need to coordinate with teams from both systems. In the end our solution provided the means to achieve this migration with little to no effort on the customer.
Can you share insights into how your team handles scalability and reliability in software designed for high-volume financial transactions?
Such systems shouldn’t be taken lightly. From my perspective, at the forefront of these platforms is a combination of testing and monitoring, preferably through using a CI/CD pipeline to streamline the process as much as possible. This doesn’t mean other practices should be left unchecked. Using an event driven architecture can help tremendously with scalability and evolution of the system. Handling reliability, fault tolerance and disaster recovery procedures are also usually a requirement. A multitude of security practices must be integrated in the entire development process. I know – it might sound tedious for some, but such systems have many intrinsic requirements – some of which are even legal requirements.
How do you stay ahead of emerging trends and technologies?
I’m curious by nature, which is why I follow several YouTube channels, newsletters, and various aggregators. When I see something interesting I either read/watch it immediately or save it for later. I really feel that you shouldn’t limit yourself to just one topic or area, having knowledge on independent topics helps understand people that come from different backgrounds and gives you more versatility.
Next Level Tech
Ready to navigate the complexities of cybersecurity in today’s dynamic technological landscape? Look no further than Dan, your trusted guide through the intricacies of safeguarding your digital assets. Connect with us for insights, collaboration, or to groundbreaking advancements in cybersecurity. Your journey to the forefront of innovation begins here.