Experimenting A.I for the creation of Information Security Policies

In today’s rapidly evolving digital landscape, safeguarding sensitive information has become a top priority for organizations across the globe. As technology advances, so do the threats to data security. This is where Artificial Intelligence (AI) steps in as a powerful ally in fortifying information security policies.

The real motivation for this article was to create an A.I/GPT security policy that would entail the do’s and don’ts while using this kind of technology. Of course, I expected to have a well written and complete document that would not only save me time but also give me additional insights on how to use it. In this blog post, I want to explore how AI, in the form of ChatGPT and Google Bard can (or cannot) be  harnessed to strengthen and streamline the creation of information security policies.

Before going into the results, let me start by saying that the intent (initially) was not to compare ChatGPT against Bard but the outcome was so bad for both of them that I could not avoid looking and sizing each one’s performance.

The prompt

Here’s the prompt that I used for ChatGPT and Bard

Write an information security policy for the usage of GPT and artificial intelligence

ChatGPT performance

The chatGPT answer for the prompt was a simple and short policy that could be used to start something but definitely not a serious document. It encompassed essential terms such as roles, responsibilities, compliance, data privacy and incident handling but missed entirely the topics that would discuss what can or cannot be done when using such tools.

The content of the topics that were handled by the document structure clearly uses the words “A.I” and “GPT” as placeholders to be put at the end of each sentence. Yes, I tried to generate similar policies using smaller differences in the prompts, replacing the words GPT and AI for words such as “cats”, “dogs”, “rocks” etc. The result was, with few nuances here and there, almost the same.

Google Bard’s performance

Google Bard for some reason, gives a much bigger response when the prompt was written in portuguese (don’t know why). The answer to the very same prompt was even shorter and standardized than for chatGPT. It included predefined sections encompassing the purpose, scope, principles, responsibilities, and security requirements.

What distinguishes Google Bard is a section labeled “Specific Considerations for…,” which provides valuable details specific to the policy being requested. When prompted with variations involving “cats and dogs,” “rocks,” and “sound technologies,” it offered insights related to factors such as weight, size, sharp edges, behavior, training, and health – THAT was what I was looking for! Specifics!

It’s worth noting that Google Bard appears to use a consistent template for generating information security policies. While it mainly modifies the section that pertains to specifics, it provides a clearer and more relevant response compared to simply replacing words as ChatGPT does.


In conclusion, both ChatGPT and Google Bard (sucks) fall short in generating comprehensive information security policies. While they may be valuable for individuals with limited experience or those seeking a starting point, they are not suitable for creating serious and thorough documents. Google Bard, with its template and specific considerations, exhibits a slightly better performance. It is clear in its approach and offers more relevant information for the intended policy. In contrast, ChatGPT’s performance is less refined and versatile, relying on straightforward word substitution. However, there is room for improvement in both AI models to provide more sophisticated and tailored responses for information security policy creation.

A tale of Goods Delivery Speed Perception

For any retailer to be successful online and offline, positive customer perception is essential. This helps build brand loyalty, customer retention, and your company’s reputation. Perceptions of customer service will impact whether a consumer uses your services in the first instance and also if they return.

There are many qualities that can shape a customer service perception. Increasing demand from consumers, especially for faster deliveries and other services, plays an important part and can’t be ignored by e-commerce and online retailers.

The Importance of Customer Perception

A company’s own perception and how customers perceive them can vary greatly. This can make customer perception difficult to measure unless a thorough survey is undertaken of both new and existing customers. Being aware of your customer perception is vital as it can make or break a brand in many cases. If you have a positive customer perception then maintaining this will be the aim, whereas should it be mostly negative then turning this round will be the goal.

Customer perception isn’t just about getting great value though, so simply cutting your prices or offering free delivery is unlikely to change much. There are all sorts of little things that can affect and improve customer service perception, such as a demonstrative caring attitude, making special exceptions or simply meeting your promises.

Delivery Speed expectation as a decision factor

Last year, I purchased an airconditioner device for my bedroom and like many, if not all of us, I did it online. Aside obvious price evaluation, there are certain things that I pay attention before pressing the button and finally make the purchase. Things like, website online reputation, other customer’s feebacks about the product, youtube reviews, comparison with previous versions of the product and more. At the very end of my decision process, I, more often than not, evaluate how long the store is promising to have the thing delivered. It had happened, in one occasion or two, a situation where I gave up the buy, regardless of the price difference, because the good would take too long to arrive at my house.

While I was reflecting about the subject, I stumbled across this article – https://link.springer.com/article/10.1057/s41270-022-00168-5 that depicts the impact of delivery performance on online review ratings and the role of temporal distance in ratings.

In simple terms the study suggests that there is little difference to ones positive perception when the delivery is done early than promised or on time. However, there is a big impact on end user perception translated into negative reviews (almost double) if the item is delivered late. The study also says that the temporal distance, or in other words, the likelihood of a user to make a review is significantly changed (this time to a higher proportion) if the delivery is late.

89% of the users who ever concluded a purchase online were more inclined to do so by reading the reviews on the product page. So, we can conclude that failing at delivery can hurt your business very badly (duh!) Delayed deliveries are experienced with greater psychological force than early deliveries of similar magnitude, affecting review ratings and therefore, sales.

Considering that a given user will be less inclined to review a product when he receives it on time than when he receives it after the promissed date, what would happen if, after reviewing my numbers, I add some days to the promised delivery date proportional to the failure rate of my business? I already know I would not by any means make the positives reviews grow but apprently I can reduce the negatives ones.

Playing with user delivery perception

The company where I purchased the air conditioner, deliberately sent me messages about the status of my product and its delivery with a delay in relation to where it actually was. When the good was finally at my house, they sent a final message saying that transportation was much faster than it was antecipated. Done! Just like that they changed the perception of an “on time” delivery to an “early” one. Using the same logic, they could have transformed a “delayed” delivery into a “on time” one.

Obviously, the two key factors that contributes to that mentality change is 1) a well calculated delivery date that sets the user expectation considering the likelihood of failure and 2) a very well synced messaging system that will induce the user to think that the transportation of his product is ahead of the schedule.

Installing CouchPotato on WD PR4100

Recently I bought a 4 bay NAS equipment to store movies and whatnot. Ater a few rounds of googling I found that the device has some features and apps that were added by the community such as Plex and CouchPotato available here.

Documentation is not the best out there, but I eventually discovered that the entware package is required for most of the enhancements that you may want to add to the thing, so install it first. Ok, onto the installation of the CouchPotato that would enable me download the movies I want according to my preferences. Uploaded the binary code and it says it did its thing, but the service never came up. Interesting.

Well, basic troubleshooting indicated that the service related to the CouchPotato was no up. Checked the default couchpotato port 5050 and there was nothing there. The PR4100 saves all new softwares that you add on to the first bay disk in a folder called “/shares/Volume_1/Nas_Prog”.  Great! Found the couchpotato folder and started looking around. There is a bunch of scripts in there. One in particular says “start.sh”. Tried to run it and BAM! the error appeared.

Python not found? What the hell? Let’s check where python is. I used the command “find” because there was no  “whereis” command in this thing.

Alright so there is a python 2.7 installed but the name is a bit different from what the script is calling. Ok then.. lets adjust the “start.sh” script to have the proper python name and location.

Changed the “PYTHON_DIR” and PYTHON variable to reflect the correct path and name of python.


Now the service should come up for you as it did for me!


Getting all users from a Ubuntu system and loop over it

I followed this article to get the list of the users – https://linuxize.com/post/how-to-list-users-in-linux/

It helped me partially as I found some issues when running it using a root account and putting it inside a shell script. I’m refering to the last part of the script that uses the getent command.

eval getent passwd {$(awk '/^UID_MIN/ {print $2}' /etc/login.defs)..$(awk '/^UID_MAX/ {print $2}' /etc/login.defs)}

this part didnt work as I wanted.. but gives me good intel… the real users in linux system uses the UID defined in the /etc/login.defs which brings the values 1000 through 60000. Knowing that I can get the users by adapting a little bit the script proposed in the article instead of doing:

eval getent passwd {$(awk '/^UID_MIN/ {print $2}' /etc/login.defs)..$(awk '/^UID_MAX/ {print $2}' /etc/login.defs)}

We do:

getent passwd | while IFS=: read -r name password uid gid gecos home shell
     if [ $uid -ge 1000 -a $uid -le 60000 ]
       echo "$name"

You can echo any of those variables there – name, password, uid, gid, gecos, home and shell.
And if you want to loop over the users simply get the system users to a file and read line by line

input = "/tmp/system_users.txt"

getent passwd | while IFS=: read -r name password uid gid gecos home shell
     if [ $uid -ge 1000 -a $uid -le 60000 ]
       echo "$name" >> /tmp/system_users.txt

if [ -f "$input" ]
  while IFS= read -r line
    echo "DO SOMETHING""
  done < "$input"

I just left my job and everybody is asking me why

It seems like yesterday when I try to remember my early days as a senior security engineer at Nagra. Back in 2015 the market was shifting technologies from traditional pay-tv operation via satellite and acellarating the migration to OTT platforms. Netflix as an example had 72 millions users against 192 millions today and there was no Amazon Prime, Disney+ or any of todays popular streaming service. I was coming from the MSS (Managed Security Services) business and my background was entirely on network threat and prevention techniques. Back then I had a thin and superficial knowledge of the pay-tv world and embraced the challenge to learn.

During this almost 6 years I grew from a senior engineer where the atributions were strictly and mainly related to technical challenges to a Manager, responsible for products, people and revenue. I travelled half of the world participating on events, trade shows, technical lectures and trainings, police raids, investigation, treaties, government events and ceremonies, agreements and negociations, vendors management and hiring and many, many, many, many meetings with industry stakeholders. The team grew in size and contribution to the company business unit. Im glad to say that I also collected the respect and admiration of most people – I inevitably acquired the rage and wrath of a few as well. Challenge and opportunity wise I was also blessed with the responsability of building tools and technology that has the potential to change the game of pay-tv industry and piracy fighting.

Why? Was the natural question made by anybody that worked with me and was striked with the news. Why does anybody with such a promissing and fruitful environment would want to change jobs? Research says that the answer can vary from lack of opportunities, unsatisfaction with the leadership or senior management, environmental/cultural issues, lack of a challenging work, disagreement with the compensation packages or sallary an ultimately the absence of recognition/rewards of ones contribution. Luckily the reason Im leaving was not related to any of those.

The chance to pivot into becoming a thought leader

Honest be told. Ive always been in the look for a new and better job. The reason is simple. I believe that the best time to change from one company to another is when you dont have/need to. Often when one feels the urgent need or is forced to change they will be more likely to accept mediocre offers and lower their requirements to get out of an existing position. I know many people that had unfortunately slept through this moment. They stop advancing in their current position and there is a wake up moment when the change is not only needed but necessary.. and that is very bad! Additionaly, putting yourself in a place where you have to learn new skills an gain experience will force your mind to adapt and be shapped for future opportunities.

There are even people that says you lose money by not changing jobs! The logic behind this is that there would be always a susbstantial increase of salary when you are asked to join a new company. You basically buid upon the advantage of not being unemployed. If the salary doesnt work for you, you can simply decline the offer an keep looking while retaining the existing role. The jump from one job to another generally represents an increase of 30% on your year payables – Off course there is a risk in there.. but I wont talk about it.

If salary is ok, environment is good, the work and challenges you are faced with are exciting why would you want to change then? My answer is – I was ready to move on to a more strategic and influencial position. Beyond that and despite of my position in the company I wanted to be part of a team that had energy, youth and most importantly a innovative mindset. A company where cutting edge technologies were used and people were constantly thinking on how to use that to achieve a purpose. A company that would be in a growth position where both product and market were on the rise. Then I started looking, finally found something that filled the gaps and hopefully the risk of trading the stability and confort zone for uncertainty will pay off.

Im taking a job in a company called IdWall as the Head of Information Security. The job day to day activities, challenges and opportunities are yet to be revealed but they have been winning the race of onboarding as the biggest #regtech in South America and that alone is a good motive to embrace. Furthermore the offer an environment that is more fruitfull for my career growth and my journey as a thought leader.

Quarantine diary – Person Crazyness Calculator

It was saturday afternoon and I was bored! I had just upgraded the family notebook with a new SSD hard drive and a more memory. It makes a great difference and I recommend you to do it as well, if you have a slow Intel I3 notebook around. While I was setting it up the idea of a calculating one´s crazyness hit me. Here it is.


Quarantine diary – Home Office challenges of a fulltime mom/dad

As the COVID-19 put big economies such as Italy, Spain, USA and Germany to its knees we have been asked to contribute to flatten the infections curve by staying at home. For many of us, IT workers, working from home is somewhat ok. You may be doing this for a long time already. For another portion of us, working from home is an occasional event that allows you to rest a bit from commuting, waking up early or just  a break from office environment in general. If you are doing that for a long time you probably have a good chair, a good set of monitors a high speed internet connection and most importantly a dedicated space to separate you from what I call the “House vortex”. From cambridge dictionary [House] vortex is defined as follow:

– a mass of air wife/husbands  or water kids that spins screams  around very fast loud and pulls objects people into its empty centre

– a dangerous or bad funny situation in which you become more and more involved and from which you cannot escape



Extract frames from video using Python threads and OpenCV

In my research I wanted to process each frame of a given video individually and also know some details about it. Here is the code I created to achieve it. The code in python will extract all the frames of the video and store it in a folder given as parameter. Im using OpenCV to get the video details and extract the frames and threads to do it quickly.


Brazil racial statistics and my 38th birthday

Today is march 20th, it is my birthday!

One hundred and thirty years have passed since slavery was banished from my country but it is still crazily far from race equality. We, black people represent 55,8% of the country but opportunities, salaries, studies and access is given to the other 44,2% half. 75% of the deaths caused by police actions are young black men. Only 60% of black student are able to graduate from high school. Around 56% of young black people of age 18-24 are able to reach college, while the rate of white people of the same age are around 80%. Continue…