IT Infrastructure Manager
TEIRESIAS S.A., Athens, Greece
With over 20 years of achievements in cybersecurity, I am an accomplished executive and transformational leader committed to advancing digital resilience and driving operational excellence for organizations serving tens of thousands of users. Distinguished certifications in Management (CMgr), Cybersecurity (CISSP, CISM, CRISC, C|CISO, COBIT) and a PhD in Information Security underscore deep technical expertise and strategic vision, enabling me to provide stakeholders with informed risk choices leading towards profitable outcomes. My track record includes architecting enterprise-wide security strategies, implementing risk governance to align information security with business objectives, negotiating OPEX/CAPEX efficiencies, mentoring direct reports on practicing situational leadership, fostering initiative and cultivating high-performing, multidisciplinary teams. Currently, I lead the IT Infrastructure Business Unit at TEIRESIAS S.A., overseeing cybersecurity, architecture and IT operations. I also serve as the President of ISC2 Hellenic Chapter Board of Directors, championing cybersecurity advancement across the EMEA region and earning multiple global awards since 2022. Previously, I combined academic and private sector R&D excellence, publishing 20 international research papers and receiving the Emerald Literati Highly Commended Award for contributions to information security. Whether delivering secure operations, shaping industry discourse or pioneering advancements, my mission remains clear: to safeguard digital services and operations while ensuring the continued success of business.
TEIRESIAS S.A., Athens, Greece
TEIRESIAS S.A., Athens, Greece
TEIRESIAS S.A., Athens, Greece
Intrasoft International, Athens, Greece
Dept of Informatics, Technological Educational Institute of Athens, Greece
Laboratory of Information & Communication Systems Security, University of the Aegean, Greece
Dept of Informatics, Technological Educational Institute of Athens, Greece
Self-employed, Athens, Greece
Management & Leadership
Negotiations (1yr distance learning)
Business Administration (1yr distance learning)
Information & Communication Systems Security
Information Security
Computer Engineering - Technological Education
MSc in Law and Information & Communication Technologies, University of Piraeus, Greece
ISC2 Hellenic Chapter, Athens, Greece
ISC2 Hellenic Chapter, Athens, Greece
Voted as one of the 50 most impactful Cyber Security Professionals (Greece)
Best Research Paper “Towards Secure Sealing of Privacy Policies”
British Computer Society award for best MSc Thesis "On the Dissemination of Certificate Status Information"
A Bibtex version of the bibliography contained in this page is available
Η αυθεντικοποίηση ενός μηνύματος διακρίνεται στην επαλήθευση της ακεραιότητας του περιεχόμενού του (data integrity) και την επαλήθευση της προέλευσής του (data origin authentication). Οι μηχανισμοί που χρησιμοποιούνται για την υλοποίηση της υπηρεσίας αυθεντικοποίησης μηνυμάτων φέρουν την ονομασία Message Authentication Codes - MAC (Κώδικες Αυθεντικοποίησης Μηνύματος)...
PKI seems to be here to stay. PKI does provide solutions to quite many problems but at the same time it introduces a new problem to be solved: certificate lifecycle management. In this thesis, we focus on certificate revocation and the way that Certificate Status Information (CSI) is being disseminated to the appropriate stakeholders. Quite many CSI mechanisms have been proposed already, each one attempting to improve some aspect or aspects of the CSI dissemination process. This is good for research, simply because this is how research moves on. Step after step, improvement over improvement, counter proposition over proposition, trial and error. However, there does not seem to exist a unified framework for the comparative evaluation (be it qualitative and/or quantitative) of the various CSI mechanisms already proposed in literature. We argue that such an evaluation framework could prove to be useful in further advancing research in the domain, especially now that many different CSI mechanisms have already appeared in the literature. Such an evaluation framework could also prove to be useful in real life scenarios (i.e. outside the research lab), when someone has to decide on the CSI mechanism to use, depending on the needs of the particular case. Another issue with the proposed CSI mechanisms is that they focus on improving performance and timeliness of information, downsizing bandwidth requirements, meeting legal requirements. However, there is one actor in the PKI scene one almost always neglects to take into account: the end user. PKI addresses to the masses, but the average end user is probably not tech savvy. One should not expect the end user to comprehend the inner workings of the CSI mechanism in order to use it effectively. One should not probably expect as well the end user to appreciate the need for locating, retrieving and verifying CSI and to act upon that. It seems that right now the weakest link in the chain of PKI is the end user who may (or may not) use the available CSI mechanisms to verify some signed piece of information or verify the authentication data some entity provides. CSI research should also focus on improving this aspect, i.e. the transparency of CSI mechanisms. In this thesis, we present a taxonomy of CSI mechanisms and an evaluation framework for them. We also use our evaluation framework in order to present a comparative evaluation of the CSI mechanisms proposed in the literature. We believe our evaluation framework can be of use in further researching CSI mechanisms. We then focus on the issue that most CSI mechanisms tend to neglect: that of CSI mechanism transparency. A user should not have to comprehend the mechanics of CSI mechanisms in order to use them and should not also be highly trained regarding security to be able to operate in the PKI world. We develop a prototype for a CSI dissemination mechanism, which we call Alternative Dissemination of Certificate Status Information (ADoCSI). This mechanism uses Software Agents in order to disseminate CSI, and also uses some of the properties and functionality offered by the other CSI mechanisms. We believe that ADoCSI addresses some of the issues that emerge from the use of the other Certificate Status Information dissemination mechanisms. It certainly increases the level of transparency, thus providing a solution to the aforementioned βweakest linkβ problem, being the dependent entity, which one should not expect to have high levels of information security awareness.
We present a set of requirements for Internet voting protocols. We also present a short overview of the most prominent Internet voting protocols published so far, and we provide a comparative evaluation of those protocols, using the set of requirements we have developed. We proceed with discussing our thoughts regarding possible improvements in e-voting protocols. Internet is an application with a vision to the future. Nevertheless, a lot of work needs to be done before it can be accepted for large-scale elections.
Κακόβουλο είναι το λογισμικό που περιέχει τις απαιτούμενες εντολές για μία επίθεση σε ένα υπολογιστικό σύστημα. Το Κακόβουλο Λογισμικό διακρίνεται σε κατηγορίες, ανάλογα με τον τρόπο αναπαραγωγής του και την αυτονομία του από άλλα προγράμματα-ξενιστές, και σε επιμέρους είδη ανάλογα με τον τρόπο δράσης του. Τα αντίμετρα κατά του Κακόβουλου Λογισμικού διακρίνονται σε τρεις κατηγορίες: αντίμετρα πρόληψης, ανίχνευσης και επανόρθωσης. Κάθε κατηγορία περιλαμβάνει διάφορα είδη αντιμέτρων, εκ των οποίων το πλέον γνωστό είναι το αντιβιοτικό λογισμικό. Το Κακόβουλο Λογισμικό απασχολεί -πλέον- ιδιαίτερα τόσο την επιστημονική κοινότητα, όσο και τους υπεύθυνους διαχείρισης Πληροφοριακών Συστημάτων, λόγω της μεγάλης εξάπλωσής του. Η μεγάλη εξάπλωση του Κακόβουλου Λογισμικού οφείλεται σε τρεις -κυρίως- λόγους: η εξάπλωση των δικτύων δεδομένων, μέσω των οποίων το Κακόβουλο Λογισμικό αναπαράγεται με γρήγορους ρυθμούς, το γεγονός ότι δεν υπάρχει πλέον σαφής διαχωρισμός μεταξύ των εννοιών "δεδομένα" και "εκτελέσιμο πρόγραμμα" (εξαιτίας της εμφάνισης αρχείων δεδομένων που περιέχουν και μακρο-εντολές), και η έλλειψη επίγνωσης των χρηστών σχετικά με τους τρόπους αντιμετώπισης του Κακόβουλου Λογισμικού Σε αυτό το κεφάλαιο παρουσιάζουμε μία κατηγοριοποίηση του Κακόβουλου Λογισμικού και αναλύουμε τα επιμέρους είδη του. Επιπλέον, παρουσιάζουμε τα αντίμετρα που χρησιμοποιούνται κατά του Κακόβουλου Λογισμικού και αναλύουμε ειδικότερα τον τρόπο λειτουργίας του αντιβιοτικού λογισμικού. Τέλος, παρουσιάζουμε συγκεκριμένες μελέτες περιπτώσεων Κακόβουλου Λογισμικού.
This paper reports on the results obtained by the pilot operation of Trusted Third Parties (TTP) for secure telemedical applications over the WWW The work reported on herein was carried out within the context of EUROMED-ETS, a R&D project funded by the INFOSEC office of Directorate General XIII of the European Union. The paper discusses the platform used, the security needs of the specific application, the TTP solution provided, the steps taken in order to implement the solution at a pilot scale and the results of the pilot opreration; it is compiled using material included in the project deliverables.
A common practice among companies with an online presence is to sign on to a "seal" programme in order to provide customers with a sense of security regarding the protection of their personal data. Companies must adhere to a set of rules, forming a privacy protection policy designed by the seal issuer in accordance to underlying laws, regulatory frameworks and related best practice. Some of the most widely used seal programmes are TRUSTe, BBOnline, WebTrust and BetterWeb. Using the functionality they offer a user can verify online that a specific organisation adheres to a published privacy policy. In this paper, we argue that the verifications means these programmes use are vulnerable to DNS spoofing attacks. Furthermore, we present a privacy policy verification ("seal") scheme, which is not vulnerable to the aforementioned attack. We also argue that there are disadvantages in operating seal schemes that attempt to publicly certify compliance levels with a self-regulatory privacy protection model. On the contrary, these disadvantages are softened when used in a regulatory model that has adopted comprehensive laws to ensure privacy protection.
A wide spectrum of certificate revocation mechanisms is currently in use. A number of them have been proposed by standardisation bodies, while some others have originated from academic or private institutions. What is still missing is a systematic and robust framework for the sound evaluation of these mechanisms. We present a mechanism-neutral framework for the evaluation of certificate status information (CSI) mechanisms. These mechanisms collect, process and distribute CSI. A detailed demonstration of its exploitation is also provided. The demonstration is mainly based on the evaluation of Certificate Revocation Lists, as well as of the Online Certificate Status Protocol. Other well-known CSI mechanisms are also mentioned for completeness.
Several mechanisms have been proposed for disseminating information regarding the status of a digital certificate, each one with its own advantages and disadvantages. We believe that what is still missing from such mechanisms is transparency. A user should not need to comprehend the mechanics of such mechanisms in order to verify a certificate. In this paper, we present a mechanism called ADoCSI that supports transparency in disseminating certificate status information.
Traditional business practice depends on trust relations between the transacting parties. One of the most important aspects of this trust is the quality of the offered services or products. The Web currently constitutes an enabler for Electronic Commerce, providing a global transaction platform that does not require physical presence. However, transferring trust from the physical world to the electronic one is a process that requires a trust infrastructure to be provided by the electronic world. We believe that current infrastructure models based on Trusted Third Parties can be enhanced. We introduce the notion of Digital Seals and we provide a mechanism for transferring the trust placed by users to companies in the physical world, to the electronic one
In this paper we describe a pilot architecture aiming at protecting Web-based medical applications through the development of a virtual private medical network. The basic technology, which is utilized by this integrated architecture, is the Trusted Third Party (TTP). In specific, a TTP is used to generate, distribute, and revoke digital certificates to/from medical practitioners and healthcare organizations wishing to communicate in a secure way. Digital certificates and digital signatures are, in particular, used to provide peer and data origin authentication and access control functionalities. We also propose a logical Public Key Infrastructure (PKI) architecture, which is robust, scalable, and based on standards. This architecture aims at supporting large-scale healthcare applications It supports openness, scalability, flexibility and extensibility, and can be integrated with existing TTP schemes and infrastructures offering transparency and adequate security. Finally, it is demonstrated that the proposed architecture enjoys all desirable usability characteristics, and meets the set of criteria, which constitutes an applicable framework for the development of trusted medical services over the Web.
There is a scale between authentication and anonymity, which is currently leaning towards the side of authentication, when it comes to e-commerce. Service providers and merchants are usually keeping track of user-related information in order to construct behavioural profiles of their customers. Service providers and merchants also correlate profiles of this kind, stemming from different sources, in order to increase their profit. This correlation is usually performed with the use of Unified Codes. Authentication, confidentiality, integrity, authentication, and non-repudiation are necessary functionalities for enabling e-commerce. Most of the currently used mechanisms that support these services do not provide anonymity. This paper presents PyTHIA, a mechanism, which is based on the use of Message Digest Algorithms and the intermediation of Trusted Third Parties in order to provide anonymity to e-commerce users who have to authenticate themselves in order to access services or buy goods from service providers and merchants respectively. With PyTHIA e-commerce users are able to authenticate without giving away any personal data and without using Unified Codes. In addition, PyTHIA ensures that service providers and merchants can effectively trace a customer in case he behaves maliciously.
A wide spectrum of certificate revocation mechanisms is currently in use. A number of them have been proposed by standardisation bodies, while some others have originated from academic or private institutions. What is still missing is systematic and robust framework for the sound evaluation of these mechanisms. We present a mechanism-neutral framework for the evaluation of mechanisms, which collect, process and distribute certificate status information. A detailed demonstration of its exploitation is also provided. The demonstration is mainly based on the evaluation of Certificate Revocation Lists, as well as of the Online Certificate Status Protocol.
A number of mechanisms have been proposed for generating and disseminating information on the status of certificates. Their operation is different, if not contradicting sometimes, and advantages and disadvantages depend on the requirements of the underlying PKI. PKI designers and implementors should perform a small scale study before deploying such a mechanism in a specific PKI, in order to select the most suitable mechanism for their environment. This paper presents a method for categorising Certificate Status Information mechanisms, depending on their elementary functionality. This taxonomy can be used as a guide for selecting CSI mechanisms to be used in large-scale PKI deployment efforts.
A Secure Electronic Marketplace involves a significant number of real-time transactions between remote systems, either for commercial or for authentication purposes. The underlying infrastructure of choice to support these transactions seems to be a Distributed Component Architecture. Distributed Component Software (DCS) is the natural convergence of client/server network computing and object oriented technology in a mix providing reusability, scalability and maintainability for software constructs. In DCS a client acquires references to objects provided by components located to remote machines and invokes methods of them as if they were located in its native environment. One implementation [20] also provides the ability to pass objects by value, an approach recently examined also by others [18]. The three major models in the distributed component software industry are OMGs CORBA, Suns Enterprise Java Beans, and Microsofts DCOM. Besides these, we will discuss the progress for interoperable DCS systems performed in TINA, an open architecture for telecommunication services based on CORBA distributed components. In this paper the security models of each architecture are described and their efficiency and flexibility are evaluated in a comparative manner. Finally, upcoming extensions are discussed.
The EUROMED-ETS schema provides a robust security framework for telemedical applications operating over the World Wide Web. It is based on a trusted third party architecture under which certificate authorities store the public-key certificates of participating hospitals and medical practitioners. Digital signatures are used to provide peer and data origin authentication, and, in combination with access control lists, to provide access control. The deployed infrastructure is based on off-the-shelf available clients and servers, and provides functions for electronic registration of participants, session initialisation, user authentication, key generation and personalisation, certificate generation, distribution, storage and retrieval, certificate revocation lists, and auditing. It was found that, as the underlying technologies mature, a Web-based trusted third party architecture provides a viable solution for delivering secure telemedical applications.
The EUROMED-ETS pilot system offers a number of security functionalities using off-the-shelf available products, in order to protect Web-based medical applications. The basic concept used by the proposed security architecture is the Trusted Third Party (TTP). A TTP is used in order to generate, distribute and revoke digital certificates to medical practitioners and healthcare organisations that wish communicate securely. Digital certificates and digital signatures are used to provide peer and data origin authentication and access control. The paper demonstrates how TTPs can be used effectively in order to develop medical applications that run securely over the World Wide Web.
There has been an increasing interest in the deployment of Public Key Infrastructures, the past few years. Security issues emerge from the operation of Certification Authorities, as well as the operation of other PKIΒ βΒ related security service providers. Most of them have been addressed and efficient solutions have been found. One of the areas which has to be studied further is the generation and dissemination of information regarding the status of a digital certificate. i In this dissertation, we present a set of evaluation criteria for mechanisms that are used to generate and disseminate Certificate Status Information (CSI). We evaluate the proposed CSI mechanisms according to the aforementioned criteria, and identify the security and performance issues that emerge from their use. i Finally, we develop a prototype specification for a CSI dissemination mechanism, which we call Alternative Dissemination of Certificate Status Information (ADOCSI). This mechanism uses the functionality offered by Software Agents in order to disseminate CSI, and also uses some of the properties and functionality offered by the other CSI mechanisms. We believe that ADOCSI addresses some of the issues that emerge from the use of the other Certificate Status Information dissemination mechanisms.
This paper reports on the results obtained by the pilot operation of Trusted Third Parties (TTP) for secure telemedical applications over the WWW The work reported on herein was carried out within the context of EUROMED-ETS, a R&D project funded by the INFOSEC office of Directorate General XIII of the European Union. The paper discusses the platform used, the security needs of the specific application, the TTP solution provided, the steps taken in order to implement the solution at a pilot scale and the results of the pilot opreration; it is compiled using material included in the project deliverables.
Java is a programming language that conforms to the concept of downloadable, executable content. Java offers a wide range of capabilities to the application programmer, the most important being that a program may be executed remotely, without any modification, on almost any computer regardless of hardware configuration and operating system differences. However, this advantage raises a serious concern : security. When one downloads and executes code from various Internet sources, he is vulnerable to attacks by the code itself. A security scheme must be applied in order to secure the operations of Java programs. In this paper, the Java security scheme is examined and current implementations are evaluated on the basis of their efficiency and flexibility. Finally, proposed enhancements and upcoming extensions to the security model are described.
JAVA is claimed to be a programming language that introduces new methods for platform?independent development and remote execution. However, the ability to download, integrate, and execute code from a remote computer raises serious concerns about JAVA's effect on network security. In this paper, a brief introduction to the JAVA programming language is given, the potential security risks of downloadable executable content is discussed, the details of the proposed JAVA security mechanism are presented, and an evaluation of the current implementations is discussed. Finally, proposed enhancements and upcoming extensions to the security model are described.
The services offered to the Internet community have been constantly increasing the last few years. This is mainly due to the fact that mobile code has matured enough in order to provide the Internet users with high quality applications that can be executed remotely. When a user downloads and executes code from various Internet sources, security issues arise. In this paper, we are addressing the latter and we present a comparative evaluation of the methods used by Java, Safe-Tcl and ActiveX in order to confront with these issues, based on current security functions and implementations as well as on future adjustments and extensions.
This paper reports on the results obtained by the pilot operation of Trusted Third Parties (TTP) for secure telemedical applications over the WWW The work reported on herein was carried out within the context of EUROMED-ETS, a R&D project funded by the INFOSEC office of Directorate General XIII of the European Union. The paper discusses the platform used, the security needs of the specific application, the TTP solution provided, the steps taken in order to implement the solution at a pilot scale and the results of the pilot opreration; it is compiled using material included in the project deliverables.
This area will be hosting work that has not or cannot be published as is, i.e. lecture slides, presentation slides etc.
Interview, BOUSSIAS Manufacturing magazine. More info [here]
Panelist, CyberSecurity Forum. More info [here] and [here]
Panel Moderator, 2nd CyberSecurity Summit. More info [here]
Panel Moderator, "How AI is shaping our future" workshop, more info [here] International Center for Digital Transformation and Digital Skills, Thessaloniki.
Panel Moderator, 11th Information Security Conference,. More info here
Opening Speech, CyberSecurity for Society,. More info here Slides available in [pdf]
Panel Moderator, "AI & Security: Stairway to heaven or road to hell?, ISC2 Hellenic Chapter. More info here
Panelist, Fortinet Security Day 2023,, Fortinet. More info here and here
Panel Moderator, IT Directors Forum 2023,, Boussias. More info here and here
Opening Speech, The Future of Maritime Cybersecurity, Cisco & Ammitec. More info ere and here. Slides available in [pdf]
Panelist, Enhancing Cybersecurity Skills and Capabilities for Society, CyberSecurity for Society. More info here and here
Opening Speech, Infocom Security 2023, SmartPress. More info here and here. Slides available in [pdf] and [YouTube]
Panelist, Prosper in the Cyber Economy, IBM. More info here
Opening Speech, Cloud Computing Conference 2023, BOUSSIAS More info here and here. Slides available in [pdf]
Panel Moderator, Cloud Computing Conference 2023, BOUSSIAS More info here
Panel Moderator, 10th Information Security Conference, BOUSSIAS More info here and here
Panelist, 𝗪𝗼𝗺𝗲𝗻 𝗶𝗻 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆: 𝗕𝗿𝗲𝗮𝗸𝗶𝗻𝗴 𝗴𝗹𝗮𝘀𝘀 𝗰𝗲𝗶𝗹𝗶𝗻𝗴, event organised by Ernst & Young and Women4VCyber Greece More info here
Panel Moderator, (ISC)2 Hellenic Chapter event
Panelist, Fortinet Security Day 2022 More info here
TV intervie broadcasted in Alpha TV News 2022
Panel Moderator, 9th Information Security Conference 2022; more info here
Delivered at 9th Information Security Conference 2022. More info here. Available in [PowerPoint]
Panel Moderator, 19th Bank Management Conference 2021; more info here
Panel Moderator, 7th SecTalk , 2021, organised by ISC2 Hellenic Chapter. Video recording available on Youtube
Delivered at 5th Payments 360o Conference 2021. Available in [pdf]
Panel Moderator, 5th Payments 360o Conference 2021; more info here and here
Delivered at 1st RegTech 2021. Available in [pdf]
Panelist, 8th Information Security Conference 2021; more info here and here
Lecture delivered at the 2nd Annual Scientific Symposium of the Students of Information and Communication Systems Department, University of the Aegean, Samos, Greece. Available in [pdf], [flash], [pdf, in Greek] and [flash, in Greek]
Accompanying slides for Chapter 8 "Malicious Software" of the book Information Systems Security
Available in [pdf] and [flash]paper presentation at SAFECOMP98 conference, Heidelberg, Germany
Lecture delivered at Workshop on Software Process Improvement and Formal Methods in Security and Safety, Athens, Greece, March 1998, EPIC Project (Exchanging process information experiences across SMEs by conferencing on the Internet"), 1997-1998, European Commission, ESPRIT Programme Available in [pdf] and [flash]