Luke O'Connor Bio

I recently returned to Australia after residing in Zurich for many years, and my last position was as an IT Risk Manager for a large insurance company. I originally moved to Switzerland to take up a position at IBM Research, in the Network Security and Cyptography Group, spending 5 years in total with IBM, in various roles, perhaps most notably working on their AES submission. I also spent 3 years as a consultant in the financial services sector, mainly in the area of PKI, first with Unisys and then with a security start-up company. Before moving to Switzerland, I managed the security team at DSTC, a government-funded research company in Brisbane, Australia.

Before that, I was completing my PhD in cryptography at the University of Waterloo, Canada, in 1992. I was an active researcher throughout most of the 90's, focusing on block cipher design primitives, efficient exponentiation, and probabilistic analysis in general. I remain interested in the properties of anonymity systems for example and still am producing some results. I have given a few public talks over the last few years on Does IT Security Matter?, CBT Without Big Sticks or Carrots and most recently Some Black Swans in IT Security. I was a speaker at the RSA Conference in 1998 - and it was big even back then.

This blog was created for commentary and discussion about ideas relating to risk, security and IT technology in general. You can expect a little math and probability as well. Another one of my pet topics is passwords and I hope to finish this draft book some day. One of my first posts was on the choice of the No Tricks name, back in October 2007, and here is my summary after a year of blogging, plus a few words later when reaching 100 posts.

Quite a few of my longer posts are developed using Freemind, and you can download some sources here, or view them online using Flash here. I have also built-up a collection of documents on Scribd that I often refer to in my posts.

You contact Luke at

Last Updated: May 2012