Here atvpnMentor, we believe that cybersecurity is a priority, not an afterthought.
Whats your background and how did you get started in cybersecurity?
On my own time, I do a bit of research and interaction on cybersecurity side projects.
So, I was a developer for numerous years.
You work remotely.
What do you find are the challenges of that?
How do you secure your devices outside of the office?
When it comes to work itself, our company provides everything I need.
When it comes to my personal stuff, I do get a bit paranoid.
I use AlienVault (their free version) and additional layers of security, such as Pi-Hole.
The only thing I cannot secure as Id like is my router, because of my provider.
At home, I use a private VPN, along with Proton VPN.
So if theres some issue with my home VPN, I can just switch to that.
One of the things that is scary is that I used a WiFi Pineapple in a hotel lobby once.
And within about five minutes, I already have five clients connecting to it.
The other trouble with wireless is that devices constantly ping for wireless networks.
If you have something like a WiFi Pineapple, it can then automatically set up a spoofed wireless hotspot.
Will this protect you or leave you vulnerable?
The hacker can still view the traffic, but it will be garbled.
Thats why things like Transport Layer Security (TLS) are also important, because its end-to-end encryption.
The hacker wouldnt be able to make anything out of the data being transferred.
What would you say is the biggest risk that you see with modern cyber threats?
For me, the biggest potential for flawed systems comes in the setup and maintenance of databases.
Suddenly, your database is publicly exposed.
These databases have no default security defenses, like authentication and authorization.
So anyone with relatively basic technical skills could get the data.
How do you think most of these errors occur?
Is it a lack of knowledge, or is it just easy enough to make a misstep?
I think its their lack of knowledge, but its also their asset management.
That can be disconcerting for companies, for sure.
There are some things that you’ve got the option to do.
double-check you regularly checkHave I Been Pwned.
Its a service that will notify you when a breach has occurred with your credentials (e.g.
email address and password).
Credit monitoring is crucial as numerous security breaches ultimately serve the hacker’s objective of achieving financial benefit.
Another thing that can be useful for a hacker is to use the leaked data in phishing attempts.
One of the biggest giveaways to look for are spelling mistakes, actually.
Thats very good practical advice.
What currently frustrates you the most in the world of cybersecurity, and what would you do differently?
Its all too often that security is an afterthought.
Databases should be secure by default, rather than reactively secured.
Another thing is when companies take offense after a researcher discloses something to them.
They need to realize that its not a criticism of their company.
They need to work with the researcher to solve the issue, because s/hes helping them.
[laughs] Denying the problem doesnt make it go away.
What do you do when youre not trying to secure the world?
So I need to focus on that a bit more.
Also, going out for walks and such.
Ive tried golf and failed horribly, though.
kindly, comment on how to improve this article.
