A misinterpretation, noun
1.the action of interpreting something wrongly," this quote is open to
misinterpretation"
First and foremost, I respect everyone is entitled to an opinion. Mine is based
on fact and experience not anything else.
Misinterpretation, and false beliefs are our biggest challenge in this industry.
I was reading the below article with interest, and thought that I have seen,
heard and witnessed enough to come out and say it.
This article is in regards to the following article:
https://krebsonsecurity.com/2017/03/govt-cybersecurity-contractor-hit-in-w-2-phishing-scam/
Simon Smith here, Cyber Security Forensic Investigator and Expert Witness. I see
issues daily with what I read, interpretation, and as illustrated in the above
article. I am the one on the other end of the phone with a Nigerian scammer once
a week. I am the one that catches that 'mysterious' cyber stalkers, so I feel I
have a right to say how it is really done. The teaching of Cybersecurity domains
needs major change, especially now. It has been incorrect in most of its ways,
and only experienced practitioners who produce "real results" can see this.
I have been a Senior Programmer, Investigator, Reverse Engineer, Security
Expert, Counter Intelligence Expert, Corporate Shareholder and held and overseen
every role in the SDLC at management level within my 20 continuous years
commercially. Most importantly as the backing has been in pure expert
programming, reverse engineering, IT security and counter intelligence, business
success and people management have been a natural development. I had it hard, I
didn't have a group of fifty people to turn to, I had a small team of experts
and we all had responsibilities to make sure our multi-million dollar enterprise
applications 'worked' in massive pharmaceutical, manufacturing and mobile CRM
environments without failure.
The combination of all those elements formulated over 20 years equals something
you cannot learn in 1 course. It is something I have on paper as a keepsake with
about 10 Post Graduate Cert/Dips and plenty more industry recognised
Qualifications but the true expert is within. Do I need to prove it? No. I've
already succeeded with my own businesses self employed and I do this to help
people in need. I've crossed over industries and used these skills to build 10
figure businesses, sell them and move on to something else creative. Software
engineering especially is something I grew up with passion and commitment,
programming at 11 years old.
It is something that allows you to practically predict what will happen and what
could happen because you have grown up through the birth and lived, and breathed
the consumer internet and before that already have the logic foundation
mastered.
It is something that a Cybersecurity expert MUST master and cannot be taught
without mastering all other disciplines, and cannot be given in a 1 hour exam
and 3 months study or a degree. It is obvious to experts who has it and who
doesn't who overuse the word "cloud" and "IoT". It is the answer to the very
question why this occurred. It is how I catch cyber stalkers and cyberscammers
every day. Some syndicates worth over $50m, no IP, no clues, but with this
skill.
Mastering Counter Social engineering and realising the power of how the human is
the key to any information system and how little IT Security plays in the scheme
of things. It is a drop in the ocean. Cybersecurity is about people, practice,
and hacking of the mind - and a real expert must be able to defend that, which
includes stopping false information from being believed. Humans have always been
the weakest link in any information system.
I Simon Smith say, humans are the Cybersecurity risk of the future. We create
our own terror. Think back a bit and find an article I wrote about a Virgin
Airline flight and a Samsung Galaxy Note 7. Perfect example.