我兴奋安全场日下周。我有机会赶上XIologix和终身安全倡导者CTO的Christopher Kusek。克里斯托弗(Christopher)分享了人们在网上保护自己的简单方式。在@CXI上在Twitter上关注Christopher。
杰米·伊斯利(Jamie Easley):当您不在安全野外日时,您的日常工作是什么?
克里斯托弗·库塞克(Christopher Kusek):I’m the CTO at Xiologix, an IT solutions provider in Portland, OR. I’ve been there for a little over four years. Before that, I was in Afghanistan running data center, storage and virtualization operations for the CJOA (Combined Joint Operations Area).
JE:您是如何进入安全和技术的?
CK:我从90年代初开始担任安全研究员。安全是我是谁和什么的一部分。我一直在研究安全含义,无论是网络安全项目,数据中心还是在家中。
如果我们不为此做些事情,其他人会,这通常不符合我们的最大利益。
JE:是什么激励您每天做自己的事情?
CK:我选择利用自己的力量来善而不是邪恶。
I spend a lot of time thinking and solving problems – usually other people’s problems. I could literally do anything, but I enjoy what I do.
当我在阿富汗时,我们每天工作12个小时,每周7天,连续180天,然后我们进行了八天的R&R。并重复。如果您不喜欢自己的工作,就无法做到这一点。
JE: What’s a pro security tip for people in their personal lives?
CK:When I do security presentations, I like to talk about how security applies to your business and to people as individuals. You should have two-factor authentication in your personal life to protect your own banking, retirement and other assets. You can adopt it for free, and anyone can do it.
Not all security is about business. Some things are about you. If you lose your credit card, you can call the bank and they’ll take care of things. But if you lose your wallet, someone may find it, and the money may or may not be left in your wallet. They can use your ID for identity theft. Make sure you mitigate and protect the assets under your control.
JE:您最喜欢的安全性小工具是什么?
CK:您使用Google Authenticator吗?你应该。Authy是完全相同的事情,除非您丢失了手机,否则您不会失去所有帐户的访问权限。它是免费的,很棒。
JE:您在家中使用智能设备吗?隐私的影响呢?
CK:假设您没有任何隐私。我的办公室里有一个亚马逊设备。我在家中有12个,还有多个Google Home。我有一台智能电视和各种相机。我不再接触光开关。
Alexa正在听,但并没有真正听。您可以在任何地方放置一个错误并做同样的事情。
如果我需要进行敏感的对话,请确保附近没有电子设备,最好是进入法拉第笼子。如果我控制信息的发布,我知道信息来自哪里。
JE:您看到的安全性最大的风险是什么?
CK:这是陈词滥调,但确实:对安全的最大威胁是人们。
在过去的几年中,每一个重大的违规行为,在这些情况中,有100%的违规行为,它们具有最新的防病毒病毒,但证书被盗。这并不是说没有情况下,系统中的剥削使人们有所伤害,因此人们可以落后于幕后。
但是大多数情况下,无论是通过事故还是缺乏教育,都是人。Let’s say a guy in HR who does recruiting finds an email in junk mail, moves it to his inbox, opens the attachment, gets infected by an APT, and compromises the environment over the course of 180 days, and the FBI has to be called in. The guy made a poor choice. It wasn’t like the system said, “Let’s execute this.”
JE: That sounds like a true story.
CK:Can’t say.
Small, midsize and large enterprises ask what they can do to protect their resources when banks with hundreds of millions of dollars of investment in IT can’t protect their information. What can a smaller, more agile organization do? They can make better choices, educate their people and protect their systems more.
JE:行业中有很多讨论说没有足够的安全专家。您看到技能短缺吗?
CE:有,没有。
许多人将安全视为保险单。它不是。如果我拥有网络安全保险作为组织,它将保护我免受违规的影响,例如必须重新发行信用卡。如果我们被违反并不得不公开,它可能会破坏我们的声誉,人们将不再使用我们的业务。保险在哪里?
太多的组织认为他们可以在问题发生后照顾问题。这就像在我被抢劫后锁上我家的门,然后问为什么我的东西没有回来。
JE:您认为AI如何在安全方面发挥作用?它会被用作善还是邪恶吗?
CK:The important focus is why are security professionals using AI now. Botnets and ransomware have been around for a long time. These are criminal operations, well-funded businesses. They’ve been using botnets, AI, and sophisticated mechanisms for DDoS for 20 years.
在网络安全游戏中,我们终于赶上了。我们意识到,建立一个既定的设备网络来分析正在发生的事情并代表我们采取行动是一个好主意。
Will AI be used for good or evil? It’s been used for evil for a long time, and maybe now it will be used for good.
JE:您目前最喜欢的模因/GIF是什么?
CK:This.
克里斯托弗是一名代表安全场日on Fri., Dec. 14 at 9am PST.Watch the live stream here.
满足其他Delegates
