Posts

Cybersecurity CEOs: find your "big why" or get out of the way

Image
I never grew out of my "why" phase. I made my problem worse by getting an Intelligence Studies degree from Mercyhurst & became an Army Intel officer.
One thing I loved about the Army was the mission statement in the Operations Order. Nothing really happened without an Operations Order and the mission statement's purpose was simple: tell the Soldiers why you're about to do something. By giving "commander's intent," the troops know the "why" behind the mission so that if everything goes to hell and  you forget all the other details, the objective is completed & the mission is accomplished. Rescue the hostages, destroy the machine gun nest, capture/kill the target. If nothing else happens right, do this one thing no matter what.

Of course I'd ask "ok, but why are we doing that?" The Army had an answer: read the mission statement in the Operations Order published by the highest headquarters -it's there for everyone to re…

What Facebook Must Do To Regain Our Trust

Image
TL;DR - Facebook's current problem is that it has no good way of verifying the identity of those looking to leverage its users for advertising or broadcasting via Facebook groups. It got there because it needed to rush to get users and then monetize them before it ran out of money. Now it needs to raise that bar by learning from Airbnb. 
Getting users on its platform as quickly as possible is what gave Facebook a valuation of over $300 billion. It grew a community so big, so fast, and so loyal it was able to become a fast track for advertising - advertisers could leverage all of the personal data Facebook users unwittingly offered up every time we added to a profile, made a friend, or "liked" a post. 
These advertisers used this information, either leveraged from Facebook or, in Cambridge Analytica's case, through apps that granted access to our data on Facebook. This doesn't even cover all of the more technical information about our browsing habits and other onlin…

Zuckerberg moved too fast, and it broke

Image
"Move Fast and Break Things" was Facebook's motto back in the day. The concept was, you're not going to get it right on the first try, but at least it's a start in the right direction - we'll adjust as we keep trying.

It's a great mentality to have as a startup founder when success seems decades away and failure lurks around the next sunrise. Time is in short supply, cash to run the business is running out, and competition is breathing down your neck - getting the most highly operational and successful product out as quickly as possible is likely the difference between life and death for the company.

Thus, life for that startup is founded on its initial success borne from speed and some caution being thrown to the wind. And success can be intoxicating. When moving fast and breaking things works, it works fast, and when it works in the right circumstances with the right ideas, it can become huge - it can become Facebook. And so moving fast becomes a trade…

Two-Factor Authentication - the most important thing you can do to keep hackers out of your accounts

Image
I’d like to start by apologizing for not doing this blog sooner as I think it’s one of the most important steps to lockdown your online life. That said, let’s get you protected.
Online accounts, whether it’s a social media account like Twitter, a cloud storage account like Box, or an online banking account, are huge targets for hackers. The reason is efficiency: it’s harder for hackers to find your devices in order to gain access to your accounts than it is to go to a webpage and find a login screen for your account.  
Once they get to the login screen, they begin password cracking which is using software to throw a mathematical kitchen sink at your password and user name to see if the software can guess it. The shorter and simpler the password, the less time it takes to crack.  And once it's cracked, they’re in.
But if you enable two-factor authentication, it won't matter if they crack your password. Two factor authentication is like requiring two keys on the submarine to launch…

There are no dumb questions in cybersecurity

Image
It’s easy for us to assume protection so we can feel safe enough to move on with our lives, instead of questioning everything and being paranoid. We generally trust and don’t question: our banks to lock their vaultsour car alarm to go off if someone tries to steal our car andour police departments to catch bad guys before they break into our houses. There’s a lot of trust we put in others to keep us safe. But, we all know that we can't fully rely on others to protect what we care about - we have to do our part too. I think many of us forget all the steps WE take to keep ourselves safe and confident every day. We: safeguard our checkbooks and debit cards from our bank so people can’t steal them and access our accounts
lock our cars and safeguard our keys and
we lock our doors and windows and turn on our security systems before we leave our houses. These are routine things we do every day to keep what we care about safe - almost like security hygiene. We understand that there isn’t one …

We’re the cybersecurity industry - and we’re sorry.

Image
You’re one of the over 143 million people whose data Equifax lost. Or you applied for a government job or clearance and your data was exposed during the OPM breach. Or you’ve had to deal with a hacker holding your files hostage with ransomware. Or you just have a hard time remembering all the passwords you have to create so you rely on the same one for everything.
Any way you cut it, chances are your trust and confidence in the ability to protect your information is horribly low, and it’s mostly our fault - the cybersecurity industry itself. We’re really bad at explaining how cyber protection works and why you should care.
Imagine if you lived in a house but didn’t know where all the doors and windows were, didn’t know how to lock them or who had keys to any of them, didn’t know how dangerous the neighborhood was, and didn’t know if there was a working home security system - it’d be pretty hard to feel safe enough to fall asleep every night.
So, you’d likely set about figuring all of tha…

Remembering passwords is hard - 6 reasons why you should use a password manager

Yes. Yes. 100% yes, you should use a password manager.

"Wait, what - a password manager? You mean an app on my phone or laptop that helps me generate and remember complex passwords for each one of my accounts?"

Yes, exactly. Here's why you should use one:

1. You're not going to be able to remember unique, complex passwords for each one of your accounts.

2. Because since you can't do #1, you'll repeat passwords, making it easier for hackers that gain access to one password to be able to access your other accounts.

3. Password managers help you generate long, unique passwords with different length and character requirements instantly instead of trying to create them yourself.

4. Many let you securely share passwords with family members, friends, or coworkers - instead of emailing them or texting them unencrypted.

5. Most have browser extensions or apps that will auto-fill passwords for you on websites and accounts you regularly log in.

6. Password managers are apps for…