Interview With A Cybersecurity Professional (Second Time)...

First, I appreciate your willingness to answer my questions. There are a few things the general public may not be aware of or consider when it comes to Cybersecurity. Let’s get started. 

1. What are some of the different areas in which to work in Cybersecurity?  “Incident Response, Vulnerability Management, Penetration Testing, Red Team, Application Security, Cloud Security, GRC (Governance, Risk, and Compliance)” 

2. Which area of Cybersecurity do you work in? “Penetration Testing.” 

3. What is your job title? “Security Analyst- Pen Tester.”  

I read that in your position, you are hired to hack into a company’s system you are testing to check for vulnerabilities. That sounds like it would be fun at times. “Yes, sometimes.” 

4. How has Artificial Intelligence impacted Cybersecurity? “AI has impacted Cybersecurity in many ways, such as enhancing automated tasks, threat detection and response, and vulnerability management. However, this has introduced new risks, attack surfaces, and ethical concerns. It has also allowed users to build exploits and malware quickly." 

5. Do you receive alerts from the government about potential attacks or threats? “I do not.”  

6. Would the average person know if they have been hacked? Why or why not? 

“I would say it depends on the scenario. If it involved their bank account, then they would be informed by their bank fairly quickly, I’d say. Or if they notice strange activity on their device or account. But as I said, it really depends. ”

7. In your opinion, is one type of cell phone safer than another from cyber criminals? How or why do you believe it is or is not safer? 

“There are phone operating systems on the market that are designed with privacy and security in mind. There are also devices called dumbphones, which focus on calling and texting, while lacking features such as web browsing, GPS, and app stores. I think having super basic phones is not practical and realistic for the average person, and I also don’t think it’s necessary for everyone to go to the extreme. As I heard from a talk at a security conference, “Everyone should have their own threat model. They should decide the balance between convenience and security.” A threat model is an approach using hypothetical scenarios to identify and mitigate risks in something. There’s no point in going hardcore if all it does is make your life harder and miserable. However, the number 1 thing a person can do to protect themselves is to have good online hygiene. At the same time, though, there are factors that are out of their control, if a company with which they are associated gets breached.” 

8. I read a lot about the Dark Web. I have received alerts that my information has been found on the Dark Web. What is the Dark Web? 

“The dark web is part of the internet where people can access unindexed web content anonymously through special web browsers. It’s widely associated with illegal activity. ”

9. How did they get my information? How can we prevent and/or remove our information from the dark web? 

“When companies are hacked or data is obtained, malicious actors tend to post this data online on the dark web for sale or even for free. You, as the individual, can only do so much. Having a strong password can help a lot in protecting your account, but if the security controls are poor on the company side, especially in how they store data, then that won’t make a difference. At the end of the day, we’re entrusting our data to whatever company we give our information to. You also really can’t remove information from the dark web. It’s kind of like the saying “once it’s out there, it’s out there.” 

10. Any last words or advice? “Always use a password manager.” 

Excellent recommendation.  

Thank you.

~A. Cross