Cybersecurity Weekly : An attempt to share security knowledge to all
Let’s start with Why
One of Simon Sinek’s master stroke quote was to start with the reason “why”. In other words, it is important to know why you do what you do and then decide how you do it.
I followed the same route to reach my initiative. I have been in the cybersecurity domain for about 10 years now. With two masters degrees and years of exposure to red and blue teams around the world. Through these years, the only observed constants were the security incidents.
Every day, around the globe, thousands of serious security attacks happen — some come out in the media, some don’t. So I tend to wonder Why do they happen, is it that the hackers are evil or that the people (end users/targets) are too naive. Turns out that none can be blamed. Hackers are not always Evil, neither are the target institutions/businesses (nor are the end-users). It is a mix of all. Hackers like to be challenged and targets absolutely lack vigilance.
And that is where I found the answer to my why. My vision is to spread cybersecurity awareness at such a level that organizations think about cybersecurity right from the design phase and at all layers. Security-by-design, Zero-Trust, Defense in depth are beautiful security design models, but the root of all troubles is cybersecurity vigilance. Just think about it this way, you got your employees the best hardwares with secure boot, encrypted hard drives, end point protection, regular backup and system updates, hardened hardware access — but then the employee (end-user) writes a sticky note with his password (which ofcourse follows the ISO27001/NIST based password policies) on his laptop.
So what went wrong? The answer is education. If you want to build a secure system start with the motivations — and that will drive education/vigilance.
So why did I start this venture — because I want to spread cybersecurity awareness to the end users, around the world. Solving troubles from the end-first.
How will I do so?
As simple as it may sound, the question “How” can be the most difficult part of the trilogy. You may have a very noble motivation, a very good cause and an excellent product — but how will you reach your customers? And How will you do what you want to do? As soon as you start thinking about the answes, things start to get a bit more intense.
I would like to make end users cybersecurity aware by educating them. We all educate ourselves each day — some of us read news papers, some watch news on TV while some spend time on youtube. As a matter of fact about 2 billion people spend time on youtube every single day! Clearly the market reach offered by social networks like YouTube, LinkedIn, Instagram is immense and much stronger than today’s print media.
Being a cybersecurity expert today does not only mean that you are good in penetration testing or implementing cybersecurity governance, but it is a constant journey where you learn each day from numerous sources and experiences, some of which are articles, whitepapers, blogs, books, podcasts, videos, etc. Since I get my daily dose of security news from the internet and I understand that most of the end users are finding social media really useful, so I decided to use the social media as my channel to spread the knowledge.
So What will I do about it?
To start with, back in 2009, I started writing blogs on security incidents, hacking, security tools, etc. Back then, I did not know why am I doing this, but did so for fun. I received noteworthy responses back then and also realized that one of the good ways of protecting people from the evil is by telling them the story of what can go wrong and how can things go wrong. Have real examples to justify the theory never go un-noticed. So, with that thought,I have started a venture to serve this need — called “Cybersecurity Weekly”.
Today, Cybersecurity weekly is a non-profit organization which aims to spread security vigilance to everyone around the globe — after all, we all are simple end users of the internet, by end of the day. Today, this organization has presence on LinkedIn, IGTV and YouTube. Given the limited resources and time, we try to make a weekly security newsletter video to bring out the top security incidents that are most applicable to end users.
While some of the videos are quite technical and may be a bit intensive for everyone to understand, we are trying to make short videos which explain complex security incidents as per our audiences’ choices. For the segment of customers who really want technical feed, we have special edition videos called Tech-Talks, where we take it indepth.
