Joseph Steinberg’s Interview: Cybersecurity For Dummies
After a short break, our column of useful interviews with experts in the field of cryptocurrencies and cyber technologies returns.
Our interlocutor today is Joseph Steinberg. He serves as a cybersecurity expert witness, and as cybersecurity advisor to both businesses and governments around the world. He has led organizations within the cybersecurity industry for nearly 25 years, has been calculated to be one of the top 3 cybersecurity influencers worldwide.
In the interview, we touched on both the topics of his life, and the field of cyber technologies and his book “Cybersecurity For Dummies.”
If you’ve missed our previous interview with David Geer, you can find it here.
1. Good afternoon, Joseph! First, our team would like to thank you for the interview. You are one of the most trusted and well-versed cybersecurity experts. Surely, you have read and studied a very large layer of information related to the topic of cybersecurity and the main methods of its achievement. However, why did you decide to deal with this topic? Have you been interested in this since your childhood, or did this topic interest you only in adulthood?
Since I was a small child I have been interested in how computers work, and if there were (and are) ways to make them do things beyond what they are expected to be able to do. From that interest and hobby blossomed a career.
2. Probably, you’ve encountered some difficulties when studying the topic of cybersecurity? For instance, you didn’t have narrowly enough focused literature or people with whom you could discuss these issues? How did you find a way out of them?
When I started working in cybersecurity the field was quite small; there were orders of magnitude fewer people working in the field than there are today. I remember meeting with “the Internet security person” in a major bank. Yes. The one person handling Internet security. A lot has changed in 30 years…
Of course, there were no degrees in cybersecurity when I went to university ether. My generation of techies learned how computers work – and we built and grew our knowledge of cybersecurity as we, and the field, developed.
Ironically, despite the growth of the field, there is a tremendous shortage of qualified cybersecurity professionals today – the number people studying cybersecurity has simply not kept pace with the growing need for such folks.
3. Your main interest is cybersecurity. Is there anything else that interests you? Maybe a hobby or topic? Or do cybersecurity issues consume all your time?
I spend a significant amount of my time thinking about how technological developments may impact human society. Artificial Intelligence and the Internet of Things (devices that we don’t think of as classic computers, but which are connected to the Internet) are two areas of great interest to me – as are, of course, cybersecurity and privacy.
4. Can you please recommend a few books or resources that will help all Internet users understand cybersecurity issues? Maybe, you have some golden rules for achieving fully-fledged online protection?
My recommendation is to read the article entitled
which you can access by typing just
into any web browser.
And, of course, please subscribe to my periodic newsletter – I’ll email you if there are important issues about which I believe you should know. Sometimes, ironically, I notify people NOT to worry about cybersecurity – as, unfortunately, after every newsworthy breach many experts seem to start “crying wolf” about how everyone should change all of their passwords, for example, when, in fact, after many so called “major breaches,” the typical person does not actually need to do anything.
5. Now, we would like to talk about your book, which in our opinion is the undisputed bestseller of our time – Cybersecurity for Dummies. How did you come up with the idea to create such a fundamental work that would reflect all the necessary information on cybersecurity? Was it difficult to embody this idea?
I was actually approached by the managers of the Dummies series about writing this book – Cybersecurity For Dummies – so I have to give the team at Wiley credit for coming up with the idea. The book has been a best seller – so much so, that not only has it been translated into multiple languages, but the second edition of the book just went on sale at bookstores – both online and physical – this past week.
As far as the writing itself, it was pretty straightforward for me. While my previous books were directed at cybersecurity managers and other technology professionals, my column – Joseph Steinberg: Totally Candid – has always focused on a much broader audience. Likewise, I do a significant amount of cybersecurity expert witness work, which nearly always entails translating complex cybersecurity concepts into easy-to-understand layman’s language. So, while writing any 400-page book is a major project that takes quite a bit of time and effort, I was quite comfortable writing Cybersecurity For Dummies.
6. You are one of the most successful cybersecurity consultants. How many years have you working with companies and what case of consultation do you remember the most. Why?
If I answer this question honestly, people will know that I am not 29… 😊
Seriously, though… While I have been consulting independently for about 20 years, I have been working with cybersecurity in various capacities since the mid-1990s – which might as well be considered part of the Dinosaur era when it comes to cybersecurity. My first interactions with firewalls occurred even before the first web browser was invented. And, as I mentioned before, I was working in a major bank when it had only one internet security professional on staff.
7. We are living in a time of pandemic. Please, tell us whether cyberattacks have become more frequent than the previous years since most employees switched to the online mode of work?
Of course! Cybercriminals know that many organizations were not properly prepared for employees to suddenly start working remotely, and that many are not prepared for the complexities involved with transitioning to a partly-in-person and partly-remote environment. Cyber dangers are not simply technological – employees working from home are often far more vulnerable to social engineering attacks than are their in-office counterparts – remote workers, for example, cannot simply walk down the hall to verify in person the authenticity of an email request from the CEO to wire money to a supplier.
8. Today, only a few people seriously think about cyber threats. Is it possible to change the attitude of internet users to the issue of cyber threats? Can you make your forecast for the next 5 years? What exactly will the internet look like?
We should be teaching children about cybersecurity and online privacy on an age-appropriate level, just as we teach them not to play with fire or to run into the street. If, in regards to education and training, we start treating cyber dangers like physical dangers, we will ultimately see a shift in attitude amongst many members of the population.
In 5 years we will see many more computer systems, doing many more things, and making many more decisions without human involvement – and many of those computer systems will not look like computers, they will be embedded within appliances, industrial equipment, etc. With advancing technological capabilities, of course, comes greater cyber risk…
9. Have you ever heard anything about Utopia P2P Ecosystem (https://u.is/)? This is a decentralized network that allows using the Internet anonymously and securely. It has built-in tools like messenger, email, crypto container, wallet, browser. How can you evaluate the system in terms of functionality and cybersecurity? (If the idea of an ecosystem doesn’t impress you, you can leave the question unanswered.)
<I cannot properly answer this in a short answer – please skip the question>
10. Would you like to experiment and check whether the Utopia ecosystem is safe and reliable to use? After that, you may want to recommend users start implementing it on the Internet daily. (If the idea of an ecosystem doesn’t impress you, you can leave the question unanswered.)
That’s a major project – and, unfortunately, as cool as Utopia may sound, I simply do not have anywhere near the amount of available time as would be needed to perform an adequate amount of testing…