Add Me On Meatspace
(1:25 ) Mitch introduces Alex Cherones, Partner and head of Cybersecurity at Headstorm. He paints a picture of information security before the days of cloud computing and wifi and iPhones... and how the progression of business communication tech has added more and more attack vectors to spread risk. (7:14 ) Mitch and Alex discuss the dilemma of ultimately putting best-laid security plans in the hands of "carbon-based life forms" -- consistently the weakest link of any system. We talk about how and why users so often prioritize utility over safety, as Mitch compares the dilemma to government transportation organizations (FAA, NHTSA, etc) whose objectives are inherently at odds: encourage utility, but also encourage safety. (12:34 ) Alex bubbles up a classic blunder of the human brain -- that we focus on fear rather than danger, and doing so is one of the crucial ingredients in becoming a victim of cybercrime. (15:16 ) Alex speaks on some of his typical experiences working with corporations to help identify the need for cybersecurity. When he runs phishing tests, for instance, he's found the failure rate to be "anywhere between 100% and 100%." Consequently, we discuss how cybercrime is often a market of one, ergo the weakest security link is the only link that needs to be broken. Mitch gets to talk about one of his favorite hobbies: imagining how easy corporate espionage would be if he just sat in an airport all day with a recording device. Alex responds that one of the big cybercrime tactics used in airports and similar places is a "pineapple": a spoofed internet connection set up to be as simple as an open wifi signal with a familiar name, which then proceeds to gobble up the victim's data. (25:08 ) As a callback to the adtech episode with Veronica Ahern, we harp on data minimization as a risk mitigation strategy. (28:44 ) Mitch's hot take: the most sustainable defense users can offer is their imperfection -- the suboptimal, slow behaviors we organically exhibit as humans, which has helped security tools like Recaptcha distinguish a Bob from a bot. Alex generously buys 50% of the argument, pointing out that there is promise in profiling users to establish patterns (via behavior analytics), which can then be used to identify anomalies and deploy countermeasures. We close out by discussing the nature of hackers, and how that term has been misapplied and misunderstood by the masses who lack the imagination to see why someone might desire change.