Professional Documents
Culture Documents
Scott D. FOOTE
P H E N O M E N A T I C O N S U LT I N G
D r. S a l l y E AV E S
CYBER ENTROPY Chief Technology Officer
Professor in Advanced Technology
MEDIA
Ally of the Year 2022
Thank You!
Top Cyber News MAGAZINE - June 2022 - All Rights Reserved 2
I think it’s
IMPORTANT
~ Annie PROULX
Editorial by Dr. Prof. Sally EAVES, ENGLAND “I believe the time is now to reduce the
The time is now to come together and build a cost of security and forge a more powerful
contagion of collaborative change around connected future – let’s do it together! “
cybersecurity progress. As industries, businesses
and consumers become ever more reliant on a
connected economy, its catalyst as the foundation
for digital transformation will grow. This must be
underpinned by security embedded by design
across software and hardware, addressing rising
threats across bad actor collaboration, IoT, Cloud
and API acceleration, ransomware, phishing,
Log4j, DDoS… The list goes on! But we can and
must fight back.
7
>> by Scott D. FOOTE
Threats emerging in cyberspace Any one of these topic areas on its own, is
• Capability Area 4) Cyber Threat Intelligence (e.g., broad enough to require a more detailed
"CTI" and Threat Intel Platforms or "TIPs") inventory of specific capabilities and
Management of Access Controls requirements. Which may explain why so
• Capability Area 5) Identity Management many mature SOCs employ an average of
• Capability Area 6) Authentication more than 50 individual tools and
Management technologies.
• Capability Area 7) Authorization
Management
• Capability Area 8) Privacy/Confidentiality
Management
Monitoring and Detection
• Capability Area 9) Instrumentation (Sensors &
Tuning)
• Capability Area 10) Monitoring (Collection,
Aggregation)
• Capability Area 11) Detection Analytics (e.g., "Big
Data" security analytics)
• Capability Area 12) Visualization (e.g., Analyst's
dashboards, operational pictures)
Informed Incident Response
• Capability Area 13) Consequence Analysis
(e.g., answering the " So What?"
imperative)
• Capability Area 14) Incident Response (IR)
Workflow
• Capability Area 15) Countermeasure Scott D. FOOTE quote: "Why Aren't We
Management (e.g., "Playbooks") Getting Better at Cyber? - Perhaps because
• Capability Area 16) Response Action too many seek simple solutions to a complex
Management (e.g., "Security Automation &
problem?
Orchestration")
Fo r e n s i c I n v e s t i g a t i o n Security in a world of wilful, sustained
• Capability Area 17) Digital Forensics (DF) Conflict cannot be ensured thru a technology
Analysis or a compliance checklist. Few even
• Capability Area 18) Case Management acknowledge the Conflict exists or their active
• Capability Area 19) Digital Evidence
role in it. Choosing instead to focus on
Management
mitigations of singular events as though they
Visibility through advanced reporting were one-off accidents or happenstance.
• Capability Area 20) Enterprise Reporting (e.g.,
KPIs, GRC, and beyond) To get "better" at Cyber (meaning specifically
to be more effective at reducing the Risks of
exploitation by skilful adversaries executing
long-term sustained attacks and strategic
compromise) requires investment in
developing or hiring defensive forces on par
with your adversaries. This is a massive, N-
dimensional chess game, with no rules. Most
don't even realize they are participating. Of
those that do, the majority dive in like it's Tic-
Tac-Toe with a child opponent.”
Top Cyber News MAGAZINE - June 2022 - All Rights Reserved 8
The Cyber Entropy
of Digital Transformation
Demands Risk Discipline
by Scott D. FOOTE
“At P h e n o me n at i , w e h a v e be gu n t o e m p lo y a n e w R 3 ( " R
cubed") Marketscape to characterize an organization
b a s e d u p o n i t s r e a c t i o n s t o c o n t e m p o r a r y m a r k e t t r e n d s .”
Within this Marketscape, the first “R” characteristic is how Responsive the organization is to
new opportunities. (Some refer to this characteristic of an organization as it’s Risk
Appetite.) We measure responsiveness on a scale from Digital Trepidation (e.g., market
followers) to Transformation (e.g., market leaders); as both institutional fear and the Cyber
Entropy™ state of disorder, randomness, and uncertainty resulting from untamed Digital
Transformation are powerful market forces which nearly every organization must balance
today.
The second “R” characteristic is how Responsible the organization is in supporting its
obligations to stakeholders, minimizing risk while optimizing value. (Some refer to this
characteristic of an organization as it’s Risk Tolerance.) We measure responsibility on a
scale from Preservation to Protection. These are also powerful market forces pulling on
organizations today, where they must choose whether to simply preserve their current value
(minimizing investments in “due care”) or proactively protect the business as Threats
continue to increase unchecked in both quantity and sophistication.
Top Cyber News MAGAZINE - June 2022 - All Rights Reserved 9
>> by Scott D. FOOTE
The third “R” characteristic represents the Risk Discipline which the
organization demonstrates in their Risk Management program within its
Information Security & Privacy Strategy. We measure risk discipline on a scale
representing the focus on Efficiency versus Effectiveness. Organizations which
focus primarily on metrics which represent the efficiency of their information
security & privacy, rank far left on this scale. While those which focus on actual
effectiveness of their controls can directly demonstrate the impact on the
business from their investments in information security & privacy.
The first obvious pattern is that of “Cyber Complacency”. Here in the lower-left of
the R3 Marketsc ape we find organizations that demonstrate lower responsiveness to
market oppor tunities (e.g., Digital Trepidation) and a predominant focus on simply
preser ving current value. These “Risk Ignorant” organizations tend to be unaware of
the inherent risks surrounding them, and implicitly accept much of that Risk b y
emphasizing efficiency and cost containment in their investments in Information
Securit y & Privacy.
The third pattern (in the lower-right of the R3 Marketsc ape) groups together
organizations mired with untamed “Cyber Entropy™”. The environments within these
“Risk Taker ” organizations demonstrate the exact opposite of “Zero Trust” – all
devices, software, data, traffic and entities on their networks are implicitly truste d
and assumed to be suppor ting some new transformative initiative. Here, the
principle of “Least Privilege” is deemed too restrictive. Administrative privileges are
ubiquitous and considered an entitlement . End-of-Life (EOL) devices and software
abound, foreshadowing the Cyber Zombie Apoc alypse. Unauthorized shadow IT
initiatives thrive. Undisciplined Digital Transformation has led to IoT devices
continuously invading unsegmented corporate networks. OT/ICS/SCADA systems and
networks may connect directly to the corporate backbone. And conventional
perimeters have dissolved as core business systems have migrated to “the cloud”.
Where Risks are not explicitly accepted, these organizations often attempt to
transfer the Risk to their 3rd par t y service providers.
The four th and final pattern is that of “Cyber Prosperit y” depicted in the upper-right
of the R3 Marketscape. Unfor tunately, most organizations arrive in this hallowed
corner of the Marketsc ape only after experiencing and surviving a signific ant digital
compromise or data breach on their journey into “Cyber Entropy”; and receding at
least once into that safe zone of “Cyber Tranquilit y ” where defensive investments in
protection are most common.
by Shahzad SUBHANI
Fresh Graduate/Less CCNA, CCNA Cyber Ops MCP, Networking, Infrastructure, Operating Self-Study Or join an
than a year RHCE, Security+, Network+ Systems, Standards Institute
MCSE, Vendor Certifications, Advanced knowledge of OS, Applications, Self-Study
Between CEH, ISO 27001 LI/LA Firewalls, Log Analysis Vulnerability
Year 1-Year 5 Assessment, Penetration Testing, Security
Applications / Tools
Shahzad Subhani is proud founder of GISPP (Global Information Security Society for Professionals
of Pakistan) which has members from 18 different countries. GISPP platform has brought many
Pakistani Infosec professionals together in order to share knowledge as well as to support each
other professionally. Shahzad firmly believes in spreading education without any financial
motivations and gains. In order to do so, he has started writing articles as well as created videos
on different information security topics. He has also motivated many other professionals to share
their knowledge and more than 100 videos on different hot topics can be seen on his YouTube
Channel named as GISPP Academy. Shahzad’s Published articles can be seen at Medium as well as
on GISPP Security Blog Page.
Top Cyber News MAGAZINE - June 2022 - All Rights Reserved 20
The Emerging
Cyber Paradigm Concept
by Dr. Merrick S. WATCHORN, DMIST, QIS
According to the National Initiate for Cybersecurity Education (NICE), the NICE
Cybersecurity Workforce Framework (NCWF) provides a national resource, which
categorizes and describes common cyber related activities (NICE, 2022). The NCWF
provides organizations which require cybersecurity services a working approach to define
cyber security activities within the context of educational development. The NCWF was
established by various federal agencies, departments, offices, human capital, and cyber
subject matter experts with the stated goal of providing a working framework to aid in
lexicon development (NICE, 2020). This work effort resulted in the development of the
National Institute of Standards and Technology (NIST) Special Publication 800-181, NICE
Cybersecurity Workforce Framework (CWF, 2020). The major focal point of the framework is
found in the Cybersecurity Work Categories (CWC), which are 1) security provision, 2)
Operate and Maintain, 3) protect and defend, 4) oversee and govern, 5) analyze, 6) collect
and operate and 7) investigate (NIST CSF, 2020). Additionally, the seven work categories
have 33 specialty areas, 52 work roles, 119 ability, 614 knowledge, 359 skills and 928 task
related terms and definitions (NIST, 2020).
As an interesting side note, the controls, which are selected by the NIST CSF provides a
concrete overlay with the Protecting Controlled Unclassified Information in Nonfederal
Information Systems and Organizations, NIST SP 800-171 as outlined by NIST release in
2020. This means that for the first-time in modern history you have a mapping between job
functions and security control to a role and responsibility matrix. Within the NCWF contains
a mapping to specific CSF statements, which intern links to the three documents in question
together via the security control mapping. For example, the category Securely Provision
provides a direct mapping to two CSF statements as listed above, which means that the
seven category specialties are aligned to known cybersecurity critical infrastructure
protection guidelines. Currently, NIST has published over 45 documents, which have been
mapped to the current version of the NIST SP 800-53 Rev. 5. Thus, we can calculate the
importance of a given security control by counting how many times a given control shows
up in NIST guidance, the formula would be as simple as (Control Importance = (Control
Count / NIST Publication) or CI = CC / NP for short. Using this formula, the calculations for
the importance of AC-1 as defined by NIST result in the following calculation CI = 8 / 45,
thus the CI of AC-1 would be 17.78%. With this type of analysis, we can see what NIST has
placed common importance of security controls against. The highest scoring security
control within the NIST SP 800-53 Rev. 5 based on this approach would be SA-4 -
Acquisition Process with an overall score of 25.56%. The lowest ranking security control
would be PM-2 - Senior Information Security Officer with an overall score of 3.33%. Thus,
to manage the impact of all security policies that deal with mobile, wireless and account
should be updated the ability to review the Cybersecurity Workforce Framework (CWF) to
determine where the Information Technology Conflict Convergence (ITCC) occurs.
Top Cyber News MAGAZINE - June 2022 - All Rights Reserved 21
>> by Dr. Merrick S. WATCHORN, DMIST, QIS
As the diagram posits the span of cybersecurity is large with many stake -
holders leadership should consider how to leverage emerging technology,
training, and guidance to adjust its organizational training modalities to build
the next generation of leaders required to govern the impacts of cybersecurity.
With the (draft) of the CNSSI 1253 aligned to the NIST SP 800-53 Rev. 5, the
establishment of new cybersecurity boundaries are created to localize security
threats as well.
Dr. Merrick S. Watchorn, DMIST, QIS, is the Program Chair for the Quantum Security Alliance (QSA)
and his current research areas include Quantum Information Systems (QIS), High Performance
Computer (HPC), Cloud Computing (CC), Cybersecurity concepts, supply chain and open source
intelligence technologies. With over 35-years of pragmatic Information Technology experience, he
blends his efforts within government, commercial and academic endeavors. Dr. Watchorn spends his
time on injection innovation, creativity, critical problem solving into a myriad of efforts and activities to
support the QSA. In 2009, Dr. Watchorn invented the Cyber Exome Ancestry Tool (CEAT), which began
to explore the impacts of Cyber Awareness and Resiliency (CAR) concepts within the cyber domain.
Several white papers, technical analysis reports have been produced by this pioneering research
capability. This type of research acumen was the primary reason he was selected to be the Program
Chair for the QSA, and his selection of subject matter expertise was instrumental in the success of the
QSA’s research focused approach to emerging Quantum topics.
Trust. This isn’t a new concept. Many organizations – IBM included – talk about trust
in the value statements we share with the world. Our customers demand it. Our reputation
relies on it. It’s essential to everything we do. All of our businesses strive to build reputations
of being a ‘trusted partner’ or ‘trusted supplier.’ We do this:
➢ By developing quality products that deliver valued outcomes to our customers and by
delivering them reliably, however and whenever they are needed.
➢ By closely guarding the data and personal information for every user within our business
ecosystem – from employees to customers.
➢ By striving to be transparent when things go wrong. By putting our hands up, being
accountable and working quickly to rectify any mistakes.
And while these among other elements dictate how a business builds trust – good
cybersecurity is how you retain that trust. When cybersecurity is integrated into every aspect
of the business, it becomes part of the daily actions and routines for you and every user in the
organization’s ecosystem. It’s embedded into every operation, infused into every policy and
wrapped around every transaction. But to do this right…we must change the way we think
about and implement cybersecurity. Zero trust offers a better way to address the complexity in
security that is challenging our businesses today.
The philosophy behind a zero trust approach is simple: Nothing is trusted. Each user, each
device, and each connection into your business must be continuously authenticated,
authorized, and repeatedly verified. While the definition of zero trust may be simple – executing
this strategy can be incredibly complex. Numerous security tools must work together to make
zero trust a reality. Different teams must communicate and agree on priorities and policies to
make security consistent and effective. Information from every security discipline must be
combined to inform access decisions that can be enforced quickly and to make threat
response faster.
“Zero Trust is a journey. Where you start or where you go next is not the same for everyone.”
That decision is tightly connected with what you are trying to achieve – not just as a
cybersecurity program, but as a business. While we have seen many organizations progress
their zero trust journey by focusing on a specific security domain, for example Identity or
Network, or by implementing a specific security technology like Zero Trust Network Access
(ZTNA), those clients that are most successful, and that will realize a faster return on their
investment, are aligning their zero trust initiatives with their top business initiatives.
While by no means an exhaustive list, there are four initiatives that will benefit
greatly from taking a zero trust approach:
• Securing the remote workforce
• Protecting the hybrid cloud
• Preserving customer privacy
• Reducing the risk of insider threat
Each of these initiatives have clear business outcomes associated with them. In order to be
successful, each requires strong, integrated, multi-domain security capabilities.
“By applying the zero trust principles of least privilege; never trust, always verify; and assume
breach, you can: build a workforce that securely connects and works from anywhere, any device,
accessing data on any infrastructure; migrate operations to the cloud with confidence, with
integrated security controls and visibility across environments; deliver dynamic customer
experiences grounded in privacy and security; and reduce business disruption by responding to
attacks quickly with a targeted approach.”
While tools and products can help enable zero trust, they alone are not the answer. In many cases,
you may already have the right building blocks in your environment to work from. Focus on the
outcomes you are trying to achieve. Assess what you have available to you in your environment.
Where there are gaps identified, look for a solution that can integrate seamlessly into your existing
toolset. And build a deployment roadmap that starts small and iteratively builds on your foundation.
Growing and supporting a business that is built on a reputation of trust starts with a cybersecurity
program that is built on zero trust. When the time comes for you to tackle the challenge of another
business initiative, you will find that you are already well on your way, because you were taking a zero
trust approach from the start.
Top Cyber News MAGAZINE - June 2022 - All Rights Reserved 25
Martin BORRETT is an IBM
Distinguished Engineer and Technical
Director for IBM Security across UK
and Ireland. He advises at the most
senior level in clients on strategy,
business, technical and architectural
issues associated with security. Martin
is co-author of the IBM Redbooks
"Introducing the IBM Security
Framework and IBM Security Blueprint
to Realize Business -Driven Security"
and "Understanding SOA Security".
On the contrary, we should share knowledge - within reason - and skills, work
together, and be kind and respectful to each other. Because no matter what your
level is, the name of your position or the years of your experience, or the
certifications you possess - we are in it together, fighting with the same purpose.
Make sure you remember the bad guys aren't waiting." ~ Dorota KOZŁOWSKA
Top Cyber News MAGAZINE - June 2022 - All Rights Rerved 27
Nobody’s an Island:
Collaboration is the key to
Neutralising Evolving Cyber-Attacks
by Jay HIR A
UA-Parser is downloaded approximately eight change that made it mandatory for public
million times a week and used by the big companies to standardise the practice of
names in the technology industry to build disclosing information and periodically
applications, which got poisoned through providing reports regarding cyber security
crypto mining and password-exfiltrating threats, risk management, strategies, and
malware. governance details to other businesses,
governments, and stakeholders. This came
Similarly, another popular open-source
after the President passed an executive order
package, log4j — which is also downloaded
last year, which included the adoption of Zero
millions of times and used by leading
Trust Architecture (ZTA), among other steps to
corporations — also made news for containing
fortify the country’s cyber security.
easy-to-exploit vulnerabilities. Fortunately,
quick updates to these packages ensured that Moreover, Congress has also passed the
consequences weren’t as devastating as they Cyber Incident Reporting for Critical
could’ve been. However, one can imagine the Infrastructure Act, which made it mandatory
vast financial losses and number of affected for businesses to notify the Cybersecurity and
people if these vulnerabilities would’ve been Infrastructure Security Agency (CISA) within
successfully exploited. Similarly, many 72 hours of any significant data security
businesses use common libraries and attacks or other kinds of hostile cyber
applications that can have unidentified — or incidents. Similarly, the Reserve Bank of India
worse, unreported — vulnerabilities. (RBI), has also issued guidelines to banks,
Organisations may also have other reasons for requiring them to report cyber security
resisting collaboration. For one, they might incidents immediately. Policies and actions like
want to retain their proprietary intel and keep these can act as a precedent for governments
it exclusively to themselves. They may believe worldwide.
that retaining the data helps them maintain a In addition to such legislative action, there
competitive edge over their market rivals. also needs to be an attitude shift within the
Apart from that, organisations may not have business community when it comes to
any incentive for collaboration in cyber cybersecurity. Businesses need to realise that
security. an organisation’s cyber security posture is just
To change this, transparency in cyber security as important as its financial performance, as
must be promoted by entities that are above Equifax’s CISO Jamil Farshchi aptly puts it: “If
the board, such as the policymakers and the you’re a customer or an investor, it shouldn’t
regulators. These entities can take steps to take a breach for you to find out a given
incentivise the sharing of intelligence company’s security posture. Companies
gathered on new threats, as they not only should be required to make public the health
have the power to do so, but also the of their own cyber security.”
responsibility to ensure the wellbeing of the As we learned from the post-WWII experience,
entities they govern. the increasing interdependence of our
The good news is that such actions are ecosystems promises unprecedented growth
already being taken, albeit in very few places. but also brings with it unprecedented and far-
In a recent example, American President Joe reaching risks. To mitigate these risks and
Biden called for more collaboration and benefit from the opportunities, we can take a
cooperation to improve cybersecurity in the page from history and adopt a more
US. To ensure the same, the Securities and collaborative approach to solving this
Exchange Commission (SEC) proposed a rule complex cyber security puzzle.
He has a proven track record of partnering with stakeholders across the organisation, including the
Board and CxO, of successfully influencing change and delivering cyber-resilience capabilities aligned
with IT strategy and broader business objectives.
Jay advocates for diversity and collaboration in cyber security and is best known for building high -
performance teams and creating an inclusive culture that empowers individuals and promotes
equality, well-being and fairness.
Rather than ‘Ethical Hacking’, I propose a Staying with the Human biology analogy,
substitute more in line with the use of the “Ethical Hacking” is to “the devil you know
Human biology as the analogy for the U.S. versus the devil you don’t” as physical
DHS – Department of Homeland Security exercise and inoculation are to the Human
Cybersecurity ecosystem description in its condition.
publication: Enabling Distributed Security in
Cyberspace - Building a Healthy and Both muscular-skeletal strength training (i.e.,
Resilient Cyber Ecosystem with Automated physical exercise) and immunology work the
Collective Action March 23, 2011 (see: same way. Both weaken the Human; one
https://www.dhs.gov/xlibrary/assets/nppd- through Self-induced stress and the other to
cyber-ecosystem-white-paper-03-23- environment-induced stress. Yes, one can
2011.pdf). argue that Self and environment are one-
and-the-same.
The Human must become diseased (i.e., not
at ease) for the Human autoimmune system
to build up resistance against the source of
disease. Over time, the Human is no longer
made weak from each respective stressor
Self-induced or otherwise. In the DHS
paper’s Human biology example, the Human
immune system is the analogy for a
proscribed Cyber Security ACOA – Automated
Courses of Action.
For this article and “Ethical Hacking”, being
It should come as no surprise that Human consistent with the DHS paper’s Human
biology serves as the DHS Healthy and biology analogy, my preference is to treat the
Resilient Cyber Ecosystem analogy since we first word as simply an adverb with a
know Human biology as good or better than synonym of Proactive (which is a good
any other and the purpose toward which thing) and the second as a verb being
Humanity directs machines (e.g. computers) replaced by a synonymous expression:
is to perform work for and on behalf of Automated Courses of Action Proactive
Humans. Exposure (“ACOAPE”); a pitiful acronym.
Given that:
1. Humans choose to interact with one
another through an exchange of thought that
is inventoried in the written word, Privacy is
anathema. In other words, Privacy and
Society are somewhat mutually exclusive.
by Craig FORD
I have been around in the IT and cyber trenches for so long now I feel like I am almost part of
the furniture, I started out way back in the early 2000s (just after the whole Y2K bug craziness –
that was a weird time). I have worked in many different roles from PC builder, IT support,
systems admin, security engineer, SOC manager, security manager, Pentester and almost every
job in between. I have written almost eight books now with five of those in the pipeline for
publishing and I currently write for several cyber security publications.
I have a couple of industry certifications and I have a couple of master's degrees (I know, it’s
weird that I have more than one). I am even the Queensland Chair for the Australian Information
Security Association, all in all, I feel I have done pretty well in my career and I am far from
done. I have a lot more to do and a lot more to contribute over the next 20 years or more in this
industry. Yes, that means you will need to get used to seeing my books and articles over the
years, I love writing and will be continuing to contribute my thoughts and ideas for as long as I
feel they are relevant.
To many of you just starting out in the industry, it is tough, I know, I have been there. I have
done that transition into cyber myself, I know at times you will want to give up but don’t, it
really is worth it. That’s not what I want to talk about though, I want to talk about you, not me,
not how I got into the industry. Not what amazing shortcut, I took (There are no shortcuts just
FYI), not what certifications you should or shouldn’t do. Mostly you should ignore what most
people in our industry tell you to do when they give advice on how you can break into the
industry. Seriously ignore everything they or I have to say. It doesn’t matter what any of us say
(Maybe you should listen to some of the advice, some great people are doing great things,
sharing great advice but that would ruin the point I am trying to get across), that’s right, don’t
listen to anything I say that has worked for me, what I valued, what I think helped me get into
the industry.
The only person's voice you need to focus on is you. YOU need to figure out what you want,
YOU need to take a deep look inside, figure out what makes you tick, what makes you learn best
and what will help YOU to get to where you need to be. If you have a passion for Pentesting or
risk and compliance you go out there and get your chance. Figure out what stage in the journey
you are on, figure out for you what you need to do to be at the level you want to be at to be a
success in your own mind (forget my success, forget jimmy bob’s success) own your end goal
and map out in small manageable steps on how the hell you are going to achieve it.
If that’s some certifications, then great get it done. If that’s some degrees, awesome, go get
them. We are all different and that’s a good thing. All of us need to find our own success, you
can take some of the things I do or have done, I am happy if my journey can help you along
with yours, I am even happy to discuss my path with you but throw out what isn’t right for you
and just do you. You are the one who needs to walk your path and you are the one who needs
to feel fulfilled with what you have achieved.
So, ignore what I have to say and go achieve YOUR goals. You are still here, you're still reading,
I thought I told you to stop listening to me, to just do what you need to do. Go on, go do you.
A HACKER I AM
CRAIG
FORD
A HACKER I AM VOL.2
Top Cyber News MAGAZINE - June 2022 - All Rights Reserved 35
Craig FORD, Brisbane, Aus tr alia
Craig FORD, is a wizard of the dark arts, a conjurer of the cyber world, he delves into ethical hacking,
security engineering and user awareness. He is not one of those hackers who hides in the dark,
hunched over his keyboard wearing gloves just doing his thing. No, Craig stands tall in the light, no
hoodies here (Unless its really cold then he might just buckle on that stance).
He is a wielder of words, with works talking about all things cyber for CSO online, Women in Security
magazine, Cyber Australia magazine and so many more we don’t have the space to mention. He has
written some books (A Hacker I Am Series) that will pull you down the cyber security rabbit hole and
leave you wanting so much more. He has a new hacker novel series dropping in 2022 (keep a watch
out for this).
Unlike many hackers, he isn’t too hard to find, look him up, you will not need to search long. When
you do find him, you can find all the usual acronyms and what not. He is a defender of cyber space,
here to stand with you on the war that is coming between good (your friendly neighbourhood hacker,
cyber professionals and what not) and evil (Malicious actors, cyber thugs, criminals). What side are
you on?
A B O U T P EO P L E, BY P EO P L E, FO R P EO P L E !
Ludmila Morozova-Buss
Doctoral Student at
Capitol Technology University
Editor-In-Chief