When you’re looking for a cybersecurity expert it’s important to be able to spot who knows what they’re doing and who doesn’t. Well in this case the title of the post is a bit of click-bait. Got you, didn’t I? This is really how to spot someone who is NOT a cybersecurity expert. Probably I should have titled it Ten Ways to Spot a Cybersecurity Fake. Let’s take a serious topic and have a bit of fun at the same time. Here’s the list.
- #10 – Mobile phone is more than a year old
- You just can’t push updates to old phones. Unfortunately this is as true for security patches as it is for bug fixes. If you want to be secure you’ve got to keep it patched, and to keep it patched you’ve got to have current hardware. In the smartphone world, this means your phone is less than 12 months old. An “expert” who carries a crappy phone isn’t
paranoidsecure enough for me. - #9 – Still carrying a Blackberry
- The internet age moves fast and you have to keep up. Blackberry is a bit of a dinosaur and you’re just not getting all the latest that you get from more agile vendors. Avoid dinosaurs when looking for technical help, they simply won’t be aware of the latest threats and rely on outdated models of security.
- #8 – Wears a suit
- In the IT industry nothing says sales rep like a suit does. Now this person might understand the need and value of enhanced cybersecurity, but they don’t know what you really need to do. If they’re not a sales rep, then they’re probably just a dinosaur, because tech people don’t wear suits anymore. See above.
- #7 – Wears a tie
- Do I really have to explain? Have you ever met someone who really got cybersecurity who was wearing a tie? See above. (Sorry Kevin – you’re the exception. You rock the cravat.)
- #6 – Uses open wifi
- Any security professional worth their salt is deathly afraid of open wifi. It doesn’t matter if it’s a hotel, a coffee shop, or an airport. Cyberpeople carry their own internet in their pocket.
- #5 – Never uses cash
- Between the Target hack and ATM skimmers at the gas pump, a healthy dose of paranoia when it comes to credit cards is a good idea. I’ve gone back to using cash a lot more than I used to and you should too.
- #4 – Thinks eight characters is enough for a password
- Seriously, rainbow tables people. If your password is leaked in a data breach it can take as little as a couple of milliseconds to crack an 8 character password. If they don’t know this, then their knowledge is years out-of-date.
- #3 – Thinks funny characters you wont’t remember are good for passwords
- I’m sorry but *#*%^)-} isn’t a great password. You will never be able to remember it, you’ll write it down and anyway it’s in a rainbow table so it’s not much better than 12345. You’re better off which an unbelievably long password you can remember that has a few funny tweaks than 8 pieces of gibberish.
- #2 – Doesn’t wear glasses
- Anyone spending their life on a computer has killed their eyes. If they’re not spending their life on the computer, they’re not passionate enough. You want someone who prefers the internet to real life. To paraphrase Orwell “Four eyes good, two eyes bad“
- #1 – Doesn’t use the command line
- Everyone with a hacker mentality uses the command line, regardless of operating system. Anyone without a hacker mentality isn’t qualified to be working in cybersecurity.
I warned you up front we were going to have some fun with this, and hopefully you did. But in reality some of these tips will help you vet your cybersecurity expert. Even just tossing some of the terms above at them to see how they respond may tell you something. If they use a term you don’t know make them explain it – if they can’t explain it they probably don’t understand it very well.
If you don’t know enough to tell a real expert from a fake, get help from someone you can trust, and stay safe out there!