In 2013 on an MSSQLTips webcast, I predicted that we'd see worse compromises with people's data as companies carelessly rushed to store more of customer's information. Two days ago we all learned that attackers grabbed over 500 million PII records of people's information from Facebook. In the case of Facebook, like many tech companies, it had the "best" talent in the world, yet still was compromised. Facebook is not alone here: there have been thousands of data leaks from American firms involving people's information and the breaking point of trust with customers is coming. I recently sat down with Bharath Ram of Execute On Command to discuss data and securing data. In our discussion, we talk about social media, personal data, and securing data.
In the video, we discuss some of the following topics and answer some questions:
- What early warning sign is mentioned in the discussion that predicted that "customer data" would eventually be abused, even if it wasn't being done by hackers?
- What is SWATting and doxxing? Why are these dangerous and why do companies approach to your data make these easy?
- Social media and money are two bad examples of using the digital world, but there is an example of using the digital world wisely in the dicussion. What's the good use case of the digital world mentioned and what makes this a better use over the other two?
- What four major leaks and vulnerabilities are discussed as a warning sign to both architects of technical solutions involving people's data and people who sign up for products while providing their data?
- Based on the discussion, why will hackers always have an advantage over people trying to secure data? Considering this, what's a more creative approach to data over the current approach?
- The bitcoin community promotes a security myth about how to prevent tokens from getting hacked? What is this myth and what does it not consider?
- Why is storing people's data a bad approach to business? What is this approach not considering?
This year in Automating ETL, we are talking about ETL in the context of cybersecurity. From design to specific techniques with data, stay tuned as material is added to the course throughout the year. For a coupon to the course, check out the trailer video on the channel SQL In Six Minutes.
In the video, I highly recommend some resources for further expanding your knowledge - OWASP (the website), Zero Days (the documentary), and what I call the "four major hacks" because of what we observe from these hacks. While not mentioned in the interview video above this, I also recommend reading Jim Rickards books from the perspective of cybersecurity, not economics or finance (books like Road To Ruin, Death of Money, The New Great Depression). Those books may appear to be about economics and finance. Some of the content is, but most of the content makes more sense in the context of cybersecurity. Jim Rickards has consulted with intelligence agencies and is well-aware of their technical capabilities. Unfortunately, if one intelligence agency can do something, so can others around the world. Likewise, these tools tend to be used by hackers when discovered. If you want to work in the data field - from ETL to data science - it's useful to have some knowledge about cybersecurity from the perspective of what's wrong with the entire technical approach currently being used. All these resources provide you with exatly this.
As for the question about learning if you want to move into the security field, I highly recommend that you have an idea of "who" you want to work for, as different companies will prefer certifications or degrees or both over the alternative. I've known many people who do well only with certifications at some companies (start-ups, medium sized firms, etc), while other companies want nothing less than a Master's or PhD in cybersecurity (usually if a firm is considering you for a board position later). There's no hard and fast rule, but if you want to start your own company and if you're creative, then the only thing that matters is you get results. If you start from the wise assumption that leaks cannot be stopped (and every company will eventually have their data exposed), you may create a design that outsmarts every company and eventually win many clients. This latter path is harder, but it does make the certification or degree path less relevant if you can demonstrate that you get results. I would caution anyone entering the cybersecurity field (or digital field) that as leaks continue, the entire industry may lose credibility. People don't have to trust companies and they're increasingly not. Just like we know with hyperinflation of currencies, once faith is lost, it's over. The digital world can end just as quickly as a fiat currency can end. All it takes is people feeling "it's not longer secure." As the leaks continue, expect more people to move back into the physical world. This will make every digital degree and certification irrelevant. This is one reason (of many) I will not fund my kid's education in American colleges or to get degrees in anything technical.
One final point to make about security and data is our own use. We have to assume that companies will all think they're the exception to the rule - unfortunately technical people tend to think they can outsmart hackers (they can't). Hackers will always have the advantage. This means they overestimate their skill against hackers, who are highly focused and can attack in a variety of ways. Ultimately, be skeptical about signing up for anything. If it wants a lot of data on you, pass on it. Since we can't trust companies, we should assume that good companies won't be asking for our data in the first place. If they want information on us, we can always pass. As I've learned in time, after all is said and done, most times I'm glad I never signed up for something in the first place.
Is cybersecurity a topic that interests you? Are you looking for some tools that you can use - from data management to possibly checking if you've been compromised in any leak? You can review information at the security testing subreddit for links to some tools that you can use along with information that may assist you in protecting your digital security.