This week we talked to cybersecurity author and expert, Daniel Dieterle ( @cyberarms ), to learn how he got started in the field, and to hear his take on the biggest cybersecurity threats the world is facing in 2019.
Daniel started his IT journey two decades ago, initially doing component level repairs on Commodore 64 computers and upgrading offices from typewriters to IBM PC/XT systems. Over the years Daniel has witnessed a dramatic transformation in the IT field and racked up a wealth of experience along the way. He’s worked with Fortune 500 companies, gained recognition from major institutions, authored several books, helped design training classes, and also dedicates significant time to helping newcomers to the field find their feet.
How did you get started in cybersecurity and what first attracted you?
I started in the computer field years ago as a bench tech and worked up through the different IT positions. In fact, I think I have held just about every IT position in existence. My previous roles include desktop & printer tech, network tech, web designer, system administrator, network & system engineer, even management positions.
The bulk of my experience was in providing onsite service and support. From this, I moved into the Corporate IT world, and with it, Corporate layoffs. It was during one of these layoffs that I started learning about the computer security field. The security field was in its infancy at the time, and the offensive security techniques seemed like magic.
A lot of my free time was dedicated to learning these new techniques, things like ARP poisoning and SQL Injection attacks. To me at that time, it was like a whole new world and one that I really enjoyed. I started exploring the field and wrote about what I was learning. After one final Corporate layoff, I decided to switch to the cybersecurity field full time and have enjoyed every minute of it.
What, in your opinion, are the biggest cybersecurity threats and challenges in 2019?
I would say the top three threats today are insider threats, social engineering (SE) attacks, and Internet of Things (IoT) vulnerabilities.
Insider threats and SE attacks are well known and often talked about, so I won’t spend time on these. I think IoT vulnerabilities are more prevalent and more significant than a lot of people think and these issues are only going to worsen as IoT continues to take over. I spend a lot of time with IoT devices and have seen devices with very little, or even no security – default passwords, old or outdated services, and control software that has vulnerabilities.
It goes past building security systems, printers, and cameras; these have been targeted by IoT hackers for years. New “IoT edge computing” devices are opening up an additional front in the security defense world. The rush to hook everything up to the corporate network – including air & humidity sensors, machine interfaces, and Artificial Intelligence devices are bringing in an entirely new layer of security concerns.
What are you most proud of in your career?
I think the thing I am most proud of in my career is how popular my books are, and how many people I have been able to help through them. I have had international students and people from large universities, major corporations, and top government agencies come to me and say that they use and love my books. It is very humbling, a great blessing, and very exciting!
See it on Amazon
See it on Amazon
What advice would you give to people starting in the industry?
New students and people looking to switch careers to cybersecurity will often ask me "How do I get started?". I get asked this question so frequently that I recently wrote an entire blog post on the subject, which you can find at here. That post has more in-depth advice but to summarize my best advice:
"Believe in yourself and don't give up."
This is a very complex field, tactics both offensively and defensively change constantly. Many tools in the field don’t work after Operating System updates, some techniques are just difficult to master. You have to be flexible, persistent and patient.
Take a leaf out of Thomas Edison's book. When he set out to make the first lightbulb, he said: “I didn’t fail, I just found 2,000 ways not to make a lightbulb.”
There are many things that I didn’t understand at first glance or even the 20th glance. There are topics that I totally didn’t understand, that I had to walk away from, learn other things and then after time had passed, I came back to the original topic and it all of a sudden it made sense!
There are other topics that I spent days trying to figure out and then, all of a sudden, I understood it. If I had given up after my first couple of attempts, I probably would have never mastered it. As they say, “persistence pays”, this is double so in the security field.
Lastly, be humble. We work in a field where the hottest new technology or technique is outdated in two to four years. The knowledge that we have that might make us proud will mean little in a blink of the eye. So, remember where you came from, and help others learn when you become “The Expert”.
Do you have any tips on protecting personal data?
It’s harder now than ever to protect your personal data. Many companies want your Personal Information (PI), then are very poor at protecting it, as the seemingly daily data breaches show. My best advice is to limit what PI you give out, use different usernames and different complex passwords for online accounts. Use multi-factor authentication (MFA) on any site that allows it.
Remove yourself from online “white page” databases, many of these give out way too much PI (most have removal instructions). Also, monitor your network using Network Security Monitoring, and use monitoring services like Shodan . Lastly, use password dump monitoring sites like “Have I been Pwned?”, in case the worst does happen.
If you're new to the field, or want to learn a lot more about Security or the Internet of Things, check out my Websites:
And my Books: