Coming out of my semi-retirement to work on cybersecurity research has been a real eye-opener. In my last essay, I have started to go “all in” with the post The (Mis)Information Age – The End of the World as We Know It and What Vault7 Teaches Us.
There is a tremendous amount of work to do for cybersecurity; and now, eight months back into cybersecurity after years of semi-retirement, I am slowly beginning to understand why there has been little progress in cybersecurity in the past 20 years. The world is full of “talkers,” but it is really hard to find any true mind-on, hands-on “doers”. This is obvious on the work-related social network LinkedIn. Countless people comment, share, like, and interact (on a lot of nonsense) but you will be hard-pressed to find a handful of people who actually do anything from a hands-on design and build (engineering) perspective.
I find it amazing (and dangerous for cyber) that in the “age of information,” where software controls machines, that so few people actually work in this field, using their minds to build cyber-defensive applications. It’s amazing, really, if you think about it. Why does this problem exist?
This is especially noticeable as an expat living in Thailand where the vast majority of foreign expats here just sit around eating, drinking and partying their life (and money) away; and contribute very little to society, except for the waste products (paper, plastic, beer bottles, whisky bottles, styrofoam, hydro carbons, and more) that they produce each day. I am truly having mixed feeling that I came our of retirement do independent research to help save the world! Why do the vast, vast majority of people just consume and do not produce anything useful for society?
The problem is not limited to my views as an expat living in Thailand. It’s everywhere. Talkers, critics, commenters, “likers” and “sharers” – but there are actually very few “doers” who take ideas from their minds and turn those ideas into something useful (something wonderful) for society as a whole. We don’t need more comments or criticism, thank you! Build an application that makes the world a safer place. Commercialize it and get rich, and stop complaining about not having enough money or that you need a better, higher paying job. Create a great life, yourself. You don’t need inspiration messages to do it; just do it.
We live in an age of information, where we all have access to powerful computers on both our personal computers and our phones – and soon in most every device – all connected to the Internet. These devices are created and engineered by a very tiny percentage of people in the world; and the other 99.9999% (a random number statistic) of people are consumers. This is true in the cybersecurity realm as well.
Wow. I was watching YouTube on my Smart TV the other day and it’s just stunning to me to see there are many people in SE Asia who live in 2017 by scavenging the land (like gathering algae from waterways) and hunting insects (like raiding nests of ants from trees) for food. Why don’t these people go read a book and write a software app. Then they can go buy enough food to feed their family forever! Instead, they send their children to the city to work in the “entertainment and tourism” industry so they can send money back home to their parents. These same people all have smart phones and TVs. They all can take photos, and share photos. Most comment on Facebook and consume technology. Why don’t they make a living taking their good ideas and creating software in “the age of information” versus hitting a nest of ants with a baseball bat and gathering the ants to eat them?
We do not need more “cybersecurity talking, marketing, experts”. We have too many already. We don’t need people going into the forest and beating ants with big sticks, scavenging for food. We need people to use their minds in the “age of information” do create things useful for society and make the world a safer, better place – and that includes cybersecurity.
Now, I don’t really think the hunters and gathers of the less developed world are going to write a great cybersecurity app anytime soon. But what about all the people from the developed world with access to schools, top universities, textbooks, who have good math and science knowledge from elementary, junior and high school. What is their excuse? They have functioning “information age” brains, don’t they?
What we need is for cybersecurity “experts” to sit down in front of the computer and translate their ideas for creating cyber defenses into working software that actually does something. We don’t need more “talkers”, we have enough. Really!
I mean, honestly, isn’t that what the “age of information” is all about? Information age workers – designers and engineer – these are the people we need. We don’t need more sales people to sell us sell us more consumer products! Thank you! We don’t need people who “do not do” to tell us “what do do” and “what do buy”. This is madness.
You would think that “experts” would have “ideas” and sit down and use their minds to translate their ideas to working software that actually might solve a real-world problem. Instead, LinkedIn (for example) is pregnant with inspirational messages like “How to Prepare for Your Next Interview” or “Would You Hire a Millennial if He or She Showed Up Late?” or “How To Sell, Sell, Sell and Never Give Up!“.
More amazing to me is that people “socialize” and waste so much of their time by commenting on this nonsense. It’s no wonder the state of cybersecurity is so bad. The “age of information” seems to be more about “the age of chatter, commenting, liking and sharing” and not actually creating information technology which will make the world a better place. Social networking has a huge downside when everyone is chatting and not actually doing. Why do I need to some out of retirement (in my old age) to actually do something for cyber security while most everyone else just chats about it. This is annoying (LOL).
I joined LinkedIn when it first started. I thought it was a good idea to have a career-related social network. I thought it would be good to share contact info for tech jobs and keep up with what others are doing. But unfortunately, LinkedIn has been reduced to a big data-mining tool for generating sales leads and posting “witty” inspirational messages ad nauseum. It’s “pay to network”, just send money every month so you can InMail to your potential sales or job target!
What is more amazing is that people love this type of ‘talk talk talk,’ ‘comment, comment, comment,’ social networking. It’s human nature, yes we know – but it’s not making cybersecurity better. All this noise and chatter is not making the world a safer place for the children of tomorrow.
In fact, if you look at what is going on in the world, one could easily argue that cybersecurity is destined to be one of the greatest problems in the world, if it is not already.
What the world needs is less “talking” and more “doing” and by “doing” I mean taking your ideas Mr. Expert, and sit down in front of the computer and translate your ideas to working-information which can be executed by machines (computers and devices) to make the world and society a better and a safer place.
Let me be perfectly clear here.
If you “experts” cannot take your ideas on cybersecurity and sit down and use your mind to design and engineer applications (write software) with your own hands which translates your ideas to a working application; then you are NOT a cybersecurity expert.
Even if you have 10 certifications and your CISSP, if you cannot take your vision of a better and safer cyberspace and use your mind to write instructions (information) to instruct a computer how to help society solve the problem, you are not an expert. You are a consumer.
Please. Become a doer and not a talker. Walk the talk. We need you to “do” not to comment.
The featured image in this post was created yesterday (16 March 2017) using a WordPress plugin I wrote that records cyber activity and scores the activity based on risk – and then uses a MacOS app I wrote to create a graph and visualize cyberspace – the objects and the threats. In the first day, this app helped me find an IP address (GEOIP not disclosed, because it’s not that important) who attempted to brute force login to the database more than 5000 times in a few hours and gain admin control.
Tim, your results are incredible is such a short time! You’re tackling so many groundbreaking areas at once, and actually “doing” them. I believe very soon, others will notice your remarkable frameworks and implementations. Personally, I find your work very inspiring, and I need to be more of a “doer” here like you mention. Cheers!
Thanks for the kind words. The ethics that are taught to engineers during their university studies is that at an engineer applies math, science and technology to benefit society, as a whole. Cybersecurity would be in a much better state-of-the-art if engineers would do this; apply math, science and technology to benefit society. Unfortunately, society has done a pretty good job of painting people who are hands-on engineers and computer scientists as “geeks” or “nerds” and have done an even better job of glorifying all things superficial and consumer-sensual oriented.
The current result of this “topsy-turvy” world is that cybersecurity is dominated by people who cannot sit down and use math, science or engineering technology to conceptualize, design and build software applications that will bring situational knowledge to cyberspace.
New apps are released all the time so people can take sexy-selfies or chat with their friends and like and share pictures of their food and drinking parties; but very few apps are released that help create the situational knowledge required to defense cyberspace against malicious activity, covert operations and information warfare.
In addition, it’s not AI which will solve this problem. AI cannot and should not replace Human Intelligence. the solution will begin when humans working and traveling in cyberspace in both space and time becomes something “sexy and fun” like sitting in the cockpit of a jet aircraft as a fighter pilot.
Honestly, I don’t think that what I’m saying is going to happen anytime soon; and we are going to see more and more serious problems in cyberspace and cybersecurity before things get better. The world is now distracted with so much superficial nonsense, consumerism, populism and conspiracies theories that there is little hope that, in the short and near term, cybersecurity will see much improvement.