Interview With Cybrary Co-Founder: Ryan Corey

Interview With Ryan Corey: Co-Founder of Cybrary.

As we all know Cybrary is providing free IT and Cyber security trainings to everyone. It was launched on January 13, 2015. Today, we interviewed Ryan Corey who is the Co-founder of Cybrary. 

1)  Tell us about you. What got you into cyber security and the world of hacking?

I was working for an IT and Cyber Sec training company called TrainACE since 2003. I have always really been intrigued by the industry. Over the years I attended conferences like Hacker Halted etc. and made a lot of really good friends in the field of security. When the Certified Ethical Hacker certification became popular, i thought that was really cool, and so we got heavy into promoting and selling that.

2)  Why is hacking/cyber security a concern for people?

I think its only the beginning of it becoming a real concern. Primarily it should be a concern for organizations like governments and businesses. The reason I believe its such a huge concern is because there are millions of dollars at stake and hyper-sensitive information and data at stake. The
problem, primarily is that since the technologies change so rapidly, new vulnerabilities open up so often, every day, as we know with Zero Day attacks etc. These changes are very difficult to keep up. Thats  much of the reason why we started Cybrary. There is no reason cyber security training should be so expensive, and up until now, you couldn't find an affordable offering of pretty much anything you wanted to learn in cyber security. Plus, with the global cyber security skills gap past 1,000,000 open jobs, the problem of cyber security competence, capability and talent is too large. Cyber security as an industry is growing faster than almost any other industry right now, and therefore, the job gap is going to continue to grow. The barriers to learning were too big, people needed a resource to learn, and to do so free. Thats the only way we can start to address the job gap, get competent people employed in the field and help strengthen our organizations. Plus, Cybrary gives them the chance to maintain and grow their skills, so that they can advance within their jobs.


3)  What can people do to protect themselves from cyber hacking?

I think individually, you just need to stay fresh. You cannot stop learning in this field, because things will pass you by too quickly.  One thing that we are doing to help companies and organizations address their #1 vulnerability is End User Security Awareness training ( http://www.cybrary.it/enterprise-training-solutions/end-user-security-awareness/ ) End users are the primary cause for the majority of major breaches that we hear about in the news. Many organizations think that hardening the network will keep thejm protected, but as we know, social engineering and other types of end user targeted attacks can often happen with great effectiveness. Therefore, by overlooking end user security, any organization remains an easy target. So i think that's the main thing that organizations can do, make sure every person in their company knows how to act with security as a primary concern.

HOC Team:
Yes, security awareness is so necessary to all the employees, because everybody use internet. So they should be aware of cyber security concerns.

Ryan:
Absolutely, any person that has access or interacts with anything connected to the organization's data systems. As we know, exploits can occur on any application or type of digital equipment. So anyone interacting with anything like that, needs to know what they are doing and needs to be aware of the threats that exist.

4)  In your opinion why do people hack?

Because its lucrative in most cases. Something of actual value can be stolen, any time thats the case, thieves will exist. I believe other people mess around and try out things on the web as well, maybe they just learned how to run a brute force attack or man in the middle attack, and they want to try it out to see if it works, and most of the time thats probably harmless, as long as they dont do anything malicious after that. But in most cases, there is something to be stolen. I have however, seen some people hack websites etc. just to P0WN something and deface it, which is childish, and there should be no reason for that to happen. There are many places online you can practice your skills, such as Hackthissite.org and some others.

5)  What do you consider the biggest cyber threat to the internet?

I believe that the biggest threat right now, is mobile. With people and companies utilizing BYOD, and then applications being installed, updates being installed and so on, it seems like a daunting task to keep up with. I know there are some really smart people working on technologies to help secure enterprise mobile, like Georgia Weidman and her new company https://twitter.com/shevirahsec   I also believe, we are soon going to be faced with perhaps the most serious cyber security concern we have yet to face, "Internet of Things". Imagine all the vulnerabilities, among all the API's on all the devices that will be web enabled, in many people's homes.

6)  What is your opinion of how cyber hacking/security is going to affect the future of the internet?

We, the people developing the platforms, applications, hardware and software, need to shift from a process of building product first, then thinking about security, to building the product with security in mind. In other words, too many product and application designers have too little experience with security, so they build for function and then they let other, cyber security engineers secure their product after it has essentially already been built. Instead, the people building the products need to have security engrained in their thought processes from the start.

7)   What is your vision with Cybrary towards global security ?

Honestly, I think we have the potential to help move the industry in the right direction. By placing the ability to learn cyber security, into the hands of anyone that wants that opportunity, more people will enter the field and more progress will be made, much faster. I think that eliminating the barrier to learn will help to diminish the fear of cyber attacks, because it will empower people and organizations to act. You don't have to be mystified by how insecure your wireless security setup is, instead you can go to Cybrary and learn what you should be doing to protect it. Plus, I think learning and education is going to be free for everyone, everywhere, one day, and so by doing this, we are doing our part to make education free, for a really cool industry. What we are also seeing, is we now have people from anywhere in the world, helping each other to solve problems and to find answers to cyber security questions. Thats really cool, because I think Cybrary is starting to bring together, or globalize the cyber security community. People are helping people, and making friends with people, and learning from people from the opposite side of the planet from one another, I think that's going to really help better both cyber security, and our world.

Lastly he told us,
"I appreciate you doing this interview Priyanshu, again, you have been awesome to us, we really appreciate your help!"

Contact: 
LinkedIn | Twitter

Team HOC really appreciates Cybrary's work.

Check below link for Cybrary training's
http://www.hackersonlineclub.com/online-ethical-hacking-training

Read more

by Malik korrich ~ mardi 9 juin 2015 0 commentaires

An Interview with the Founder of Bulb Security, Georgia Weidman

Georgia Weidman is one of the few women in the Infosec industry who made a name for herself. She is an experienced penetration tester, security researcher and trainer. She is also the founder of Bulb Security which is highly rated security firm for security assessments and training.

Georgia was awarded a DARPA Cyber Fast Track grant to build the Smartphone Pentest Framework (SPF). She is also the founder of Shevirah Inc. a provider of testing tools for assessing and managing the risk of mobile devices in the enterprise and testing the effectiveness of enterprise mobility management solutions. Shevirah allows security teams to integrate mobility into their risk management and penetration testing program. Georgia is invited as a speaker on many international security conferences To name a few she has spoken at the Blackhat Briefings, Brucon, Hack in the Box, Derbycon, and many Bsides events.

Georgia’s work has been featured in print articles including CNN, Ars Technica, PC World, and MIT Technology Review. She’s also discussed security on television on programs such as Fox News Live and 16×9 on Global TV Canada.

Georgia completed her bachelor’s degree at the age of 18. After that she perused her education in Computer Science from James Madison University with emphases in information security and secure software engineering.
Georgia success story doesn’t end there. Her book was published recently under the tile Penetration Testing: A Hands-on Introduction to Hacking. Here is an exclusive interview that she gave to Ehacking. We have asked some

EH: Hi Georgia, as we see in your short biography you have achieved tremendous success as an Infosec professional which is a rare thing.  World want to know what brings you to this Industry? 

GW: Well both my parents are technical, so it was kind of a given that I would pursue some sort of technical career. I went to an early college program that was all female. While there were fewer students in the STEM fields, I thought that was because they were harder fields of study than other subjects. It wasn’t actually until graduate school that it even occurred to me that women in computer science are rare. I’ve never let that hold me back though. I discovered cyber security in the collegiate cyber defense competition (CCDC) a competition in the United States for college students to get a taste of the life of security professionals managing a network actively under attack. I really enjoyed the competition, even though naturally it was more stressful to keep a network alive and well when a lot of security professionals kept trying to break into it. I immediately knew I had found my calling and decided to pursue a career in information security.

EH: You are pretty much becoming a role model with your accomplishments for the young girls. What message do you want to give them?

GW: Never let anyone tell you don’t belong in information security. Unfortunately, there are a lot of people who get jealous of anyone else’s success and try to tear other people down. Anyone who is in a minority in the industry gets more than their fair share of abuse. Don’t let it get you down. If people are mean to you, it means you are doing something right, making mean people jealous of your successes. It’s easier said than done to not let things like that get to you, but it’s important that people with a passion for information security pursue a career in this field.



EH: Give us an insight about your book? What was the motive behind it and what do you want to accomplish through it?

GW: I wanted to provide a hands-on book for beginners, people just starting in information security, to help them learn. When I was first starting out I had a lot of trouble getting the experience I needed to move forward. Lots of tutorials would assume understanding of Linux or programming or even previous information security experience that I didn’t have. And a lot of times when I would ask for help I’d get something along the lines of “Get off N00b!” which was very frustrating. I teach introductory technical information security courses, but naturally not everyone will be able to attend those. With the book hopefully I will be able to reach more people who are interested in learning these skills. Readers will have to do the work to learn the skills, setting up the environment and working through the exercises, but it makes the information available for beginners everywhere to learn.

EH: You have an M.S degree in Computer Science. Do you think that it is important for the people to succeed in this Industry to have an educational background in Computer Science?

GW: I went to college early at the age  of 14. So when I graduated I was only 18 and not sure what I wanted to do yet. I went to get a Master’s degree just to avoid moving back home with parents after college. Luckily in the course of my studies I joined the cyber defense club at my school and discovered my passion for information security. I know many security professionals who do not have a  college degree or studied another subject. Hard work and gaining skills in information security will get you far in this industry. That said, it is much easier to get your first information security job if you have a computer science educational background. Many schools even offer an information security concentration.

EH: We have seen that some hacking groups are pretty much in news in recent times like Syrian Electronic Army and Anonymous. What is the motivation behind those attacks?

GW: Why do people do bad things? That’s a question for the psychologist or philosopher. Hacking attacks are motivated by the same things as other types of attack. There are monetary rewards associated with attacks whether from some entity paying you for the attack or the “spoils” of the attack like credit card information. There is also the thrill and prestige that comes from said attack, although the individual anonymity is a drawback. I think the primary motivation for these latest attacks are to generate fear. Or maybe it is just a warning to us to take security seriously.

EH: The companies are investing millions on their Cyber security programs but still we see time to time that even the most powerful companies fall victims to cyber attacks. As a founder of a Bulb security do you think the world will ever have a full proof Cyber Security program which was impossible to breach?

GW: I don’t think it’s possible to have a running network without at least some vulnerability. Consider your home. You probably have door locks, maybe an alarm system, maybe bars on the windows if you live in a very high crime area. But would you consider your house impossible for a thief to break into? What if the thief knows how to pick locks? What if the thief poses as a delivery person or police officer to trick you into gaining access? We can and should minimize risk as much as possible, but we must never assume that we are not vulnerable to any attacks. This will give us a false sense of security and we will not do the things we need to insure we are as secure as possible.


EH: According to a research the Cyber Security industry will grow three times in the next 4 years. This is the hottest Industry right now for the Investors. How do you see the future of this Industry? What challenges this Industry is facing and what steps can be taken to eliminate those challenges?

GW: The biggest challenge I see is the way our networks and assets are changing. In a traditional network where everything is hosted locally, physically in our data center, on someone’s desk, etc. The only way they can communicate is over the network, with all traffic passing through our perimeter to the Internet. With the rise of mobile, the cloud, etc. this is changing drastically. Traditional methods of vulnerability assessment, incident response, etc. are not sufficient to deal with these changes. In particular, my work centers around moving vulnerability assessment and penetration testing capabilities forward to cover the unique issues around mobile devices such as the mobile modem, near field communication, and the effectiveness of security controls around mobile such as enterprise mobility management solutions and data containers.

EH: What is your opinion about Edward Snowden?

GW: When Edward Snowden exposed our government’s spying practices, most people were not at all surprised by the news. This is really sad because privacy is one of those freedoms we should be protecting instead of giving away. Most of our privacy laws are built on an expectation of privacy. Do you have any expectation of privacy, now?

EH: Women in information security, is it still myth or they can make it?

GW: Of course they can make it, and anyone who says otherwise is the people who shouldn’t be making it in information security. Anyone who says otherwise needs to climb back under the rock they came from.

EH: At the end, what would you recommend/suggest to someone new in information security filed?

GW: My book of course. And there’s some great free training available at Cybrary.it including a course from me that does some of the exercises from my book (and some additional exercises and topics) in video form.
Something along the line of do lots of different types of trainings to figure out what you like and what you are good at. Network/intern with people in those areas so your talents become known.
interesting questions related to the current scenario, the future of Infosec and the role of women in this industry.

Georgia Weidman has achieved tremendous success in pretty short time. She was gifted because of her family background but it was in college when she realized her potential in a Cyber security competition. 

 

The biggest reason behind her success is the passion, Georgia is a perfect role model for the young generation specially for those who think this industry is for men only.

Read more

by Malik korrich ~ mardi 14 avril 2015 0 commentaires