Conversations about life & privacy in the digital age

SpiderOak University & Interview with a Cybersecurity Expert

This week we opened the doors to SpiderOak University. Anyone can participate and earn extra GBs.

We were honored to talk to Richard F. Forno, Ph.D., who has more than 20 years of experience in the cybersecurity field. Dr. Forno helped build the first formal cybersecurity program for the U.S. House of Representatives as the first Chief Security Officer for at Network Solutions (operator of the InterNIC), and is considered one of the early thought leaders on the subject of “information warfare.” Today, he is the Assistant Director of the UMBC Center for Cybersecurity, an honors college in Maryland, as well as the director of its cybersecurity graduate program. Dr. Forno is also a SpiderOak fan.

1. How have you seen cybersecurity evolve since you’ve been in the field, and how would you describe where it is right now?

RF: Cybersecurity these days means much more than just people at computers guarding data and network resources. Yes, that’s where it started off decades ago when it was known as ‘computer security’ and existed as a small function of the IT department and treated as an administrative overhead budget item — but with technology, data, and networking permeating nearly every aspect of society, it’s taken on a much broader meaning and become a critical corporate function. Now, ‘cybersecurity’ can refer to nearly anything related to ensuring the security, availability, integrity, and resilience of the many systems and sources of data that form the foundation of modern existence — from protecting company (or national) secrets to personal health care and financial records, from the systems controlling water and power distribution in our cities to the widgets in our televisions, toasters, and electronic devices they all require some degree of security, assurance, and resilience since our lives and much of society depends on them.  That said, I still believe cybersecurity — and by extension, privacy — is a state of mind and very much dependent on the context of any given situation to be effective.

2. Are you seeing more students that care about privacy and cybersecurity, or is it harder to attract people to your program?

RF: The former, absolutely. There remains a sizable global interest in cybersecurity education, from high schools and community colleges all the way through 4-year and postgraduate study. Recurring news reports of data breaches, website defacements, and denial of service attacks certainly help generate interest in the subject both personally and professionally.

That said, given the strong interest in cybersecurity, it’s important to set and manage student (or prospective student) expectations appropriately.  Despite glorified portrayals of cybersecurity in the media, one can’t simply “wave a magic wand” and become a “cyber warrior” exclusively by a single college degree or certification exam … it’s a combination of fundamental and applied technical knowledge, social acumen, and the ability to understand the ‘big picture’ while exercising common sense that makes for an effective cybersecurity professional.  Cybersecurity in 2013 is far more than just working with the bits and bytes….and by contrast, you can work in some areas of cybersecurity and not necessarily need a deep technical background to be successful or make a difference.

3. Are there any trends in cybersecurity or privacy that you are excited about or think are the future?

RF: I think the ongoing revelations from Edward Snowden are giving people and organisations around the world a useful opportunity to reassess how much they share online and/or what third-party services they use to store information and communicate, which naturally includes both privacy and cybersecurity considerations.  That public discussion, in my view, is long overdue — normally folks rush to embrace new technologies first and then figure out if or how they’re dangerous, and usually only after something bad has happened. So in terms of privacy I am quietly optimistic that the pendulum may begin shifting towards people doing ‘less sharing’  – or, perhaps more accurately, leaving ‘less footprints’ around the Internet.  At least they might start doing homework and determining what level of exposure (and to whom) they’re willing to live with and under what circumstances.

The last time I saw such heated public discussion about government intrusion into online privacy was back in the 1990s — first when the US government tried (and failed) to criminalise the distribution of PGP encryption software and then when the Communications Assistance for Law Enforcement Act (CALEA) was enacted by Congress to provide US law enforcement wiretapping capabilities on Internet devices — which was a faint foreshadowing of things-to-come under the ‘Patriot’ Act of 2001 and subsequent legislative proposals.

However, I’m encouraged to see security and privacy capabilities being brought to market and/or incorporated into software and devices.  To many users, security and privacy technologies are hard to understand and implement — so I am pleased that more user-friendly products and services are making it easier for people to understand and manage their privacy and security exposure if they choose to do so.  But by contrast, I worry about our obsession with creating the ‘Internet of Things’ — do we really need to have our home appliances, air conditioners, baby monitors, and automobiles constantly connected to the Internet? While convenient and perhaps fun or useful at times, what risks do they present to our security and privacy?

4. Tell us about how you came to your current role at UMBC, and what this graduate program is about?

RF: At UMBC I wear many hats. My primary role is directing our graduate programs in cybersecurity, which now is entering its third successful year of educating cybersecurity professionals to assume more senior leadership positions in the technology and cybersecurity industry.  I’m also the assistant director of our Center for Cybersecurity, which serves as the University’s central coordination and outreach entity on cybersecurity education, research, and related activities to allow us to better interact with our many partners, prospective collaborators, and the public.  And, through UMBC, I am co-founder of the annual Maryland Cyber Challenge — our state’s official cyber-competition.

As to how I got here?  My cybersecurity career began in the early 1990s before the Dot Com Boom. Over that next 20 years I worked for a variety of government, military, and private organisations and thus not only was an ‘eyewitness to history’ in terms of cybersecurity and the Internet Revolution, but worked for some of the entities that helped shape it.  Along the way, I remained interested in Internet policy, cyberculture, and how Internet technology influences modern society — which, obviously includes many cybersecurity and privacy issues.

After a while, my interests turned toward “giving back” to the professional community and sharing my lessons learned with the next generation of cybersecurity practitioners to help them improve the future and perhaps learn from our collective past.  And thus I landed at UMBC in 2010 — certainly the right place at the right time to be working on this very timely global topic!

5. How long have you been a SpiderOak user?

RF: I learned about SpiderOak in early 2012 from a fellow academic down in Australia and signed up for the free personal account out of curiosity.  Now, with the SpiderOak Hive capability, I expect to increase my account size and replace another popular realtime sync service I’ve used for years with one that places great emphasis on addressing modern privacy concerns for its users in a meaningful way.

We’re grateful to Dr. Forno for sharing his time and expertise with us.

Be sure to check out SpiderOak University so you can participate and earn extra GBs for your account.

AMA: Interview with International Privacy Consultant JJ Luna

After our popular interview with cryptographer and computer security expert Jon Callas earlier this summer, we wanted to talk to more experts who were publicly passionate about privacy.

Meet JJ Luna – an international privacy consultant and author of the best-selling book How to Be Invisible. He’s spent more than five decades living off the grid, and helps his clients on topics such as home security, senior self defense, making money and living a truly private life. If you’re interested, you can read specific examples of his consulting work and the kinds of people he has helped here.

We were honored to have JJ Luna (aka Jack) answer a few questions about why he had to live a double life and protect his identity and his family’s safety, his views on U.S. current events regarding privacy and security, and his advice for average citizens.

How did you come to care so much about privacy? What put you on this path? Have you always valued privacy, or was there an incident that led you to be become so knowledgable and immersed in privacy?

JJL: Under the direction of an international Bible and Tract Society, I volunteered to move overseas. In 1959, therefore I moved to Spain’s Canary Islands with my wife and small children via a Norwegian freighter. At this time Spain was ruled by the dictator Francisco Franco and Catholicism was the state religion. All others were illegal. For that reason I had to live a double life. Openly, I was a commercial photographer. Secretly, under another name, I helped hold illegal meetings in private homes and VERY illegal assemblies deep in  pine forests. Eleven years later, Franco was pressured into allowing other religions in Spain, so I was then free to come in from the cold. However, I had gotten to enjoy hiding information so I continued, to a large extent, to stay private.

What are some simple precautions you would encourage the average US citizen to take (and why), for those who might not know a lot about privacy and why it is important?

JJL: It is not “simple.” I wrote an entire book on that subject, How to be Invisible.  The theme is basically to hide your home address. That way, if for any reason someone decides to go after you (this happens all the time!), they will have a hard time finding you. The benefit? You sleep well at night!

But essentially:

  1. Stop using credit cards. Pay cash.
  2. Never borrow money. Rent if you cannot buy.
  3. Never use a driver’s license for ID–use only a passport.
  4. If you are wealthy, hide that fact!*

For many of us, privacy in important because of what we own, where we live, and what we do – this is no one else’s business. Further, anyone can sue anyone in the [Canary Islands]. The ones chosen to be sued have “deep pockets.” Why advertise that fact?

*For more on hiding your wealth, you can buy JJ’s ebook, Invisible Money, Hidden Assets, Secret Accounts. Special SpiderOakian offer – get 75% off the Premium ebook with code: Jack15. You will receive $15 off, for a net of $4.99. This code will only work for 15 days after this post is published. If you have any trouble, please email JJ Luna directly at jack[at]jjluna[dot]com. (Unfortunately the Kindle price cannot be discounted.)

As an expert in this area, how have you seen the public conversation and awareness around privacy change over the past few decades? How has it also physically changed for you, with technology, etc.

JJL: Since 9/11, there is an increasing desire for privacy but it is harder and harder to accomplish. I find it increasingly difficult to keep information about me out of the internet.

Would you weigh in on the current Snowden/NSA/Prism situation and the ‘state of the nation’ in general, where it pertains to online and offline privacy?

JJL: Snowden? Mixed emotions. The government does need to know what the enemy is doing. I doubt that WWII could have been won without the allies reading both German and Japanese communications. However, I do not trust this present administration in any way, shape or form. In many ways, life under Franco was better than this!

What is something that surprises you, or that you continue to learn, in your line of work and its role in our world?

JJL: I am increasingly surprised that nothing can remain secret from the United States government. The government keeps secrets but the citizens are not allowed to do so?

A huge thanks to Jack for sharing his time and expertise with us. Stay up to date by following his blog and tweets. And you can learn How to Be Invisible (which has been read and enjoyed by many people within SpiderOak) too.