Conversations about life & privacy in the digital age

SpiderOak University & Interview with a Cybersecurity Expert

This week we opened the doors to SpiderOak University. Anyone can participate and earn extra GBs.

We were honored to talk to Richard F. Forno, Ph.D., who has more than 20 years of experience in the cybersecurity field. Dr. Forno helped build the first formal cybersecurity program for the U.S. House of Representatives as the first Chief Security Officer for at Network Solutions (operator of the InterNIC), and is considered one of the early thought leaders on the subject of “information warfare.” Today, he is the Assistant Director of the UMBC Center for Cybersecurity, an honors college in Maryland, as well as the director of its cybersecurity graduate program. Dr. Forno is also a SpiderOak fan.

1. How have you seen cybersecurity evolve since you’ve been in the field, and how would you describe where it is right now?

RF: Cybersecurity these days means much more than just people at computers guarding data and network resources. Yes, that’s where it started off decades ago when it was known as ‘computer security’ and existed as a small function of the IT department and treated as an administrative overhead budget item — but with technology, data, and networking permeating nearly every aspect of society, it’s taken on a much broader meaning and become a critical corporate function. Now, ‘cybersecurity’ can refer to nearly anything related to ensuring the security, availability, integrity, and resilience of the many systems and sources of data that form the foundation of modern existence — from protecting company (or national) secrets to personal health care and financial records, from the systems controlling water and power distribution in our cities to the widgets in our televisions, toasters, and electronic devices they all require some degree of security, assurance, and resilience since our lives and much of society depends on them.  That said, I still believe cybersecurity — and by extension, privacy — is a state of mind and very much dependent on the context of any given situation to be effective.

2. Are you seeing more students that care about privacy and cybersecurity, or is it harder to attract people to your program?

RF: The former, absolutely. There remains a sizable global interest in cybersecurity education, from high schools and community colleges all the way through 4-year and postgraduate study. Recurring news reports of data breaches, website defacements, and denial of service attacks certainly help generate interest in the subject both personally and professionally.

That said, given the strong interest in cybersecurity, it’s important to set and manage student (or prospective student) expectations appropriately.  Despite glorified portrayals of cybersecurity in the media, one can’t simply “wave a magic wand” and become a “cyber warrior” exclusively by a single college degree or certification exam … it’s a combination of fundamental and applied technical knowledge, social acumen, and the ability to understand the ‘big picture’ while exercising common sense that makes for an effective cybersecurity professional.  Cybersecurity in 2013 is far more than just working with the bits and bytes….and by contrast, you can work in some areas of cybersecurity and not necessarily need a deep technical background to be successful or make a difference.

3. Are there any trends in cybersecurity or privacy that you are excited about or think are the future?

RF: I think the ongoing revelations from Edward Snowden are giving people and organisations around the world a useful opportunity to reassess how much they share online and/or what third-party services they use to store information and communicate, which naturally includes both privacy and cybersecurity considerations.  That public discussion, in my view, is long overdue — normally folks rush to embrace new technologies first and then figure out if or how they’re dangerous, and usually only after something bad has happened. So in terms of privacy I am quietly optimistic that the pendulum may begin shifting towards people doing ‘less sharing’  – or, perhaps more accurately, leaving ‘less footprints’ around the Internet.  At least they might start doing homework and determining what level of exposure (and to whom) they’re willing to live with and under what circumstances.

The last time I saw such heated public discussion about government intrusion into online privacy was back in the 1990s — first when the US government tried (and failed) to criminalise the distribution of PGP encryption software and then when the Communications Assistance for Law Enforcement Act (CALEA) was enacted by Congress to provide US law enforcement wiretapping capabilities on Internet devices — which was a faint foreshadowing of things-to-come under the ‘Patriot’ Act of 2001 and subsequent legislative proposals.

However, I’m encouraged to see security and privacy capabilities being brought to market and/or incorporated into software and devices.  To many users, security and privacy technologies are hard to understand and implement — so I am pleased that more user-friendly products and services are making it easier for people to understand and manage their privacy and security exposure if they choose to do so.  But by contrast, I worry about our obsession with creating the ‘Internet of Things’ — do we really need to have our home appliances, air conditioners, baby monitors, and automobiles constantly connected to the Internet? While convenient and perhaps fun or useful at times, what risks do they present to our security and privacy?

4. Tell us about how you came to your current role at UMBC, and what this graduate program is about?

RF: At UMBC I wear many hats. My primary role is directing our graduate programs in cybersecurity, which now is entering its third successful year of educating cybersecurity professionals to assume more senior leadership positions in the technology and cybersecurity industry.  I’m also the assistant director of our Center for Cybersecurity, which serves as the University’s central coordination and outreach entity on cybersecurity education, research, and related activities to allow us to better interact with our many partners, prospective collaborators, and the public.  And, through UMBC, I am co-founder of the annual Maryland Cyber Challenge — our state’s official cyber-competition.

As to how I got here?  My cybersecurity career began in the early 1990s before the Dot Com Boom. Over that next 20 years I worked for a variety of government, military, and private organisations and thus not only was an ‘eyewitness to history’ in terms of cybersecurity and the Internet Revolution, but worked for some of the entities that helped shape it.  Along the way, I remained interested in Internet policy, cyberculture, and how Internet technology influences modern society — which, obviously includes many cybersecurity and privacy issues.

After a while, my interests turned toward “giving back” to the professional community and sharing my lessons learned with the next generation of cybersecurity practitioners to help them improve the future and perhaps learn from our collective past.  And thus I landed at UMBC in 2010 — certainly the right place at the right time to be working on this very timely global topic!

5. How long have you been a SpiderOak user?

RF: I learned about SpiderOak in early 2012 from a fellow academic down in Australia and signed up for the free personal account out of curiosity.  Now, with the SpiderOak Hive capability, I expect to increase my account size and replace another popular realtime sync service I’ve used for years with one that places great emphasis on addressing modern privacy concerns for its users in a meaningful way.

We’re grateful to Dr. Forno for sharing his time and expertise with us.

Be sure to check out SpiderOak University so you can participate and earn extra GBs for your account.

What people are saying about SpiderOak (Pt. 3)

Over the past few days, we’ve been highlighting what our users are saying about us. In case you missed it, you can view our posts from Friday and yesterday.

We appreciate SpiderOak users, and one of our favorite things is getting to know you. Our loyal customers and fellow privacy fanatics have continually helped us create a better product and develop and grow as a company.

Cody, the pharmacy student:

Konrad, the computer geek:

“I came across SpiderOak a few days ago and gave it a bit of testing. I absolutely love the pricing plans, especially with the student discount. As a fellow computer geek, I also really appreciate all the security features. You are doing an awesome job as far as doing things properly is concerned.”

Alexej, the savvy solution-seeker:

“Back before I discovered SpiderOak, I was feeling the need to set up some kind of backup and sync between my work and home computer. I never, ever would store any data that is personal on someone else’s server unencrypted though. What was I to do?! I searched and tried and eventually came up with an encfs-Volume in a Dropbox folder. Believe me, it was a day’s work for me to figure out how to get this running on OS X including installing the Linux files, making a bash-script that would mount the volume automatically so it would always be ready to use, etc. But finally, this allowed me to store and sync files remotely while ensuring they were encrypted on my side on the fly. That was the first – at least functional – solution I used; I had tried a few other ways before but they all fell short in terms of usability. Then, I found SpiderOak – and you guys! You can imagine how moved I was to see that somebody was doing just what I had looked for for all the right reasons and in just the right way! Great company, great people, good reads on the website, and all in all such a feeling of relief, both safe and secure.

The best test was a recent hiccup while backing up: transfers just froze at some point and nothing seemed to be working anymore. But thanks to the way SpiderOak is coded and stored, nothing got lost, the re-installation of my primary device’s backups and syncs were a breeze, and Laura (Customer Relations) was a pleasure to talk to and get assisted by.”

Don’t be shy – what about you? What has been your SpiderOak experience? Leave a comment below.

(Psssst…tomorrow we will kick off our limited special offer of 25GB for $30. We’ve had a lot of requests for a 25GB offering, but this will be our first. Be sure you don’t miss out – it will only be available for 3 days!)

Intro – How SpiderOak Was Built

Welcome to SpiderOak University. If you’re a student, new user, or a lover of continuous learning, this month we’re focused on you.

We’ll be posting a couple video shorts each week where SpiderOak CEO Ethan Oberman uses a whiteboard to explain some of our basic product functionalities. School yourself and keep an eye out for an occasional quiz so you can receive extra GBs.

Ethan explains how SpiderOak began in 2006 in an attempt to solve two distinct problems.

Do you have a .edu email address? Don’t forget – you can enjoy 50% off your private backup/sync/share account:

Sign up today.

How we got here

Welcome to SpiderOak University. If you’re a student, new user, or a lover of continuous learning, this month we’re focused on you.

We’ll be posting a couple video shorts each week where SpiderOak CEO Ethan Oberman uses a whiteboard to explain some of our basic product functionalities. School yourself and keep an eye out for an occasional quiz so you can win extra GBs.


Ethan explains how the backup industry as a whole got to understanding and using cloud technology, and how the movement from the firewall to personal devices is causing companies to look at different solutions.

Do you have a .edu email address? Enjoy 50% off your private backup/sync/share account:

Sign up today.