What are the most important characteristics of a great info sec professional in 2016?


This week we interviewed David Michaux, Whispering Bell Director of Technical and Security Services and asked him to share with us what he sees as the important characteristics of a great info sec professional to handle the new trends of cyber crime, as we head into 2016.

David Michaux: I remember when I started in this business in the late 90s, I was asked to interview a Russian candidate for a job, one of the first questions I asked her was “If you had an important Unix server, how would you make sure it’s secure?” I was expecting a detailed answer around hardening of the operating system, firewalls, IDS etc. he answer was simple “I would switch it off, dig a big hole and bury it in concrete, even then I wouldn’t tell you it’s secure!”. I hired her and haven’t regretted it since. So when asked “what is the most important characteristic of a great infosec professional in 2016?”, for me it’s the same as it’s always been; extreme paranoia and a great mistrust of vendors who promise the earth.

Read more: What are the most important characteristics of a great info sec professional in 2016?

10 quick tips to help you identify a phishing email

phishing1. Look out for suspicious content. Is the email asking you to reply back with confidential information, such as your password or confirm your bank account number? Is the email asking you to take quick action, such as reply urgently? Companies do not contact their clients asking them to take urgent and immediate action via an email.

2. Is the email asking you to click on a link? If so, hover over the link (without clicking the link) the URL of the link will be displayed. Check if the link URL is directing you to the website of the company that the email is claiming to be from, or directing you to a different site. For example, is the URL "http://www.mybank.com/xxxxxx" or is it guiding you to "http://www.capturethisusersinfo.com/xxxxx".

3. Does the email include a password protected archive or PDF? Attackers usually password protect the malicious software they send, to prevent antivirus software from detecting the malware.

Read more: 10 quick tips to help you identify a phishing email


How Secure is your password? 8 Tips on Creating Your Next Secure Password


  •  Avoid biographical information: Avoid using things relating to you, such as date of birth, mobile number, or children’s name. If you are the target of a Hacker, a high level hacker usually does his research about you before they try to attack your system, and they don’t just simply try random passwords. They probably already know many facts about you through information they gathered from your social media profile. With just a bit of research a hacker can quickly know your date of birth, full name, names of relatives and siblings etc.
  •  Avoid obvious, easy to guess passwords: "1234" or "abcd" is an example and still used by many. You don't want to forget your password so it is tempting to use simple short sequences, but it will be equally simple to infiltrate your account.
  •  Avoid using single correctly spelled words: Often hackers use software that tries every single word in the dictionary.
  •  The longer the better: longer passwords are always harder to crack, even when a hacker uses software to do so. The number of possible combinations will mean it will take more processing power and longer time to crack. It is advisable to use 10 characters or more.
  • Read more: How Secure is your password? 8 tips on creating your next secure password