I recently returned from Austin, Texas, where I attended my first tech conference — SpiceWorld, the “most happenin’ tech conference around!” I admit, it was a lot of fun; three jam-packed days rubbing shoulders with thousands of IT pros, dozens of sponsoring vendors, hundreds of tech marketers and all the networking one could handle. There were a plethora of learning opportunities for energetic and eager IT professionals looking to hone their skills and insights with break-out classes on more IT topics than I knew existed.
One hot topic of discussion among attendees was the Internet of Things (IoT), the emerging technology making a huge difference for small and medium-sized businesses. As connectivity is built into every device imaginable, and even some that are unimaginable, the skills to utilize IoT are an absolute necessity.
With all the recent data breaches in the news, security seemed at the front of everyone’s mind. I heard over and over the refrain,“It’s not if you’re going to get hacked: It’s when.” Hearing security experts enumerate the risks tended to make me uneasy — particularly when I realized just how many wireless devices my family and I own.
The highlight of SpiceWorld was Kevin Mitnick’s keynote on cybersecurity. Mitnick is arguably the world’s most famous Black Hat hacker. Fortunately, he has paid his debt to society: five years in prison, including eight months of solitary confinement because the prosecutor convinced a judge that Mitnick could start a nuclear war by dialing into NORAD and whistling into the phone. Fortunately, he is rehabilitated and in high demand by corporations looking to secure their systems from the bad guys.
(Although anyone who turns their enterprise security over to Mitnick should at least consider also turning to the dictionary to look up the definition of "long con." Do you really want a convicted criminal also known as "The Condor" and "The Darkside Hacker" in charge of protecting your assets from the, um, other bad guys? Especially when that guy once said, "My actions constituted pure hacking that resulted in relatively trivial expenses for the companies involved, despite the government's false claims." Does that sound like a guy who believes he was fairly imprisoned and holds no grudges against anyone?)
His demonstrations were simultaneously amazing and scary. The gist was that people must think about their everyday IT activities, and that relying on security technology alone won’t protect an organization from a determined hacker. As he shared pen-testing horror stories from his consulting business, you could see how easy social engineering is and that end-users are definitely the weak link in any security system.
SpiceWorld 2017 was a real eye-opener. I’m more convinced than ever that getting a security certification isn’t just a good idea, it’s a priority. And when I think back on Mitnick’s demonstration of how to hack an Integrated Voice Response system, well, it’s enough to make a guy think twice before answering his phone.
About the Author — Kent Lutz is an IT Pro Account Manager with TestOut Corporation. He enjoys the outdoors, including biking, hiking and rock climbing. He is happily married, with five fun children. He is an aficionado of no-holds-barred cage fighting and really really likes Harry Potter. Kent recently combined his love of all things Potter with his budding interest in cybercrime when he designed a highly efficient computer worm nicknamed Protego for bank hacks. You can find more of Kent's hacks at his Room of Requirement site on the dark web, where he is known primarily as Lord Voldemort.