Cyber security : The Five Laws of Cybersecurity by Nick Espinosa

 Cyber security : The Five Laws of Cybersecurity by Nick Espinosa


Image of Nick Espinosa
Image of Nick Espinosa | Image Source : LinkedIn


I'd like you to consider for a moment

that there are about 6,900 languages spoken on our planet daily,

and these thousands of languages serve thousands of cultures,

from the smallest community to the largest continent.

Now, even with this vast diversity among our global population,

we have some alternative languages and methods for communication

that are understood by everybody.

For example, the world has mathematics.

If I have one apple and somebody gives me another apple, I have two apples.

This is understood worldwide without fail.

Now, as of today, the largest culture by far is that of the Internet user.

With 7.6 billion humans on Earth, around 3.6 billion of us are online

and communicating with each other and institutions daily.

Thus, another common language we all share but most don't realize

is the networking protocols that the Internet runs on

and the social media platforms that tie us together -

and emojis; we can't forget the emojis.


But what our internet culture tends to lack is a common understanding,

to foster true, true understanding about cybersecurity and threats online.

Outside of hardcore cybersecurity and IT people like myself,

most people don't understand the language that is nerd.

And so, it is my job to be the best nerd-to-English translator I can be

in order to help the world stay safe online.

So without further ado, here are my five laws of cybersecurity

that are designed to do just that.


Law number 1:

If there is a vulnerability, it will be exploited.

No exceptions.

Consider for a moment

that when the first bank was conceived of and built,

there was at least one person out there who thought, "I want to rob that."

In the more modern era,

since the first computer bug was discovered,

hackers good and bad have been looking for ways

to get around the laws and framework that govern a computer system,

a program, or even our society in general.

Now, think about this for a second.

There are those out there who will literally try and hack

absolutely everything within their capability.

Now, this could be the more basic exploit,

like the person who figured out how to cover their car's license plate

to go through an automatic tollbooth for free,

or this could be a more obscure,

such as infecting a complex computer network

to derail an entire illegal nuclear weapons program,

which actually happened in the mid-2000s.

Finding ways around everything for both good and bad purposes

is so ubiquitous today, we even have a term for it: life hacking.

And with this, we'll move on to the second law:

Everything is vulnerable in some way.

We cannot assume that anything is safe,

nor is anything off the table for hacking anymore.

We've seen a series of massive breaches by corporations

that literally spend millions annually on cyber defense strategies.

From enormous retailers to gigantic health insurance providers,

these corporations hold millions of records

on virtually everyone in the United States

and fall under multiple government-compliance laws

for data security -

yet here we are.

And we can go straight out of left field

or even more obscure for examples of this law.

So, for decades

we've just assumed our computer processors are safe and harmless,

just doing the job that they were meant to do.

In the beginning of 2018, it was discovered

that these technological workhorses are carrying a serious mass of vulnerability

that would allow a malicious hacker to wreak havoc on all of us.

From minor to major,


 law number 2 


is really inescapable.

Before we go on to 

law number 3 I'd like everybody in the audience,

to look under your seat for something that my team put there.

If you can.

All right.

Did anybody find anything?

No? All right. You guys can stop now. You guys can stop now.

(Laughter)

I want to go on to law number 3:

Humans trust even when they shouldn't.

(Laughter)

And I'm sorry to make you all part of this talk,

but it really helps to underscore my point here:

trust, quite frankly, sucks.

Now, we need trust in our lives.

We can't have a society without it.

And we have positive expectations of our technology

and those people that help us with it.

We expect the light switch is going to flip on the light when we turn it on.

We expect the mechanic we pay to fix our car

to actually fix it and not rip us off.

But we have to question

the technological infrastructure and online people around us.

This is our greatest vulnerability in cybersecurity.

Now, because of trust, people fall for phishing scams.

They believe the $20 anti-virus they bought for their computer

will turn it into Fort Knox; it will not.

They also believe that the form they're filling out online is legitimate;

it sometimes isn't.

And it sounds weird to say that we have to combat trust,

but we have to if we're going to survive the nonstop hacking that takes place.

And with this, we can move on to law number 4:

With innovation comes opportunity for exploitation.

The world is full of brilliant people:

Alexander Graham Bell invented the telephone

that made the world a whole lot smaller.

Bill Gates created a global computer operating system

that got humanity on the same technological page.

Mark Zuckerberg created a social media platform

used by billions daily to share our lives.

However, with these evolutions in innovation and our technology

come certain exploits.

Now we live in the age of IoT, or Internet of Things,

and by virtue of this, our lives have hopefully been made a little easier.

New, unique, innovative products are constantly being made

to help us live in our homes or drive our cars

or even improve our health.

However, one of the biggest examples of innovation exploitation

is IoT hacking.

In 2016, a virus known as Mirai infected millions of IoT devices worldwide

and then weaponized them against targets,

creating some of the largest bandwidth attacks the Internet has ever seen.

As the world continues to develop and create amazing new technologies,

we cannot forget the lesson of law number 4.

And finally, law number 5:

When in doubt, see law number 1:

If there is a vulnerability, it will be exploited.

No exceptions.

Now, this one isn't a cop out; it's really not.

Every single issue with cybersecurity and our technology

stems from a vulnerability of some kind.

If we ever forget this, we are doing nothing but asking for trouble.

Our ability to properly defend ourselves

comes from understanding that human nature itself makes these laws immutable.

And when we start thinking like a hacker is when we can actually stop them.

So here's to our new, common language

that hopefully helps us and the world stay safe online.

Thank you.



Who is Nick Espinosa


Chief Security Fanatic | CIO | Speaker | Columnist | Author | Radio Host | Board Member | Forbes Tech Council
For over 25 years, Nick has been on a first name basis with computers. Since the age of 9 he’s been building computers and programming in multiple languages. Landing his first IT job at age 15, Nick founded Windy City Networks, Inc at 19 which was acquired in 2013 by BSSi2. In 2015 Nick created Security Fanatics, a Cybersecurity/Cyberwarfare outfit dedicated to designing custom Cyberdefense strategies for medium to enterprise corporations.

An expert in cybersecurity and network infrastructure, Nick has consulted with clients ranging from the small business owners up to Fortune 100 level companies. Nick has designed, built, and implemented multinational networks, encryption systems, and multi-tiered infrastructures as well as small business environments. He is passionate about emerging technology and enjoys creating, breaking, and fixing test environments.

As a member of the Board of Advisors for Roosevelt University's College of Arts and Sciences as well as their Center for Cyber and Information Security, is the Official Spokesperson for the COVID-19 Cyber Threat Coalition and a board member of Bits N’ Bytes Cybersecurity Education, Nick helped to create an NSA certified curriculum that will help the Cybersecurity/Cyberwarfare community to keep defending our government, people and corporations from Cyber threats globally. In 2017 Nick was accepted into the Forbes Technology Council, an invitation-only community for world-class CIOs, CTOs and technology executives, and is a regular contributor of articles which are published on forbes.com as well as smerconish.com.

Award winning co-author of the bestselling cybersecurity book "Easy Prey," TEDx Speaker and host of The Deep Dive nationally syndicated radio show on various stations, Nick is known as an industry thought leader and sought after for his advice on the future of technology and how it will impact every day businesses and consumers. Nick is an accomplished speaker and regularly speaks to audiences about Cybersecurity, technology and business management.

An expert in cybersecurity and network infrastructure, Nick Espinosa has consulted with clients ranging from small businesses up to the Fortune 100 level. Nick founded Windy City Networks, Inc in 1998 at age 19 and was acquired by BSSi2 LLC in 2013 where he is their CIO. In 2015 Security Fanatics, a Cybersecurity/Cyberwarfare outfit dedicated to designing custom Cyberdefense strategies for medium to enterprise corporations, was launched. A nationally recognized speaker, member of the Forbes Technology Council, regular columnist for Forbes, on the Board of Advisors for both Roosevelt University’s Center for Cyber and Information Security and Bits N’ Bytes Cybersecurity Education, award winning co-author of a bestselling book “Easy Prey”, and host of “The Deep Dive” radio show on 101.3FM WHIW, Nick is known as an industry thought leader and sought after for his advice on the future of technology and how it will impact every day businesses and consumers. An expert in cybersecurity and network infrastructure, Nick Espinosa has consulted with clients ranging from small businesses up to the Fortune 100 level. Nick founded Windy City Networks, Inc in 1998 at age 19 and was acquired by BSSi2 LLC in 2013 where he is their CIO. In 2015 Security Fanatics, a Cybersecurity/Cyberwarfare outfit dedicated to designing custom Cyberdefense strategies for medium to enterprise corporations, was launched. A nationally recognized speaker, member of the Forbes Technology Council, regular columnist for Forbes, on the Board of Advisors for both Roosevelt University’s Center for Cyber and Information Security and Bits N’ Bytes Cybersecurity Education, award winning co-author of a bestselling book “Easy Prey”, and host of “The Deep Dive” radio show on 101.3FM WHIW, Nick is known as an industry thought leader and sought after for his advice on the future of technology and how it will impact every day businesses and consumers

Post a Comment

Previous Post Next Post