ARYZE speaks with Data-Driven Defense Evangelist Roger Grimes about focusing on the right security risks and some of the security potentials of blockchain technology
Roger Grimes is a self-proclaimed Data-Driven Defense Evangelist. One often sees the term evangelist in tech circles, and don’t get it confused with religion. A technology evangelist is someone who strongly believes in and promotes a specific type of technology to the point that they might attract followers and in turn catalyze that technology into becoming accepted as a standard within the industry. This means that Roger is a strong supporter and promoter of data-driven defense. What Roger means by that:
I help people put the right defenses in the right amounts in the right places against the right risks…using their own data and experiences. It’s a fancy way of saying I help companies focus on the right risks. Most companies don’t. It’s almost so rare that I wrote a book about it.
Roger hasn’t only written one book about it but has recently released his twelfth book related to his work. In his work, Roger emphasizes the large threat of social engineering, which is the manipulation of users into giving up their confidential information, and offers the insight that companies often focus on the wrong risks:
Just two attack types, social engineering and unpatched software, account for 90% to 99% of the risk in most environments. And every minute you’re spending discussing something else, buying something else, debating something else, is wasted effort. Fix those two issues first and best before you do anything else…. One of the biggest problems is we are told to fear the wrong things.
For example, according to Roger, the world is telling you that you have to be worried about wireless RFID credit card attacks, where a hacker can walk by you and steal your credit card information wirelessly. There’s even is “a billion-dollar industry trying to sell ‘shielding’ products to help you prevent it. Only problem is there hasn’t been a single real-world case with a real-world criminal where a credit card shielding product would have stopped the crime. It’s a crime without a criminal”. Roger focuses intensely on making sure that he helps companies focus on the right risks:
My talent is in explaining what is really super obvious…telling people that they should concentrate on their biggest, most likely threats first, before anything else. It’s a pretty simple statement that everyone already knows, but it gets lost in everything they are told they have to do.
Roger describes himself as having real-world and contrarian views and offered some of those views while discussing with ARYZE the security potential of blockchain technology. Having worked extensively in the security field for so long, Roger is privier to seeing the potential for hacking:
All software has exploitable bugs. All computers are hackable. All users can be socially engineered. Everything is hackable. Anyone saying something is unhackable is either lying to you or trying to sell you something. With that said, blockchains are among the most secure mechanisms man ever invented…as long as they are using good, solid, tested, crypto.
Although not an active supporter of blockchain technology, Roger does see some potential regarding the security of blockchain:
The biggest problem in computer security has always been users doing risky things without realizing it. 70% to 90% of all malicious breaches are due to social engineering. Blockchain isn’t changing that part of the equation much. But you can’t help but be excited that at least the blockchain part of it is pretty secure. We don’t get to say that in the computer security world much. So it’s nice to have a win once and awhile.
When Roger isn’t working with security, he enjoys fishing, boating, and scuba-diving. He also has a very positive outlook on his life in Key Largo, Florida:
I have a wonderful wife who is truly my best friend and everyone I know and love is healthy and happy. How could life be any better?
ARYZE is very much an active supporter of blockchain technology and advocates for the security that blockchain has the potential to provide.
To hear more about Roger Grimes’ real-world and contrarian views, visit his twitter page https://twitter.com/rogeragrimes and check out Roger Grimes’ book A Data-Driven Computer Defense.
For more insights into technology evangelists and the security of blockchain technology, please visit ARYZE’s blog.