The Infosec Cold Call
I get asked occasionally about ways to improve corporate information security or what kinds of things get easily missed, and while I’m no expert, and there are an endless number of little things you can miss these days, there’s one way I rarely hear mentioned and I like to remind technical leadership about:
Don’t talk to security sales cold calls!
Studio71, where I’m the CTO, isn’t some huge enterprise company or constantly in the news garnering press and attention, and yet I still get at least a couple of these kinds of calls every week.
ring
Me: “This is Mike Flynn”
Them: “Hi, this is ____ from WhateverSec. I just have a few questions for you.”
Me:
“Ok, but I really need to go.” (No I don’t.) Them: “Sure, I’d just like to tell you about our new AI-powered blah blah crypto currency security solution. Let me ask you, what are you doing now for your corporate security?”
Me: “Ah, we’re happy with our current solution.”
Them: “What is your current solution? What kind of firewall are you currently running in your office? Are you using any monitoring devices on the network?”
Me: “I’m not going to detail our security infrastructure over the phone to someone I don’t know.”
Them: …
Them: “Ok, right. That makes sense.”
Me: “Thanks for calling, but I have to go.” (No I don’t)
click
How many people do you think happily gave up the brand of firewall…maybe the software version…maybe the network appliances they have at their office? A lot, I bet…but please don’t. What this person trying to research a hack? Honestly, probably not, but it only takes one, and even if they are legit they don’t need to know anything anyway. Oh, did they say they were from Rapid7 or another established company? No they weren’t because they usually don’t ask those kinds of questions, but even if they did, it doesn’t matter.
Feel free to buy whatever it is they have to sell, but whatever it is they don’t need to know your security infrastructure to sell it!
Related Posts
A Decade of Clojure at Studio71
What is Clojure and why did it fit for Studio71? Clojure is a programming language (a dialect of Lisp) that excels at concurrency and data processing. Clojure runs on top of Java so it’s runs in all of the places Java runs and can use all of the Java libraries already out there (hello, Google and AWS libraries!
Read moreThe macOS Privacy Settings Deleted My Backups
The other day I logged in to my NAS to find that all of my backed up media files were gone. No errors, the drives were fine, the directory was there, but the files were gone. Thankfully it wasn’t a freak out moment as I had my originals and my other backups, but it was a mystery.
Read moreBuilding a Mastodon Client in to my Cyberpunk SSH App
Let me quickly get you up to speed: I wanted to build a website for my hacker projects, but instead of a website I ended up building an SSH app (because I’m weird). Basically, instead of visiting it in your web browser you have to open your terminal, run an SSH command, and then you use text commands to play with the application, read about my projects, etc.
Read more