Page 61 - Cyber Defense eMagazine - October 2017
P. 61
In addition, the person looks at new ways to attack/breach/compromise the target. Any
minor issues that seemingly would be a non-starter are tracked down and researched.
This may be from new hardware, software, techniques, protocols, encryption, and other
security facets which are presented.
These new facets should be taken into account with the HR Department as they search
for new persons to complete the InfoSec teams. The questions from their boilerplate
questionnaires may include additional questions touching on these areas, so that they
may gauge on some level the candidate’s underlying focus and psyche.
Other New Facets to Take into Account
The InfoSec person may not have the fully documented, overly specific timeline on their
LinkedIn profile. The information may be a close to the reality of the situation. The
picture posted may not generally present the candidate in professional attire. With
InfoSec, there are severely limited instances where a tie is required. This is due to the
environment itself, and the InfoSec integral contact with the C-level being limited. There
may also be a funny or IT-centric picture posted instead of their own picture. This could
be of HAL, a mathematician, the person’s pet, a formula, or other picture. This could be
something as mundane as them sitting at a desk.
The candidate may also have an interesting job title from their current position or if they
have owned their own business. Their duties may be of a Director or Chief Info
Architect, while their LinkedIn title for their current or past position may be Chief
Disruption Officer or another unique name. These are harmless. The intent with these is
not to deceive, but to show a bit of humor and levity.
While these are noteworthy, there is a pertinence with these also. This shows the
person is creative. The mainstream candidate may have been trained to primarily think
within a set of parameters, or within a box. The worthy InfoSec person on the other
hand will be thinking well outside of any parameters with the intent to find a way secure
the potential vulnerabilities.
With regard to the picture, although this may be funny or ironic, there may also be a
secondary focus. The person may not want their picture online. There are certain
instances where a caricature is more prudent to be presented. With certain apps, facial
recognition is enabled. There has been research done which indicates a simple 2D
picture, with certain apps and security features, is enough to gain access. While MFA is
a good thing, this shows it may be bypassed. There are other uses for this, including
false social media accounts and websites that could be used for nefarious activities with
this information. There are much worse things than having a picture of a squirrel or an
icon as a LinkedIn photo. This is not a fraudulent or otherwise intentional act that was
meant to mislead anyone who would or would not depend on this information. There
would also not be an intent to be disrespectful or mislead other parties viewing the
profile. If the picture would be of a clown, the intent would not be for the person to try
and make everyone viewing the profile they were actually a clown.
61 Cyber Defense eMagazine – October 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide.
