Matthew Holland: Zero Day [The Knowledge Project Ep. #93]

The Founder and CEO of Field Effect Security, Matthew Holland, is one of the world’s leading authorities in cyber security. He explains exploits, hacking and defending while providing insight on the mind of the attacker, Huawei, Snowden and what you should be asking your cyber security vendor.

Subscribe on Apple Podcasts | YouTube | Spotify | Android | Google Play

Today on The Knowledge Project I’m talking with Matthew Holland, the founder and CEO of Field Effect Security. For the past decade, Matt’s been the guy that every three letter agency in the western world has called when they have a problem they can’t solve. As one of the world’s leading authorities in cyber security we discuss exploits, hacking and defending. He provides insight on the mind of the attacker, what’s possible and what questions you should ask your cyber security vendor.

Here are a few highlights from our conversation:

I think back to some of the things I got to see and be a part of, that no one will ever know about, and that is really cool. It was really neat being a part of that. It creates memories that I’m pretty sure if I were to run into somebody 30 years from now on the other side of the world in a bar, immediately, there’s that connection of like, “Hey, we did that. That was really cool.”

The idea of going private was taking the handcuffs off and create an environment where we put really, really smart people together. Part of our recruiting strategy was immediately going after the best people in the community and taking all barriers out of their way and letting them do amazing things.

The current state of the cybersecurity industry, to say it’s a hard problem is an understatement. It is an unethical shit show, I would say, and it really bothers me where it’s at. So, I think there’s a large part of me that wants to fix that.

It’s no longer the Sonys of the world, it is now your law firms, because there’s a lot of intelligence value there. Patent firms, I mean, there’s a lot of intelligence value there. So, how seriously smaller companies need to take this threat, I think has really gone up.

If I look at the vendors out there, I’m not going to name any specific competition, but what I see is a sales strategy that is like a warped used car salesman strategy. That’s probably an insult to used car salesmen out there, because it’s much worse. It’s all about the transaction, it’s all about getting that done, taking the customer’s money, and saying, “Good luck.”

Something that a lot of vendors don’t actually realize that no matter how much you lock down your operating system, there’s always going to be a creative group out there that does things better, that can get around it.

If that isn’t a wake-up call to Apple, I don’t really know what would be. That’s basically, the industry is saying, “Yeah, your operating system is not as secure as you think it is.”

This is ultimately why I get very frustrated that companies will pay ransom or not take the time to hire a company ahead of time. It’s much easier and cheaper to be preventative and to harden your system and be ready for attacks. I mean, that is the reality of today, and anybody who thinks otherwise is, they’ve got their head in the sand.

I do not agree with what Snowden did in any way. And that is putting it very, very kindly.

One thing that always resonates in my head that everybody has great ideas, but how you push through is execution. You need to materialize those great ideas into things that are reality.

If you don’t have a cybersecurity vendor, if you don’t have a company helping you out with that problem, get on it. Everybody is a target at this point.

Top 10 Cyber Security Tips

  • Use Multi-Factor Authentication (MFA) with all email/cloud/web accounts
  • Use a Password Manager (with strong passwords, no password reuse)
  • Use a Virtual Private Network (VPN), make sure the VPN vendor is based in a friendly country!
  • Make sure all devices/computers are fully patched (operating system/software/apps are always updated)
  • Reboot your mobile device(s) every morning
  • Use a microphone/camera blocker on all devices/computers when not in use
  • Don’t post addresses, phone numbers or email account information on social media
  • When travelling, don’t use airport/plane/hotel Wi-Fi networks unless absolutely necessary (and use a VPN if you do!)
  • At home, don’t use the Wi-Fi network provided by your ISP modem (use a separate Wi-Fi router)
  • Keep home IoT (smart speakers, TVs, etc) on a separate Wi-Fi network from devices/computers

Listen and Learn

Transcript

Get transcripts, early access, ad-free episodes, and so much more. Learn more or sign up now: