Matthew Rosenquist, Cybersecuirty Strategist is on Steemit!


Hello all Steemers and Steemitans. My name is Matthew Rosenquist and I am a cybersecurity strategist, father, and pragmatist.

A few weeks ago I heard about Steemit. I have always been a fan of cryptocurrency and I blog quite a bit for my industry, so I am here to check it out. I enjoy posting about cybersecurity and commenting on a wide variety of topics, so I hope this is a good fit.

My professional passion is cybersecurity. I work for a large technology company and have been a thought-leader in security for about 25 years. I have held many roles and covered a lot of ground. I look at the technology industry to understand the weaknesses and how attackers are undermining trust and causing impacts, the role of governments, and the defensive postures organizations are taking to protect themselves. Every day I learn something new and work to apply and share it.

I am very active in the industry and on social media. I speak at international conferences, consult with industry partners, academia, and governments. I am an active member on a number of industry advisory boards, and have published acclaimed white papers, blogs, and videos on a wide range of information security topics. I am most active on LinkedIn and bring with me 50 thousand followers.

Speaking at the Cyberstrat2014 conference in Helsinki Finland.

Speaking at the CTO Forum in 2015 on how the technology industry must change to be more secure

I call California my home but have traveled the globe. Shanghai, Taipei, Munich, Copenhagen, London, Cairo, Rome, Paris, Jerusalem, Helsinki, Ottawa, San Jose, San Juan, Stockholm, Gdansk, and many other places in-between. I have had the good fortune to meet incredible people from all walks of life, taste delicacies, and experience a wide range of cultures. We live on an incredible planet and are a truly mesmerizing species.





What I will bring to Steemit: I hope to add my voice to the community, providing information about cyber threats and the industry, participating in discussions and debates, and having a great time in the process.

So far, I have found Steemit to be such a wonderful community. Too bad it still feels like it is a secret. …We really need to change that.

I have already made a few blogs on Steemit, but everyone is welcome to ask questions. I will do my best to answer.

Here are a few of my posts…

You can follow or connect with me on a number of different sites and platforms:

LinkedIn: https://www.linkedin.com/today/author/matthewrosenquist
Twitter: @Matt_Rosenquist
Evangelist Blog: http://evangelists.intel.com/bio/Matthew_Rosenquist
Information Strategy Blog: http://infosecstrategy.blogspot.com/

Sort:  

I almost thought it's you...

Definitely not me. Sadly I don't dance.

Welcome aboard and, BTW, I really enjoyed your pictures too! Namaste :)

Great to see another true professional on Steemit. Keep up the superb work Matt :)

Welcome! Being in the IT industry I look forward to your posts!

Hi, have you seen this in the TCP stack, is that really new?
Who knew about that before and how actively exploited was that already?
https://steemit.com/security/@kingofchaos/exploit-serious-linux-flaw-allows-hackers-to-hijack-your-internet-connection

I have not see this. Thanks for sharing @kingofchaos. I have to read up.

This is really helpful to new streemers & steemitans.

Welcome, I look forward to your posts and more of the great pictures!

This post has been linked to from another place on Steem.

Learn more about linkback bot v0.3

Upvote if you want the bot to continue posting linkbacks for your posts. Flag if otherwise. Built by @ontofractal

Im not sure whats more sad here, the fact that this guy posted a dozen un-noticed articles and have barely been rewarded for it or the fact that he is finally rewarded for introducing himself as a "security strategist".

hey @mrosenquist nice to meet you !
and welcome to the best community over the Internet 8]

Welcome to steemit @mrosenquist, glad to have you join the community! Have you heard this keynote address just given by John McAfee on the future of cyber-security? I think everyone in the field should hear this speech, have a nice day!

John McAfee keynote address:

People who toss around "cyber" and "thought leader" so often have little idea wtf they're talking about or any original thoughts or opinions to contribute. Much like those fleshtoned throat mikes favored by motivational speakers the world over, it's a signal of buzzwords-over-content.

Not once have I ever seen an actual thought leader self-apply the term.

How much did your 50k linkedin followers cost? You have 522 followers on twitter and your blog posts here thus far have been regurgitated news items easily available elsewhere without any useful insights or original commentary added. Most of the people I know who are active and actually contributing in infosec have at least 10-15k+ organic twitter followers. You say you've been around for 20 years but so have I and I've never heard of you. AFAICT you've just been at Intel that whole time doing "strategy", which generally means "not engineering".

Self-aggrandizing money grabs are what Steem is supposed to resist, right?

@sneak, thanks for your passionate opinions and inquiry to my professional background. I take questions, inquiries, and comments very seriously. I want to provide a through response to your comments and questions. I have posted my response on a separate thread as the length would be unwieldy in the comments section on this post.

Please navigate here to see my full reply:
https://steemit.com/introduceyourself/@mrosenquist/is-matthew-rosenquist-a-cybersecurity-fraud-or-the-real-deal-you-decide

I welcome your further interaction, debate, and interaction.

Verified via twitter - thank you!

Welcome to Steemit...Have a nice day :-)

Welcome here on Steemit! I hope you are doing great. Nice article.

As a cyber-security specialist, is reviewing code something you do? Please give Bitcoin Classic a look and check my steemit blog for at least one proposal that is in the works which could definitely use more eyeballs!

@tomz I am not much of a coder. Was never very good at it either. My expertise is more on the understanding of threats, controls, managing risks, and developing the necessary plans to align resources to achieve an optimally balanced security posture.

Nice to see you here. I read some of your stuff in the past. Being involved in ethical hacking my self. Hope we get some scopes here in steemit from you :)

Thanks for the welcome! I look forward to contributing to the Steemit community. Glad to hear you are on the white-hat side! The industry needs more people with your skills.

Welcome! What are your thoughts on Steemit's account security - recovery, multiple passwords, SP etc?

I am just beginning to learn about the security controls of Steemit, so my opinion is limited at this time. But one thing I have noticed is the transparency and responsiveness of the Dev's. They are open to talk about issues, fixes, and work very fast to address problems. Those behaviors are not typical of big company software teams. So, they have earned my respect in that way. The last thought is we all must realize Steemit is still in Beta. That really means 'use at your own risk'. The code is not fully baked yet, so it would be unfair to pass any judgement at this point.

welcome!
Have been watching Mr. Robot seasons and read that everything that happens in the show is actually possible in real life.. it's pretty scary..
Do you have any good documentation for people that are not IT oriented and would like to know how hacking really works?

thanks!

There is a tremendous amount of documentation, classes, news, and information available on the topic of hacking. It really depends on your focus. Do you want to be a hacker (white, grey, black), researcher, in cyber operations, architecture and design, etc. Decide what you want to explore and you will likely find all sorts of materials.

very interesting article about security and an awesome introduction. many people will need your help.

We are all here to help each other! Teamwork.

Welcome to the party! Great to see someone with your weight stepping into the fray.

So far, I have found Steemit to be such a wonderful community. Too bad it still feels like it is a secret. …We really need to change that.

How do you think the community should improve that in the short term and long term?

"How do you think the community should improve that in the short term and long term?"
My 2 cents:

  • We as a community need to continue to step up and be vigilant on creating, commenting, and curating quality content
  • Additionally, we need to provide the Dev's inputs on improvements, fixes, and new features
  • Show patience and appreciation to those same Dev's who are working their butts off. Remember, it still says 'beta' in the upper left corner of the screen. They are working to improve Steemit while it is growing rapidly. No easy task!
  • Invite others, who would enjoy and contribute to Steemit, into the platform. Giving warm guidance, a helping hand over the current rough spots (beta), and setting the right expectation (beta) as we move towards v1.0
  • ...oh, and have fun! This is a social platform. Be authentic, turn up the music, dance, and have fun in the Steem(it)

Show patience and appreciation to those same Dev's who are working their butts off.

Applauds to all devs once again...Great to have you here, btw!

Thank you @mrosenquist . Security, Privacy are extremely important topics for authenticity as you know. Your presence here helps tremendously. I think your closer scrutiny of the platform would go a very long way. I think they need to offer 2FS to start. What do you think?

Two-factor-authentication is becoming a standard to secure valuable digital property. It does not solve everything, but is a good baseline practice to make overtaking of accounts more difficult (in certain ways). There are tradeoffs, namely costs, support time, and most significantly the increased work the user is subjected to for login. So many considerations should be evaluated. My advice has always been to use 2FA or MFA for your most valuable digital assets.

Welcome to Steemit. What is your opinion on NSA hack?

I have been withholding my opinions until more concrete validation occurs. Either way, true or not, this will affect global foreign policy and may change the scale of global cyber crime and nation state offensive/defensive cyber activities. Already, we are seeing companies like Cisco, Fortinet and Juniper Networks looking into possible 0-day vulnerabilities in their products. This is just the beginning...

Check this out - Glenn Greenwald's, The Intercept has confirmed that the NSA hack is indeed, real:

https://theintercept.com/2016/08/19/the-nsa-was-hacked-snowden-documents-confirm/

It would be great if I could explain what happened. So far I don't understand it.

Expect in the next week, more information will come out on this incident. That would be my guess. Until then, there will be a lot of speculation from people wanting media coverage (a little bit of fame)

Cisco, Fortinet, and Juniper are not suddenly beginning to look for 0-days because of the Equation Group hack - they've been at it for years already. This comment contains no content or substantive information.

There is some good information in the news regarding their specific work after the unencrypted source code was made public.

I have had the good fortune to meet incredible people from all walks of life, taste delicacies, and experience a wide range of cultures.

Right?! How can people desire to stay within their narrow existence and not experience all or at least more of what other cultures have to offer?

Thanks for what you are bringing here. I like your attitude as much or more than what you could bring to improving Steemit.com. Hope to see some great contributions from you!

I was taught ignorance reinforces ignorance. Exploration however, opens the mind to have a better grounding for more learning. Basically, the more we broaden our experiences the more we realized how little we know. I hope to continue exploring the world and learning until my last days. I don't always agree with what I see, hear, taste, or read. But I know I am gaining more experience to formulate confident opinions which are uniquely mine.

Well said ! It is very refreshing to hear that you have gained that wisdom and better yet, you are sharing that wisdom. One mind at a time my young friend, lol.
Welcome to Steemit ! I think you will definitely be an asset to Steemit and I look forward to hearing you share your insight and knowledge.
Read More, Reason More ... JTS

I don't always agree with what I see, hear, taste, or read. But I know I am gaining more experience to formulate confident opinions which are uniquely mine.

Clone yourself! Good to have you here.

Glad to see you here at Steemit. Cyber-security is a recent passion of mine, although I lack a lot of knowledge. You have to start somewhere I guess. Will be taking the time to watch the videos you provided, and follow up on the links also. I believe Steemit will benefit greatly from your presence here, so big welcome to you.

Thanks @naquoya. I truly have a passion for cybersec. There are a lot of resources to feed your interest. Reports, news sites, security conferences, online-classes, etc. Consider following the wealth of security professionals in LinkedIn and Twitter as well. You will be bombarded with all sorts of good research, ideas, perspectives, and resources.

Hey @mrosenquist - great article; very insightful (and how about the beautiful Trevi Fountain in Rome? I was lucky enough to see it, too - but unfortunately at the time in late 2012, it was under serious renovation and it was partially covered in tarps.)

Anyway, I was wondering - given your experience - I'm assuming you've run into clients who have deployed some infamous Bitcoin-based ransomware within their network environment? Is there any plausible way to defeat this once it's been unleashed, or are you completely at the mercy of encryption? (other than restoring back-ups, of course.)

(and - full disclosure - I work in the IT field myself, and I was recently responsible for unleashing one within our company. Luckily we back everything up, so it really wasn't a big deal, but some of my clients who opened the infected e-mail from me were not so lucky.)

@internets you are asking a difficult but important question. Older versions of Ransomware were not coded very well. They were easily cracked by security researchers. However, in the past year the quality of the malicious code has significantly improved. That tends to happen when money is on the line. Modern variants of ransomware are very robust and manage asymmetric keys expertly. They are virtually impossible to break on the client side. It is possible if their Command and Control infrastructure is compromised or seized by authorities and the private keys are recovered. This happens, but not often enough.

A number of security organizations are now pooling their resources to create tools for keys which have been recovered. First you need to determine the variant a victim has (not that easy as they may claim to be something different) and then apply the private key in a way to recover files but not harm the system. The good news is, a site is now up to do both. Check out https://www.nomoreransom.org/

Again, they don't have the private keys for every variant, but victims might get lucky. They do have a checker to easily identify the variant. I know some of the researchers behind this site. They are from top security companies in the industry and are serious about addressing the scourge we call Ransomware. - Hope that helps.

Wow, thanks so much for the insight. I'm glad I asked.

So, once you run this software to check the variant of the key - it's simply matter of deploying the key, and you're golden? I'm guessing there is a way to more or less brute force it by simply running a batch file of every key in possession? (which, I'm guessing would would also be just about instantaneous - once all the keys are compiled?)

Fortunately, I have never had to run the tool myself so I don't know how the decryption process works. But I imaging due to the different ways ransomware can work, I assume the decryption process may differ between variants. Check out the How-To guides on the Tools page: https://www.nomoreransom.org/decryption-tools.html

Great, thanks - and thanks again for the input. I'll be looking forward to seeing more of your posts on here. Cheers!

@internets reach out any time! You can follow me on Steemit, Linked-In (where I tend to post throughout the day), and Twitter. Good luck with the ransomware recovery effort.

Welcome on Steemit it is a privilege to have you here :)

Thank you @margot, it is my pleasure.

I'll be up voting this @mrosenquist because I believe In what @dan and @ned built here with #steemit That's why I have converted some of my hard earned money into this platform.
Keep up the good work!

Sounds reasonable. I think there are many who are becoming believers in Steemit! Thanks for the up-vote @steemvideos

Hola, primeramente necesito saber tu recomendacion, mira mi blog
Hello , first I need to know your recommendation , look at my blog

How to earn money

yes, time to make Steemit a household name