Avast Shuts Down its Data Sales Subsidiary Due to Privacy Backlash
CISO Platform
January 31, 2020
Avast was recently caught selling user's web browsing data. Shortly thereafter the CEO made an apology and announced they were ceasing the Jumpshot data collection activities and winding down company operations. It is time that privacy regulations improve. This situation is playing out again and again for freemium type services and only hints at the greater problem.
See publication
Tags: Big Data, Cybersecurity, Privacy
Privacy Day – Yes it Matters More than You Might Think
LinkedIn
January 28, 2020
Privacy matters to everyone! In fact, more than most people realize. It underpins the very nature of liberty and is a key pillar for online security. Celebrate Privacy Day, with a little more effort in protecting your personal data and supporting a digital world that respects privacy.
See publication
Tags: Cybersecurity, Privacy
Lessons from Microsoft’s 250 million data record exposure
HelpNetSecurity
January 24, 2020
Microsoft has one of the best security teams and capabilities of any organization in the technology industry, yet it accidentally exposed 250 million customer records in December 2019. As a former cyber incident commander for a major technology corporation, I can see a number of important lessons to be learned.
See publication
Tags: Cybersecurity, Leadership
There is no easy fix to AI privacy problems
HelpNetSecurity
January 23, 2020
Artificial intelligence – more specifically, the machine learning (ML) subset of AI – has a number of privacy problems.
See publication
Tags: AI, Cybersecurity, Privacy
Banks are Developing Digital Currencies and Opening Themselves to Cyber Risk
LinkedIn
December 31, 2019
Cybersecurity will be hard pressed to take on the new challenges of bank managed digital currencies. Banks are developing their own digital currencies. The introduction of Central Bank Digital Currencies (CBDC) is the beginning of an interesting trend that will change the cybersecurity dynamic for banking as it opens up an entirely new threat landscape.
See publication
Tags: Blockchain, Cybersecurity, Fintech
The 7 most dangerous digital technology trends
HelpNetSecurity
December 10, 2019
As our world embraces a digital transformation, innovative technologies bring greater opportunities, cost efficiencies, abilities to scale globally, and entirely new service capabilities to enrich the lives of people globally. But there is a catch. For every opportunity, there is a risk.
See publication
Tags: AI, Cybersecurity, Privacy
Cryptocurrency Exchange Hacks are on the Rise
Medium
December 09, 2019
Seven major cryptocurrency exchanges were victimized in 2019, totaling over $160 million in financial theft. As predicted, cybercriminal hackers targeted crypto exchanges in 2019 and the trend will continue into 2020.
See publication
Tags: Cryptocurrency, Cybersecurity, Privacy
Hackers Scan Massive Docker Instances to Mine Crypto
LinkedIn
November 27, 2019
Hackers are at it again, looking for vulnerable Docker instances so they can selfishly mine Monero.
See publication
Tags: Cryptocurrency, Cybersecurity
AI Based Defensive Systems Impact on Cybercriminal Strategy
PenTest Magazine
November 08, 2019
Good guys are working at a fever pitch to create pre-emptive adversarial attack models to find AI vulnerabilities. But threat actors are working just as fast to develop threats and have the resources (aka money) to build powerful cyber weapons. Who will win this race against time?
Some of California’s top security minds came together during National Cybersecurity Awareness Month to discuss the role of Artificial Intelligence (AI) in cybersecurity. Leading experts from both the private and public sectors joined our Inteligenca Cyber Salon to discuss both the promise and concern about AI. No doubt we heard during this talk that AI is controversial.
See publication
Tags: AI, Cybersecurity, Risk Management
Hacking Phones: How law Enforcement is Saving Privacy
DarkReading
October 30, 2019
In the battle between privacy and security, technology can bridge the gap allowing a healthy balance. We must not fear technology, but rather purposefully wield it in better ways with clear goals of benefits and limitations for abuse.
Here is my latest article, posted on Dark Reading, discussing one such path that may raise concerns with privacy advocates at first glance, but could result in a strategic win for everyone's privacy and security, except criminals.
See publication
Tags: Cybersecurity, Govtech, Privacy
Major Drone Attack Against Global Oil Production Showcases Weak Cybersecurity Thinking
LinkedIn
September 16, 2019
We are entering a new era for conflict that brings with it a synthesis of cyber and physical security that increases global safety risks. Attacks with connected technology, Internet-of-Things (IoT) devices, and Industrial IoT components are ramping up, now attaining levels with serious consequences. The cybersecurity industry is not prepared. It is time we revisit the deeper discussion of converged cybersecurity!
See publication
Tags: Cybersecurity, Digital Transformation, IoT
Criminals Luring in Bitcoin Sellers to Launder Money
LinkedIn
September 13, 2019
With the lure of big cash rewards, cybercriminals are luring-in the bitcoin community to become money laundering mules. This does not end well for anyone except the criminals.
See publication
Tags: Cryptocurrency, Cybersecurity, Social
Matthew Rosenquist Joins the Eclipz Advisory Board to make the World of Connected Data More Secure
LinkedIn
September 04, 2019
I am excited to announce that I am joining the Advisory Board of Eclipz! Such a great team working to make the connected world of data more secure across devices, services and even between untrusted endpoints.
See publication
Tags: Cybersecurity, Emerging Technology, Startups
NATO’s Collective Defense for Cyber Attack Remains Fragile
LinkedIn
September 03, 2019
NATO is far from implementing "collective defense" for cyber-attacks. Much work is still to be done before Article 5 is an effective deterrent.
See publication
Tags: Cybersecurity, Govtech, Leadership
Cryptocurrencies Should be Enabled to Blacklist Criminal Holdings
LinkedIn
August 28, 2019
Cryptocurrencies like Bitcoin are heavily targeted and exploited by cybercriminals. There may be something that can be done to assist law enforcement in revocating illicit assets, aid victims, and still preserve the fierce independence autonomy of public blockchain cryptocurrencies.
See publication
Tags: Cryptocurrency, Cybersecurity, Innovation
Do Not Pay Ransomware – A Lesson for Municipalities
Medium
August 19, 2019
Ransomware is getting worse, in part because victims are paying. Poor decisions of certain municipalities is having an impact on their peers. Stop paying criminals! They will be back, stronger than before.
See publication
Tags: Cybersecurity, Govtech
Joining the Advisory Board for the Techno Security & Digital Forensics Conference
LinkedIn
August 15, 2019
I am excited to announce I have accepted a position on the Techno Security & Digital Forensics Conference Advisory Board. I am honored to be part of this team to help drive education, awareness, training, and ethics across the digital forensics and cybersecurity industries.
See publication
Tags: Cryptocurrency, Cybersecurity, Digital Transformation
Binance Cryptocurrency Exchange Refuses to Pay Blackmailers Over a Possible Data Breach
LinkedIn
August 08, 2019
A blackmailer attempted to extort $3.5 million from the Binance cryptocurrency exchange, stating they would release confidential KYC (Know Your Customer) data. Binance has refused to pay the demands and is working with law enforcement to track down the cyber criminals.
See publication
Tags: Cryptocurrency, Cybersecurity, Privacy
Insider Threats in the Digital World are Sinister
LinkedIn
August 07, 2019
The compromise of AT&T is another example of the serious risks posed by insider threats. In this case an external attacker leverages the access and authority of internal people through bribes. Especially in digital environments, trusted insiders have incredible potential to do harm, cause disruption, and undermine trust. They are the submerged part of the cyber risk iceberg that we all must deal with.
See publication
Tags: Cybersecurity, Risk Management
Does Home Depot Respect Customer Privacy?
LinkedIn
July 29, 2019
Raising an issue with the privacy practices at HomeDepot. Why are they unnecessarily gathering personal information of its customers? A privacy savvy community should raise and amplify such issues to drive change.
See publication
Tags: Customer Experience, Cybersecurity, Privacy
Cryptocurrency Exchanges are Cyber Hackers Next Targets
LinkedIn
July 22, 2019
Where will online criminal hackers look next? Cryptocurrency. There are already hacks going on, but this will ramp up significantly as some of the more highly competent criminals are targeting cryptocurrency exchanges.
See publication
Tags: Cryptocurrency, Cybersecurity, Risk Management
Top 10 Things You Should Be Doing to Protect from Cyberattacks
LinkedIn
July 15, 2019
I get asked all the time for a quick answer to the question “How can I protect myself from getting attacked online?”. The simplified answer is to follow these Top 10 best practices.
See publication
Tags: Cybersecurity
Fight for Digital Privacy Rights Continue in Tech-Focused California
LinkedIn
June 27, 2019
The tech heartland of California is the latest battleground for privacy rights. Big tech companies are fighting to dilute upcoming legislation that will require more privacy protections. But is it enough? No! We need even better protections, accountability, and transparency of how our personal data is handled. This is the moment when ethical tech giants can either stand-up to do the right thing by leading the charge for the betterment of their users or lawyer-up to allow hidden practices, abuses, obfuscation, and deniability to continue for their financial gain.
See publication
Tags: Big Data, Cybersecurity, Privacy
Should Exploit Code be Published When Vulnerabilities are Made Public?
linkedin
April 18, 2019
On the heels of a recent report from Kaspersky Labs, discussions among security professionals have been stirred-up regarding the risks of publishing proof-of-concept code that may be helping hackers more than benefiting security. The topic has history and continues to be vigorously debated.
See publication
Tags: Cybersecurity, Privacy
Invitation to Innovators for Voting Technology Security
linkedin
April 15, 2019
Protecting our election infrastructure is crucial, yet security is lacking. Meaningful change starts with the spark of a great idea. I am looking forward to listening to all the excellent concepts for election security at the upcoming event in Sacramento CA. As India is now in the midst of having 900+ million people vote, we too need to figure a way to leverage digital tools for our democracy in a secure, private, trustworthy, and attestable way.
See publication
Tags: Cybersecurity
Role of the CISO: Top 3 Questions
linkedin
February 15, 2019
The role of Chief Information Security Officers (CISO) is evolving and requires a complex skill set. Long perceived as cost center that constrains the business in order to reduce losses from cyberattacks and to meet regulatory compliance, cybersecurity is now transforming into a critical function that must contribute to overall competitiveness.
See publication
Tags: Cybersecurity
Open Letter to the FTC – Bureau of Consumer Protection
linkedin
January 29, 2019
In December 2018 the FTC held hearings on Competition and consumer Protection in the 21st Century. A number of people spoke at the event and the FTC has graciously opened the discussion to public comments. The Federal Trade Commission has interest, certain responsibilities, and can affect changes to how data security evolves. This is our opportunity for the public to share its thoughts and concerns. I urge everyone to comment and provide your viewpoints and expertise to the FTC committee. Comments can be submitted electronically no later than March 13, 2019.
See publication
Tags: Cybersecurity, Privacy
When the Wrong Person Leads Cybersecurity
linkedin
November 19, 2018
Succeeding at managing cybersecurity risks is tremendously difficult even for seasoned professionals. To make situations worse, poorly suited people are often chosen to lead security organizations, bringing about disastrous results. This has contributed to weaker risk postures for organizations and the rapid turnover in cybersecurity leadership.
See publication
Tags: Cybersecurity, Privacy
Technology Transformation for 2019
linkedin
November 15, 2018
Digital technology continues to connect and enrich the lives of people all over the globe and is transforming the tools of everyday life, but there are risks accompanying the tremendous benefits. Entire markets are committed and reliant on digital tools. The entertainment, communications, socialization, and many others sectors are heavily intertwined with digital services and devices that society is readily consuming and embracing. More importantly, the normal downstream model for information has transformed into a bi-directional channel as individuals now represent a vast source of data, both in content as well as telemetry. These and many other factors align to accelerate our adoption and mold our expectations of how technology can make a better world.
See publication
Tags: Cybersecurity, Privacy
Should Companies be Allowed to ‘Hack Back’ after a Cyberattack
linkedin
September 30, 2018
Government officials and experts are weighing in on the concept of ‘hacking back’, the practice of potentially allowing U.S. companies to track down cyber attackers and retaliate.
See publication
Tags: Cybersecurity, Privacy
Beware Friendly Botnets
linkedin
September 18, 2018
The recently discovered Fbot, which finds systems infected with crypto-coin mining malware and scrubs them clean, may seem like a champion of good, but remember it is entering your system without your permission and modifying code and deleting files. We have seen other such ‘cleaner’ worms in the past, and the best advice is to be wary.
See publication
Tags: Cybersecurity, Privacy
“Unhackable” Product Claims are a Fiasco Waiting to Happen
linkedin
August 17, 2018
Those who think that that technology can be made ‘unhackable’, don't comprehend the overall challenges and likely don't understand what 'hacked' means.
See publication
Tags: Cybersecurity, Privacy
Slowing Innovation Should be a Cybersecurity Violation
linkedin
August 04, 2018
Risks come in many forms. Going too fast, being reckless, taking chances, etc. are easy to recognize warning signs. But what about the other end of the spectrum? Is going too slow ever bad? I say yes, especially when it unnecessarily impedes productivity, innovation, operational logistics and intentionally creates frustration of users.
See publication
Tags: Cybersecurity, Privacy
Cybersecurity Fails without Strategy
LinkedIn
July 17, 2018
Building and running a cybersecurity organization is a daunting task and most aren’t doing very well. The brutal reality is that the industry is struggling. Even as gains are made in the professional community, losses are skyrocketing in the face of security spending that is increasing to astronomical levels. Some estimates place losses to cybercrime alone at $6 trillion by 2021, doubling from $3 trillion in 2015, while security spending will top $1 trillion with expected double digit annual growth. These losses exceed the global illegal drug market and the security investment burden increases at an unsustainable rate. Even with massive investments over the years, the world continues to hemorrhage losses due to cyber-attacks. These damages are derived from individual organizations that have failed to erect and maintain viable defenses.
Companies in regulated industries and larger businesses will typically invest in an internal team to actively manage the cyber risks with a Chief Information Security Officer (CISO) at the helm. The current incarnation of the CISO position has not really been in widespread use for very long and the role has radically changed over the years. Where they report within the organization, what background and skills they possess, their overall responsibilities, and the desired experience for which they are hired varies wildly from one CISO to the next. The traditional CISO role focuses on protecting company assets, including preserving reputation, preventing downtime, securing data and financial assets, and ensuring regulatory compliance. But some companies are also using the CISO role as an external marketing ambassador to fuel visibility and drum up customers. So, in today’s world it is a mixed bag. Consequently, security teams are managed very differently and there is a major performance gap that needs to be addressed.
See publication
Tags: Cybersecurity, Leadership, Risk Management
Mylobot Showcases the Evolution of Modern Malware
linkedin
June 21, 2018
The recently discovered Mylobot aggregates 9 sophisticated features, highlighting how advanced malware is evolving. Stealth capabilities make it difficult for security tools to detect and protection aspects preserve its functionality over time.
See publication
Tags: Cybersecurity, Privacy
Cybersecurity Fails without Strategy
linkedin
June 17, 2018
Building and running a cybersecurity organization is a daunting task and most aren’t doing very well. The brutal reality is that the industry is struggling. Even as gains are made in the professional community, losses are skyrocketing in the face of security spending that is increasing to astronomical levels. Some estimates place losses to cybercrime alone at $6 trillion by 2021, doubling from $3 trillion in 2015, while security spending will top $1 trillion with expected double digit annual growth. These losses exceed the global illegal drug market and the security investment burden increases at an unsustainable rate. Even with massive investments over the years, the world continues to hemorrhage losses due to cyber-attacks. These damages are derived from individual organizations that have failed to erect and maintain viable defenses.
See publication
Tags: Cybersecurity, Privacy
Matthew Rosenquist speaking at the Intel Cybersecurity Education Workshop
YouTube
September 12, 2019
Intel's cybersecurity strategist Matthew Rosenquist speaks at the educators' workshop on the industry challenges and academic needs for the next generation of cybersecurity professionals. Cybersecurity is challenging and graduating students must possess an increasing set of skills and perspectives in order to be successful. Matthew Rosenquist covers the growing risks, changes, and aspects of the digital security industry and provides a plan on how it must evolve with the help of educators.
See publication
Tags: Cybersecurity, Future of Work, Risk Management
Make America Secure Again - Pitch Event
Inteligenca
May 23, 2019
Cybersecurity innovation at its finest! It was my pleasure to moderate and be a panelist at the Make America Secure Again event in Sacramento, where innovators pitched ideas to strengthen the security of America's digital voting systems.
Protecting our election infrastructure is crucial, yet security is lacking. Meaningful change starts with the spark of a great idea. California again shows how it can reach out to the pool of great innovators to seek a variety of solutions for cybersecurity challenges. We must all work together to find ways of managing cyber risks. Outreach and innovation is key.
See publication
Tags: Cybersecurity, IoT, Leadership
The Verification of Truth: The Future of Digital Forensics and its Role in Cybersecurity
2019 Techno Security and Digital Forensics Conference
March 11, 2019
As the world embraces digital services and automation of critical systems, understanding risk, attributing actions, and deciphering attack methods will be crucial to the proliferation of connected technology. Trust is key, but transparency is greatly obscured. Forensics will grow to become the verification of truth and will play an ever-increasing role in understanding responsibility and controlling the dissemination of Fear, Uncertainty, and Doubt through actuarial data. Let’s explore the new areas, challenges, and opportunities for the bright future of digital forensics
See publication
Tags: Cybersecurity
Cybersecurity Risks and Recommendations – Where Your Focus Needs to Be
http://www.securitysystemsnews.com/blog/psa-tec-wrap
May 10, 2017
Technology convergence across cyber and physical security is driving change. Protection will evolve to include digital security, physical safety, and personal privacy.
See publication
Tags: Cybersecurity
How Cyber-Attacks are Changing the Expectations of Security, Privacy, and Safety
2017 ISC West conference
April 06, 2016
Cyber-attacks are an ever increasing problem that reaches out from the digital domain and into the physical world to impact the security, privacy and safety of people, businesses, and governments. The rapid growth of technology adoption and connectivity are driving new opportunities for attackers at an accelerating rate. The result is a radical shift in expectations by consumers and organizations for more comprehensive solutions, streamlined oversight, and clear accountability.
See publication
Tags: Cybersecurity, Privacy, Risk Management
Diversity in Cybersecurity Education
2016 ICT Educator Conference
January 07, 2016
The cybersecurity industry needs more people with greater diversity to fill the growing number of open positions. Intel is very active with internal corporate diversity efforts, establishing strong pipelines, and investing in diverse partners. Additionally, Intel is contributing to the formalization of cyber science degree standards to align educational programs to market demands.
See publication
Tags: Cybersecurity, HR, Diversity and Inclusion
Matthew Rosenquist Joins the Eclipz Advisory Board to make the World of Connected Data More Secure
Matthew Rosenquist Joins the Advisory Board for the Techno Security & Digital Forensics Conference
Contributing to the SIA Education @ ISC Advisory Board
Joint Task Force on Cybersecurity Education
Honored to Join the HMG CISO Advisory Board!
Top Writer in Privacy by Medium
2019 ADA award for Outstanding Leadership in Protecting People’s Information
LinkedIn Top Voices 2018: Technology
Thinkers360 Predictions Series – 2020 Predictions for Cybersecurity
Humans, complacency, ignorance delay AV deployment
Winning the security fight: Tips for organizations and CISOs
Modern Successful SOC & Artificial Intelligence round-table
Shared Pain Points & Opportunities for Secure Smart Cities
Ransomware: The Not-So Good, Really Bad, and Truly Ugly!
Harnessing Cyber-Physical Security Technologies
Hardware-generated dynamic identifier
SuperDataScience Podcast - SDS 273: Predict, Prevent, Detect: Cyber Security
Evolving Risks of Cybercrime with Matthew Rosenquist
Don't trust a company to keep you safe
Evolving Risks of Cybercrime with Matthew Rosenquist podcast
Cyber/Physical Convergence
The True Cost of Data Breaches - Not Just a Dollar per Record
Upgrading to an APT-Capable Defense: Where To Start, How To Get Funding And See Immediate Reduction In Risk
McAfee Labs 2017 Threats Predictions
Prioritizing Information Security Risks with Threat Agent Risk Assessment