Interview With Graham Cluley – An Award-Winning Cyber Security Blogger

Graham Cluley Interview

Every day more businesses, individuals, organizations and even Governments are having an excruciatingly difficult time securing their critical data from being hacked or kept hostage. So, to discuss the current state of cybersecurity and its possible preemptive measures, we interviewed the Award-winning Cyber Security blogger, researcher, and speaker, Graham Cluley, who has been a Cyber-Security veteran for 25+ years and have worked with big names like Dr Solomon’s, Sophos and McAfee.

Currently, Graham shares his knowledge, experience, and wisdom on his own personal blog which is Graham and does Podcasts on Smashing Security with the Co-Host, Carole Theriault from Sophos.

*The Latest Podcast By Smashing Security: “Password, Pirates & Postcards“. (Latest at the time of publishing this interview)

So, let’s get to know the interesting insights that Graham has to share with us:

Ali: What was the pivotal point in your career that made you transition from a programmer to an infosec professional?

That's simple! A job offer. 🙂  I was writing and selling my own games while I was studying computing at college, and I was fortunate enough that the UK's leading anti-virus expert liked some of the games I'd written... so he asked me if I would come and work for him.

Ali: Graham, you are one of those individuals in the industry who has closely analyzed internet from its early days to fast forward today; what are the biggest moments in Internet's history that you vividly remember in terms of information security?

My background is in anti-virus, and there have been some pivotal moments in the field of malware.  I think of the Concept virus which emerged in 1995 and turned the world of anti-virus detection upside down by being the first ever virus which could infect Word documents, the early email-aware worms that spread rapidly around the world, the emergence of state-sponsored cybercrime such as the Stuxnet attack on an Iranian nuclear facility or Russia hacking into the email of US political parties.

*Graham Cluley Discusses The Cyber Security Threats That Should Be Keeping You Awake At Night

Ali: You officially started your career working as the first Windows programmer for Dr Solomon's Anti-Virus Toolkit. So, being associated with the Antivirus industry, what do you think are still the biggest areas where Antivirus companies of today are lacking?

Anti-virus companies are typically much more than anti-virus companies these days. Many of them are truly security companies offering a variety of technologies to reduce the impact cybercriminals can have on your computers in business or at home. One area that I think is often overlooked by these companies is the insider threat.  In many ways, that's a bigger concern than the danger posed by external hackers trying to break into your business.

*Graham Cluley Keynote Speech At Navigate '16, Berlin, October 12, 2016

Ali: Leaving a big security company like Sophos and then working your way up to the ranks of an award-winning independent security blogger, were there times earlier that you regret your decision of going solo or felt attracted towards a lucrative job offer?

No. I did my time working for big companies and wanted to be my own boss.  What motivates me is having fun, not making the big bucks. 🙂

*Here are some prestigious awards and recognitions that Graham Cluley has earned up till now as an independent Cyber Security Blogger:

graham cluley Awards

Ali: What do you think is the biggest threat computer users or mobile users are facing today? And how can they protect themselves online? Any suggestions or recommendations?

The biggest threats for most people are fairly simple ones - such as phishing attacks or using the same password in multiple places.  These aren't earth-shattering, state-of-the-art new threats, but they continue to pose a significant problem. Technology alone isn't enough to protect you.  It needs to be teamed up with user awareness and a good dollop of common sense. The other substantial risk that has emerged in recent years is the Internet of Things.  We're all rushing to buy IoT devices, but many of them are hopelessly insecure.  That worries me a lot.

*Graham Cluley's Advice On Staying Truly Private Online

Ali: What do you think is the future of VPN technology? In your opinion, where do you see this industry going in the coming 5 years?

The biggest challenge is getting the average person in the street to understand what a VPN is (the name itself probably puts people off as sounding too technical), and how it can help them stay more private online.  In my experience, most people still don't use a VPN as a matter of course. The other challenge for the industry, of course, is to ensure that VPNs keeps their promises, ensuring that customer information and browsing remains private - and that they're not actually introducing additional risk.

*Graham Cluley Discusses On Why You Should Be Using A VPN

Ali: In your experience, are there any tools, software, apps or browser extensions you'd like to recommend everyone that can ensure maximum protection of their online data and privacy?

I don't like to recommend specific products, but everyone should invest in a decent anti-virus, ad blocker, VPN, password manager.  Check out the competent independent tests and try them out to see what works well for you.

Ali: This year 2018 would be the year of Blockchain and cryptocurrencies. Are you predicting any big hacks or data theft relating to Bitcoin that can possibly happen this year? Is there any way possible that people can protect their cryptocurrencies from any sort of hack or online theft?

The most important step is not to leave your funds in an online exchange.  My advice is to get a secure hardware wallet that you can safely put your cryptocurrency keys on.  Bitcoin exchanges have had a history of being hacked, and you're going to be kicking yourself if you don't take this basic step.

*A Podcast By Smashing Security On Bitcoin And Blockchain

Ali: Lastly, what advice would you like to give to those who are starting out their career in Information Security? Are there any legit and globally recognized online certifications relating to Information Security that you'd like to recommend?

I often have people contacting me asking for career advice, and I feel such a fraud.  I fell into the security industry with no relevant qualifications, and haven't been to a job interview for 25 years.  What would I know about how to get a step up on the career ladder?  I feel like my career path has been unorthodox and may not make a great example for the average security wonk. One thing I would say is that recognise your strengths and don't let people distract you from exploiting them to the full.  I've worked in jobs where I've found myself pushed into endless meetings ("Can't I just do some *work* instead?") or asked to become a manager.  I've never understood why someone should be assumed to automatically have management skills just because they've been kicking around at the company for a few years.  It seems like a big distraction from what they might actually be very good at.  I've always tried to avoid having people reporting to me, and in some cases have even managed to convert a staff member beneath me into being my boss 🙂 What's different now from 25 years ago is the availability of much more information via the internet.  Expertise and knowledge is more accessible than ever.  You can learn more easily, make industry connections, and make a name for yourself by sharing knowledge and helping others via platforms such as Twitter.  What an amazing leveler a platform like that can be.

Ben Lyndon

Leave a Reply

Your email address will not be published. Required fields are marked *