Our latest addition to the content team at SolCyber is none other than trusted cybersecurity authority Paul Ducklin, so we asked him to introduce himself in no uncertain terms!
Hello, everyone. I’m Paul Ducklin, and I’m a new addition to the SolCyber writing team.
Some of you may know me already from the many articles I wrote in recent years for the award-winning Naked Security website, which is sadly no more, but for anyone who hasn’t met me before, I thought I’d tell you a bit about myself, my history in cybersecurity, and why, when the SolCyber crew asked if I’d like to contribute to their website in 2024, I said, “Yes, please!”
After all, an important part of joining a writing team is knowing that you have a common purpose with the company you’re writing for, and that’s most certainly how things are between me and SolCyber.
I’ve been fighting cybercrime for more than 30 years, right from the earliest days of computer viruses, and even though I’ve spent a large part of my adult life helping to reverse-engineer malware and to invent and build software that detects and stops attackers automatically, I’ve never slipped into the opinion that technology alone is enough to get the upper hand against cyber criminals.
Whenever the industry has found itself getting carried away with cybersecurity slogans such as “set and forget”, or “never needs updating”, or “buy our next-generation closed-loop deep-learning multi-layer cross-platform self-healing one-pane-of-glass auto-remediating cloud-native threat prevention system” (I may have made that last one up, but I wanted to make sure you could fill your buzzword bingo card as early in the year as possible)…
…it has made me more determined than ever to remember the saying that “those who cannot remember the past are condemned to repeat it.”
We, humans, have always mattered in cybersecurity, and we matter more than ever now that our collective enemy has vigorously embraced what we know as human-led attacks or living off the land.
Cybercriminals may have got stuck into automation long before many cyber defenders did (the first attack tools that generated new malware samples in bulk appeared way back in the early 1990s, along with viruses that mutated on their own by rewriting their code with every generation), but the attackers never gave up on the even uglier human-facing side of their criminality.
The crooks have indeed learned to use the best (by which I really mean the very worst) hands-off, fully-automated techniques to find new victims. But they have also learned to combine this approach with the optimum (by which I mean the most devious and deceitful) hands-on-the-keyboard treachery in order to cause the most trouble to, and to extract the greatest cost from, those victims they decide to attack.
So, when I first saw the tagline at the top of SolCyber’s website, I felt an immediate affinity with the words: Stop the insanity!
I didn’t read this as a suggestion that we are all quite literally going crazy; instead, I was reminded of a well-known saying about the word “insanity” that is often attributed to Albert Einstein, but probably first showed up in print before he was even born, namely: “Doing the same thing all over again but expecting a different result.”
As you’ll read immediately below the tagline on the SolCyber homepage:
“After 20 years, cybersecurity is the only industry where you buy more stuff, yet remain less certain about your level of protection. This is not OK.”
Simply put, in my upcoming articles for SolCyber, I’m determined to put humans front and centre.
I’ll be writing about cybersecurity topics that are interesting and important, so they’re topics that are worth reading about, and I’ll always try to include actionable advice that answers the vital question, “What to do?”, so that the articles themselves are worth reading.
And I’ll be writing them in plain English instead of in cybersecurity jargon – not to talk down at you, but to talk directly to you in language that is clear and unambiguous, with advice you can trust.
Speak to you again soon!
PS. If there are any knotty topics you’re keen to see us cover, from malware analysis and exploit explanation all the way to cryptographic correctness and secure coding, please let us know. DM us on social media, or email the writing team directly at email@example.com.
More About Duck
Paul Ducklin is a respected expert with more than 30 years of experience as a programmer, reverser, researcher and educator in the cybersecurity industry. Duck, as he is known, is also a globally respected writer, presenter and podcaster with an unmatched knack for explaining even the most complex technical issues in plain English. Read, learn, enjoy!