Episode Details

Information security is not just technical. There is a human aspect involved and fixing that is more than just identification and awareness. Our guest today is Ira Winkler. Ira is the president of Secure Mentem and the author of the book You Can Stop Stupid. He is referred to as the modern-day James Bond, given his skills both physically and technically in infiltrating organizations.

Today, Ira shares with us many of his personal and professional experiences in the area of cybercrime. His valuable tips and information can change how you look at potential threats and scams. He is an expert in how to make people easy prey and how to prevent people from being easy prey.

• [0:51] - Ira graduated college as a psychology major and the only job he could get at that time was in the National Security Agency. This led him into the computer field within the military.
• [1:31] - He always wound up working on the human side of things.
• [3:03] - Ira shares his background and how he became a world-renowned penetration expert, which is a fancy name for a hacker.
• [5:21] - The way you break something is not the way you fix it. This is an important concept when looking at psychology.
• [7:01] - Psychology helps Ira exploit others but it is also important to understand when helping them.
• [7:55] - Telling someone the problem and then telling them not to fall for a scam doesn't work.
• [8:50] - Ira and Chris discuss the recent Twitter hacks. Ira says that in this situation, anyone could have done what the hacker did because it was easy. You just have to have the questionable ethics and morals to do it.
• [9:41] - A lot of times, hackers and criminals are hired in various agencies including government and law enforcement because of their skills. Ira says this is very backwards and gives examples why this is "horrendous."
• [11:58] - How do we get people to not fall for various types of scams? Ira says it is a very multi-layered process and gives a few examples of what can be done.
• [13:02] - Ira uses a comparison with terrorism attacks and how we can use that knowledge to help us protect ourselves, plan for a problem, and how to respond.
• [15:59] - A lot of sites other than banks and credit card companies are putting in security measures to keep people safe. But a lot of people get annoyed by security protection's inconvenience.
• [17:15] - In general, most people use the same password across multiple accounts. If one user ID and password is compromised then the others are as well.
• [18:32] - Ira uses the real moral of the story of The Wizard of Oz: You have what you are looking for, you just don't know it or how to use it. This is applicable to security. You have what you are looking for, but you aren't using it.
• [21:38] - People have to stop being offended when people put security mechanisms in place.
• [23:10] - Something that bothers Ira is when real credit card companies are calling and ask for points of verification like social security numbers. This is exactly what scammers do and when real companies do this, it is hard to tell the difference.
• [25:43] - If somebody is injured, it is the fault of the system where the user exists. Somewhere they enabled the user to put themselves in a situation to allow them to be harmed.