Security Mike

I got forwarded a random 419 scam letter last night. This normally wouldn't be that interesting, except that it came from "Mike Rothman." Of course, there are lots of impersonators out there, but it did peak my interest. I decomposed the message on Security Mike's blog to discuss some of the "tells" that indicate this is a 419.

Remember the 419 scam is a social engineering technique. And a lot of people fall for it, or it wouldn't be such a big business. There are a bunch of dimwits out there, falling for these ruses. Don't you be one of them.

 

As I described in this introductory post, I'm really excited to be announcing Security Mike's Guide to Internet Security. It's a 10-Step process broken up into 3 sections to help consumers protect themselves and their kids from hackers, identity thieves, and other online mayhem.


You will be able to get the Guide for $27 until November 15. When the Portal launches the price is going up to $37.

If you want to find out more about the program, register on Security Mike's web site and you'll get the Special Report: 6 Easy Steps to Protect Your Identity. This is Step 6 in Security Mike's process and you can get it for free. These are things that EVERYONE should be doing, so register and download the document today.

I also mentioned a couple of bonuses. The first is a little guide on "How to Uninstall Symantec and McAfee (without killing your machine)." Since a hallmark of Security Mike's approach is that consumers don't need to pay for security software anymore, you'll want to get rid of those heavy "suites" that slow down your machine and lighten your wallet. This report shows you how to do that.

The second bonus is "How to talk to your kids about Internet Security." These are pretty hard discussions to have, but it's absolutely critical that you address the issues. This special report will provide some ideas and tactics for you to do just that, in Security Mike's no-nonsense way.

Remember, the pre-sale period ends on November 15. So don't delay. You can save some money and get the bonuses.

At long last it's time to unveil my "summer project." Back in May I really took stock of the entire industry. After talking and working with a lot of folks on the Pragmatic CSO methodology and approach, it became clear that I needed to think differently about the problem.

We, as security professionals, know the score. We know what is vulnerable and we work every day to try to address those issues. Even if we individually have small victories and stay off the front page of the newspaper, it's pretty clear that we are losing the war.

Suffocate the bad guys

I spent some time thinking about the root cause of the problem. Basically tens of millions of zombies are out there anonymously doing the dirty work of the bad guys. I've been beating the drum for a while that the ISPs need to step up and address this issue, even though it's going to be painful (especially from a customer support standpoint). It's be a while before they get there. A long while.

Yet I was still treating the symptom, not the cause. I'll describe the conversation that spurred my thinking of the solution tomorrow, but suffice it to say it was only by talking to someone NOT in the security business that I gained clarity about what needs to be done.

Basically we need a grass roots effort to suck the oxygen out of the system and suffocate the bad guys. We still get spam because people still click on links and buy fraudulent products from these shysters. We have identity theft because people remain gullible and will fall for some pretty sophomoric social engineering and phishing attacks.

If we stop more people from doing more stupid things and getting pwned, then we change the economics of Internet fraud.

A Bold and Audacious Goal

So that's what I'm aiming to do with Security Mike's Guide to Internet Security. We need to change the economics of Internet fraud. Yes, it's a bold and audacious goal. Really bold and really audacious. But we are losing and doing the same stuff is not going to yield different results - that much I know.

Security Mike's Guide to Internet Security is a 10-step process to help consumers protect themselves (and their kids) from hackers, identity thieves and other online mayhem. The three main sections are: Secure the Foundation, Protect Your Identity, and Protect Your Kids. That's what it's all about.

Before embarking on an extensive new product initiative, I did check out what's out there. The good news is that there is a tremendous amount of information out there about Internet Security. The bad news is that it sucks. Really sucks. The information is disjoint and not specific enough for someone like my Mom to know what she should do. I was pretty disenchanted and annoyed by this. Even if my Mom wanted to address the issue, she'd have to spend weeks wading through all the crap to figure out what to do.

As I tend to do when I'm annoyed, I decide to fix the problem. Security Mike's Guide is a simple, step-by-step guide that is light on verbiage and heavy on screen shots and detailed instructions of what to do.

If you like it, then it's too hard

The fact is, since you are a security professional, there is a high likelihood that you'll hate it. It's intentionally simple. It's not designed for you. It's not even Security 101. It's kind of like Security Kindergarten. It's secure, but it's not complicated. Unfortunately the two are not mutually exclusive at this point. The sad truth is that anything too complex isn't going to get done. I had to intentionally get rid of the buzzwords and vernacular that dominate our security conversations. Soccer Moms don't care about zombies or IP spoofing.

It's designed for your family and/or your neighbors. Those folks that annoy the crap out of you by asking you to spend your weekends cleaning up the mess they made during the week.

Security Mike's Guide is not about making sure that the world class researchers can't break into their home networks. It's about making sure the script kiddie neighbor cutting his teeth doesn't manage to break into your network and get at your Quicken file. Or find your "private" pictures (ask Vanessa Hudgens about that).

How does Security Mike's Guide to Internet Security work?

The Guide will be delivered via Security Mike's Portal that will go live on (or before) October 15. In the meantime, folks that buy the product during the pre-sale period will get a great discount and will receive a few of the key steps over the next few weeks to get started.

Each step will be laid out in the Portal in excrutiating detail. Screen shots and a DO THIS, then DO THAT approach. If you can follow directions, then you can do Securit Mike's Guide. You'll be able to print the information if that is more comfortable for you. There will be Forums to ask questions and discuss security topics. And no this is not competing with the Catalyst Community. This is for CONSUMERS, not practitioners.

The product will also feature Security Mike's Update Service, which is exactly what it sounds like. Remember, unsophisticated users need step-by-step instructions in the event of a new attack that may require some workarounds. They need to be reminded to verify that the latest batch of patches were installed. That's what the Update Service provides.

Security Mike's Blog

Since Security Mike's Guide to Internet Security really addresses a different audience, I'm launching a new blog to talk directly to those folks. It's called Security Mike's blog (I know, original name there) and is at http://securitymike.blogspot.com. It's kind of sparse now, but I'll be trying to post once a day on that blog as well.

So what? Why will consumers care?

It's pretty straight-forward. Consumers tend to be worried about a few things. Their identity, their kids, and their money. Security Mike's Guide addresses all three.

1) Identity Theft - Your identity will be stolen (it probably already has), so you better be prepared. This involves both technically securing your networks and devices, but also knowing what to do to protect your identity a bit proactively. Given the number of data breaches lately, this is one of the "hottest" issues out there.

2) Protect the Kids - All of our kids are at risk. These new social networks are unknown quantities and we are still figuring out what the real risks are. Until things shake out, we need to be able to more effectively govern what happens on these social networks.

3) Stop wasting money on unnecessary security software - Millions of people waste money on traditional security (read AV) every year and they aren't any more protected. Meanwhile, there are tons of free offerings out there that do as good, if not better, job of protection. To be clear, I'm not saying we don't need security software - we do. I just don't understand why a consumer would pay for it today.

Security Mike is going to ruffle some feathers, which I'm cool with. Big Security wants to maintain the status quo. They want everyone renewing their $80 suites year after year, so they can keep milking the cash cow. They don't really care if things get better. They have a DISINCENTIVE for things to get better.

Security Mike's Guide is about making things better

Feel free to check out the Security Mike web site to get more information about the program. Just to be very clear about expectations, the 10 Steps are very simplistic from a practitioners perspective. I can't wait for lots of folks to poke holes in it and say it's too simple to really work.

The fact is what we are doing now isn't working. So it's time to try something different. Security Mike is going to lead the way.