Interview with Charles (Chuck) Geigner
January 23, 2017
Charles (Chuck) Geigner works in the fields of privacy and Information Technology infrastructure. He also leads teams that are in charge of operational security on the University of Illinois campus. The teams deal with the security support (for the customer service sector) and security engineering (including incident responses and handling, forensics, and vulnerability assessment). These teams are the keepers of the ‘breach kit’—which contains protocols and tools required to deal with security breaches on campus networks. Chuck and his team also have the responsibility of assessing business risk and advising the university on how best to handle particular security breach situations in order to minimize the damage and cost incurred. Here are summaries of answers to some questions.
Why is there a substantial need for information security?
Working in the Unix development and system administration sector, I saw the need for information security grow over the span of a decade. During my time at State Farm, I moved from the technical aspect to the security aspect of information technologies. State Farm had 14 teams with over 160 people dedicated to finding network vulnerabilities, assessing related risks and costs, and finding solutions to fixing these problems within the system. At the time, many companies were wrestling with the idea of forming teams such as this, because it was a large financial investment. However, with the rapid advancement of technology and the disadvantage that large corporations have against incoming attackers, the need for such teams become obvious and mandatory. The attacked are at a disadvantage from the get-go as the attacker can be focused on a single penetration technique. On the other hand, the organization in need of security must be able to predict and counter any form of attack at any time, always leaving them one step behind. This is why such large, talented teams are required to take control of information security and privacy. In addition, mainstream media has only recently started stressing cyberattacks and information security and privacy, so more people have begun to read about it, talk about these questions and participate in this new field of study, research, and work.
What is threat intelligence?
Threat intelligence is a form of collaboration that allows large organizations to share information regarding cyberattacks, vulnerability assessment methods, new programs, and software for combating attackers and for improving risk detection methods. Large, vetted institutions have a feed where they can share new information, add onto old research, and aid one another in staying attack-free to minimize risk. There are various “shades of grey” when it comes to information security attacks, meaning that some vulnerabilities may pose large risks while others may not. No time should be wasted on fixing problems that pose no risk to an organization, as this is a waste of valuable resources.
Is vulnerability assessment a constantly evolving line of work?
Vulnerability assessment is most definitely an evolving line of work and should be if we want to keep systems and networks secure from outside attacks. The landscape of security systems will continuously grow as technology does. There is constantly new technology being introduced, and this allows attackers more creative ways to breach systems, making our job more challenging.
Why do people keep a safe distance from getting involved in cybersecurity?
Most people believe that one must have a high level of technical know-how in order to aid in the field of cybersecurity. As much as technical knowledge helps, it is not the only tool in the arsenal of a strong cybersecurity team. There are a plethora of roles to be filled and, at the moment, there is a severe shortage of professionals to fill them. What is required is creative, problem-solving capacity. A friend of mine once hired a military historian that saw patterns nobody else saw and was able to bring to light vulnerabilities that others did not think to point out. The image of cybersecurity needs to evolve. Although we need technical professionals, that is not all we need. For incident responses, a variety of talent is required, and that is currently lacking in many institutions.
What is phishing, and why is it so dangerous?
Phishing is dangerous when done well. Phishing is the process of posing as a legitimate person, organization, or other entity with the intention of securing information of various kinds. Phishers will often use social engineering to obtain information from members of an organization and then use that information to breach systems and obtain private pieces of data such as usernames, passwords, bank account information, and payroll information. In situations such as this, there is a very strict protocol pattern; an immediate and initial response to find the attacker, swift communication with the rest of the organization in order to alert members of the attack, and finally a detection of people that fell prey to the “phish.” There is a false notion that people fall prey to phishing because they aren’t intelligent or cannot see through the obvious ruse. However, there is nothing obvious about phishing, especially when it is crafted carefully and intelligently. This is why phishing is a dangerous form of attack, and members of the general public need to constantly be on their guard.