David Rhoades hates the word “cyber” so much, he created a powerpoint presentation explaining his disdain for the term. That’s where you can find this gem, coined by Rhoades himself:
Cyberfication (n) – The act of adding the prefix “cyber” to almost any other word for the purpose(s) of sounding hip, link baiting or enhancing budgets.
Here’s the rub: As founder and director of Maven Security Consulting, Rhoades is in the cybersecurity business. Oh, and he also resurrected and leads the Delaware chapter of OWASP (Online Web Application Security Project).
OWASP, a global online community and registered nonprofit, was founded over 10 years ago. As Rhoades puts it, they’re recognized mostly for their standards and guidelines, but also have a number of security projects for which they pull talent from the online community. A little over a year ago, Rhoades happened upon a dormant chapter in Delaware and decided to reanimate it.
While the chapter is currently meeting at Wilmington University to raise student awareness over cybersecurity issues, Rhoades is planning on expanding to the University of Delaware.
The greatest security threat? Lack of internalized security culture. At Maven Security, Rhoades has seen this trend in the majority of his clients.
“What our clients are encountering are a single incident, then suddenly they get religion and take it serious,” Rhoades said. “As things calm down, their interest wanes. Then they have another incident and suddenly it’s very serious again.”
Rhoades said the indecisive interest stems from trouble managing moving parts and trying to comprehend a big-picture perspective of security needs. That’s why he’s pushing for developers to get on the same page as security analysts.
“You’re asking us to test against criteria you hadn’t considered during the design process? Probably would have been better to consider those during the build,” he said.
Rhoades compares network security to a dentistry. “You don’t go to the dentist just once in your life,” he said. “You need to go to the dentist on a recurring basis, especially when there’s a sign of change.”
Most people don’t seem to understand this, he said. That’s why it’s “all hands on deck” as he fights to raise awareness at local universities.
“Anybody who has any technical inclinations, especially developers, we need to get them trained up in security,” he said.
Just don’t use the word cyber.
Knowledge is power!
Subscribe for free today and stay up to date with news and tips you need to grow your career and connect with our vibrant tech community.