Chris Mark Speaking at OpenEdge 2016 Partner Advisory Board May 27, 2016
Posted by Chris Mark in cyberespionage, cybersecurity, Uncategorized.Tags: Chris Mark, cybersecurity, dark web, data breach, Global Payments, KeyNote, OpenEdge
add a comment
I am honored to have been asked to present as the keynote speaker at the OpenEdge 2016 Partner Advisory Board on June 6th, in Chicago, Il. I will be speaking on the state of cybercrime today and provide a live demonstration of the Dark Web as well as a description of how cyber thieves steal and use payment card data. It should be a fun event for everyone! If you are an OpenEdge Partner please consider attending!
Chris Mark to speak at 2016 ISF Texas April 10, 2016
Posted by Chris Mark in Uncategorized.Tags: assurance, Chris Mark, cybersecurity, hacking, information, risk
add a comment
This week (10:30 am, April 14, 2016) I will be in the awesome city of Austin, TX speaking at the 2016 Information Security Forum. The ISF is: “…a free educational conference aimed at public sector Information Security Officers, Information Resources Managers, and IT staff throughout the State of Texas. The conference is hosted by the Texas Department of Information Resources (DIR) and will be managed by the Office of the Chief Information Security Officer (OCISO).” The title of my presentation will be “Hackers, Slackers, and Thieves, understanding your adversary.” If you are in Austin, please consider attending!
Lenovo caught (again) installing SpyWare and Malware on Computers! September 27, 2015
Posted by Chris Mark in Uncategorized.Tags: china, Chinese, cybersecurity, data theft, hacking, lenovo, Man in the Middle, MitM, rootkit, spyware
add a comment
I just saw on TheHackerNews Security Blog on a link I picked up on LinkedIn. If true (no reason to think it is not), this is truly bad business and shameful practices by Lenovo..AGAIN. Keep in mind that two years ago Lenovo (a Chinese company, BTW) was banned (Again..) from providing computers to the US Intelligence and defense services of Australia, the United States, Britain, Canada and New Zealand over spying issues. They were first banned in 2006! Then, in January 2015, Lenovo was caught…ONCE AGAIN..installing SuperFish malware onto refurbished laptops. SuperFish has a serious vulnerability which makes it vulnerable to Man in The Middle Attacks (MitM). Now, according to TheHackerNews Lenovo was caught in August installing a rootkit into their computers. This rootkit, known as the Lenovo Sevice Engine (LSE) installs into the BIOS on the computer. According to TheHackerNews: “One of the most popular Chinese computer manufacturers ‘Lenovo’ has been caught once again using a hidden Windows feature to preinstall unwanted and unremovable rootkit software on certain Lenovo laptop and desktop systems it sells.”
So what does this really mean for you…the consumer? If you want to buy a Lenovo I would only ask that you email me as I have a great bridge for sale in Utah and would love to introduce you to some Ukrainian friends who love to give high interest loans. Honestly, if you are going to buy a Lenovo after reading this, you probably deserve what you get. I can tell you that I would never own a Lenovo again (had one in the 1990’s). Fool me once…shame on you…fool me twice shame on me…fool me a third time? Seriously?
Dupont’s Titanium Oxide Color Recipe- Stolen for Chinese Advantage July 22, 2015
Posted by Chris Mark in Industry News, InfoSec & Privacy, Risk & Risk Management.Tags: Chris Mark, corporate espionage, cyberespionage, cybersecurity, Dupont, InfoSec, mark consulting group, San Francisco Chronicle, security
add a comment
Oddly (to me anyhow) this is the 2nd most popular post on my blog! It was written over 3 years ago but since it gets so much traffic I thought I should re-post. Here it is in 2015!
Many mistakenly believe that only “high tech” secrets and intellectual property are targets for intellectual property theft. In a clear example of how any propriety secret can be considered a target, a scientist (Tse Chao) who worked for Dupont from 1966-2002 (36 years!) pleaded guilty in Federal court on Thursday to committing espionage for a company controlled by the Chinese government. Mr. Chao testified that he provided confidential information to Chines controlled Pangang Group. What did he steal? Among other things, the recipe for Dupont’s Titanium Dioxide. What is TD used in? Titanium Dioxide is the ingredient in many white products that makes the products white. Products such as paint, toothpaste, and Oreo cookie filling! Stealing the ingredients to Oreos shows just how low cyberthieves will go! According to court documents: “DuPont’s chlorine-based process was eagerly sought by China, which used a less efficient and more environmentally harmful production method”
I have worked with a number of large companies who, when asked why they did not protect trade secrets, replied that they did not believe their industry or type of product was of interest. Make no mistake. If your company has a unique process, technology, or product, it IS of interest to many companies. Unfortunately, the US Government has released reports that state that China is sponsoring much of the US and European cyber espionage.
photo from: http://www.titaniumexposed.com
Getting into Information Assurance Careers June 2, 2015
Posted by Chris Mark in Uncategorized.Tags: Chris Mark, CIPP, CISSP, Consulting, cybersecurity, InfoSec, privacy, SANS
1 comment so far
I have had a number of folks email me asking about becoming an InfoSec worker so I am writing this post to (hopefully) help those who are interested. In 2001, I landed in InfoSec by pure luck and I have never looked back. It is an amazing field and a great career path. First..for some marketing. According to the InfoSec Institute, the average CISSP Salary in 2014 is over $100,000 per year. In 2013 there were 209,000 job postings for CyberSecurity Jobs and it is estimated that in 2015, there are 40,000 more jobs than people to take them. In short, it is a very high demand field.
InfoSec? CyberSecurity? Information Assurance? WHAT?
It is even confusing to me sometimes. At a high level I use the term Information Assurance as it encompasses all of the elements of protecting data. This includes data security (protecting data), CyberSecurity (protecting the systems, and infrastructure), Privacy (appropriate use of information) and Compliance (ensuring your company complies with relevant regulations) and Risk Management (evaluating the security risk of your organization). While this short post does not allow for a more comprehensive overview, these are the generic ‘pillars’ that we consider.
What types of Jobs are Out There? (more…)
