Author Archives: Hadi El Khoury

Hadi El Khoury

About Hadi El Khoury

Seasoned Cybersecurity advisor and trainer, security and privacy by design advocate, digital entrepreneur and growth hacker. Member of the Information Systems Security Association.

When it comes to Cybersecurity, does fear persuade or does it paralyze?

*Special mention to Dr. Robert B. Cialdini for inspiring this post’s headline. It’s one of the “50 scientifically proven ways to be persuasive“.

In his book, Dr. Cialdini writes that “when the fear-producing message describes danger but the audience is not told of clear, specific, effective means of reducing the danger, they may deal with the fear by “blocking out” the message or denying that it applies to them. As a consequence, the may indeed be paralyzed into taking no action at all.

When it comes to Cybersecurity coverage in the media, it’s easy to notice how much Fear Uncertainty and Doubt (FUD) have polluted the landscape, thus generating IMHO much more paralysis than persuasiveness, mainly when it gets to raising people’s awareness regarding cybersecurity.

As part of the ISSA France chapter, I’m taking part in a one-year crowdsourcing campaign, called #CyberPourTous, launched during the October 2014 European CyberSecurity Month, to accompany journalists and media professionals in covering cybersecurity topics in a more constructive and efficient way, staying away as much as possible for the polluting FUD.

As I was going through my social media timeline yesterday, I was so glad to stumble upon an interview with Mr. Tony Feghaly, CEO of Potech Consulting in Lebanon, who was on Future TV’s “Alam Al Sabah” program, talking about cybersecurity and hacking.

I highly invite readers to watch the interview’s replay (starting at 1’43) below as it is a great example of proper cybersecurity coverage in the media : facts, pedagogy and secured alternatives. This is, IMHO, a #CyberPourTous compliant media coverage :-) Kudos to Tony Feghaly and Future TV!

Have you met Khalil Sehnaoui, a Lebanese face of DefCon and Black Hat?

John McAfee and Khalil Sehnaoui

John McAfee and Khalil Sehnaoui

 

This is the first in a series of Q&A with Lebanese cybersecurity practitioners and we have the great pleasure to start with Khalil Sehnaoui (on the right in the picture taken at DefCon22). Khalil very generously answered our questions.

 

 

TSB >> How did you get started in Infosec/Cybersecurity?

Khalil >> I guess you can say I’m one of the ‘old’ players in this field as I started more than 20 years ago. Well obviously it was not InfoSec then, it was more just fooling around with computers and coding. Actually I think at the time Information Security was not even a big issue as it was all very new and there was no awareness.

At the time it was just about being curious and wanting to explore this new technology as much as possible. I think this is what makes the Hacker mindset: Curiosity and a certain thirst for knowledge. It is not something that can be taught. People who will study computer engineering or the likes end up working as IT people for companies, but hackers take that extra step towards understanding what things can do, what they were meant to do, and what else they can make them do. In that light we can say that some of the world’s greatest hackers were the likes of Leonardo Da Vinci or Einstein.

So my curiosity was always focused towards computing, networks and coding. And even though I followed a very different path in my studies (MBA in Economics), this passion never left me and I was behind my terminals whenever I had time.

TSB >> Why did you choose this field?

Khalil >> Growing up learning how to ‘break’ things and reconstruct them, it was only natural for me to eventually end up in the InfoSec field as once you know how things are broken, then you become good at putting them back together and securing them.

I chose this field because it is what I love to do, because it is the natural field of all our community. I would be doing this stuff whether I was getting paid for it or not. There are so many threats in the Cyber world today and so few people that know how to protect against them, that this is where I feel I can make a difference.

TSB >> Do you consider that Cybersecurity is a failure today and how do you see it evolving in the 5 upcoming years?

Khalil >> I do not think that it is a failure, but I definitely think that more efforts should be done. There will never be a thick such as 100 % secure systems. The main thing is to get as close to really secure as possible, and keep the security evolving as threats evolve every day.

In the region of the world that we, as Krypton Security, evolve in the problems are different. There is a huge lack of awareness when it comes to Information Security, mainly due to poor reporting by the mainstream media of all the dangers it carries. Most people still think that InfoSec is someone else’s problem. Also the perception from IT departments is still that InfoSec people are coming to show management that they are not doing their jobs well enough, instead of seeing us as complementary aides to their security, intervening on aspects they cannot know about.

The Western countries have already suffered major attacks over the course of the past years, and these attacks have been widely publicized, so the general public and corporations management are aware and respond in mind to these threats. This has not really happened yet in the MENA region but I expect it will soon as the day cyber-criminals will realize how unprotected the region is I think it will be a cyber-bloodbath! This is why I wanted to be ahead of that curve and offer the services of Krypton and we have had a really good first year as awareness is raising, slowly but raising.

I think in the next five years attacks will become more sophisticated and much more devastating. I don’t want to sound like an alarmist but that is my opinion. Mostly attacks will focus on mobile devices (smartphones, tablets) as most of the Internet traffic is starting to come from such devices and they are easy targets as general users have little awareness of the dangers.

Also I see one of the problems being that since the technology market is consumer driven, and people are always wanting new products with better technology, most companies are rolling out software and hardware without taking the proper time to ensure security as that would delay the products and would make them lose money. So we are ending up with lots of new products poorly secured! That is a trend I see rising in the next few years, unfortunately.

Khalil Sehnaoui

www.kryptonsecurity.com

Why don’t you join our blogging community and Take Security Back?

Join our blogging community and help us Take Security Back in Lebanon through awareness and education!

The rationale

Our blog aims at educating Lebanese citizens and raising their awareness regarding various aspects of security and safety, whether they deal with people, premises or new technologies.

The team

Don’t complain, Contribute! Join ZouheirTonyReemMichelMelissaMarounJocelyne and Hadi, our guest bloggers.

Examples of articles

What if we started preparing for storms?

Can Lebanese digital media operators DOOHgood?

Cybersecurity 9OclockTips, from Lebanon with Love

12 years later: On Arab strategy, 9/11 and the “war on terror”

Lebanon, where Instability is the newly found Stability

When a Lebanese Colonel contributes to global knowledge on governance and security

Is your health information private and secure?

Who has Cyber Security authority in Lebanon?

Are smartphones becoming the new law enforcement allies?

Are Lebanese banks vulnerable to cyber attacks?

The 10 Golden Rules and Guidelines

Abide by a pure scientific approach covering the security of people, premises and technology

Stay away from any political or religious bias

Be responsible when disclosing observed vulnerabilities in people, process or technology

Respect people’s privacy and be extremely cautious with their personal data

Put visual thinking to work in your posts and don’t hesitate to include infographics, photos or videos that support your arguments

Be persistent and generous in your information sharing

Remain constructive while depicting areas of improvement

Note that sales pitches and commercially oriented posts will not be allowed

Accept that your post will be moderated before publication

Keep this teaching in mind: “We must become the change we want to see in the world.” — Mahatma Ghandi

How to reach us

Read us on the Web: http://www.takesecurityback.com

Find us on Facebook: http://facebook.com/TakeSecBack

Follow us on Twitter: http://twitter.com/TakeSecBack

Email us: contact@takesecurityback.com