Foster: Social media security threat “will get worse”
Capitol College alumnus James C. Foster has built his career around keeping ahead of cybersecurity threats. In addition to heading up ZeroFOX, The Social Risk Management Company, which he co-founded in January 2013, he has written dozens of books, given briefings to Congress, and become a sought-after keynote speaker.
Vulnerabilities that leverage social media platforms are at the forefront of his current concerns. Speaking to Forbes earlier this year, he warned that adversaries are becoming more and more sophisticated and capable, while companies are lagging behind in their capacity to fight back.
“Social media has emerged as one of the primary means of hacking into an organization. Attackers utilize information derived from social media to breach servers, send spam, poach Web traffic and sales leads, as well as target and steal intellectual property,” Foster wrote.
“Despite the scale of the social threat, existing technological and legal infrastructures are not mature enough to reliably protect organizations. In this ‘Wild West’ of cyber security, the protection of your business is in your own hands and you better be up to the challenge.”
In a wide-ranging interview, Foster spoke with Capitol College about the current security frontier, his own educational and career background, and the keys to success for those wishing to build a career in the field.
What is appealing to cybercriminals about social media? Why do you anticipate they will continue to turn their attention towards social media platforms?
If I wanted to attack one person or one company, I could do that, but I would have to leverage the knowledge and the skills to successfully execute my attack. If I wanted to attack thousands of people, or all of the employees at a particular company then I could easily leverage social platforms. Because social's so big right now, with 1 in 4 people in the world on their platforms, we are already seeing them as a larger and larger channel to be leveraged during a sophisticated attack.
What concrete steps can companies use to protect themselves?
Shameless plug -- they can use ZeroFOX. We're the only platform out there protecting companies from attacks that leverage social platforms. Security is a big challenge and you have to use a defense in-depth strategy with multiple layers of security. The protection of social media assets is now one of those must-have layers.
How did you build a career in cybersecurity?
I've been doing it for a long time, starting with the Department of the Navy, where I worked as a civilian specialist right out of Capitol College. Following the Navy, I spent time at CSC, Booz Allen and a bunch of startups. After that, I went to graduate school, and then started up Ciphent, which was acquired in 2010. ZeroFOX is my latest endeavor.
What prompted you to choose Capitol? What did you find valuable about the experience?
It's a great technical school, with small classroom sizes and close proximity to the places where I wanted to work. Convenient classes allowed me to work full time while I was continuing to go to school my last couple of years. The school also encouraged me to progress after unique research.
As a cybersecurity professional involved in running a business, what skill sets and attributes do you look for when hiring personnel in this field?
Personally, I look for things that are hard to measure but are very important. I look for an individual’s ability to adapt and be part of a team, loyalty, work ethic, and, of course, intelligence; these are building blocks for any strong teammate regardless of position.
From the technical side of the house for cyber, we look for computer science majors. If you can code, we can teach you more about security. It’s hard to teach a systems administrator some of the meat around security with a development background.
Where do you see the job market headed? Will there be increased opportunities in the field?
The technical fields are going to continue to be hot for the next decade, here in the United States. People are going to continue to hire and that will lead to more opportunities for employment. Further, there's going to be a continuing need for cybersecurity professionals and software engineers. It's a pretty good investment of time and resources to hone in on those technical skills now.
My advice to students right now, who are seeking to change careers is: be great technically before you try to go down the road of management. There's a lot of value to being considered an expert before you decide you want to get fully immersed into management.
What role does your family play and what do you do to relax?
My family is incredibly supportive and I could not do any of this without their complete backing. I feel very fortunate to have them and I put forth a concerted effort to return the gesture on a daily basis. In regards to your second question – that’s easy! I put on some headphones and run along the promenade in Baltimore. There is no comparison when you are looking to get into the zone.