Host: Jeremy Cherny interviews Chris King, Network Analyst for a large petrochemicals corporation.
“I provide second level network support for a large company in the petroleum world. What that entails is for our retail locations around the country, I can do anything from placing communications orders to writing and verifying firewall rules for new technologies that we have rolling out at the site to trace network traffic. We support about 6400 locations so we have a standard template that goes out for our retail locations, and which template gets applied is solely based on what type of technology exists at the site.”
Why is security important to you?
The industry that I work in is all about protecting customer data. You want to make sure that when your customers go out to a site and swipe their card, they have comfort and the peace of mind to know that out of all the threats that are out there, we’re staying vigilant and their customer data is not going to be stolen and used by someone else. So on top of that there are legal ramifications. The government has established payment card industry standards, which require us to go through and vet our networks on a quarterly basis and have an independent auditor come review those findings to make sure that we don’t have any material breaches in our network security.
How do you stay on top of the latest security threats?
So obviously the government requires us to do our scans quarterly, but we do ours monthly – just to make sure that everything is the way that it should be. Also, there’s nothing quite like physical security. If you walk up to a pump and you see that there is some security tape that has been breached or you see something that says “void” or “alert” absolutely do not use that pump. Technology is sophisticated these days where we used to have skimmers on top of what would be where you swipe your card. Now they put devices inside with Bluetooth transmitters. So they may be sitting in the parking lot, watching your card data come into whatever capture tool that they’re using real time and capturing your pin.
What are the most important things people can do to protect their data online?
First, random passwords for every account – it’s a pain but it’s the biggest way that you can protect your information. Secondly, use a VPN when you’re out in public. Essentially what you’re doing is you’re encrypting your data before it gets to the internet and individuals can’t sit in between and see what it is that you’re sending back and forth. The last thing that doesn’t get talked about enough is just having awareness. There are tons of attacks like phishing and fake websites and just having the awareness to know about those is super beneficial.
Tell us about a time where you’ve gotten attacked.
Oh absolutely. My fiance recently had somebody trying to commit identity theft and they were logging into her websites and trying to figure out her passwords. The good thing is that she had me on her side. I took one of her emails where the IP address of the attacker was logged and used a couple of tools to find the location of the attacker. From there I was able to get property records, names of the occupants, social media accounts, emails, phone numbers and even voting records. From there I let them know that I was going to alert the authorities and that they should stop what they were doing.
What’s your favorite tech movie?
That’s a hard question, there’s so many great ones out there and they all rank really high for me. I’m actually going to change it a little bit and say a series – Black Mirror on Netflix. That series is absolutely amazing. It takes the idea of how technology influences everyday life. It gives a Twilight Zone kind of twist and shows how everything can go ridiculously wrong just from relying on technology.