Would you kindly introduce yourself to our readers?
My name is Wilson Mendes, and I am an Information Technology (IT) professional specializing in Information Security with extensive experience in various areas including cybercrime, artificial intelligence, cryptography, firewall, and data security. My experience also covers Malware, Reverse Engineering, Chatbot, Crawlers, Commercial Automation, Microservices and Embedded Systems. I have in-depth knowledge of security protocols, privacy and anonymity, network administration and Linux systems, FreeBSD (my eternal passion), NetBSD, and OpenBSD.
Throughout my career, I have worked as a consultant, focused on cybercrime prevention, forensic investigation, reverse engineering, cryptography deployment, ISO/SCADA standards adoption, ethical hacking, network auditing, and distributed malware detection systems. I also participated in the adequacy and implementation of artificial intelligence and security devices, developing anti-tracking devices and ensuring secure transactions on public networks through the elaboration of risk and failure containment plans.
I currently work as a Pentest Red Team member and actively contribute to the dissemination of knowledge in the area through lectures, interviews, and articles in reputable magazines, such as eForensics Magazine and Hakin9 Magazine.
Please elaborate on your decision to work in this field.
Since I was a child, I've always been passionate about electronics, televisions, portable radios, recorders... I've always been curious about how these objects worked, I wanted to know what each electronic device was for, their respective functions. When I had contact for the first time with walkie-talkies, it was love at first sight, I was curious how that communication was possible, including the capture of cordless phone frequencies, amateur radio, and other noises that left me fascinated by a universe of discoveries that lay ahead. When I had contact with my first computer at the age of 13, a TK-3000 was an explosion of feelings. Programming in Basic, recording the information on cassette tapes, and soon after programming for 5.25 floppy disks. That's how it all started.
What is your typical day as CyberSec Engineer?
I'm a very disciplined person, I wake up every day at 4:40 am, I go swimming four days a week, then I drink a special coffee balanced with tropical fruits. I start my professional day by checking the agenda with the tasks I have to accomplish. I almost always use headphones to listen to music or sound frequencies that increase my concentration power.
I practice the pomodoro technique when I'm working, so every 50 minutes of work, I confess that sometimes the idea flows in such a way that I can't get up from the computer, but when possible, in an interval of 10 minutes per hour, I do stretching on the ball or on the mat, I also use a massage chair along with a foot massage, to generate comfort for long-term work. I take a break for lunch, which is usually from 12:30 pm to 1:30 pm, I return to the chore routine at 2:00 pm, continuing until 6:00 pm. At night, I practice weight training five days a week. After showering, I have a light meal. And soon after, I pray and meditate not to take with me any tasks or memories of the day before bed.
What methods or equipment do you employ at your job?
I use pomodoro for time control, Jira for scheduling and projects, Tasknote for notes related to routines. A notebook and pen to ensure the information is safe (backup, lol). Equipment related, I use two Lenovo i7 notebooks with 32GB RAM, 2TB and advanced encryption and a desktop with Razer processor and 64GB of RAM with four SSDs of 2TB for work.
Which tool is your favorite?
It depends a lot on what I'm going to do, but I can mention some that I believe is like a Lego game, they fit into each other, but ReconFTW is without a doubt a kind of Swiss army knife. However, it has: Arachni, Sniper, Naltgeo, Netcraft, Metasploit, Nessus, HyperionNul Evasion, Nmap, Wireshark, Burp Suite, Nuclei Crackmap. As for the wireless network, my favorites are: Aircrack-ng, Kismet, Wi-Fi Cracker, Reaver, Bully, WiFite, PixieWPS, Linset, NetStumbler. But my current favorite is Flipper zero.
You have extensive experience and knowledge across a wide range of topics. Your articles are very informative for our readers. What are your current thoughts on cyber security? Where are we?
First thank you very much for your comments. It is always a great honor for me to be able to write for an encyclopedia that brings together great writers. As the study is routine in my life, knowledge is something continuous. The field of security continues to grow, and so exponential growth will continue forever. Information security is something very complex because between system and hardware failures and human errors, there are gaps and that's exactly where the opportunity arises, multiplied by zettabytes of information exposed for free on the internet, for good or for evil, made accessible for everyone.
Add to this the internet of things and artificial intelligence, which is increasingly accessible and popularized, and accelerates every day with hundreds of interactions between machines and human beings, making learning about any subject become superior to any outdated, primate and traditional teaching method. As the principle of economics is based on the law of demand and supply, there is a universe of possibilities that is increasingly enhanced by new technological ruptures. We are in a transition where the old and primitive way of learning will certainly end. What is happening is a transformation that involves the entire globe and those countries, governments, and social sectors that are not prepared will be left behind.
What are the main tactics you've observed bad actors employing lately?
This depends a lot on the scenario, and the target to be attacked. But there are patterns to reach the objective, and the consequences of this depend on the answers that these techniques and tactics manage to extract. I could cite some such as Social engineering, Distributed Denial of Service (DDoS) attacks, Phishing, Advanced Persistent Threats (APTs), Identity theft, Malicious software distribution, and Ransomware attacks.
It is important to be aware of and keep up with the latest security practices to mitigate the risks associated with these tactics. Additionally, consulting up-to-date sources and security experts will provide more accurate and timely information on current tactics employed by authoritarian governments, spies, hackers, and rogues.
Is this a particularly effective tactic in your opinion?
Yes, phishing is considered to be an effective tactic employed by malicious people. It has been widely used for many years and continues to be a prevalent threat. Phishing attacks can be successful because they exploit human vulnerabilities such as trust, curiosity or urgency to trick individuals into taking actions that compromise their security.
Phishing emails or messages often appear genuine, mimicking the branding and language of legitimate organizations or individuals. They can create a sense of urgency or offer attractive incentives to prompt users to click on malicious links, provide personal information, or download infected attachments. This can lead to various harmful outcomes such as identity theft, financial loss, unauthorized access to accounts, or installation of malware.
The success of phishing attacks often relies on social engineering techniques, psychological manipulation, and careful impersonation of trusted entities. Malefactors continually adapt their strategies, making it difficult for individuals and organizations to identify and defend against these attacks effectively.
To mitigate the effectiveness of phishing attacks, it is crucial to make users aware of the characteristics of phishing emails, teach them to identify possible warning signs, and educate them on online security best practices. Employing email filters, multifactor authentication, and keeping software and systems up to date are additional measures that can help combat phishing attempts.
What’s the best defense against malicious insiders?
Defending against malicious persons within an organization who abuse their authorized access for harmful purposes is a major challenge.
With some basic requirements, we will be able to increase and improve the defense system.
1- Strict Access Control: Implement a robust system of access controls and permissions that restrict employee access to confidential information or critical systems based on their job roles and responsibilities.
2- Principle of Least Privilege: Adhere to the principle of least privilege, granting employees only the minimum level of access necessary to perform their job duties.
3- Monitoring and Auditing: Establish robust monitoring and auditing systems that track user activity, access logs, and changes to critical systems or data.
4- Segregation of Duties: Implement the separation of duties so that critical tasks require the collaboration of multiple individuals.
5- Employee Education and Awareness: Conduct regular training and awareness programs to educate employees about the risks associated with insider threats and the potential consequences of their actions.
6- Incident Response Plan: Develop a comprehensive incident response plan that includes specific procedures for dealing with insider threats.
7- Non-Disclosure Agreements and Background Checks: Implement robust hiring processes that include thorough background checks and screening of potential employees.
8- Promote a positive work environment: promote a positive work environment that encourages open communication, trust, and transparency. Employees who feel valued and supported are less likely to engage in malicious activity.
While it is challenging to completely eliminate the risk of malicious intruders, implementing a combination of these strategies can significantly increase an organization's ability to detect, deter, and respond to these threats.
Do you have any additional suggestions for important cybersecurity focus areas?
These are the areas that I believe are already growing exponentially.
- Cloud security is of paramount importance as organizations increasingly adopt cloud computing services. In this context, it is crucial to ensure the security of cloud environments, which involves implementing appropriate access controls, encryption, monitoring, and regular vulnerability assessments of cloud infrastructure and services.
- Internet of Things (IoT) security has also become a significant concern due to the proliferation of connected devices in homes, businesses, and critical infrastructure. Expertise in IoT devices, networks, and data, including strong authentication, encryption, and patch management, is critical to ensuring security in this context.
- Additionally, the security of Artificial Intelligence (AI) and Machine Learning (ML) is an important consideration as these technologies are being integrated into many applications. Addressing areas such as adversarial attacks, data poisoning, and the ability to explain the model need to be addressed to ensure the security of these systems.
- Privacy and data protection are essential aspects to be considered. It is critical to protect user privacy and comply with data protection regulations such as GDPR and CCPA. In this regard, organizations should implement strong data protection measures such as encryption, data minimization, and privacy by design principles.
- Mobile security is also crucial given the widespread use of mobile devices. To secure mobile apps and devices, it is important to implement mobile device management (MDM) practices, strong authentication, and secure encryption in order to mitigate threats related to mobile devices.
- Finally, performing security testing and vulnerability management on a regular basis is a fundamental practice. This involves performing penetration tests, vulnerability assessments, and implementing a robust patch management process, allowing for effective identification and treatment of vulnerabilities.
Remember that cybersecurity is an ongoing and evolving process. It's important to stay current with emerging threats, technology trends, and best practices to ensure a strong security posture.
What are your thoughts on AI, the current trending issue? What direction does it lead us in?
In my opinion, Artificial Intelligence (AI) is a powerful and transformative technology that is advancing rapidly and disrupting many social sectors. It has the potential to revolutionize society in areas such as health, transportation, and education. AI has already demonstrated its capabilities in image and speech recognition, natural language processing, and autonomous systems.
A current AI trend is the impact on the workforce and job displacement. Automating tasks through AI raises concerns about possible job losses in some industries. However, AI can also create new job opportunities and transform existing roles. To adapt to these changes, it is important to develop new skills and promote continuous learning.
The ethical implications of AI are an important issue. As AI systems become more complex and autonomous, there is a need to address issues related to decision-making, fairness, transparency, and accountability.
Data privacy and security are key considerations in AI. The collection and use of large amounts of personal data requires robust data protection and security measures to ensure trust in AI systems and the privacy of individuals.
The direction AI takes will depend on how it is developed, deployed, and regulated. With responsible practices and proper guidance, AI has the potential to improve many aspects of life and address complex challenges.
However, open dialogue, collaboration, and continual assessment of the impact of AI is needed to direct its development in ways that benefit humanity as a whole.
Do you believe artificial intelligence may advance or impede your field? How?
I believe that AI has the potential to advance and improve several fields of research, bringing faster and more accurate answers in several social sectors. AI technologies, such as advanced machine learning algorithms, natural language processing, and deep learning, have already played a significant role in advancing the capabilities of models such as Alexa, Siri, Google, and now ChatGPT. AI can help researchers and developers by automating tasks, providing insights and accelerating the pace of innovation. AI can also facilitate the development of new research tools and methodologies.
Additionally, as AI technologies advance, there is the possibility that systems will become more capable and potentially surpass certain tasks traditionally performed by human researchers.
In summary, AI has the potential to significantly advance the field of research and development, providing new tools, accelerating innovation and optimizing processes.
What, in your opinion, is the most important thing in the world of technology?
In my opinion, the knowledge. But technology must serve and benefit humanity in social progress by bringing solutions, accessibility and promoting inclusion to all individuals, regardless of their abilities, socio-economic status or geographic location, and should strive to bridge the digital divide. That's all, folks!