Sometimes it is easier to define what Fresh Security is not than what we are...
On 7 July 2005, I was sat in a basement in Moorgate, London. "Call home. Let them know you're ok."
Moments earlier, four terrorists had exploded bombs on London's public transport. 52 people died. From that moment, the summer of 2005 started with 12-hour shifts and, in time, slowed to rotating 8-hour shifts. Working 24-hours to understand and protect people in the UK.
For the next two years, life was a war in Iraq, one in Afghanistan, and working to stem the rise of terrorist recruitment material. Unfortunately, one of the first steps in recruiting terrorists is brutalisation… it was grim. War is bad. War is impactful. Eventually, enough was enough. It was time to move on. To look at the world through a positive lens.
My positive lens and path to recovery was to spend the next three years working on cybercrime – in all its forms. Yes, there were grim parts, but somehow I brought together an international cybercrime programme that protected $1B in the first 18-months. A feat entirely down to the brilliant teams I worked with.
What I learnt during this time is cybercrime is a highly optimised business. There were, and still are, specialist criminals at each stage of the criminal process. Cybercrime is a true meritocracy. Criminals offer services and are paid by performance, but when they fail – that is the end.
Why do I tell this story?
Earlier this week, I read Cyber-Security: Here's Why The Bad Guys Are Winning on Forbes. An 8-minute rant against the incompetence of hapless cybersecurity experts and regulators. People more interested in protecting their highly paid jobs than solving the challenges of cybercrime. Add in some framing of fighting a war and taking hostages. It is a crafted piece of fear-mongering.
While I agree with some of the points made in the piece, I have also seen war and hostage-taking. It's grim. It's bad. But it's not cybercrime. It's not cybersecurity. It's not a way to solve the challenges our community faces.
When an example of what you are not is so clear, it is worth pointing out. And stating clearly to our community:
Fresh Security does not profit on the back of cultivated insecurities.
And we never will.