Security Expertise from Hacking and Thresher Networks
In addition to the considerable network, thus IT (see
B.S. Credentials entry),
security education and experience I received above, I gained
even more from two importantly-different perspectives —
as victim and as hacker — while CEO of my first IT
company, Thresher Networks LLC (Montana).
I and my family were victims of not one, but two(!), major
health insurer data breaches: Montana Department of Public
Health and Human Services (MT DPHHS) and Premera Blue Cross.
(Actually, I and my family had a third(!) health insurer
hacked while we were members: in March 2020, I made the
shocking discovery, reported nowhere else, that
HealthCare.gov, the Obamacare website, had been hacked; see
HealthCare.gov
Hacked.)
When Obamacare (HealthCare.gov), itself an IT security fiasco,
was implemented, MT DPHHS provided the health insurance for
children, including mine. In one of the largest data breaches
at the time, MT DPHHS lost all their information —
names, ages, addresses, medical records, etc. — to
hackers. They pretended the only concern was identity theft
— so they only had to offer free credit monitoring for a
year — but with children the concern is abduction.
After demanding state and federal officials (including FBI's
Comey) investigate and getting no response — see
FBI
Hacking Investigation Negligence Lawsuit — I
investigated, including a source inside the MT DPHHS. What I
found was that incompetent IT people, particularly the Chief
Information Officer (CIO), who didn't even know enough to take
basic precautions, were responsible. Premera, our health
insurer when we were in Alaska, was the same (old)
story.
Additionally, I discovered that the bank, Teton Banks, I used
for Thresher Networks LLC had been hacked, due to their IT
incompetence.
From my previous IT security education and experience and from
being a hacking victim, I realized the only way to protect
from hacking is to learn how to hack. Hacking is a
networking, thus IT, activity and can range from the more
physical/hardware end to the more application/software end
(see
B.S.
Credentials entry). Thresher Networks LLC designed and
installed — including cables and other hardware (e.g.,
routers, switches) — secure enterprise networks, so I
already had expertise at that end. Hacking at the
application/software end is more common, well-known, and
computer science. Good university hacking courses are rare,
since it is about doing what is commonly considered an illegal
activity, so I learned hacking the way most hackers do: on my
own, but made much easier by my IT education and experience,
including
web programming
expertise. Thresher Networks LLC then offered it as the
legal service called "penetration testing".
From being a hacking victim so many times (not just health
insurers) and from my investigations into those incidents, it
became all too clear to me that IT incompetence was widespread
and having disastrous consequences. And it was getting worse,
although it should have been expected to get better if IT
people were qualified so could learn from
breaches.
With my extensive (see
Credentials) IT education and experience,
including hacking, I ultimately realized I could better serve
as an expert IT consultant to those who needed it most and
needed the best, so I ultimately moved to near Washington
D.C. and started Apscitu Inc., which includes the
Stop IT Incompetence
website.
← Previous Entry Next Entry →