Confessions of a Professional Cyber Stalker

Computer security attacked

This episode is sponsored by the CIO Scoreboard

Today I had an interesting conversation with Ken Westin. Ken is commonly referred to as ‘The Good Hacker’ and has spent the past 15 years working with law enforcement and research teams to analyze current and emerging threats to determine how our everyday products and gadgets can mitigate these threats.

Ken is regularly reached out to as a subject matter expert in the area of security, privacy and surveillance technologies.

In our industry people do a lot of talking about how they want to stop cyber security threat, developing technologies they hope will stop threats, but rarely do you actually come in contact with people actually demonstrating a track record of success thwarting, mitigating and bringing people to justice.

Ken Westing the good hacker

What you will learn from this interview:

  1. The secret lives of applications that live on our phones. What information are these apps gathering that we’re not aware of and where exactly is that information going? How can this information be used against us and why are these data harvesting protocols not mentioned in the privacy policy or terms of conditions of many apps?
  2. Black Hat tools and where to find them to see what your adversary sees about YOU!
  3. Questions that Boards should ask about what information that they are tracking about customers
  4. The importance of education and security
  5. Efficacy and relevance of Cyber Liability Insurance
  6. The Cybersecurity elephant in the room: companies tracking and selling our private information
  7. Orchestrating threat intelligence by automating and tracking compliance workflows
  8. The importance of Data Security Analytics
  9. If you are not investing in a product or app then you are the product

Ken Westin RSA

Get in touch with Ken:



About me Profile

RSA Profile

RSA Conference Session – Killing the Kill Chain

LinkedIn Published Articles

Ken Podcast I enjoyed at Tripwire site

BBC article – “I’m a professional cyberstalker”

Mobile Privacy articles

Defcon Talk: Confessions of a Professional Cyber Stalker

Resources Mentioned:

ID Experts – Radar product – Helps with hi profile breach cleanup cases

Kali Linux Distribution

Offensive Security

Tripwire– Automation of Security Compliance + Workflow


Passive Reconnaissance







Bill’s interview with Aharon Chernin, CTO of Soltra

Summarized Show Notes:

  • How Ken got started in the technology world and different technology he developed to aid in theft recovery
  • Empowering people with technology. Criminals take the fun out of technology, dealing with hackers in particular. Ransomware – impact on business. Consumers are now able to defend themselves in a hostile environment
  • Being knowledgeable about what is possible and raising people’s awareness makes a difference.
  • One of the biggest threats right now is marketing departments that develop spyware and gather information through apps, ad libraries. A lot of information is being harvested from our phones
  • If you’re not paying for the product, you are the product
  • Hackers are not the ones that collected the information from people. So how can we secure the information? We need to ask ourselves – what information do we need to collect in order to do business? Companies are collecting information with immunity. If you are collecting that information – you need to be responsible for what you do with it.
  • Mobile software for tracking stolen devices and camera recovery, there’s always a trace
  • Passive Reconnaissance – it’s amazing how much information you can gather through this without touching the network. Can scan network for vulnerabilities without touching it. Just through DNS records, could map Infrastructure, IP ranges, harvest information through LinkedIn. From there, he could identify the technologies he would run into when inside the network.
  • Hackers involved in the Target breach – they did their homework, they could identify who their business partners were and send phishing emails
  • How can one map the network without touching it, inside the firewall?
    1. Identify the IP ranges they are dealing with
    2. Through DNS records – identify 3rd party vendors – HR Services, subdomains for special one off projects, marketing projects, Salesforce etc.
    3. Trusted business partners and vendors
  • Maltego – tool for open source intelligence gathering and threat intelligence integrations
  • Recommendations for a security beginner trying to understanding an external view
  • Offensive security and penetration testing tools and training resources, videso and tools for open source intelligence gathering
  • Key points: awareness and security training in general
  • In security, we like to learn, that’s why we’re good at what we do and I think everyone in the business needs to take that on. Ignorance is no longer an excuse especially on the business side
  • We’re seeing a lot more boards care about security, investors and startups caring about security
  • Boards asking about cyber liability insurance
  • With cyber liability insurance, there isn’t a lot of data, a lot of it is guessing and with that, a lot of exclusions that get included from these policies and now with the breaches
  • With the recent breaches we’ve seen, between Target and Sony, they’re seeing that the cost of a data breach is higher than originally thought when you start to think about lawsuits and identify theft insurance. Insurance companies are starting to put a cap on how much they’re liable for.
  • Need to secure your infrastructure before you get your cyber liability insurance
  • Marrying real security rules – configuration of compliance and real security.
  • Data Analytics – Security Analytics is key. Being able to correlate the data is the challenge to identify the real threat to the environment.
    • Starting to see more correlation between vendors, more open source for threat intelligence
  • Vendors bringing in data scientists with the data they collect and making it easier on the clients to identify anomalies and the signal to noise ratio
  • How does Ken see the space maturing to a point which is meaningful to a small to medium business? Tools such as Open DNS, taking complexity away from the businesses. But business can leverage the big data and threat intelligence. Larger businesses will have to have their own teams. Make sure to identify what’s happening in their own network.
  • STIX/TAXII integration – more and more vendors will start to use this and businesses need to ask their vendors if they are compliant with STIX and TAXII
  • A lot of industry clout with Soltra and FS-ISAC. Mitigate threats and share information. 46:36
  • The devil’s in the data. Being able to make sense of the data. Harvest the data. There is data there telling you a story, just a matter of you finding it. Harvest the data.

This episode is sponsored by the CIO Scoreboard

Communicate the Status of Your IT Security in 2 minutes

All methods of how to access the show are below:

Leave a podcast review here

How do I leave a review?

Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT Business Leader. Follow Bill on LinkedIn and Twitter.