Profiles in Cyber Courage #2: Tom and Justin Peltier

Abstract

Father and son consultants Tom and Justin Peltier are quizzed by War & Peace in Cyberspace columnists Dario Forte and Richard Power on certification, laptop security and wireless. Justin describes certification as a “flawed process” but admits it can be useful in applying for jobs. He believes technical certifications are difficult to create so they have practical application. He calls for an IT security review board equivalent to the law exam for lawyers. On laptop security he believes easy to use encryption is best for end-users. He recommends PGP as it is user friendly and transparent. He says one of the most basic laptop security controls is a cable lock, which he uses everywhere. Justin says wireless networking is still part of the “golden age of hacking.” He says “fantastic” security controls are available for securing wireless access points and wireless clients. He has encountered organizations with no awareness of rogue access points or any means of detecting rogue devices. He says old attacks are still mostly used today where common tools such as airsnort and kismet are used against Wired Equivalent Privacy (WEP). He describes client side exploits as the newest wave of attacks saying they leave him “scared about security controls.” He admits the attacks are difficult to prevent and says deep pack inspection is the only measure that works somewhat. He is also fearful of: TOR - Packets travelling across the TOR are impossible to trace back. Anti-forensics (AF) - AF makes hiding an attack easier. Steganography - Combining steg with anti-forensics makes finding an attacker impossible. SSL- SSL is a popular attack vector. This year, every other month, War & Peace in Cyberspace will feature “Profiles in Cyber Courage.” In this ongoing series, we will focus on colleagues who have made significant contributions to the field of cybersecurity, and conduct in-depth interviews on timely and vital issues. Our second “Profile in Cyber Courage” highlights Tom and Justin Peltier ( http://www.peltierassociates.com ), who along with many individual accomplishments share the distinction of being the first father and son to win the CISSP and CISM certifications. The Peltiers consult, train, write and speak both as a team and individually. Tom Peltier's expertise is in the arena of cybersecurity management; Justin's is in the technical dimensions of cybersecurity.