Apscitu masthead.
Apscitu motto.

Credentials Entry tab.

Security expertise, Hacking, Thresher Networks logo.

Security Expertise from Hacking and Thresher Networks

In addition to the considerable network, thus IT (see B.S. Credentials entry), security education and experience I received above, I gained even more from two importantly-different perspectives — as victim and as hacker — while CEO of my first IT company, Thresher Networks LLC (Montana).

I and my family were victims of not one, but two(!), major health insurer data breaches: Montana Department of Public Health and Human Services (MT DPHHS) and Premera Blue Cross. (Actually, I and my family had a third(!) health insurer hacked while we were members: in March 2020, I made the shocking discovery, reported nowhere else, that HealthCare.gov, the Obamacare website, had been hacked; see HealthCare.gov Hacked.)

When Obamacare (HealthCare.gov), itself an IT security fiasco, was implemented, MT DPHHS provided the health insurance for children, including mine. In one of the largest data breaches at the time, MT DPHHS lost all their information — names, ages, addresses, medical records, etc. — to hackers. They pretended the only concern was identity theft — so they only had to offer free credit monitoring for a year — but with children the concern is abduction. After demanding state and federal officials (including FBI's Comey) investigate and getting no response — see FBI Hacking Investigation Negligence Lawsuit — I investigated, including a source inside the MT DPHHS. What I found was that incompetent IT people, particularly the Chief Information Officer (CIO), who didn't even know enough to take basic precautions, were responsible. Premera, our health insurer when we were in Alaska, was the same (old) story.

Additionally, I discovered that the bank, Teton Banks, I used for Thresher Networks LLC had been hacked, due to their IT incompetence.

From my previous IT security education and experience and from being a hacking victim, I realized the only way to protect from hacking is to learn how to hack. Hacking is a networking, thus IT, activity and can range from the more physical/hardware end to the more application/software end (see B.S. Credentials entry). Thresher Networks LLC designed and installed — including cables and other hardware (e.g., routers, switches) — secure enterprise networks, so I already had expertise at that end. Hacking at the application/software end is more common, well-known, and computer science. Good university hacking courses are rare, since it is about doing what is commonly considered an illegal activity, so I learned hacking the way most hackers do: on my own, but made much easier by my IT education and experience, including web programming expertise. Thresher Networks LLC then offered it as the legal service called "penetration testing".

From being a hacking victim so many times (not just health insurers) and from my investigations into those incidents, it became all too clear to me that IT incompetence was widespread and having disastrous consequences. And it was getting worse, although it should have been expected to get better if IT people were qualified so could learn from breaches.

With my extensive (see Credentials) IT education and experience, including hacking, I ultimately realized I could better serve as an expert IT consultant to those who needed it most and needed the best, so I ultimately moved to near Washington D.C. and started Apscitu Inc., which includes the Stop IT Incompetence website.

← Previous Entry     Next Entry →