Apscitu masthead.
Apscitu motto.

Credentials Entry tab.

Security expertise from hacking and Thresher Networks.

Security Expertise from Hacking and Thresher Networks



In addition to the considerable network, thus IT (see B.S. Credentials entry), security education and experience I received above, I gained even more from two importantly-different perspectives -- as victim and as hacker -- while CEO of my first IT company, Thresher Networks LLC (Montana).

My family and I were victims of not one, but two(!), major health insurer data breaches: Montana Department of Public Health and Human Services (MT DPHHS) and Premera Blue Cross.

When Obamacare, itself an IT security fiasco, was implemented, MT DPHHS provided the health insurance for children, including mine. In one of the largest data breaches at the time, MT DPHHS lost all their information -- names, ages, addresses, medical records, etc. -- to hackers. They pretended the only concern was identity theft -- so they only had to offer free credit monitoring for a year -- but with children the concern is abduction. After demanding state and federal officials (including FBI's Comey) investigate and getting no response, I investigated, including a source inside the MT DPHHS. What I found was that incompetent IT people, particularly the Chief Information Officer (CIO), who didn't even know enough to take basic precautions, were responsible. Premera, our health insurer when we were in Alaska, was the same (old) story. See Stop IT Incompetence website.

From my previous IT security education and experience and from being a hacking victim, I realized the only way to protect from hacking is to learn how to hack. Hacking is a networking, thus IT, activity and can range from the more physical/hardware end to the more application/software end (see B.S. Credentials entry). Thresher Networks LLC designed and installed -- including cables and other hardware (e.g., routers, switches) -- secure enterprise networks, so I already had expertise at that end. Hacking at the application/software end is more common, well-known and computer science. Good university hacking courses are rare, since it is about doing what is commonly considered an illegal activity, so I learned hacking the way most hackers do: on my own but made much easier by my IT education and experience. Thresher Networks LLC then offered it as the legal service called "penetration testing".

From being a hacking victim so many times (not just health insurers) and from my investigations into those incidents, it became all too clear to me that IT incompetence was widespread and having disastrous consequences. And it was getting worse, although it should have been expected to get better if IT people were qualified so could learn from breaches. The massive 2017 Equifax breach is the worst in a long line of worsening data breaches. With my extensive IT education and experience, including hacking, I realized I could better serve as an IT consultant to those who needed it most and needed the best, so I started Apscitu Inc.

← Previous Entry