Mr. Pires, can you tell our readers a little bit about yourself and your professional background?
Hi, my name is Filipi Pires, and I’ve been working Principal Security Engineer at Talkdesk, Security Researcher at senhasegura…I’m Hacking is NOT crime Advocate and RedTeam Village Contributor. I’m part of the Staff team of DEFCON Group São Paulo-Brazil, International Speakers in Security and New technologies events in many countries such as US, Canada, Germany, Poland and others, I’ve been served as University Professor in Graduation and MBA courses at brazilian colleges, in addition, I’m Creator and Instructor of the Course Malware Attack Types with Kill Chain Methodology (PentestMagazine) and Malware Analysis – Fundamentals (HackerSec).
In your opinion, which are the main trends that shape cybersecurity nowadays?
I really believe that exist an adaptability from the threat actor perspective for the attacks..
I like to use the Trend Micro Predictions report as a reference to explain that:
- Threat actors will turn home offices into their new criminal hubs;
- The Covid-19 pandemic will upend cybersecurity priorities as it proves to be fertile ground for malicious campaigns;
- Teleworking setups will force organizations to confront hybrid environments and unsustainable security architectures;
- The unprecedented need for contact tracing will have malicious actors directing their attention to users’ gathered data;
- Attackers will quickly weaponize newly disclosed vulnerabilities, leaving users with a narrow window for patching;
- Exposed APIs will be the next favored attack vector for enterprise breaches;
- Enterprise software and cloud applications used for remote work will be hounded by critical class bugs;
And of course, Ransomware Attack will continue to be the main attack.
Trend Micro Reference: https://documents.trendmicro.com/assets/rpt/rpt-turn-the-tide-trend-micro-security-predictions-for-2021.pdf
Do you think that society is well informed when it comes to cyber threats and their prevention?
I think that it depends of the country, here in Brazil, I’ve been seeing some improvement in talks about the Cyber Threats, however many times the message passed for the newspapers/TV is not enough and sometimes incorrect.
How would you best describe today’s digital space? How can someone protect themselves/ their business from potential cybercrimes – what are the main steps that should be taken?
Our enemy is totally invisible, we fight against a kind of attacker that usually it is a step ahead.
We often do not know how these malicious artifacts are created, where they come from, what kind of vaccine would be important to contain this type of pest.
Nowadays, when we received an email, we should look for who is the sender of that message is, when we are looking at the domain of the “person” who sent this email to us, we can check if it’s potentially malicious email.
We should look at the type of extension that is attached to the email, if it is an executable, binary, Word Doc, PDF, among others, we need to be careful when opening all types of files.
We have come to see that attackers have used many messages by SMS to also collect information from their victims
Can you tell us about a challenging situation in your professional career?
The big challenge in my career it was when I start in Security, I had no idea what the meaning in that time is.
What advice would you like to give to the cybersecurity and digital services protection enthusiasts?
So, good question, you need to be creative in how you look at certain software, hardware, and more, applying the hacking concept, and as a Principal Security Enginner, you really need to be the technical reference, but the question is, how is it possible, only having passion for knowledge and learn…
Well, I believe that hard skill, I mean, technical skill can be trained, software is a little more complicated to train, of course it’s possible, but soft skill comes from the inside
In Brazil we have an expression that I will try to translate for you that says: “I’d rather hold crazy people than push dumb/lazy people!”, I know that a translation does not convey the essence of this explanation, but I want to say, that my main recommendation is to invest in people who really want to learn, and who have passion for knowledge.
If you want to think in hard skill, of course, it depends on the cybersecurity area, but I could suggest some such as:
REV, Exploit Development, Vulnerability Research, Operation systems, Computer Forensic, Offensive Security, Hardware Hacking, Open Source, Program Language, Develops, Windows/Linux Internals, Operating Systems, Data Science and so on.