Interview with Marcelo Mansur

Email interview held on 12th September 2017 – as follows between Alan Radley (questioner) and Marcelo Mansur (relator):

1. What are your thoughts on the current state of cybersecurity, both for organizations and for consumers?

Well, everyone has a different approach. The short answer would be that those companies that assign their security teams a proportionally larger budget have a greater and more comprehensive understanding of the threat landscape.

2. What – in your estimation – are the reasons behind the many computer security breaches/failures that we see today?

Lack of concern and understanding, certainly, but also because a lot of software and systems weren’t built with security in mind. Hacking as a crime has been going on since the internet began, but only relatively recently has it become monetized on such a scale.

3. Where do you go to find your “science” of cybersecurity?

Well, Google would be my first answer. Cybersecurity is just security at the end of the day so the same rules apply. Information from RFC documents (white papers from the likes of Symantec, FireEye etc.) and university research tends to indicate heavily the problems we still see circulating albeit with different names for each bug or exploit. Google Project Zero does a good explanation of security when they find something and the numerous security bulletins from Microsoft. The Hacker News and Reddit are good for opinions but get close to being an echo chamber at times.

4. Do you recommend a particular cybersecurity blog that our readers could follow?

I’m a fan of Graham Cluley’s articles. Brian Krebs writes some very interesting stuff too and there are a few others like Wired that aren’t security-specific but do publish interesting pieces.

5. What keeps you up at night in the context of the cyber environment that the world finds itself in?

That it may already be too late and hostile nation states have gained an absolute foothold that we’re unaware of, that we’re past the point of no return an that there’s an attack under way that will cripple us (the West). I’m fairly sure that the next market correction will be cyber-related. At the risk of sounding sensationalist this is world war web.

Thank you kindly Marcelo Mansur for taking the time out of what must be a busy schedule to answer our questions in such a useful and purposeful way.

Interviewee: Marcelo Mansur,

Founder & CEO at RedBlue Security.

Marcelo Mansur – Biography

After a few months in recruitment I chose to focus on infosec purely due to my love for the community and all things hacker related. The decision to set up RedBlue Security came from a growing frustration of the lack of this interest shown by recruitment agencies and the old adage “If you want something done right, do it yourself.” I’m proud to say that we have now expanded to include penetration testing and private military contracting to our service line.

Thus far I have represented and placed ex-TAO members, Pwn2Own and Pwnie award winners, PPP Members and other DEF CON CTF winners, drone hackers, kernel-level exploit developers, Black Hat trainers, various other industry movers and shakers and many more besides.

Have spoken at:

– DEF CON 25
– DEF CON 24
– ToorCon ’17
– Bsides Denver ’17
– HackMiami ’16
– Bsides Manchester ’15
– DC4420
– Austin Hackers Association