Connect with Joseph Steinberg

Frequently Asked Questions

1. Why is Cybersecurity Important?

Cybersecurity is important (and that is an understatement) because modern society both relies on computers and connected devices for so many critical functions, as well as stores nearly all of its data electronically; cyber security involves protecting such systems and data from destruction, manipulation, abuse, and theft.

Cybersecurity is an extremely complex discipline, and the ramifications of failing to implement proper cybersecurity can be devastating to individuals, governments, and businesses of all sizes. The 1983 movie, WarGames, showed how a single hacker breach could potentially lead to a global thermonuclear war. While most breaches, thankfully, produce less severe outcomes, the consequences of a “cybersecurity incident” can still be financially catastrophic, and, sometimes, even life threatening.

2. Why do we need cyber security experts?

If you were ill with cancer you would want to be treated by an oncologist with relevant experience.

If you were charged with a crime you would want to be represented by an attorney experienced in defending people charged with similar offenses.

If you were audited by the IRS, you would want the help of an accountant.

Yet, in a world in which there are daily news reports of devastating cyberattacks – including many that inflict serious harm to organizations that have previously armed themselves with skilled cybersecurity teams – some folks still seem to believe that they can properly secure themselves against the efforts of extremely-well-trained cyber-adversaries simply by adopting a “do it yourself” approach.

The impact of such decisions is clear – as is the reason that the world needs cyber security experts.

3. What is a cyber security expert witness?

Cyber security expert witnesses are experts in cybersecurity, who, by virtue of their notable accomplishments, many years of professional experience, certifications, education, training, and skills are deemed by society (and especially by judges and juries) to be experts on matters related to cybersecurity, and whose testimony about cybersecurity-related matters can be heard as part of legal cases. A cybersecurity expert witness may be called upon to render an opinion, for example, as to whether a data breach or other costly cyberattack was the result of some party’s negligence or whether the incident occurred despite reasonable efforts to protect systems and data. Likewise, a cyber security expert witness may be asked to analyze evidence in civil or criminal cases involving cybersecurity, or to render an opinion as to whether or not they believe that an invention described in a cybersecurity-related patent is truly original, or if the possibility of the patented invention’s existence was obvious, from prior art, to ordinary people skilled in the art of cybersecurity. Joseph Steinberg has served as a cybersecurity expert witness multiple times in all of these types of cases. For about the role of a cybersecurity expert witness please see the cyber security expert witness page on this website.

4. What is the best cybersecurity advice that you can give me?

To remember that you and I are the weakest link in the cybersecurity chain. That’s right. Humans are the Achilles Heel of cyber security. By far. Remember, technologies improve rapidly – with new generations of systems appearing every year or two, often sporting dramatic improvements. The human brain takes tens of thousands of years to evolve improvements – today’s men and women may have access to more information than did all of our forebears, but our brains are no more powerful than those of people who lived thousands of years ago. As time marches on, we become less and less intelligent relative to technology.

If you are looking for some tips on how to improve your own cybersecurity without spending a lot of money, please see the article: 13 Tips to Achieve Great CyberSecurity Without Spending a Fortune.

5. What is the best cybersecurity technology out there that I can buy?

Asking what is the best cybersecurity technology is like asking what is the best prescription medication – There simply is no one best cybersecurity product or prescription medication, because what is “best” is highly dependent upon the specifics of a particular situation in which it is being applied.

Also, consider that the feature and functionality differences between competing offerings in the same category of cybersecurity countermeasures are rarely, if ever, the primarily reason that a person, business, or government is able to be successfully breached.

In most cases – if not in all cases – how well you use cybersecurity technology is going to be far better predictor of your chances of remaining secure than would be which particular reliable vendor’s offering you choose to use.

6. Is it safe to use public Wi-Fi? I have heard from some experts that it is not, but it is so inconvenient not to use it.

The answer is not simply a “Yes” or a “No” – there are situations in which using public Wi-Fi makes sense, and there are other cases in which doing so could be disastrous.

I actually dedicated an entire article to this subject – please see How to Safely Use Public Wi-Fi.

7. Do I personally really need to think about cyber security?

Only if you are alive. Seriously, though, if you are reading these words on an electronic device, the answer to the question is clearly yes.

8. But, why should I care about cyber security if I do not have anything to hide?

I hear this type of point being made all the time – but, the reality is that there are many reasons to maintain proper cyber-hygiene even if you do not think that you have anything to hide. In fact, because of how many times I have heard claims to the effect of the above, I dedicated an entire article to explaining the matter in detail. Please read the aptly named piece: Stop Saying You Don’t Need To Worry About Privacy and CyberSecurity Because You Don’t Have Anything To Hide. You Have Plenty.

9. Who is Joseph Steinberg?

Joseph Steinberg is a long-time veteran of the cybersecurity industry, well respected worldwide for the depth and breadth of his relevant cybersecurity knowledge. He presently serves as a cyber security expert witness, and as cyber security advisor to both businesses and governments. Steinberg has been calculated to be one of the top 3 cybersecurity influencers worldwide, and has written books ranging from Cybersecurity for Dummies to the official study guide from which many Chief Information Security Officers (CISOs) study for their certification exams. More about Joseph Steinberg can be found on the About CyberSecurity Expert Joseph Steinberg page of this website.

10. How can I best reach Joseph Steinberg?

You can contact Joseph Steinberg via the Contact Joseph Steinberg page on this website. Please note that he checks messages from this website more frequently than he does social media messages.

11. What are the funny, unpronounceable acronyms after Joseph’s name? What do they mean?

The acronyms represent information security certifications that Joseph holds – attesting to his knowledge and experience with various facets of information security. They include the following – with detailed descriptions below coming from (ISC)², the international, nonprofit membership association for information security professionals that has certified more than 160,000 people worldwide over the past 32 years, and that issues the relevant certifications:

CISSP – Certified Information Systems Security Professional – Sometimes known as the “Gold Standard” of general information security certifications, the CISSP shows that its holder is an experienced security practitioner, and has developed knowledge across a wide array of security practices and principles.

ISSAP – Information Systems Security Architecture Professional – Issued to only people already possessing the CISSP credential, this security architect certification proves that is holder possesses expertise in developing, designing, and analyzing security solutions, as well as in giving risk-based guidance to senior management in order to meet organizational goals. The CISSP-ISSAP is an appropriate credential for chief security architects.

ISSMP – Information Systems Security Management Professional – Issued to people only if they already possess a CISSP credential, this cybersecurity management certification shows that its holders excel at establishing, presenting and governing information security programs, as well as have demonstrated deep management and leadership skills whether leading incident response and/or a breach-mitigation team.

CSSLP – Certified Secure Software Lifecycle Professional – This certification recognizes leading application security skills, and is ideal for software development and security professionals responsible for applying best practices to each phase of the software development life cycle – from software design and implementation to testing and deployment to disposal.

12. What does the abbreviation TY4IM that Joseph Steinberg frequently uses on social media mean?

TY4IM stands for “Thank You For Including Me” – because Twitter is character limited, and Joseph likes to both share the content of people who include him in their work as well as thank such folks, Joseph created this abbreviation to ensure that he can simultaneously do both.

13. What is the best way for me to learn a bit about cybersecurity? I am a total beginner…

I am, of course, “slightly” partial, but, I recommend reading Cybersecurity for Dummies.

14. How should CyberSecurity be spelled – CyberSecurity, Cyber Security, or Cybersecurity?

While I generally prefer spelling cybersecurity as one word, and capitalizing both the C and S when the word is used in a title, all three forms are correct.

15. Have any major publications profiled Joseph Steinberg’s work as a cybersecurity expert witness?

While Steinberg has been profiled in many publications, one recent article that specifically discussed his work as a cybersecurity expert witness is Newsweek: How a Leading Cybersecurity Expert Witness Helps Achieve Justice for Cybercrime Victims.




* indicates required