Internet Security Interview: Carey Parker of “Firewalls Don’t Stop Dragons”

I had the privilege to do an Internet Security interview with Carey Parker, author of Firewalls Don’t Stop Dragons: A Step-By-Step Guide to Computer Security for Non-Techies, a book I reviewed (and highly recommend!).

Below you’ll find an audio recording of the interview, and Parker’s answers to my questions about Internet security, online privacy, and keeping kids safe online.

Carey Parker author of Firewalls Don’t Stop Dragons
Carey Parker, author of Firewalls Don’t Stop Dragons
Firewalls Don't Stop Dragons: A Step-by-Step Guide to Computer Security for Non-Techies
  • Amazon Kindle Edition
  • Parker, Carey (Author)
  • English (Publication Language)
  • 475 Pages - 08/24/2018 (Publication Date) - Apress (Publisher)

Questions and Answers About Internet Security and Online Privacy

Below are my questions, and summaries of Parker’s answers. You’ll get more by listening to the interview, but I thought this summary could be helpful.

1. What piqued your interest in cybersecurity and privacy in the first place?

Parker is a software engineer who’s been coding for 26 years. He’s always been interested in cryptography (crypto) and cybersecurity. The Edward Snowden revelations in 2013 shocked him; he says they were “a wake-up call,” and he felt like he “needed to do something.” 

Parker is the “IT guy” for his family, and they’re constantly asking him questions. He had always wanted to write a book, so he looked at the available books about personal cybersecurity and privacy and found only one, which was outdated. He decided to put his answers to his family’s questions into a book, which led to Firewalls Don’t Stop Dragons. He considers that his contribution to the cause of increasing security and privacy.

2. What are the biggest challenges or threats consumers face related to cybersecurity?

Parker lists several:

  1. Phishing
  2. Ransomware
  3. Identity theft

3. What are the biggest challenges or threats consumers face related to digital privacy?

Parker says he’s come to see cybersecurity and privacy as separate issues, though they’re related. He says the threats to privacy are “myriad and legion.” He says they’re coming from two main sources:

  1. Corporations
  2. Government

Corporations buy and sell consumer data. “It’s a total wild, wild West,” according to Parker.

Parker points out the dangers of the Internet of Things (IoT). He explains that because the profit margins on these devices are so small, manufacturers don’t want to spend money on security. Yet because the devices are connected to the Internet, they’re “easy prey for hackers.”

Parker has seen 3 studies of smart TVs that revealed that “they’re watching what you’re watching.”

The second source of privacy threats, according to Parker, is the government. He expected more public outcry after the Snowden revelations. He suggests a few reasons that didn’t happen:

  • People think they’re not affected.
  • People think they have nothing to hide, so it doesn’t matter.
  • People think they need to give up privacy to have security (which Parker calls “a false choice”).

Parker describes the current state of surveillance as the Panopticon, a prison designed by Jeremy Bentham in the 18th century, in which prisoners had to assume they were being watched at all times.

Parker explains that the government is using data for purposes other than it was collected, such as DMV photos being used by government agencies outside the DMV.

4. In your book, you list 6 priorities, which are the first items people should focus on. How did you arrive at those 6 items?

Parker says he selected the top tips out of the over 150 tips in the book, so that readers wouldn’t be overwhelmed. He says he picked them because they have “the most bang for the buck. And honestly, it’s like infinite bang for the buck, because most of these are zero cost.”

Parker expanded on the 6 priorities:

1. Back up your files.

If something happens, such as malware, your device dying, etc., you need a backup, says Parker.

2. Keep your computer and phone software updated.

As a software engineer, Parker knows firsthand that software can contain bugs (flaws). The best way to get fixes to these bugs is to have your software automatically update.

3. Use strong, unique passwords for important sites.

Parker warns that biometrics (fingerprints, face recognition, etc.) should only be used as secondary authentication factors (in addition to a password, or to unlock a phone), but that passwords are still the best primary authentication factor. 

Don’t use the same password on multiple sites, says Parker, because if one site gets hacked, bad guys will use the stolen passwords to try to break into other sites. This is called credential stuffing. Parker says the only way for humans to create long, strong passwords is to use a password manager.

LastPass: Secure Password Management
Free

LastPass helps you remember and manage your secure passwords all in one place. Never forget a password again.

Check Out LastPass
We may earn a commission if you click this link and make a purchase at no additional cost to you.

4. Turn on two-factor authentication when possible.

Parker explains that two-factor authentication follows the security principle of “defense in depth.” It protects you in case someone gets your password, or gets around the password authentication mechanism. It requires a second factor, such as a code from your phone, to log in. Parker has heard that two-factor authentication could stop 99% of credential-stuffing attacks.

5. Browse the Web safely using a good browser with security plugins.

Parker says you want a “privacy-respecting browser with some privacy-respecting plugins.” He says most major browsers are secure, but they differ in how much they respect privacy. He recommends that you not use Chrome because Google’s business model is selling ads.

6. Don’t open attachments or links you’re not expecting.

This is to protect against phishing, says Parker. His rule of thumb: if you didn’t ask for it, don’t trust it.

5. You’re a parent. What were, or are, the biggest challenges or threats your kids have faced related to cybersecurity or privacy?

The main thing with kids is they just don’t have the life experience, they don’t have the frame of reference for how dangerous these things could be.

He says social media has opened up a lot of social pressure and cyberbullying opportunities that previous generations didn’t need to worry about.

Many kids don’t understand the value of privacy yet, says Parker. They don’t understand that you can’t trust everyone on the Internet; they may not be who they say they are, and there are bad people out there.

6. How can parents protect their kids online, and help their kids protect themselves?

Parker told his kids to “be careful, be smart.”

The Internet is forever … anything that goes on the Internet … assume it will last forever and it can be seen by anybody.

Parker shared his “Grandma Rule”:

Don’t do anything on the Internet you wouldn’t happily show your grandmother.

Stay involved in what your kids do online, is Parker’s advice to parents.

Keep track of what they’re doing without being pushy or overprotective.

One of Parker’s rules for his kids was to keep computers in a common room in the house, rather than in bedrooms. He also had his kids charge their phones in a common room before they went to bed.

Parker didn’t allow his kids to communicate online with anyone that he hadn’t met in person, because many predators misrepresent themselves online.

Parker says it’s good to use parental controls, such as those included in operating systems.

He also mentions using OpenDNS to prevent kids from getting to sites they shouldn’t.

7. How can people best help their elderly relatives and friends? 

Parker points out that the elderly can usually do what they need with a phone or tablet, rather than a full computer, and those mobile devices tend to be more secure. “There are a lot fewer ways for you to shoot yourself in the foot,” he says.

Parker recommends that all adults think about their “digital afterlife” (what will happen to their digital assets when they die). One option he gives is to use a password manager, and put the master password in a safe deposit box or your will with your lawyer, for access by your survivors.

I added that people often overlook their “digital legacy.” When I first wrote my will, my lawyer said almost none of his clients had anything in their wills about digital accounts or assets!

8. There’s still a lot of apathy about personal cybersecurity. Do you think that will ever change? If so, what do you think it will take to make people care?

Parker thinks people want to be secure, but they feel overwhelmed. There’s too much to do, they don’t understand the technology, so they just give up. He describes it as resignation; “I can’t do anything, so why bother?”

There really is a lot you can do; there’s a lot of low-hanging fruit. There’s a lot of what I like to call seatbelts, sunscreen, smoke detector kind of level things, brush your teeth, floss. There’s a lot of things in our physical world that we’ve just learned to do.

You don’t have to outrun the bear; you just have to outrun your friend. … Just being a little more secure than the other guy often is enough. … Don’t give up; there’s a lot of things you can do.

9. Same question, but this time about digital privacy. Will people ever care? What might make them care?

“There definitely is some apathy out there,” Parker replies. He says some people think privacy is no big deal, and others think they have to give up privacy to have security, which he calls a false choice.

Another problem, according to Parker, is that people think they have nothing to hide. In response, Parker quotes Edward Snowden: 

Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.

Edward Snowden

Parker says the issue of privacy is bigger than each of us, so we need to band together to defend it.

10. You’re helping individuals take more responsibility for their security and privacy, but do you think companies should be working harder to defend people? If so, what should they be doing?

“For sure,” answers Parker. He says there aren’t enough consequences when companies violate the security and privacy of their users. He notes that the issue isn’t so much that there are bugs in software, which is inevitable, but how a company responds to bugs.

Parker points out that tech companies are taking steps to protect users, such as filtering spam email and flagging suspicious attachments. But, he says there’s a lot more tech companies could be doing.

Parker thinks some amount of regulation is needed, similar to how the FAA oversees airline safety, and the FDA oversees food safety. He thinks that it would be helpful if regulation required more transparency about how data is being collected, used, sold, etc.

11. You’ve witnessed digital security and privacy trends over the last couple of decades. Are you optimistic or pessimistic about the future of personal cybersecurity and privacy?

Honestly, both. I think there’s—it’s one of those things where it’s this cat and mouse kind of a thing where the bad guys keep getting better but the good guys are getting better too. …It’s going to be this constant struggle … Overall, I think we’re definitely making progress. I think it’s going to get worse before it gets better. But I am optimistic that it will get better.

Parker says that unfortunately, we may need to suffer more big incidents before the changes happen.

I personally as a software engineer think that these problems can be solved.

12. What role do you predict artificial intelligence (AI) will play in the future? Do you think it will be a net positive or net negative for personal cybersecurity and privacy?

I think it’s going to be a little bit of both.

Parker gives the example of AI-generated news stories, complete with fake quotes from real people. He also mentions deepfakes, which are fake audio or video recordings. Yet AI can also be used to detect such fake news.

Parker recommends that you search (using DuckDuckGo) the word deepfakes to learn more about them. He mentions a deepfake of Jennifer Lawrence with Steve Buscemi’s face:

I added that I’ve seen or heard of deepfakes of Mark Zuckerberg, Barack Obama, and Donald Trump.

https://www.instagram.com/p/ByaVigGFP2U/

Parker noted that AI can be used to create fake news and deepfakes, but also to expose them.

He also pointed out that AI can be used to catch viruses, stop ransomware, stop spam, stop scam emails, etc.

These are just tools. They can be used for good or evil, and I think we’ll see both.

13. Your book is a great resource, and you provide a lot of info through your website and podcast. How else do you recommend people stay informed of cybersecurity and privacy issues?

Part of why he wrote his book and started his site and podcast is because there weren’t enough resources for the average person, Parker says.

He recommends these resources:

14. Off-topic: Your book uses a castle analogy, and you mention that you’re a fan of fantasy literature. What are your favorite works?

“I’ve always really been a sword and sorcery kind of guy,” says Parker. He played Dungeons and Dragons in middle school. He listed:

Parker asked what fantasy I’ve read, so I listed:

Note: these book links are all Amazon affiliate links.

15. Do you have any other warnings, advice, or encouragement you’d like to share before we conclude?

There’s a lot of really simple things we can all be doing. … The main thing is don’t panic. … don’t give up. There’s a lot you can do that will make you safer.

Parker emphasizes the importance of everyone increasing their security because we all benefit from an overall increase in security.

Become an informed consumer, advises Parker; learn about products before buying. He encourages “voting with your pocketbook”; buying products that are good for security and privacy, and avoiding those that aren’t. He notes that products with good security and privacy often cost more, because it costs money to do security and privacy properly.

Parker also recommends being involved politically, even at the local level, on security and privacy issues.

Additional Resources

I recommend that you read the book, Firewalls Don’t Stop Dragons: A Step-By-Step Guide to Computer Security for Non-Techies by Carey Parker.

Firewalls Don't Stop Dragons: A Step-by-Step Guide to Computer Security for Non-Techies
  • Amazon Kindle Edition
  • Parker, Carey (Author)
  • English (Publication Language)
  • 475 Pages - 08/24/2018 (Publication Date) - Apress (Publisher)

The Resources page has additional cybersecurity and privacy books.

You can also read my review of the book.

Where to follow Parker:

What You Should Do

  1. Buy your own copy of Firewalls Don’t Stop Dragons: A Step-By-Step Guide to Computer Security for Non-Techies.
  2. As you read the book, take the time to follow its advice, to increase your digital security and privacy, and help your kids do the same. You’ll find some of the following points in the book.
  3. Regularly back up your files.
  4. Keep your computer and phone software updated.
  5. Use strong, unique passwords. The best way to do this is with a password manager.
  6. Turn on two-factor authentication when possible.
  7. Don’t open attachments or links you’re not expecting. If you didn’t ask for it, don’t trust it.
  8. Teach your kids (and remember yourself) that anything you put online could last forever and be seen by anyone.
  9. Stay involved in what your kids do online.
  10. Consider keeping your kids’ devices in common rooms in the house, and disallowing them to be taken into bedrooms.
  11. Plan for what will happen to your accounts, files, and other digital assets after you die. A password manager can make it easier to grant access.
  12. Consider using parental controls.
Net Nanny: Parental Control Software and Website Blocker
$39.99

Net Nanny protects your child against dangerous content and online threats. You can block apps and websites on your child's device, and get peace of mind with the best parental control software on the market.

Check Out Net Nanny
We may earn a commission if you click this link and make a purchase at no additional cost to you.
Norton Family: Award Winning Parental Control Software
Free

Norton Family helps you supervise your kids' online activities and protect them against unsuitable content. It helps block inappropriate websites while your kids are surfing the Internet.

Check Out Norton Family
We may earn a commission if you click this link and make a purchase at no additional cost to you.
Kaspersky Safe Kids: All-In-One Parental Control Software
$14.99

Kaspersky Safe Kids gives you an affordable tool to protect your child against online threats. You can also monitor all your child's devices to block any inappropriate websites.

Check Out Kaspersky Safe Kids
We may earn a commission if you click this link and make a purchase at no additional cost to you.
Mobicip: Parental Control Software and Internet Filter
$40

Mobicip helps protect your family on the Internet, limit screen time, manage apps, and track your kids' location/s. You can manage and monitor all family devices from one parent app or dashboard.

Check Out Mobicip
We may earn a commission if you click this link and make a purchase at no additional cost to you.
KidLogger: Free Parental Control App
Free

KidLogger helps you observe what your kids are doing when they are using their devices. You can monitor their web history, keystrokes, messages, emails, and application usage.

Check Out KidLogger
We may earn a commission if you click this link and make a purchase at no additional cost to you.
Qustodio: Best Parental Control Software
$55/yr

Qustodio provides powerful monitoring tools and parental controls for things like screen time, adult content, and games. It gives parents visibility and creates daily opportunities to talk with kids about their online experiences.

Check Out Qustodio
We may earn a commission if you click this link and make a purchase at no additional cost to you.
Circle - Parental Monitoring

By setting up the Circle content Internet Filter feature, parents can easily select the apps, devices, games, streaming services, and websites that need limitations or restrictions. Then, add filters to each family member’s profile accordingly.

Learn More About Circle
Our Favorite Parental Controls App
Bark: The Smart Way To Keep Kids Safer Online
$49

Bark lets you proactively monitor your child's text messages, emails, and social media accounts for potential safety concerns or privacy threats, so you can save time and gain peace of mind. Use code "DEFEND" for $30 off!

Check Out Bark
We may earn a commission if you click this link and make a purchase at no additional cost to you.

Leave a Comment