Keith Alexander Wants $1 Million Per Month For 'Cybersecurity' Consulting
from the hence-the-FUD dept
In May, we wrote about how ridiculous it was that former NSA boss Keith "collect it all" Alexander was now launching a cybersecurity consulting firm. After all, it's difficult to think of anyone who has done so much to undermine cybersecurity as Keith Alexander. Now Bloomberg is reporting that he's offering his "services" for the cut-rate price of $1 million per month. Yes, I'll repeat that:Keith Alexander wants banks and other companies to pay him $1 million per month to help them with their "cybersecurity." At that price, I'd hope that he's just selling them the location of the backdoors he ordered to be placed in all of their hardware and software. And idiotic banks are apparently willing to pay, rather than going with the much, much cheaper option of hiring an actual security expert:
Joining a crowded field of cyber-consultants, the former National Security Agency chief is pitching his services for as much as $1 million a month. The audience is receptive: Under pressure from regulators, lawmakers and their customers, financial firms are pouring hundreds of millions of dollars into barriers against digital assaults.Either way, given that Alexander stands to profit quite nicely from his own undermining of cybersecurity, it's obviously no wonder at all that he's spent the past month exaggerating the "threat" of what's out there, often taking it to ridiculous levels.
While Alexander is doing the exact same thing as his predecessors, pay attention to the various media coverage of Alexander in the coming months and years. He's going to appear on TV and in newspapers and magazines a lot. And he will frequently be quoted spewing FUD about threats and how dangerous it is out there. And in almost none of those cases will any of the press covering him highlight the fact that Alexander stands to profit massively from keeping big banks and other companies scared shitless, so they hire him for $1 million a month to "protect" them from this threat that he both helped to create... and is now overhyping.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: banks, consulting, cybersecurity, fud, keith alexander, nsa, surveillance
Reader Comments
The First Word
“The security approach taken by banks
I've observed that most banks are willing to spend incredible amounts of money on consultants and software and hardware and audits and all kinds of stuff...while failing to do the simplest, easiest, cheapest, most fundamental things that would actually yield the biggest security wins.One example out of hundreds: does your bank train its customers to be phish victims? Look at the most recent email message that they've sent you. Does it have any URLs in it?
If yes, then they're idiots. If no, then congratulations: you're a customer of the precious few banks with at least a modest clue about security.
Subscribe: RSS
View by: Time | Thread
Snowden is often accused of taking documents he's holding for the "highest bidder" willing to grant him asylum, most notably from Alexander.
Yet, now that Alexander is free-lance, what better way to capitalize by selling that same information for $1 million per month.
Want to bet Alexander won't be deemed a traitor for giving out the same exact information? It's a sucker's bet, so please help me get rich off a scam, too.
;)
* not really trademarked.
[ link to this | view in chronology ]
Re:
Snowden didn't pay up so he is a thief of the multibillion dollar league. A damn communist and therefore a traitor!
[ link to this | view in chronology ]
Snake Oil
This pretty much summarizes our government - and what they're best at.
[ link to this | view in chronology ]
Re: Snake Oil
[ link to this | view in chronology ]
Re: Snake Oil
[ link to this | view in chronology ]
The security approach taken by banks
One example out of hundreds: does your bank train its customers to be phish victims? Look at the most recent email message that they've sent you. Does it have any URLs in it?
If yes, then they're idiots. If no, then congratulations: you're a customer of the precious few banks with at least a modest clue about security.
[ link to this | view in chronology ]
Re: The security approach taken by banks
1) Banking is all about the customers trusting the bank. As a result, banks will spend a lot of money doing things that make it appear to customers that they are safe and secure.
2) Banks don't care as much about hardening their systems against attacks as people think they do. It's actually not that hard to rip off a bank through their computer systems.
3) The one thing that is hard is getting away with ripping off a bank. It's certainly possible, but takes more brains and effort than most thieves have at their disposal.
4) Thefts happen all the time, and most of them are never reported to the public (by design). Banks just take the insurance money and make the affected customers whole, often without the customers ever knowing that they'd been ripped off in the first place.
Banks actually are a very safe place to put your money, but for different reasons than people imagine. It might get stolen, but the bank will replace it. The end effect of all of this is to make banking more expensive than it has to be.
[ link to this | view in chronology ]
Re: Re: The security approach taken by banks
I guess it depends on how you want to spin it.
[ link to this | view in chronology ]
Re: Re: Re: The security approach taken by banks
I guess it depends on how you want to spin it.
But what value are they actually getting for that $12 million? Perhaps if it were a known computer security expert, then, sure. But what value do you think Alexander really provides to a bank?
[ link to this | view in chronology ]
Re: Re: Re: Re: The security approach taken by banks
He tells the bad guys that a particular bank paid its dues.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: The security approach taken by banks
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: The security approach taken by banks
Just like with that global surveillance thing where they are collecting everything anyway, never mind a warrant.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: The security approach taken by banks
[ link to this | view in chronology ]
Re: Re: Re: Re: The security approach taken by banks
Assistance in implementing a real time backups to Blufdale.
[ link to this | view in chronology ]
Re: Re: Re: Re: The security approach taken by banks
They've probably already gotten it. They're not actually paying for what they say they are.
[ link to this | view in chronology ]
Re: Re: The security approach taken by banks
This is why banks need to spend money on good graphic designers that can make their web page give a good impression of safety and security.
Green checkmarked bullet points and green/gold safety shields go a long way. (This also works for anti-malware products -- even if they do nothing. Example: many phony Android security anti-malware apps. In practice, android, iOS and linux malware is rare, and thus news. Windows malware is greeted with a yawn.)
[ link to this | view in chronology ]
Re: Re: Re: The security approach taken by banks
It's unlikely that banks thing that hiring Alexander will actually let them increase security.
[ link to this | view in chronology ]
Re: Re: Re: Re: The security approach taken by banks
When it comes to security I don't think he is worth much. Just because you can split a car into pieces, doesn't mean you can repair one. And that is assuming he has learned a lot from his department. It is not easy for a military type to accept inferiority on any subject and especially not to a subordinate. Usually leadership skills in these positions entail avoiding technical subjects and trusting the person is somewhat capable of his craft, while the leader learns to translate from geek to language, military or language, legal or language, political.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: The security approach taken by banks
The costs to who? The banks already charge law enforcement for their expenses, so they have no costs to lower.
[ link to this | view in chronology ]
Re: The security approach taken by banks
[ link to this | view in chronology ]
The security approach taken by my credit union
No, I'm not a mere customer for a for-profit bank; I'm a member of a non-profit credit union with an immodest clue about security (Strict Transport Security (i.e., forced TLS), multi-factor authentication, no unsolicited emails (and no URLs in solicited emails)).
Why should I want to help pay for some asshole bankster's/CxO's next yacht? Instead, the credit union president (whom I voted for) receives reasonable compensation (no multi-millions), and I benefit from greater interest in my checking account than in any banks' saving accounts (and no fucking fees).
Banks are for suckers (especially post-2008) and capitalists' whores. The only non-suckers/whores in a bank are its owners — at a credit union, every member is an owner.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
The executives that can make a decision to spend $1m/mo on a cyber-security consultant are a relatively small group, but many of them are highly divorced from technology. Just think of how many stories of them having their emails printed and read to them you have heard.
I worked for one of the largest media companies in the world and the CEO never touched a keyboard. He did, however, go to the country club with other crazy rich CEO's and they would go into the locker room and measure. Getting the bragging rights of "my systems are protected by the former head of the NSA" - right up their alley.
[ link to this | view in chronology ]
Whoever controls the global spying machine, stands to profit handsomely from it. Just like Keith Alexander is about to profit from it. He knows the ins and outs of how the global spying machine works.
Global spying has always been about profits. Terrorism is just the "pretext" used to hide the global spying machines true purpose.
[ link to this | view in chronology ]
We can rebuild him
[ link to this | view in chronology ]
If Keith Alexander was really smart...
[ link to this | view in chronology ]
The deal is real
Personally, I prefer the message it would send if every business left the U.S.A., a whole country run by an organized crime syndicate calling itself "government" and considering itself above the law.
But that does not actually happen. A few people leave, a few people have their shops burn down. Most pay.
I have little doubt that Alexander will provide excellent foresight regarding just which shops will happen to burn down next.
[ link to this | view in chronology ]
Re: The deal is real
[ link to this | view in chronology ]
Imagine if they did the hard thing and focused on solving the problems rather than creating job security.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
$ value of Alexander's offering == $0
[ link to this | view in chronology ]
Douchebags that serve the Kool-Aid, and the dochebags that drink it
I seem to recall during the financial crisis banks "needed" to pay their high ranking officers exorbitant salaries to keep the best and brightest working for them.
If these best and brightest are listening to the likes of Alexander, then someone at the helm (of those banks) has failed to noticed all the burnt out bulbs in upper management.
[ link to this | view in chronology ]
This is a racket
[ link to this | view in chronology ]
Way overpriced
Pay him to "cybersecure" your facility and it will become an NSA facility. Might as well just move your servers into the NSA's Utah data center.
Well, that's just me; there's a sucker born every minute; I'm sure he'll find someone to pay his outrageous fee.
[ link to this | view in chronology ]
like Joe Morganelli, profiting from both ends
A very lucrative business plan indeed.
[ link to this | view in chronology ]
Who is surprised?
[ link to this | view in chronology ]
Not Idiotic. Just Corrupt.
No, they're not idiotic. They know who and what Alexander is. An actual security expert he is not. A former high ranking government official ready for his payout he is. The banks pull the stings of a lot of the government. The government responds and the banks make it worth while. One hand washes the other. Alexander knows how it works.
[ link to this | view in chronology ]
Better title
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
"Egomaniacal and sociopathic yes"
That's why he's calling him crazy. "Egomaniacal and sociopathic" are kinds of crazy.
[ link to this | view in chronology ]
...wait. actually, banks might profit from that after all.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Oh boy, we're having fun now.
[ link to this | view in chronology ]
Harry Angslinger had a scam something like this going on too. Scare the shit out of them and then extort money.
[ link to this | view in chronology ]
One of the oldest mafia tricks
[ link to this | view in chronology ]
Isn't he ...
How is that legal? He's not selling expertise, he's selling classified information.
[ link to this | view in chronology ]
Pay him a million bucks and pack him into a conference room to tell the janitor all his nonsense.
Just prevent him from uttering his blatant lies and fabrications to the media and public.
[ link to this | view in chronology ]
I suppose once you start making a few million a year under the table, its pretty darn hard to take any legal job that pays less.
[ link to this | view in chronology ]