About
Sole proprietor, FIFO Networks
Cybersecurity - Networks - Wireless – Telecom -…
Cybersecurity - Networks - Wireless – Telecom -…
Services
Articles by Bob
Activity
11K followers
-
Bob Young posted thisThis morning I solved a client's email problem via text messaging while sitting at the breakfast table in my pajamas. The problem? They could send email at work, but couldn't send on a different computer at home. The solution? "Try power cycling your computer AND your cable modem." And email started working again. I won't invoice for this one. Existing client, customer service and all that. Don't nickel and dime them. Be there when they need you. Charge full bore competitive rates for the real work. #CallMeIfYouNeedMe #FIFONetworks +1 206-465-2422 #TechSupport #RemoteSupport #HelpDesk Cybersecurity - Networks - Wireless – Telecom – VoIP
-
Bob Young posted thisIt's Sunday evening, 5:17pm PDT. I just finished month-end server maintenance for the last client. I have the evening free to sit in the recliner, watch TV, and eat popcorn. Of course, it starts all over again with mid-month maintenance in about two weeks. It's like laundry, or mowing the lawn. You're never REALLY finished... #CallMeIfYouNeedMe #FIFONetworks +1 206-465-2422 Cybersecurity - Networks - Wireless – Telecom – VoIP
-
Bob Young shared thisThis mini-PC (in the yellow circle) was shipped to me from Texas. The owner, a man who lived alone, suffered a major medical event and will never be able to use it again. The person with Power of Attorney sent it to me to crack. I recovered email, a rather insecure password list, information on all utility bills, where banking is done, and so forth. Now the family can proceed with handling the person’s financial affairs. The mini-PC is even easier to ship than a laptop, because it doesn’t have any lithium battery inside. It uses an external AC adapter. #CallMeIfYouNeedMe #FIFONetworks +1 206-465-2422 Cybersecurity - Networks - Wireless – Telecom – VoIP
-
Bob Young shared thisIt’s time for companies to change this website notice to, “You may need to download an application to view PDF documents.” The Portable Document Format (PDF) was originally a proprietary format, but it has been an open standard for many years now. I sign Non-Disclosure Agreements (NDAs) with several of my clients. Adobe’s constant pressure to incorporate their automatic cloud storage and artificial intelligence analysis of documents that are read, created, or edited with their software make their products not just a security risk, but a legal risk. I canceled my Adobe subscription and uninstalled all of their products from every computer I use for work-related tasks. (Full disclosure: my wife still has her Adobe subscription and has no interest in changing products). Opening a PDF file in a web browser is also a security risk if you have an NDA, since many web browser providers are analyzing displayed content. If you have security obligations to your clients, I recommend disabling the viewing of PDF files in the browser, or, better yet, use a less invasive browser for work-related tasks. I’m not making any recommendations in this post (or in the comments) for PDF viewers or browsers, because that would create the impression that this is a sales pitch. If anyone recommends something in the comments, that’s fine, just understand that I’m not making an endorsement here. But back to the original point, in my opening sentence: unless Adobe is paying you to recommend their product on your website, you should drop the reference to Adobe in your PDF notice. It’s an open standard, and recommending a particular product when it’s not a requirement is misleading at best. #CallMeIfYouNeedMe #FIFONetworks +1 206-465-2422 Cybersecurity - Networks - Wireless – Telecom – VoIP
-
Bob Young posted thisOne of the most bewildering aspects of remote tech support is when I connect to the user's computer, there's an error message on the screen telling exactly what to do to fix the problem, and the user says, "Just close that, it always pops up." I respond with, "Well, that's a safe error message, so I'm going to click on it and resolve it so it doesn't keep being an annoyance." And then their problem is fixed and I invoice them. It would make sense to me if they said, "I'm not sure if it's okay to click on that, or if it's trying to trick me." But when they don't think it's related to the problem - I don't know how to explain that. #CallMeIfYouNeedMe #FIFONetworks +1 206-465-2422 Cybersecurity - Networks - Wireless – Telecom – VoIP
-
Bob Young shared thisAre QR codes for restaurant menus safe? Why yes, as a matter of act, they are. And before you start with the “But Bob,” read the whole post. There’s this concept in cybersecurity called a risk assessment. When the restaurant puts an official, restaurant-sponsored QR code linking to their menu on your table, the risk is very low. Click on the link and pick your favorite food and beverage. Did someone tape a new QR code over the original QR code? The risk went up. Ask your server if the restaurant changed the QR code. If they did, the risk is back down. QR codes are a nice benefit in the age of smartphones. They make it much easier to get a complex URL into your browser, and to identify valid concert ticket holders, and many other things. THE LESSON Instead of parroting negative rules (“Don’t do this!” “Don’t do that!”), use your skills and do the analysis. (About the picture: someone on Threads complained about QR codes for restaurant menus. They don’t like them. Fine. Me neither. But then someone posted in the comments, “You should never scan random QR codes this is a huge cybersecurity issue.” And that’s just a gross oversimplification).
-
Bob Young posted thisIf you receive a call from an agency trying to verify someone’s employment, take the call. Return the call if they left a voicemail. Go the extra mile and make the effort. STORY TIME Yesterday a call came from an unknown number, and I was driving, so I let it roll to voicemail. It was an employment verification call. The caller gave me the person’s name and dates of employment, but didn’t say what company they worked for. The employment dates overlapped the time when I was CISO at a national retailer. I didn’t recognize the name, but there were a lot of employees working Help Desk, and the Help Desk Manager reported to me. The company has since gone bankrupt, and they might be having difficulty finding someone to verify employment. So I called back. No joy. I was moved from the automated attendant to a holding queue, and after a few minutes I hung up. Today, they called and left another voicemail. I called back right away, and this time I connected with a real person. I gave them the case number and they looked it up, and I asked questions. It turned out that the woman who wanted her employment verified worked for a company in Florida with a name similar to my company name – it started with “FIFO.” I’ve never done business in Florida, and she never worked for me, but I doubt she lied on her application. The company she listed still exists, and is headquartered in Florida. It’s more likely that the company doing employment verification is having difficulty finding a good contact. THE “ALMOST” PROBLEM What if I had just said, “I don’t recognize that name, she never worked for me?” Right now, finding a job is hell on Earth. Someone is interested in hiring her. I could have destroyed her reputation and prospects for employment by being quick to judge, and speaking without full knowledge of the situation. THE CORRECT RESPONSE If you get a call from an employment verification agency and you don’t recognize the name, ask questions. Get information before jumping to conclusions. In this case I was able to say, “I’ve never had employees in Florida, and that company name is slightly different than mine, so I can’t verify her employment, but you should keep looking and see if you can find someone from the right company.” My unknown friend, best wishes for your job search. I hope you find a job where you can be happy soon.
-
Bob Young posted thisA client has an air gapped system with Microsoft 365 on it. This was a decision on his part, without any prompting from me. I found out about it after the fact. Of course, it quit working without an Internet connection to periodically verify the product is still licensed. When he called looking for a solution, I switched him to LibreOffice and now he’s using Calc for his spreadsheets. Now I’m wondering if I’ll see more of this. Has concern about AI accelerated the move to Free and Open-Source Software (FOSS)?
-
Bob Young posted thisInstead of using fear as a tactic to sell cybersecurity services, I find people who are already concerned about their risk, and offer them calm confidence in exchange for money. UPDATE: Based on comments on another forum (I cross-post a lot), I think my intent may not have been clearly communicated. I don’t mean that I “display” or “radiate” calm confidence. I’m not selling a performance. I mean that I do the things that need to be done so that their anxiety can be replaced by calm confidence. If you truly understand the first sentence of my post, I just gave you a masterclass in cybersecurity sales, and I didn’t charge you a dime. Getting people to part with their money out of fear is a horrible way to make a living. I don’t need to convince people that cybercriminals are bad. They already know that. What they want is assurance that the risk can be reduced to an acceptable level that won’t keep them up at night. Reducing the risk to a manageable level is done through a combination of changes: Policy changes Business operations changes Infrastructure changes Software changes Show them the way out of the forest fire. #CallMeIfYouNeedMe #FIFONetworks +1 206-465-2422 Cybersecurity - Networks - Wireless – Telecom – VoIP
Bob Young replied to a comment
1d
But, DDoS! Can’t we blame everything on DDoS?
I have a story about the “it’s always DNS” joke.
I went to work at a company where the Senior Network Engineer blamed a problem on DNS when it absolutely, positively, under no circumstances, could be caused by DNS issues. That was when I realized our Senior Network Engineer was a total poseur and we were completely screwed.
Bob Young replied to a comment
1d
I was CISO for a national retailer with over 700 locations, but it was short-lived because the company went belly-up as a result of COVID. The former CISO was still there. He had moved into a different role, running offshore software development for retail operations. I arrived in January 2020, and by midsummer they were cutting back. I was let go, along with hundreds of others. The offshore software development project was scrapped and the former CISO returned to his role.
But...
I was glad to leave. The organization was highly dysfunctional, the CIO was scared of the CEO, my reporting line and budget were through the CIO, and it was a mess. I inherited the budget that was ironed out without my involvement in 2019. I was told, “You’ve got more money than you’ll need – biggest budget we’ve ever had!” No. A complete lie. The money available didn’t begin to put a dent in their technical debt, let alone pay for staffing and tools for a decent cybersecurity program (which, by the way, did not exist, at all, when I arrived).
I think, based on your post, that my story sounds familiar.
Bob Young commented on a post
1d
Your observations are accurate and clearly communicated. I hope the right people read it. As for what to add, there's not much, but if anything, I would add that the CISO should never report to the CIO or share the CIO's budget. If anything, the CIO should be required to obtain buy-in from the CISO on any new initiative.
-
Bob Young liked thisBob Young liked thisThe White House has a new App. The terms contain a single sentence that matters more than any other: "Information You Give Us May be Shared with Other Government Agencies." Mitch Jackson digs into the App's privacy implications -- must read. But in a nutshell, I'm a HARD-NO on this download.The White House Built a Surveillance App and Calls It a News FeedThe White House Built a Surveillance App and Calls It a News Feed
-
Bob Young liked thisIn public safety, the conversation around drones and RF threats often starts with detection. But detection is only the beginning. The more difficult challenge is integration. Through my work as an Integrations Manager, along with SIGINT experience in both CONUS and OCONUS environments, one thing has become increasingly clear: the gap is rarely the sensor itself. The real gap is how quickly and reliably data can be fused into something an operator can trust and act on. That matters now more than ever. As public safety and national security agencies continue investing in C-UAS, RF awareness, and sensor-driven operations, the focus cannot stop at collection alone. Detection without context creates noise. Detection without integration creates delay. And delay, in real-world environments, has consequences. That is why I believe the next phase of public and national safety will be shaped less by who has the most sensors, and more by who can best integrate RF awareness, video, geospatial context, and operational workflows into a usable operational picture. Because in the field, teams do not need more disconnected alerts. They need confidence. They need context. They need systems that support decisions under pressure. The future of C-UAS, SIGINT, and RF-enabled public safety will not be defined solely by what we can detect. It will be defined by what we can trust, operationalize, and act on in time to matter. #PublicSafety #NationalSecurity #CUAS #SIGINT #SensorIntegration #Interoperability #SituationalAwareness #CriticalInfrastructure
-
Bob Young liked thisBob Young liked thisI just read an AI bro comment that being totally dependent on AI for getting your work done is fine "as long as you can reason about it." Newsflash: Doesn't matter if you can reason about it or not when the AI goes down and you are unable to get your work done. The work still ain't done.
Experience & Education
-
FIFO Networks
View Bob’s full experience
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
Publications
-
The Software Developer's Code of Ethics
FIFO Networks
See publicationProvides ethical guidelines for application development.
-
Wireless Network Security
Sold-out webinar on wireless network security, focused on mobile networks.
Languages
-
English
-
Recommendations received
4 people have recommended Bob
Join now to viewOther similar profiles
Explore more posts
Explore top content on LinkedIn
Find curated posts and insights for relevant topics all in one place.
View top content