Keith Alexander Wants $1 Million Per Month For 'Cybersecurity' Consulting
from the hence-the-FUD dept
In May, we wrote about how ridiculous it was that former NSA boss Keith “collect it all” Alexander was now launching a cybersecurity consulting firm. After all, it’s difficult to think of anyone who has done so much to undermine cybersecurity as Keith Alexander. Now Bloomberg is reporting that he’s offering his “services” for the cut-rate price of $1 million per month. Yes, I’ll repeat that:
Keith Alexander wants banks and other companies to pay him $1 million per month to help them with their “cybersecurity.” At that price, I’d hope that he’s just selling them the location of the backdoors he ordered to be placed in all of their hardware and software. And idiotic banks are apparently willing to pay, rather than going with the much, much cheaper option of hiring an actual security expert:
Joining a crowded field of cyber-consultants, the former National Security Agency chief is pitching his services for as much as $1 million a month. The audience is receptive: Under pressure from regulators, lawmakers and their customers, financial firms are pouring hundreds of millions of dollars into barriers against digital assaults.
Either way, given that Alexander stands to profit quite nicely from his own undermining of cybersecurity, it’s obviously no wonder at all that he’s spent the past month exaggerating the “threat” of what’s out there, often taking it to ridiculous levels.
While Alexander is doing the exact same thing as his predecessors, pay attention to the various media coverage of Alexander in the coming months and years. He’s going to appear on TV and in newspapers and magazines a lot. And he will frequently be quoted spewing FUD about threats and how dangerous it is out there. And in almost none of those cases will any of the press covering him highlight the fact that Alexander stands to profit massively from keeping big banks and other companies scared shitless, so they hire him for $1 million a month to “protect” them from this threat that he both helped to create… and is now overhyping.
Filed Under: banks, consulting, cybersecurity, fud, keith alexander, nsa, surveillance
Comments on “Keith Alexander Wants $1 Million Per Month For 'Cybersecurity' Consulting”
Iron Knee(tm*) alert.
Snowden is often accused of taking documents he’s holding for the “highest bidder” willing to grant him asylum, most notably from Alexander.
Yet, now that Alexander is free-lance, what better way to capitalize by selling that same information for $1 million per month.
Want to bet Alexander won’t be deemed a traitor for giving out the same exact information? It’s a sucker’s bet, so please help me get rich off a scam, too.
😉
* not really trademarked.
Re: Re:
If Snowden paid the market-value for the documents he took it would have been all fine. The damage to USA that NSA has been talking about is primarily the value of these informations on the markets. Hell, this is what liberalism is all about: Everything has a price and people not willing or able to pay up has to live without.
Snowden didn’t pay up so he is a thief of the multibillion dollar league. A damn communist and therefore a traitor!
Snake Oil
Great to see the revolving door so alive with snake oil sales now-a-days.
This pretty much summarizes our government – and what they’re best at.
Re: Snake Oil
It is not snake oil the snake sells. Rather it is tears from the Constitution he raped for fun and now profit.
Re: Snake Oil
He’s trying to sell himself as a security expert because of his NSA connections, but think about it. The NSA let an ordinary (albeit highly intelligent) systems administrator get the better of them so comprehensively that they’re not even sure to what extent he got the better of them! I wouldn’t trust anyone connected with them to secure my garden shed. They might have the best tech (and if they don’t, you’ve got to wonder where their budget is going) and might even have some competent people working there, but overall? Not so much.
The security approach taken by banks
I’ve observed that most banks are willing to spend incredible amounts of money on consultants and software and hardware and audits and all kinds of stuff…while failing to do the simplest, easiest, cheapest, most fundamental things that would actually yield the biggest security wins.
One example out of hundreds: does your bank train its customers to be phish victims? Look at the most recent email message that they’ve sent you. Does it have any URLs in it?
If yes, then they’re idiots. If no, then congratulations: you’re a customer of the precious few banks with at least a modest clue about security.
Re: The security approach taken by banks
Things I learned when doing software development for a major bank:
1) Banking is all about the customers trusting the bank. As a result, banks will spend a lot of money doing things that make it appear to customers that they are safe and secure.
2) Banks don’t care as much about hardening their systems against attacks as people think they do. It’s actually not that hard to rip off a bank through their computer systems.
3) The one thing that is hard is getting away with ripping off a bank. It’s certainly possible, but takes more brains and effort than most thieves have at their disposal.
4) Thefts happen all the time, and most of them are never reported to the public (by design). Banks just take the insurance money and make the affected customers whole, often without the customers ever knowing that they’d been ripped off in the first place.
Banks actually are a very safe place to put your money, but for different reasons than people imagine. It might get stolen, but the bank will replace it. The end effect of all of this is to make banking more expensive than it has to be.
Re: Re: The security approach taken by banks
I agree, $12 mil a years is nothing, even for a small bank, $1Mil a months sounds actually cheap!
I guess it depends on how you want to spin it.
Re: Re: Re: The security approach taken by banks
I agree, $12 mil a years is nothing, even for a small bank, $1Mil a months sounds actually cheap!
I guess it depends on how you want to spin it.
But what value are they actually getting for that $12 million? Perhaps if it were a known computer security expert, then, sure. But what value do you think Alexander really provides to a bank?
Re: Re: Re:2 The security approach taken by banks
He tells the bad guys that a particular bank paid its dues.
Re: Re: Re:3 The security approach taken by banks
So what you’re saying is that banks have to pay certain people off in order to get the government not to attempt to hack their security?
Re: Re: Re:4 The security approach taken by banks
Oh, they are hacking security anyway. It’s just the difference between bad things happening or not.
Just like with that global surveillance thing where they are collecting everything anyway, never mind a warrant.
Re: Re: Re:5 The security approach taken by banks
So it’s kinda like the government demanding money in exchange for not doing either a DOS or a DDOS attack? Nice website you have here …
Re: Re: Re:2 The security approach taken by banks
Assistance in implementing a real time backups to Blufdale.
Re: Re: Re:2 The security approach taken by banks
“But what value are they actually getting for that $12 million?”
They’ve probably already gotten it. They’re not actually paying for what they say they are.
Re: Re: The security approach taken by banks
Re: Re: Re: The security approach taken by banks
Exactly. Perception is more important than reality (the TSA didn’t invent this concept!). Banks are likely betting that hiring Alexander will bolster the perception. In that view, it might be money well spent.
It’s unlikely that banks thing that hiring Alexander will actually let them increase security.
Re: Re: Re:2 The security approach taken by banks
Banks are cooperating with law enforcement and undoubtably NSA. In that context he may be able to lower those costs in a sustainable manner. I don’t think banks will use as divisive a character as Alexander in a commercial context. At least not with common customers.
When it comes to security I don’t think he is worth much. Just because you can split a car into pieces, doesn’t mean you can repair one. And that is assuming he has learned a lot from his department. It is not easy for a military type to accept inferiority on any subject and especially not to a subordinate. Usually leadership skills in these positions entail avoiding technical subjects and trusting the person is somewhat capable of his craft, while the leader learns to translate from geek to language, military or language, legal or language, political.
Re: Re: Re:3 The security approach taken by banks
“In that context he may be able to lower those costs in a sustainable manner.”
The costs to who? The banks already charge law enforcement for their expenses, so they have no costs to lower.
Re: The security approach taken by banks
My bank doesn’t have any of my email addresses. I’ve been pretty careful not to give one to them.
Re: The security approach taken by my credit union
No, I’m not a mere customer for a for-profit bank; I’m a member of a non-profit credit union with an immodest clue about security (Strict Transport Security (i.e., forced TLS), multi-factor authentication, no unsolicited emails (and no URLs in solicited emails)).
Why should I want to help pay for some asshole bankster’s/CxO’s next yacht? Instead, the credit union president (whom I voted for) receives reasonable compensation (no multi-millions), and I benefit from greater interest in my checking account than in any banks’ saving accounts (and no fucking fees).
Banks are for suckers (especially post-2008) and capitalists’ whores. The only non-suckers/whores in a bank are its owners ? at a credit union, every member is an owner.
Tell him to say Hello to Tattoo and Mr.Rourke for me while he is at Fantasy Island.
Re: Re:
He will easily get companies to pay that much.
The executives that can make a decision to spend $1m/mo on a cyber-security consultant are a relatively small group, but many of them are highly divorced from technology. Just think of how many stories of them having their emails printed and read to them you have heard.
I worked for one of the largest media companies in the world and the CEO never touched a keyboard. He did, however, go to the country club with other crazy rich CEO’s and they would go into the locker room and measure. Getting the bragging rights of “my systems are protected by the former head of the NSA” – right up their alley.
I knew global spying was really about economic espionage and getting dirt on politicians in order to influence their political policies.
Whoever controls the global spying machine, stands to profit handsomely from it. Just like Keith Alexander is about to profit from it. He knows the ins and outs of how the global spying machine works.
Global spying has always been about profits. Terrorism is just the “pretext” used to hide the global spying machines true purpose.
It’s the 12 million dollar snake oil man.
We can rebuild him
If Keith Alexander was really smart...
He’d be giving this pitch to local government agencies. Then they could apply for Homeland Security grants to pay his company to teach them how to protect themselves from cyberterrorists… And all of us could continue to pay his bills.
The deal is real
If the local Mafia offers your shop fire insurance at a premium, you take it. Or you leave town.
Personally, I prefer the message it would send if every business left the U.S.A., a whole country run by an organized crime syndicate calling itself “government” and considering itself above the law.
But that does not actually happen. A few people leave, a few people have their shops burn down. Most pay.
I have little doubt that Alexander will provide excellent foresight regarding just which shops will happen to burn down next.
Re: The deal is real
That’s a nice little bank you got here. Wouldn’t want anything to happen to it, would you?
Merika, where we use our positions to create the problem we will benefit from in the private sector.
Imagine if they did the hard thing and focused on solving the problems rather than creating job security.
This sort of action should be considered to be on the same level as insider trading.
Re: Re:
Sabotaging a nation’s infrastructure, then profiting from it by extorting the victims? Sorry, that’s not on the same level as insider trading. It is cyberterrorism and treason.
Re: Re: Re:
Now now, nothing says it can’t be both.
Re: Re: Re:
Didn’t the banks and wall street sabotage the nation’s financial infrastructure then profit massively from it by extorting the government into bailing them out with the taxpayer’s money in the 90’s?
It will be interesting to see just how (un)tainted Alexander’s reputation is. I’d like to think that no-one would trust him anywhere near enough to use his services but I expect he will be quite successful.
Re: Re:
Just because they’re hiring him doesn’t mean that they trust him or actually make use of his advice. It’s all for show.
$ value of Alexander's offering == $0
Anybody who pays this dickhead for “cybersecurity” services get what they deserve – absolutely nothing! Unfortunately, their stockholders and employees will be the ones who ultimately pay for this crud… 🙁
Douchebags that serve the Kool-Aid, and the dochebags that drink it
It is too bad taxpayers and citizens ultimately foot the bill for banks that listen to bullshit spewed by idiots like Alexander.
I seem to recall during the financial crisis banks “needed” to pay their high ranking officers exorbitant salaries to keep the best and brightest working for them.
If these best and brightest are listening to the likes of Alexander, then someone at the helm (of those banks) has failed to noticed all the burnt out bulbs in upper management.
This is a racket
Even if the banks pay the 1 million a month to Keith Alexander to keep their systems safe there is no guarantee that he will keep them safe from every NSA backdoor he knows, the same way there is no guarantee the if you pay a gangster protection money that he won’t come in to wreck your store later if he feels like it.
Way overpriced
I wouldn’t pay him a bent nickle a year.
Pay him to “cybersecure” your facility and it will become an NSA facility. Might as well just move your servers into the NSA’s Utah data center.
Well, that’s just me; there’s a sucker born every minute; I’m sure he’ll find someone to pay his outrageous fee.
like Joe Morganelli, profiting from both ends
This is a lot like Joe Morganelli. He was once the biggest and wealthiest usenet pirate on the planet. Then he got busted and switched sides. Now he goes around screaming from every rooftop about how pervasive usenet piracy is and how it’s going to destroy every copyright-dependent business. Unless, of course, everyone hires him to defeat the scourge he helped create.
A very lucrative business plan indeed.
Who is surprised?
Its almost like he planned it that way.
Not Idiotic. Just Corrupt.
” And idiotic banks are apparently willing to pay, rather than going with the much, much cheaper option of hiring an actual security expert”
No, they’re not idiotic. They know who and what Alexander is. An actual security expert he is not. A former high ranking government official ready for his payout he is. The banks pull the stings of a lot of the government. The government responds and the banks make it worth while. One hand washes the other. Alexander knows how it works.
Better title
‘Fox steps down from official position, offers various chicken coops ‘security’ consulting for undisclosed amount per month’.
after reading all the reports on the man since the Snowden leeks, i was thinking he was a bit crazy. now i know he definitely must be! and if any person or company pays it, they are even worse than him!!
Re: Re:
I don’t think the guy earning $12m per year from each bank is particularly crazy. Egomaniacal and sociopathic yes, crazy no.
Re: Re: Re:
That’s not why the AC is calling him crazy.
“Egomaniacal and sociopathic yes”
That’s why he’s calling him crazy. “Egomaniacal and sociopathic” are kinds of crazy.
well, shit. don’t forget nsa systems are apparently so complex they can’t conform to law. great idea consulting the guy who spearheaded that system.
…wait. actually, banks might profit from that after all.
He isn’t getting paid by the government anymore to sell out the average American. So he is trying to do it in the private sector instead.
Oh boy, we're having fun now.
Meanwhile, back at Walmart.
I would pay him. He is the only person who might know something important.
Harry Angslinger had a scam something like this going on too. Scare the shit out of them and then extort money.
One of his old friends will hire him and they will consult once in a while on the golf fields.
One of the oldest mafia tricks
Isn't he ...
just dealing in government secrets with this?
How is that legal? He’s not selling expertise, he’s selling classified information.
Isn’t a million dollars a small enough amount of money to keep this man from doing something worse to humanity?
Pay him a million bucks and pack him into a conference room to tell the janitor all his nonsense.
Just prevent him from uttering his blatant lies and fabrications to the media and public.
Well damn, finally, now we know approximately how much his cut of the NSA Blackmail programs’ monthly take was, all we have to do is determine what his percentage was, to figure out the program’s total monthly income. Thanks Keith.
I suppose once you start making a few million a year under the table, its pretty darn hard to take any legal job that pays less.
Cybersecurity consulting services enable organizations by aiding them embrace and execute cutting edge security arrangements.