December 3, 2020

Privacy in Action: John Jackson, Cybersecurity Expert & Author

John Jackson is a Cybersecurity Expert, Ethical Hacker, and Author. He is currently an Application Security Engineer for Shutterstock. Previously, he worked as an Endpoint Detection and Response Engineer for Staples and served in the United States Marine Corps. You can follow John at @johnjhacking.

Interview with John Jackson:

Startpage: Fill in the blank: Privacy is your ____.

John: Privacy is your right.

Startpage: One a scale of 1 to 10, how private are you? How private do you think the general public is?

John: I would rate my privacy at a 5 or 6. I try to maintain a sanitary privacy-stance, but there are always instances in which I may forget to hide behind my data cloak. The general public’s average privacy rating is likely a 1 or a 2. A lot of people have no idea that their data is being sold.

Startpage: Why are data privacy and private search important to you? In your line of work? In your personal life?

John: As an Application Security Engineer I think about privacy all of the time. Every Enterprise has to think about the safest route to manage user data. Personally, I do not like nor condone the idea of selling user data to marketers, no matter how seemingly harmless it is. Privacy is an important aspect of my life, and I’m not prepared to give it up just to utilize the Internet.

 

Startpage: What measures do you take to protect your personal data online and offline?

John: Realistically I tend to take a layered approach to online privacy. Using a VPN in conjunction with a private search engine, and well-vetted browser tend to be my favorite ways to fight back. Offline, I hardly ever sign-up for mailing lists or give anyone my real name or address if requested. Additionally, I tend to keep my political affiliations, religious beliefs, hobbies, and ethical ideals fairly private. I believe that displaying associations on your front lawn, or in plain-sight are an easy way for marketers to target you for sales pitches. You may find unsolicited guests at your front door.

Startpage: How do you envision data privacy and cybersecurity in the future? 1 year, 10 years, lifetime?

John: I’m hoping that eventually data privacy becomes a priority. Society has let Big Tech abuse and mine our user data, and there’s an obvious need for punitive data-mining stipulations. A blanket end-user agreement that is forced upon someone in exchange for signing up for services that they cannot do without in a modern world is unruly. In the future, I hope that federal law will require Data Collection to be opt-in/opt-out and not embedded in a 128-page long check-in-the-box agreement.

Startpage: What drew you to cybersecurity?

John: The endless supply of change and knowledge. I have never done well in positions that can be learned in a month or less. I’ve found that Cybersecurity is ideal because you’ll never be the best. It’s physically impossible to be top-dog because someone will always know something that you do not know. Cybersecurity was never meant to be a field for someone who cannot adapt to change.

Startpage: When it comes to cybersecurity, what’s the most valuable lesson you’ve learned?

John: Be open-minded. It’s easy to silo off in one corner of the room and focus on the role that you were hired to do, but Cybersecurity should never be managed in that sense. Security is a team effort, it has to be. We should never be adversaries competing against each other. It’s important to learn, educate, and protect: together.

Startpage: For anyone new to cybersecurity, what would you recommend as first steps to protecting their personal data?

John: Think about the data that you are giving out. For example, in an instance where you want to sign up for a points card at a store, do they need your real email and physical address? Don’t willingly give out personal data, if you don’t want it exposed, think about workarounds.

 

Startpage: Does your military experience play a role in the way you tackle cybersecurity?

John: I think that it does. Serving in the Marine Corps was difficult and tiring. We had to strategize, work long hours, and adapt to rigorous work life and culture. Cybersecurity can be daunting at times, what prevented attacks today could vary in less than an hour. The Military’s forced requirement of adaptation makes dealing with new threats in the Cybersecurity space a little less stressful. We are ready to completely rip down all of our old processes and use what works, many people struggle with that level of adaptability.

Startpage: What type of activities does your hacking group do?

John: We’ve participated in multiple Capture the Flag events where objectives can span across various subcategories of hacking and cybersecurity. I’ve met a lot of great people through my group and have collaborated with many of them on various projects.

Startpage: What’s your Wiley book going to be about?

John: Evaluating, Establishing, and Managing Bug Bounty Programs. It’s an important aspect of Application Security that needs to be taught to other Engineers getting into the field. Security Researchers put in a lot of work hacking and responsibly reporting. Rational ignorance cannot be an excuse for the mismanagement of communications.

Startpage: What are your notable hacks?

John: My most notable hack was the Talkspace Business Logic flaw that garnered a lot of community attention, mostly because of how they managed our interactions for responsible disclosure. Besides Talkspace, I’ve hacked Credit Karma, Upwork, TripAdvisor, Zynga, Telefonica, HealthifyMe, Jack Daniel’s and dozens of other companies – who would prefer to remain anonymous.

Startpage: What are your favorite privacy tools? (name your favorite tool for each category)

  • Search Engine: Startpage
  • Browser: Brave
  • Email: Protonmail
  • Messaging: Signal
  • VPN: NordVPN

Startpage: Would you rather: Share your search history or give up electricity for a week?

John: Give up electricity for a week – it’s far less serious.


Privacy in Action is a series of interviews with privacy-minded Startpage users from diverse backgrounds. If you are interested in participating in the Privacy in Action or would like to nominate someone to be interviewed by us, reach out to us at [email protected].

The views expressed in this Q&A are those of the interviewee and do not necessarily reflect those of Startpage.

Was this article helpful?

Go Private

Make Startpage your
default search engine

Set as default