An Interview with Clement Dupuis Founder and Maintainer of the CCCure Family of Portals
Clement Dupuis is a man that you can’t prevent yourself from respecting his thoughts and his principles. His principles and beliefs were one of the main reasons to launch our magazine, Security Kaizen Magazine. Two years ago, We started quoting one of his famous sayings in my lectures ”Don’t be a leacher, Don’t suck people blood till you get all the information you need , share your knowledge even with just a comment“
Can you introduce yourself to Security Kaizen Readers?
Good day to all,
My name is Clement Dupuis, I am the founder and maintainer of the CCCure Family of Portals. Twelve years ago I started to dedicate all of my free time to “Giving Back to the community” which has been a way of life since then. I had the privilege to work for 20 years for the Canadian Department of Defense and was exposed to radio communication, satellite communication, and finally I got into the computer world.
I was one of the very early pioneer who was attempting to use the Personal Computer (PC) in places and in ways it was never, ever attempted before. I had to combine modern equipment with outdated radio communication. Often time we had to talk with the engineer that wrote the software to make things work. There was no better way to learn the details behind the interfaces that we were using.
Networking, Personal Computers, Server, and making them work together has been a hobby of mine for more than 20 years. It is always a privilege to have your hobby as your full time job.
• What made you take the Free Information Sharing Route instead of selling your knowledge?
As you get past 50 years of age you realize that you do have quite of bit of wisdom and knowledge that you have acquired over the years. At one point you need to get someone ready to take over from you and finally retired.
I am from a small lumberjack village in the deep woods of Quebec, Canada. In my village people always help each others, skills and knowledge are passed from father to son for generations, I taught doing the same on the Information Security side could be a very interesting project.
It started as a hobby and today the Family of Portals reaches over 150,000 security professionals in more than 120 countries around the world. It does make me feel proud when someone sends me a message to thank me and my team for the work , we are doing in helping the community.
I was asked many times WHY I do not charge a fee on some of my portals. With the number of members we have we could be millionaire if I would have charged $10 per
person. We all need money, however we never have enough, it is a never ending story. Above money there are people, when I am able to contribute to someone career and help them progress and reach higher, I feel a lot better than getting $10 as a fee. People should always be priority number one.
Can you give us more ideas about your free information sharing web sites and the free Services you deliver?
Our portals contains large collection of Documents, links, forums, mailing lists, cram study guides, quizzes, and a whole lot more. The portals are large containers of knowledge that constantly get updated and better as more and more people are contributing.
• What problems did you face when you started your free information sharing web sites?
The first 4 years were very lonely, you spend all of your free time building content, answering queries, and you do not see anything being returned to you. Then all of a sudden my site was listed in books and magazines which drove a lot of traffic to it. I felt like quitting the whole project many times. There were days when I would get negative feedback that made me feel like pulling the plug. However, my wife who is the calm and moderate person behind me would always remind me that for every negative message I have most likely received 100 positive message. After a while you learn to concentrate on the positive and accept that you cannot please 100% of your visitors.
Time has always been my biggest challenge over the past 10 years. Maintaining portals is VERY time consuming.
Which Security Conferences Clement Dupuis must attend every year?
There are a few that I always attempt to attend such as BlackHat, Defcon, CanSecWest, and Hacker Halted. They are some of the largest and also some of the best conference that exists out there.
• You are a big fan of CISSP, why is that ?
There are a lot of misconceptions related to the CISSP certification. It is NOT a technical certification, however it forces a Security Professionals to learn more about domains that he would not get exposed to in his daily tasks. The CISSP shows that a Black Box approach to security will not work. You can stack 10 security appliances and they will still be ineffective is there is no policies, procedures, or processes in place.
People have to realize that only hardware or software is not the answer to security. You have to have a good mix of policies, people, and process, the 3 P’s. I was one of the first person to become a CISSP in Canada. I saw that it was a great package but there was no resource to prepare for it. This is when I decided to create the CCCure.Org web site. I wanted to help other in becoming certified and by the some token better understand what security is all about.
What is your Plan for the next coming years ?
I am now at the point where my portals needs to move to a better platform that will integrate with the viral world of Social Media. This is one of the major project to come. I also need to categorize content by geographical location. People loves to know what is in their backyard and what resources they have locally.
Adding a few more certifications is also on the menu. Cloud Security and Risk Management comes to mind.
• Can you rate the top 5 magazines in the Security World?
This is a tough one. Some magazines cater to management, some others cater to Security Testing, some will be for programmers, as you might have guessed I read a lot of security oriented magazines. On my short list I do have:
– 2600 Quarterly
– Club Hack Magazine
– HITB Magazine
– MISC Magazine
– Professional Tester
– Security Kaizen
– The Hackademy Journal
• What is your Comment about Security Kaizen Magazine ?and what is needed to rank it as one of the best magazines in Information Security field in the world?
Security Kaizen is a very interesting magazine and once I read through the first edition I know that it is a magazine that will only get better with time. The magazine is very young compare to other magazine that exists out there. The success will depend on a few things: Content, Content, and Content If your provide great content the readers will come to read it. From what I have seen so far you are on the right path to do so. Last but not least, ask for feedback and listen to your readers. Ask them what they wish to get and provide it to them. All of this will make it a great success.
• From your experience, What is mostly needed in the Middle east and arab countries to help them be an added value in theinformation security field instead of just importing technology?
There is already an amazing number of software and hardware company coming from the Middle east and Arab countries. Unfortunately some are nice players or are not recognized in their own country.
Information Security and it’s associated technologies are still something that is up and coming in those regions. Leadership must start at the top at the government level. Cyber Security should no longer be seen as a luxury but as a necessity to security conduct business in a connected world.
For the first time in history companies have suffered more losses and fraud online than the physical world in 2010. Where there is financial transaction and money involved there is also crime. The online world is no different than the physical world, in fact it is a lot easier to commit crime online than risking being caught in the act doing a physical crime.
Sharing information, Educating more people about these issues, and create a climate favorable to endless learning is one of the most effective tool one can use against criminal activities over our networks and systems.