Ransomware attacks are, in simplified terms, the blocking of data and files and charging fees to regain access to one’s files and information. This virtual threat has become increasingly common and widespread criminal practice across the planet. Whether it is a small enterprise, a large business, or a government body, every organization is feeling the impact of ransomware.
For instance, the 2021 Colonial Pipeline ransomware attack halted oil distribution along the U.S. East Coast, triggering a national security crisis. Hackers, part of the DarkSide group, managed to steal 100 gigabytes of data and cripple critical computer systems within hours. According to Kevin Cardwell, a cybersecurity expert and author of nine books on the subject, this attack, like many others, exploited a common vulnerability: human error. Cardwell asserts that more than 80% of cyberattacks take advantage of user mistakes, coupled with poorly designed networks that allow a single breach to disrupt entire operations.
“In many high-profile ransomware attacks, a single breach compromises the entire system. This is a sign of flawed network architecture,” explains Cardwell, Co-Founder and President of cybersecurity firm Cyber2 Labs. “A properly designed network should be able to isolate breaches and continue operations, much like a warship that can sustain damage in one section and still fulfill its mission.”
Cardwell makes this naval analogy thanks to his over two-decade-long career in the U.S. Navy’s C4I division (Command, Control, Communications, Computers, and Intelligence), where he led a team that built a NOC (Network Operations Center)—a service provider between ships at sea and the commands that are ashore. Prior to his retirement, he served for six years as the Leading Chief of Information Security at the NOC.
Regardless of these heavy cybersecurity-related accomplishments, Cardwell, who grew up watching fiction movies such as Westworld and 2001: A Space Odyssey, had initial reservations when it came to technology. Back in the 1980s, he worked as a sonar technician for the US Navy. However, years later, when he decided to leave the service, he quickly realized that most job openings required computer literacy, leading him to take classes at a community college. An instructor over there noticed his gifts when he completed a 16-week semester in less than a month. This led Cardwell to eventually graduate in computer science and receive a post-graduation degree in software engineering from SMU (Southern Methodist University).
The U.S. Navy assigned Kevin Cardwell to a team responsible for providing internet access to Navy ships. This was a first back in the early 1990s. Within six months, the team successfully linked a carrier group, including the USS Kitty Hawk and thirteen other ships, to the Internet. Cardwell says, “There was a lot of trial and error, which actually helped me improve my tactical cyber security skills.” He has worked on similar cooperative projects between the US and British forces. Even the U.S. Department of Defense assigned Cardwell to lead a five-person red team that simulates a hacker or hostile entity to test the security of networks. For six years in a row, the team had a perfect record of successfully compromising systems and networks. This expert also created the EC Council’s Certified Penetration Testing Professional Course, where he teaches tactical industry skills. “It is interesting that, over the three decades of experience that I have, the process has remained the same. The only things that have evolved are the tools available to you and the targets you face,” he adds.
After retiring, Kevin Cardwell operated independently for government bodies worldwide, finally founding Cyber2 Labs. He brings his unique and pioneering expertise in the Navy to his approach to cybersecurity, which prioritizes prompt identification and threat isolation. His expertise has led him to understand that placing decoys in the network is one of the best ways to trap hackers or intruders and alert defenders.
Over his career, Cardwell has authored or contributed to nine books, including The Official CHFI Study Guide and Defense and Deception: Confuse and Frustrate the Hackers, a 2022 book that outlines his philosophy of flipping the advantage from attackers to defenders. His latest work, Tactical Wireshark, teaches readers how to use the open-source protocol analyzer Wireshark to detect intrusions. While he hasn’t ruled out future books, Cardwell believes cybersecurity evolves too quickly for traditional publishing and is now focusing on courses that can be rapidly updated to reflect the field’s fast-paced changes. His courses are hosted on platforms like Udemy, Starweaver, and Pluralsight.
Kevin Cardwell’s innovative strategies continue to reshape how organizations think about cybersecurity, helping them defend against an increasingly complex and dangerous cyber landscape.
