From being a manager at Junior’s Cheesecake to being a full-time Final Inspector at Wood-Mode, LLC, Dominic Alvieri displays with his passion for cybersecurity that anyone can have a robust career in this field.
Dominic is a cybersecurity researcher, an independent cybersecurity analyst, and writes for The Cyber Show. He worked as a manager at Isabella, LLC for over 11 years, where his eye for detail and panache won him the 2019 Regional Iron Chef Award.
After studying Business Administration, Management, and Operations at East Carolina University, Dominic completed MicroMasters and Cybersecurity from the Rochester Institute of Technology.
He has also earned the IBM Cybersecurity Analyst Professional Certificate, with the latest one being CompTIA Security+ in November 2022.
In an exclusive interview with the Cyber Express, Dominic discussed the dark web, ethical hacking, and ransomware victims.
What got you into this field of research and cybersecurity? Were you a very studious or an average student? How has your journey been so far? What does it feel like to be a cybersecurity researcher? What are your future career goals?
Very curious growing up and I always enjoy finding out what is actually behind a site. I was above average but excelled in what I enjoyed, athletics, computer electronics and mathematics.
It is always a new challenge, a never ending game of cat and mouse. Goals? Striving in the same direction to get a little better every day…and to be happy!
What are the myths about the dark web that you would like to dispel?
That the dark web is only filled with criminal activity. It is huge. Way larger than the commercialized clearnet or web.
You have discovered several data breaches as your name shows as the first researcher to discover unusual activity on the dark web. What makes you so adept at gauging incidents? What piques your interest in detecting exploitations and what do you expect would happen after that?
I have been building a network for years well before I decided to come online. I use several different tools and bots. I have communications with some groups and adjust algorithms to activity or inactivity. Frequencies can be adjusted and noise removed by eliminating outlying groups. There are so many groups and affiliates right now
The companies posted by ransomware gangs are the ones that didn’t pay. There are many more that did and wish it not to be known. Cybersecurity incidents are still taboo.
People should focus more on the path of the exploit and closing it rather than just the payload. Other breaches are known and not paid or posted.
Royal Mail breached by LockBit and RackSpace by Play Ransomware are two recent known incidents that did not pay and were not posted. Could be fear of attention or some groups lie and say a victim paid to extort others.
Do you have any specific or interesting observations about ransomware groups that you would like to share with us? Or about any cybercriminal gang? Do you see a pattern or randomness in their attacking mechanism?
I can’t share any group or bad actor intel at the moment. The more successful groups are run like a business. Victims are targeted and planned, speared, whaled or fatigued into submission.
With most of the Hive ransomware infrastructure being demolished, do you think there can be more progress like this? Groups also keep rebranding and regrouping themselves and sometimes take a long break from criminal activities. Why do you think that might be?
I am fairly confident we will see at least one more group taken down this year.
The bad news is that I believe we will see many more new groups. Rebranding is part of the game for nearly every group except LockBit. I don’t think LockBit will ever give up his major brand besides a few stolen tweaks of code.
What is your message for budding researchers, hackers both white and grey hat and how should they avoid getting in trouble with adversaries?
The best message for any budding researcher is to never stop learning. Get 1% better every day and you’ll master your field. No one knows everything and there is so much to learn about cyber and it is always changing. Trouble can find you online and off so the best advice is to tread carefully and respectfully.