🗣 Rob Rosenberger Profile picture
Aug 4, 2022 16 tweets 11 min read Read on X
1/🧵
An innocent questioner came to me asking "Why do you start [see chart below] at 2021?"

And it stumped me. Because I've studied Steve Morgan's tweets enough to know he's touted "$3 trillion" since at least 2018.

So, why DID I start at 2021? Quite simply…
2/🧵
…I had Morgan's more recent #guesstimates in front of me when I first decided to "chart the math."

Really, though, his multi-trillion $$$ guesstimates date back to 2016. And they're not … exactly … "scientific," if you know what I mean:
3/🧵
Morgan's original multi-trillion $$$ #guesstimate waffled as it [d]evolved from 2016 through 2017 depending on whom he cited:
4/🧵
On 29 January 2018, Morgan finally took a stand on "$3 trillion" annually since 2015 and made his first prediction of "$6 trillion annually by 2021."

Yet as you can see, Morgan cited — and embraced! — a "$3 trillion" #guesstimate from Microsoft's CEO:
5/🧵
Morgan changed his tune less than two months later to stake his [company's?] own prediction that "Cybercrime damages will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015."

To the best of my knowledge, Morgan hasn't revealed his research methodology:
6/🧵
Morgan finally swiped Satya's #guesstimate in August 2018. His tweets of late imply that Satya uses his SWAGs, not the other way around.

Morgan has since cornered the market for multi-trillion $$$ figures with "official" reports published by his Siamese-twin media company.
7/🧵
Morgan took off with ✌️his✌️ multi-trillion $$$ #guesstimate and has since turned it into a string of ever-increasing values projecting into the future.

Morgan doesn't explain how previous guesstimates proved true. He just spouts them as a given fact while looking forward:
8/🧵
In addition to Morgan, I also pound on cybersecurity #ThoughtLeaders who parrot his #guesstimates without extraordinary proof.

In this tweet series, I slammed @CompTIA — an industry testing & certification body! — for foolishly taking Morgan on faith:
9/🧵
Few people respond when I ask questions that make them realize Morgan #ahem might just be making up numbers out of whole cloth.

Some *do* respond. Annnnnd I let the discussions end right there.
10/🧵
Morgan has convinced numerous people to forward his tweets, perhaps in part because he's so relentless about it.

You'll see a "$10.5 trillion" #guesstimate tweet from him roughly every weekday.

Sometimes multiple tweets per day! He bragged it up three times on 2 August:
11/🧵
At this point you might ask "who IS Steve Morgan?"

I kid you not:

Morgan is editor-in-chief of "Cybercrime Magazine" which ranked him among the top ten cyber journalists of 2021. It's published by "Cybersecurity Ventures" which Morgan founded 😬
cybersecurityventures.com/10-top-cyberse…
12/🧵
So, let's wrap up Steve Morgan:

He runs an ethically dubious cybersecurity media outlet. He touts a series of multi-trillion $$$ #guesstimates yet has not showed how he derived his predictions. Shallow-thinking thought leaders take him entirely on faith.
13/🧵
Okay, now, back to the innocent question that led me to reexamine my "Steve Morgan charts."

Morgan's 1/29/2018 tweet leads me to now start from 1/1/2015 at $3 trillion annually rising to $6 trillion in 2021, rising to $10.5 trillion in 2025.

Old chart vs. New chart:
14/🧵
New "Steve Morgan charts" will use his simplistic predictions that ✌️cybercrime✌️ cost $3 trillion annually in 2015, $6 trillion annually in 2021, and $10.5 trillion annually by 2025.

It's that simple.

And it's that #ABSURD. Because it looks like this on 12/31/2025:
15/🧵
Steve Morgan needs to give our industry a REAL "deep dive" into his empirical data and the extrapolation model he allegedly chose for his predictions. NOT THIS PIECE OF TRASH:
16/🧵
I'll cite my questioner below if they choose. I strive to give people the credit they deserve and this one proved a doozy! Thank you for pointing me to a better beginning for the "Steve Morgan charts" 🤓

@ThreadReaderApp please unroll

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with 🗣 Rob Rosenberger

🗣 Rob Rosenberger Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @vmyths

Apr 11
The Pentagon's @DAF_CDAO office should have long ago prioritized its dissection of current AND PAST Air Force #cyberwar doctrine to see where it would have gotten U.S. airmen killed in Ukraine's land war.

But HAF/A6 has a problem: 🤦

They don't ponder doctrine like HAF/A3 does.
"Wait a minute, Rob. It's not @DAF_CDAO's job to ponder doctrine. The DAF has an air staff dedicated to that task!"

NO, THEY DON'T.

The office you're thinking of will LISTEN to anyone who believes doctrine must [to use the correct term] "evolve" in some way. This is why… Image
…Air Force Enlisted Historians (AFSC 3H0x1) were required to write annual analyses and strongly encouraged to write triennial monographs over every topic they regarded as vital to DOCTRINE.

I, personally, set the ball in motion to change Air Force doctrine that insisted…
Read 12 tweets
Mar 8
Sooooo… Let's begin with a quick assessment.

The book's index highlights Dr. Fred Cohen, whose thesis underpins the concept of a computer virus; Robert T. Morris, whose computer worm almost very nearly destroyed his father's NSA career; and Victor Zhora, who has refused to…
…provide a death toll from all the horrifying[ly mysterious] "cyber war crimes" he insists must be prosecuted in a new "cyber court" in The Hague that can pronounce death penalties.

Yet there's no mention of Vmyths[.]com nor Attrition[.]org nor Snopes[.]com nor folks' names…
…The root word "critic" appears numerous times in "critical infrastructure[s]," yet only appears once in the context of a #critique. "Criticism" appears once on p.168 re: CrowdStrike's undocumentable claim that Ukrainian artillerymen got blown to smithereens and sent home in…
Read 9 tweets
Dec 4, 2023
I want to revisit this supposedly rhetorical question.

Historically, we in #cybersecurity labeled traditional events "cyber" simply because the players were computer experts, e.g. Robert Hanssen was the world's first "cyber spy" because he identified a local computer vuln and…
…installed a password cracker on his work computer and used a Palm PDA.

Now we believe *every* spy is a #cyber spy because they all use computers in some way.

So, we've gone back to the lazy way of calling them just "spies" — but NOT for the right reasons.
We did what the cable & satellite industries did: they ✌️adjectivized✌️ themselves for adding channels to our TVs.

Cyber has improved all sorts of things, but in all honesty we're like @BASF. We don't make the things people use in their daily lives; we just make them better.
Read 12 tweets
Sep 15, 2023
1/21
Wow! I'm high on life after a follow-up physical at a Navy clinic where I got tossed onto an exam table with my blood pressure checked 3 times, after which they did 2 EKGs, then took my blood, etc. etc.

So let's talk cybersecurity #management. It's late 1996 and I've...
2/21
...just transferred @robtlee off MY ops floor, 😈 making me DoD's first Enlisted Information Warfare Crew Commander and setting Rob on his amazing career path -- a fact he learned at the meeting below where our mutual mentor confirmed it. So, ...
3/21
...immediately after the Stan/Eval guy said "<yawn> you're now a crew commander, good night," I called a meeting with my tiny little ops floor crew.

"NEW RULE," I declared. "From now on, YOU make the decisions and I'll write it down in the Master Station Log." This...
Read 21 tweets
Jul 26, 2023
1/7
It pains me to agree.

Historically, a new "infosec" office found its authority by teaming up w/ the HR office (holding the authority to test & fire employees) and the firm's webmaster (holding the authority to set password security policies for employees & customers alike)
2/7
Historically, a newfound infosec office couldn't send emails to "all" because the IT staff controlled that -- coincidently to stop #hoax computer virus alerts that once rampaged email servers worldwide.

IT *ignored* the new infosec manager's ✌️assumed✌️ authority, saying…
3/7
"we need HR's permission to do what you're asking."

Which was too often true:

THE IT OFFICE needed HR's permission because #ironically it was an IT admin who first got #duped by a #hoax computer virus alert and fired an email to "all" that ultimately pummeled the firm…
Read 7 tweets
Jul 15, 2023
1/18
Monday would be #NickoSilar's birthday. Our industry spouts an #UrbanLegend that she died in a hospital #ransomware attack … yet the truth is a bit complicated for our collective reductionist beliefs.

Let's study the facts surrounding this baby's tragic death, shall we? https://t.co/TVbwbQ7wTJ
Image
2/18
First, I need to caveat my role in this sad affair. I've offered my expertise pro bono to the law firm representing the attending physician who delivered #NickoSilar on that fateful day. My specific goal is to protect Dr. Parnell from Springhill Medical Center's legal team.
3/18
I must admit it proved no easy task to pick Dr. Parnell over Nicko Silar's mother who, in truth, needs no expertise I can offer.

Maybe help Springhill Medical Center's CISO?

Nope: SMC has already thrown Dr. Parnell under the bus to protect themselves & their CISO.
Read 18 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(