🗣 Rob Rosenberger Profile picture
Aug 4 16 tweets 11 min read
An innocent questioner came to me asking "Why do you start [see chart below] at 2021?"

And it stumped me. Because I've studied Steve Morgan's tweets enough to know he's touted "$3 trillion" since at least 2018.

So, why DID I start at 2021? Quite simply…
…I had Morgan's more recent #guesstimates in front of me when I first decided to "chart the math."

Really, though, his multi-trillion $$$ guesstimates date back to 2016. And they're not … exactly … "scientific," if you know what I mean:
Morgan's original multi-trillion $$$ #guesstimate waffled as it [d]evolved from 2016 through 2017 depending on whom he cited:
On 29 January 2018, Morgan finally took a stand on "$3 trillion" annually since 2015 and made his first prediction of "$6 trillion annually by 2021."

Yet as you can see, Morgan cited — and embraced! — a "$3 trillion" #guesstimate from Microsoft's CEO:
Morgan changed his tune less than two months later to stake his [company's?] own prediction that "Cybercrime damages will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015."

To the best of my knowledge, Morgan hasn't revealed his research methodology:
Morgan finally swiped Satya's #guesstimate in August 2018. His tweets of late imply that Satya uses his SWAGs, not the other way around.

Morgan has since cornered the market for multi-trillion $$$ figures with "official" reports published by his Siamese-twin media company.
Morgan took off with ✌️his✌️ multi-trillion $$$ #guesstimate and has since turned it into a string of ever-increasing values projecting into the future.

Morgan doesn't explain how previous guesstimates proved true. He just spouts them as a given fact while looking forward:
In addition to Morgan, I also pound on cybersecurity #ThoughtLeaders who parrot his #guesstimates without extraordinary proof.

In this tweet series, I slammed @CompTIA — an industry testing & certification body! — for foolishly taking Morgan on faith:
Few people respond when I ask questions that make them realize Morgan #ahem might just be making up numbers out of whole cloth.

Some *do* respond. Annnnnd I let the discussions end right there.
Morgan has convinced numerous people to forward his tweets, perhaps in part because he's so relentless about it.

You'll see a "$10.5 trillion" #guesstimate tweet from him roughly every weekday.

Sometimes multiple tweets per day! He bragged it up three times on 2 August:
At this point you might ask "who IS Steve Morgan?"

I kid you not:

Morgan is editor-in-chief of "Cybercrime Magazine" which ranked him among the top ten cyber journalists of 2021. It's published by "Cybersecurity Ventures" which Morgan founded 😬
So, let's wrap up Steve Morgan:

He runs an ethically dubious cybersecurity media outlet. He touts a series of multi-trillion $$$ #guesstimates yet has not showed how he derived his predictions. Shallow-thinking thought leaders take him entirely on faith.
Okay, now, back to the innocent question that led me to reexamine my "Steve Morgan charts."

Morgan's 1/29/2018 tweet leads me to now start from 1/1/2015 at $3 trillion annually rising to $6 trillion in 2021, rising to $10.5 trillion in 2025.

Old chart vs. New chart:
New "Steve Morgan charts" will use his simplistic predictions that ✌️cybercrime✌️ cost $3 trillion annually in 2015, $6 trillion annually in 2021, and $10.5 trillion annually by 2025.

It's that simple.

And it's that #ABSURD. Because it looks like this on 12/31/2025:
Steve Morgan needs to give our industry a REAL "deep dive" into his empirical data and the extrapolation model he allegedly chose for his predictions. NOT THIS PIECE OF TRASH:
I'll cite my questioner below if they choose. I strive to give people the credit they deserve and this one proved a doozy! Thank you for pointing me to a better beginning for the "Steve Morgan charts" 🤓

@ThreadReaderApp please unroll

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with 🗣 Rob Rosenberger

🗣 Rob Rosenberger Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @vmyths

Jul 1
Monthly reminder that I study today's global medical PANdemIC through the lens of many past computer virus panics. Click the "panic button" to read more!
Yesterday was #NickoSilar's birthday. Our industry spouts an #UrbanLegend that she died in a hospital #ransomware attack … yet the truth is a bit complicated for our collective reductionist beliefs.

Let's study the facts surrounding this baby's tragic death, shall we? Image
First, I need to caveat my role in this sad affair. I offer my expertise pro bono to the law firm representing the attending physician who delivered #NickoSilar on that fateful day. My specific goal is to protect Dr. Parnell from Springhill Medical Center's legal team.
Read 19 tweets
Jun 26
This thread pays homage to every woman by name in the U.S. who got arrested by state police because she installed a period tracking app on her cell phone:


Remember this when somebody tells you to "delete any period tracking apps you use!" #ASCII46
28K retweets for this hysterical advice to delete period tracker apps because state police can now haul women off to menstrual concentration camps
If you followed #hysterical advice to delete your period tracking app--

--you must also leave your phone in the car when you visit the DMV. It doesn't matter which state b/c they all provide "interloping database access" to other states.

Bored in the DMV? A small price to pay!
Read 9 tweets
Jun 20
Many of us have a #cybersecurity horror story about "an employee who got fired as a precaution, only later for the firm to realize their mistake, but HR just wished them thoughts & prayers because they couldn't bear to face up to their hasty firing assumptions."
We in cybersecurity insist we operate on data, facts, and logic.

But the truth is we love a good #ConspiracyTheory, and right now it's all about BSides Cleveland.

You'll find any number of people, e.g. @MalwareTechBlog, who believe whats-his-name had inside help.
Hutchins is invested in his theory and has put his money where his mouth is. Me, I'm risking $500 just to prove a point I made in the mid-1980s:

"That we never should have kicked Airman Snuffy out of the Air Force 'as a precaution'!"

I want @robtlee and @RobertMLee to...
Read 19 tweets
Jun 20
Exactly, sir!

Let's talk a "Cybersecurity No Fly List."

Ostensibly, I placed a $500 bet with Marcus Hutchins at 2:1 w/ the payout going to charity because I'm half-confident many of you jumped to the wrong conclusion about BSides Cleveland.

Realistically, though...
...I placed the bet because I worry our industry will create a "Cybersecurity No Fly List" (CNFL).

We'll do it hastily. We won't think it out properly.

And then we'll have the equivalent of a U.S. "No Fly" list.

Our very own #doxx list for cybersecurity can...
...easily expand from a simple .xls of organizers / venues / speakers / attendees who ooze toxicity.

One day you look down and the CNFL says "ban anyone from Russia. Reason: CISA ThreatKB 202209110842 marked LEO-sensitive. Until: further notice."

The next day you...
Read 14 tweets
Feb 27
To all my "OG" readers:

Let's take a step back in time to 1996.

I sit across from Rob T. Lee on the 609th Information Warfare Squadron operations floor. He's my crew commander; I'm his crew chief.

Lee knows I run "the Computer Virus Myths home page," which has grown so...
...popular that it's eating up all my free time. In December of that year the Ziff-Davis publishing empire will crown CVMhp "the world's #1 most useful website."

Trivia: Lee corrected a web page I wrote where I talked about Start Trek spaceship orbits!
Fact: Lee's career path toward AFOSI began when I formulated a plan to "lateral move" him off the ops floor. Trivia: I *almost* finagled DoD to attend the FOR508 class he authored with him on podium!

What I'm saying is, Lee & I have a career-long history:
Read 14 tweets
Feb 21
@taco_x86 @threadreaderapp Not yet.

Let me begin by recognizing that more than one person has yelled at me for RT'ing a debate re: cyber where I feel my followers should see both sides of the issue. Generally speaking: they don't want me to highlight our public conversation. I'm always like "WTFO?"
@taco_x86 "OG" readers like you know I view cyber from a similar perspective as #Doctrine_Man and #Mother_of_Tanks -- just two of many whom I've pissed off for QT'ing their tweets to reveal how insanely out-of-whack our industry's perception of #cyberwar really is.

Yet as a critic...
@taco_x86 ...I'm compelled to QT an abundant crop of tweets on crime & warfare to help us understand how cyber will fit into it.

I dare to ask philosophical questions, or to make what our industry would call a "valid" assumption, that makes no sense whatsoever to the person I'm QT'ing.
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!


0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy


3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!