Category: Cyber Security

On Episode 3 of The Cyber Security Matters Podcast we were delighted to be joined by Caleb Barlow. He’s an entrepreneur with a technical background and he’s equally comfortable presenting at TED talks or primetime news as he is consulting the board of a major health care provider. As VP of threat intelligence at IBM, he built one of the largest incident response platforms, including the world’s first immersive cyber range. He went on to be President and CEO of supply chain security business Redspin, helping them become the DoD’s first approved third party assessor, at the same time as taking the helm at parent company Synergist Tech, a cyber services firm with an emphasis on health care. He’s currently heading up his own business, Cylete, where he advises private equity firms on the right cyber businesses to target. It’s an impressive professional history! 

We covered topics from diversity in the industry to the ways that Covid has impacted the landscape of cybersecurity. Here are some of the highlights from that conversation. 

What one piece of advice would you give someone entering the industry?

This is an industry that has a language to it, and you really need to understand that language to be credible. This is an industry where information has a shelf life, because attacks and defences are constantly changing. I mean, this is not an industry that you could easily pack up and leave for a year or two and come back, because everything’s going to have changed. What I tell people is they have to stay informed of the news of the industry every single day. I think of it like Game of Thrones, right? If you’re a Game of Thrones fan, the first few episodes, you have no idea what’s going on. It takes a season or two before you start to get that all these things are connected. I think the cybersecurity industry is the same way. Whether it’s through the cyber wire or your podcast or a threat feed, you have to stay informed about this stuff, and you have to do it every day. What I’ve always said to my teams is that if you haven’t read the news, don’t come into work today. I test because if you don’t know what the latest attack was and what it means, and you get asked by a customer, you’re totally not credible.

How has the term critical infrastructure broadened in recent years?

I think we need to redefine it. When most people talk about critical infrastructure, they refer to health care, energy, finance… It’s a very World War Two mentality in terms of ‘what is critical infrastructure’. Let me ask you this, at the start of the pandemic, what did you really need? I don’t know about your household, but the critical infrastructure in my household was getting access to goods and materials during a supply chain crisis and being able to communicate with friends and colleagues and being able to send my kids to school. One of the things we have to do is realise that the pandemic brought us a whole new way to work and a whole new way to educate, so our critical infrastructure has to change. We’ve got to look at cloud providers like Microsoft, Amazon and Google; that’s critical infrastructure. Now, we’ve got to look at things like zoom, which is how my kids went to school and how I went to work. It’s an absolutely critical infrastructure. I couldn’t care less about my phone system, I need my Zoom. Suppliers that deliver things like Amazon and Instacart and large retailers that were able to keep supply chains moving like Walmart – they were critical. A lot of what we have to do is really rethink how we think about critical infrastructure and what critical infrastructure is. 

You’ve made high profile media appearances over the years and also specialised in consulting the C suite on information security, is there a major or unifying message that you strive to get across?

It’s really all about having a capability model versus just having procedures and documentation. You need to build capability in four key areas. The first is obviously cybersecurity skills and incident response. Number two – and this is surprising to most people – is communication skills. If you don’t know how to communicate internally, externally, with your partners and with your customers, things aren’t going to end well. If, during a crisis, you can’t communicate what to do, people are going to fill that void with their own speculation. I would argue that the vast majority of high profile breaches we’ve seen over the last 10 years are down to poor communication. Lacklustre communications in decision making causes more damage than the threat actor in most companies, because people either don’t communicate, which is a decision in and of itself, or they communicate bad data, not knowing what to say and how to say it, or they go sideways with regulators. The third area you need is legal, and the fourth capability you need (and this is the tough one), is business resiliency skills. On any cybersecurity response team, it is critical to have business skills that can understand what can the business handle, what alternatives might we have and how could we stand up the business in another way. Our threats aren’t any different than a fire or a flood or a natural disaster. You have to think about resiliency if you can’t get access to your IT systems.

What do you see as the prospects for cyber during the next decade? 

The simple fact of the matter is that we are still in an industry where we do not have enough people to fill the open jobs. The need for those skills only continues to grow. We are starting to solve some of the problems though, we’re starting to become a more diverse industry, which is great. Some of the pipeline of getting skills is starting to get solved, but like any industry, the next round of innovations may, in some cases, be repeats of things we’ve seen before. Ultimately what I do think we’re likely to see now is kind of the second generation of companies starting to step in. A great example of this would be as the EDR market moves to XDR, we’re starting to see the next generation companies coming in and solving the same problem but with a very different business model. Like any industry, those optimization companies will probably be the ones that win in the long term as the industry turns over.

To hear more about the future of the cyber security industry, tune into the full episode of The Cyber Security Matters Podcast here.

We sit down regularly with some of the biggest names in our industry, we dedicate our podcast to the stories of leaders in the technologies industries that bring us closer together. Follow the link here to see some of our latest episodes and don’t forget to subscribe.     

In our second episode of The Cyber Security Matters Podcast we sat down with intelligence specialist AJ Nash. He is the VP of intelligence for external cybersecurity company ZeroFOX, and he spoke to us about his journey through the Intel sector and how that’s lead him to where he is today. Read on for his perspectives on accessing the cyber security and intelligence industry. 

How did you first get into the Cyber Intelligence industry?

That’s a good question, and like a lot of people, I didn’t have a straight path. It wasn’t intentional, but I frankly don’t know if there’s a single thing in my career that’s got me here. I originally joined the Air Force, my intent was to be a police officer and go to law school, and my test did relatively well. I was in the Air Force for nine and a half years, then I medically retired and moved into defence contracting. And so I started doing traditional Intel work in counterterrorism, counterinsurgency, things like that. 

I was recruited for an opportunity. I had an interview with a defence contractor, and I literally interrupted them about five minutes into the interview, and said ‘I think I’m in the wrong room’, because all we were talking about was maths, science, computer science, operations research and cybersecurity. I didn’t know anything about most of the stuff. I told them ‘I’m an intel guy, where’s the terror? Where are the bombs?’ And they said, ‘No, no, we got people for all these things. What we need is some intel folks, we’re trying to build a new concept for how to do intel analysis specifically for cyber, and we need to have experts. We need people who can translate this to make sure this is useful.’ That ended up becoming what we called at the time cyber intelligence preparation of the battlespace. 

It was a great opportunity, and I accidentally got into cyber and helped work and develop that programme with amazing, smart, brilliant people. I was one of the folks who helped write the book along with my five or six colleagues. A couple of folks did the training. This ended up becoming foundational training for contracts at NSA and Cyber Command for a lot of cyber work. And so I learned a lot from a lot of people much smarter than myself. And that’s how I ended up in cyber, which was very much accidental like I said. So you know, from a career standpoint, it’s great to do terror and terrorists, there was certainly funding there, and then you go into cyber and it was a lot of funding there too. And so that led to a career doing cyber intelligence work at the agency and cyber command. I went into the private sector also by accident to be honest. A friend of mine convinced me to join LinkedIn, although I had never had a social media account for obvious reasons with my career, I would have been immediately compromised. That was always fun! But somebody recruited me through LinkedIn, and I moved to the private sector. 

I had a really winding path from a kid who’s gonna be a competent lawyer to a guy who does cyber intelligence work with one of the greatest companies in the world. So I’m a lucky guy, they say you put yourself in the right position. Maybe I own a little bit of it, but people have helped me along and I’ve just ended up in really good spots. 

We talk a lot about barriers to entry into cybersecurity. Is security intelligence still a good route into the industry? 

I guess it was for me. Intelligence is enduring, Intel feeds everything. I don’t think it’s going anywhere, so I think it’s a great way to work in this industry. I don’t know if it’s the easiest way to get in, necessarily, but for folks who are coming out of government and military we’ve already got the background and experience. That’s actually where private sector companies probably should be hiring their first Intel leaders. For those who are in university right now, wondering ‘how do I get into cyber?’, it may or may not be the easiest route, because again, only maybe 10% of companies out there have Intel teams, but there is a lot of demand. So if they’ve done the research, if they’ve got the education to back it up, and they can make the pitch, there’s opportunity there. But I also think there’s nothing wrong with somebody who’s coming in and wants to be a SOC analyst or do threat hunting or incident response, they’re all great ways to get in, as long as people understand those are different careers. If you want to transition from one of those to Intel, it isn’t just changing a title and moving desks. There’s some study and work that needs to go into that. From what I’ve seen, most folks who are getting into cyberspace are not coming in through Intel.

Is diversity improving within cybersecurity?

I think diversity is better now than it was, but we have a long way to go. So you know, I think if you go look at any panel discussion, chances are you’re gonna find four white guys on it. If you look at most Intel teams, most cyber security teams, the majority of them are likely to be white males especially in the US and UK areas. But I do think it’s changing. Our teams are great – we have three senior directors on the team, two women and a guy. They do all happen to be white, but one was an immigrant, so we’re not all Americans. I think part of the challenge is the talent that we still have to grow, right? There’s still a challenge in many ways, women are still not being encouraged enough as girls to go into STEM, so there’s still a lot of cultural challenges. The trouble we have is where do you hire the people from if they don’t go through the funnel, if we don’t build people with these skill sets? I think we really need to encourage young people, all ages, races, genders, to, you know, to embrace technology and embrace these opportunities. And we need to put funding in place for them and give them opportunities to do it so that we have more diversity across the board. So that’s a challenge. For people in my position, if you’re hiring folks, you have to keep in mind, I don’t want 10 people on my team that are the same person 10 times over. There’s a value to it for the team standpoint. I think a lot of folks are putting a lot of effort into this. But it’s hard, and it’s a long way to go. So better, yes, but not nearly good enough yet.

You mentioned a few really interesting things there about potential barriers to entry into the sector. So what would you say are the barriers to entry? And what practical steps can we take to reduce those?

Access to education is a barrier. I’ve talked about this around the world. There’s a privilege that I’ve had to get where I am, and certainly access to education has been there. I think we have to develop programmes that give people opportunities, regardless of their socio-economic standing. There are there are great programmes that do these things, other mentorship programmes, and there are other education programmes, that give people some of these options, but we need more of that. We’re seeing at least in this industry a move away from the bias towards everybody having to have a degree. Certifications are really valuable, and being able to demonstrate you have a skill is really valuable. On the other side, I know self taught people who are brilliant but they have a hard time getting the interview. I think folks are trying to do a better job of saying, ‘let’s get them in the room. They say they can do things, let’s test them out.’ We can be more creative in our education, but also much more creative in our hiring. 

I think that the biggest barrier to entry right now is still having the resources, funding and opportunity to get the education, skills or certifications needed. We then need to have the creativity on the hiring side to look beyond a paper and a resume and say, ‘who is this person? What do they bring to the team? Can we give them a position and a shot?” That is tough because we’re for profit companies, and a lot of companies don’t want to invest in training, they would prefer to hire somebody who’s plug and play, because it saves them time and energy and money. I think we have some challenges to solve in that area as well, especially as we keep saying that we’re 3 million people short in cybersecurity, and the number goes up every year, so it’s gonna take a collective effort to get there. Some of that might involve the industry buckling down and saying ‘we’re gonna hire people we know are qualified, we’re going to train them up.’ I think we’re seeing some of those areas improve as well.

What one piece of advice would you give to someone who is entering the cybersecurity industry? 

My one piece of advice is to be bold. I think a lot of people self-select themselves out of opportunities. Confidence is a challenge. Imposter syndrome is real – I can attest to it. I think be bold, and don’t undersell yourself. If it’s something you think you can do, and you want to do it, even if your resume says nothing about it, try to throw your hat in the ring, Try to get into the interview, try to have a discussion. The worst thing that could happen is you’re right where you left off. You gotta go do the thing, right? Try to get in there and find a way and be persistent with it. If you don’t get it one time, try another time, you know, talk to people. That includes things like just reaching out to somebody on LinkedIn. Don’t stop yourself by thinking ‘that person is really important, they don’t have time for me’. Reach out! That’s how I did a lot of it. I built a lot of my connections just by saying ‘let’s have a conversation’. Now people do that with me, I have had tons of folks reach out to me. They always seem surprised when I answer and I say ‘yeah, let’s have a conversation instead of a call.’ And people seem shocked by that. Listen, I’m not that important. I’ve got time for you, and if it’s something I can help with I will. I think a lot of people think that these people with these great titles and great roles and great amazing things won’t be interested. But you reach out, and you realise they’re awesome, and they’re happy to talk to you, they want to help. If you’re not bold, you don’t ask the question. So what if they don’t answer and move on to the next person? A lot of them will, though. People want to help each other. My best advice is always to be bold. 

To hear more from AJ Nash and other industry experts, tune into the Cyber Security Matters podcast from neuco here. 

We sit down regularly with some of the biggest names in our industry, we dedicate our podcast to the stories of leaders in the technologies industries that bring us closer together. Follow the link here to see some of our latest episodes and don’t forget to subscribe.     

In episode #77 of The Tech That Connects Us, we were delighted to be joined by John Spiegel, CTO at Axis Security.  

In this episode we unpacked everything from his career trajectory through to the nitty gritty world that is cybersecurity. 

We hope you enjoy this episode as much as we did recording it. 

What challenges does the internet being the network now create in the cyber security space? 

“Oh, my, the internet really is is the is the is the future for connectivity.  

And it’s good and it’s also bad. The good is that you have this ubiquitous connectivity out there that for the most part is is inexpensive.  

If you think about the cost per megabit of an internet line versus an MPLS line, it’s significant. And, as a result, it’s enabling this incredible amount of productivity from companies. 

You don’t have to do constant maintenance, or patch upgrades, and the ability to access that from anywhere is amazing. But, on the other hand, we have this challenge of if businesses can get to any application at anytime, anywhere.  

The same thing is true for the bad cyber actors, you know, they can easily get into your network. Maybe because you misconfigured everything or something or maybe you know, you left something open. And that’s that’s a huge challenge.  

What I’m excited about is this rise of this concept called zero trust. And I know there’s a lot of marketing around it.  But it’s probably, in my mind, the most important thing that has happened. we had an opportunity to interview interview John Kinder bog a few days ago, he was one of the fathers of, of zero trust.  

And, his whole journey started because he started working on a pix firewall. And, he did not like the concept that there was one side that was untrusted and one side was untrusted. And he’s like, “come on, this is a computer. A computer is not a human.” You know, we built a society built on trust.  you know, we trust one another that, you know, when you pay for something you trust that person.  

Every interaction you do is built on this concept of trust. Computers don’t understand trust, they are built of silicone, rare metals, and they think in zeros and ones, trust is not a concept for them. So, that kind of started sparked him on this journey of zero trust.  

And if you think about how wins are built and what I did with SD win what I did in my past, building out these networks, these global networks for Columbia, sportswear and others.  

And I spent my career building these these artefacts, artefacts of of trust, and to me that was completely wrong. I should have gone a different way. And I think the future about branch connectivity is not good. it’d be about interconnections between a branch and, and a location, it’s going to be about building islands.  

Essentially companies are going to be building these islands. And the connections going out are going to be these almost you could say “zero trust” connections out to a SaaS application, or it’s a remote worker. Those sorts of things!” 

To listen to the full episode, click here. 

Every Wednesday we sit down with some of the biggest names in our industry, we dedicate our podcast to the stories of leaders in the technologies industries that bring us closer together. Follow the link here to see some of our latest episodes and don’t forget to subscribe.     

In episode #69 of The Tech That Connects Us, we were excited to be joined by Chris Strand, Chief Risk and Compliance officer at CyberSixGill. 

With 20 years of experience, he’s a subject-matter expert in cyber risk and compliance and a regular conference speaker, most recently holding a Chief Compliance Officer role. 

Earlier in his career, Chris founded and built the global compliance and risk strategy arm of carbon black, which became a fast-growing and critically important business unit. 

We hope you enjoy this episode as much as we did recording it. 

How has the relationship between risk compliance and securities changed over the past few years?  

I’ve experienced the good and the bad with this – a bit of both. I would say, “they’ve” – and it’s not by choice, but they have converged. And this is where I say there’s the good and the bad. There are a lot of folks in the industry that for obvious reasons, see the Risk and Compliance angle as a negative thing.  

And I understand why –  they’ve grown together, out of necessity. You fast-forward to today, and there are a lot of regulations, in fact, there’s too many regulations and frameworks, it’s confusing and mind-boggling. But, it’s still a necessity. 

Look at the state of the security industry right now. I mean, we’re under a barrage of threats, they’ve grown more than I could ever imagine when I started out in my career. So, you know, with that, you can observe almost a 45-degree angle of increase in the number of regulations, frameworks, and mandates; the privacy laws that we see  the national and regional types of mandates around privacy and data that have grown. So, they’re all in one place, because we have a need to try to measure our effectiveness to protect that data.  

And again, I don’t view it as a negative, but sometimes it is a negative because we’re under such threat, right? It’s sort of like, why do you have five locks on your door now, whereas, you know, 10 years ago, you only had one – and now we do this because there have been more break-ins, it’s the same thing. We don’t like to see the world becoming a more dangerous place.  

How have you found getting back into things such as conferences?  

So, I found it extremely refreshing. I think most of us are social creatures. And I actually tend to be a very introverted person. I’m uncertain if that would surprise people because I love being in front of people, but on the other hand, I am a bit of an introverted person. So, it’s sort of a weird mix. But,  since I’ve been able to get out in back into the public, back face to face and speaking with people, I can never look back.

I mean, it’s the most refreshing thing I’ve ever experienced, and a very surprising feeling as well, it was a euphoric feeling at the time! 

What has the ubiquity of cloud platforms and services for enterprises meant in terms of risk management? 

It’s thrown a wrench into risk management for sure. Because the accessibility of the cloud alone, I mean, there are so many security themes that we can talk about such as the move to the cloud, and what’s happened over the last five, six years or so. It’s definitely created a lot of stress for risk managers that are trying to work with what they used to see as closed systems.  

But one of the main themes that have become a huge thing and has helped evolve and create a lot of data privacy laws is the fact that data now is much more accessible than has ever been with the cloud.  

Now, that data is way more accessible, there are so many different threat vectors to that data that we’ve never ever had before we’ve never had to deal with. So, it’s made risk managers’ lives much more difficult, because there are a million more variables that you have to consider when you’re measuring the threat to that data.  

What major lessons do you feel that organisations need for this decade to better manage risk and compliance? 

When I think of lessons, it’s hard for me to say what a particular lesson is because I don’t want to sound like I’m preaching to organisations, and to say, you know, you should have learned this, you should have been doing this from day one etc.  

But I do think that there are a few lessons that we can look at. And one of the big things is, and this is very hard to talk about with different businesses is the transparency of their business process.  

The more transparent you can be with how secure your data is, the easier it can be to find faults. But, you’re basically asking someone to talk about their weaknesses.  

And businesses think “I don’t want to make it sound too weak”. Because, hey, if I’m an assessor, and I’m in an assessment with a retailer, let’s say, you know, and I’m asking them, where are all your faults and such? They’re thinking, Hmm, I don’t know if I want to tell you this. Because the minute I do, what if this gets out? What if I don’t trust this individual? Right? What if we don’t have a trusting relationship between us, and this gets out, and my brand gets damaged.  

But, the lesson is to be transparent as it’s done good for many organisations. 

To listen to the full episode click here. 

Every Wednesday we sit down with some of the biggest names in our industry, we dedicate our podcast to the stories of leaders in the technologies industries that bring us closer together. Follow the link here to see some of our latest episodes and don’t forget to subscribe.     

In episode #69 of The Tech That Connects Us, we were excited to be joined by Chris Strand, Chief Risk and Compliance officer at CyberSixGill.

With 20 years of experience, he’s a subject-matter expert in cyber risk and compliance and a regular conference speaker, most recently holding a Chief Compliance Officer role.

Earlier in his career, Chris founded and built the global compliance and risk strategy arm of carbon black, which became a fast-growing and critically important business unit.

We hope you enjoy this episode as much as we did recording it.

How has the relationship between risk compliance and securities changed over the past few years? 

I’ve experienced the good and the bad with this – a bit of both. I would say, “they’ve” – and it’s not by choice, but they have converged. And this is where I say there’s the good and the bad. There are a lot of folks in the industry that for obvious reasons, see the Risk and Compliance angle as a negative thing. 

And I understand why –  they’ve grown together, out of necessity. You fast-forward to today, and there are a lot of regulations, in fact, there’s too many regulations and frameworks, it’s confusing and mind-boggling. But, it’s still a necessity.

Look at the state of the security industry right now. I mean, we’re under a barrage of threats, they’ve grown more than I could ever imagine when I started out in my career. So, you know, with that, you can observe almost a 45-degree angle of increase in the number of regulations, frameworks, and mandates; the privacy laws that we see  the national and regional types of mandates around privacy and data that have grown. So, they’re all in one place, because we have a need to try to measure our effectiveness to protect that data. 

And again, I don’t view it as a negative, but sometimes it is a negative because we’re under such threat, right? It’s sort of like, why do you have five locks on your door now, whereas, you know, 10 years ago, you only had one – and now we do this because there have been more break-ins, it’s the same thing. We don’t like to see the world becoming a more dangerous place. 

How have you found getting back into things such as conferences? 

So, I found it extremely refreshing. I think most of us are social creatures. And I actually tend to be a very introverted person. I’m uncertain if that would surprise people because I love being in front of people, but on the other hand, I am a bit of an introverted person. So, it’s sort of a weird mix. But,  since I’ve been able to get out in back into the public, back face to face and speaking with people, I can never look back. 

I mean, it’s the most refreshing thing I’ve ever experienced, and a very surprising feeling as well, it was a euphoric feeling at the time!

What has the ubiquity of cloud platforms and services for enterprises meant in terms of risk management?

It’s thrown a wrench into risk management for sure. Because the accessibility of the cloud alone, I mean, there are so many security themes that we can talk about such as the move to the cloud, and what’s happened over the last five, six years or so. It’s definitely created a lot of stress for risk managers that are trying to work with what they used to see as closed systems. 

But one of the main themes that have become a huge thing and has helped evolve and create a lot of data privacy laws is the fact that data now is much more accessible than has ever been with the cloud. 

Now, that data is way more accessible, there are so many different threat vectors to that data that we’ve never ever had before we’ve never had to deal with. So, it’s made risk managers’ lives much more difficult, because there are a million more variables that you have to consider when you’re measuring the threat to that data. 

What major lessons do you feel that organisations need for this decade to better manage risk and compliance?

When I think of lessons, it’s hard for me to say what a particular lesson is because I don’t want to sound like I’m preaching to organisations, and to say, you know, you should have learned this, you should have been doing this from day one etc. 

But I do think that there are a few lessons that we can look at. And one of the big things is, and this is very hard to talk about with different businesses is the transparency of their business process. 

The more transparent you can be with how secure your data is, the easier it can be to find faults. But, you’re basically asking someone to talk about their weaknesses. 

And businesses think “I don’t want to make it sound too weak”. Because, hey, if I’m an assessor, and I’m in an assessment with a retailer, let’s say, you know, and I’m asking them, where are all your faults and such? They’re thinking, Hmm, I don’t know if I want to tell you this. Because the minute I do, what if this gets out? What if I don’t trust this individual? Right? What if we don’t have a trusting relationship between us, and this gets out, and my brand gets damaged. 

But, the lesson is to be transparent as it’s done good for many organisations.

To listen to the full episode click here.

Every Wednesday we sit down with some of the biggest names in our industry, we dedicate our podcast to the stories of leaders in the technologies industries that bring us closer together. Follow the link here to see some of our latest episodes and don’t forget to subscribe.     

In episode #62 of The Tech That Connects Us, we were excited to be joined by Hash Basu-Choudhuri. He is the current GM at Cribl, and has held advisory and senior roles across the world, mostly in the EMEA region. 

We touched on his career so far, as well as specific topics around data challenges, crypto, and D&I.  

We hope you enjoy this episode as much as we did recording it. 

What would you say are the major IT data challenges currently facing enterprises and government? 

“Just complexity, look at the rate of change, I think if you look at the rate of change from 2000, it was not that high. Things weren’t being innovated at the rate they’re being innovated today.  

The problem today is that every three years there’s a new cycle riding. You had the mobile cycle, the cloud cycle, now you have the container cycle. And now, we’re moving into completely trustless environments using blockchain technology.  

Airbnb disrupted travel, and not even seven years later, Airbnb is probably going to get disrupted by blockchain! I think the biggest challenge is that.” 

How has the UAE handled COVID differently to other parts of the world? 

“This is a great question. So, this has literally been a business case study in probably how to do it right. The UAE has looked at the impact, looked at the facts, looked at the science, and been ahead of the game.  

I deal a lot with Emirates Airlines and Dubai airports. I would say 70 to 80% of the world’s vaccines fly through Dubai, because they’re manufactured in India. This is their distribution hub. And then from here, Emirates Airlines repurposed god knows how many planes into vaccine carriers. And then from here, they’re distributed globally. So, they’ve got the distribution for the world sorted.” 

What novel cybersecurity challenges does the growth of cryptocurrency prevent present? 

“When you’re talking about cryptocurrency, it gives you immense power, you do not have to trust the third party, there is no centralised system. But the problem with security from a blockchain perspective is that you are responsible for your keys, for your wallet, for your assets right now.  

Sounds simple, but how do you secure it? You just have to be very, very careful with the way you manage such assets. There are a couple of tech players out there that are trying to solve it with escrow accounts, and the ability to have extensive multi-party certificates.” 

What is your assessment of how well tech industries are tackling diversity? 

“So for me, obviously, you know, I fall into that category. But for me, it’s not about this, It’s about the diversity of thought. My background is not going to be exactly the same as your background.  

But, if you can attract talent and have multiple different mindsets, it’s good for business. Look at your target audience, which is the world, right? If you want mass adoption, it’s everyone. So, you kind of have to mirror that. And you can’t mirror it if you don’t have a diversity of thought.  

I think a lot of these companies are leading with just hard metrics. And it’s like a sales process, right? You can do metrics one, two, and three, and you don’t do anything at the end of that, right? When really, it’s the way you interpret that data. It’s the way you apply it. And it’s really what you do with it once you have met those targets.  

I think a lot of companies are just laser-focused on “we need to have this many Asians this many, you know, blah, blah, blah” right. And I don’t particularly like the topic because I think it’s an over-rotation, it should always be merit-focused. And it should always be diversity of thought that you get from it over anything else.” 

You can listen to the full episode here.

Every Wednesday we sit down with some of the biggest names in our industry, we dedicate our podcast to the stories of leaders in the technologies industries that bring us closer together. Follow the link here to see some of our latest episodes and don’t forget to subscribe.     

What’s in store for the Cyber Security industry?

2022, where’s it going to go, what does it have in store?

We’ve collated key trends from some of the influential figures across the 4 sectors we recruit into – Cyber Security, Connectivity, Content & Media and Satellite & NewSpace.

We’ve spoken to experts from companies such as Sky, Orbit Fab, Casa Systems, and A5G Networks.

If you want to find out what we think will be the key trends for cyber security this year, then just click the link below to download now!

Click here to download now.

Joining us for episode 50 of The Tech That Connects Us was David Brown Vice President and General Manager, International Sales – ZeroFOX. We heard his insights on the OT domain – where he’s headed up both IPOs and acquisitions, what really keeps CISOs up at night, alternative models for industry events, how to recognise the potential in new hires and that’s just the tip of the iceberg.

One question Jake Sparkes and John Clifton put to David was ‘What does the threat landscape look like right now for OT?’ Here’s what he had to say.

“There’s no doubt that there are more types of attacks now on OT. We’re seeing ransomware popping up a lot more commonly, or at least we’re hearing about that more now. 

One of the interesting bits about OT is actually when you look at the infrastructure it’s built on. I’d still say that Windows NT and XP are probably the most prevalent operating systems in an OT environment around the world. 

So what does that mean? It means that there’s a tonne of exploits available straight off the internet, you don’t need to be that smart. But if you work up through the levels of sophistication and if we’re talking about large organisations they’ve got quite a sophisticated security posture. 

The two things that I think are really interesting at the moment in that space is the consolidation of the technology to see what’s going on in your OT network. Because if you are a CESO or an information security director then you’ve got more flashing lights than you know what to do with. You may also have an ageing workforce without the domain expertise to understand what’s going on. 

So I think there’s going to be a bigger drive for how do you consolidate all that stuff into a single pane of glass, there’ll be a drive to provide either AI or a managed service that provides recommended actions and remedial work for the top three to five actions that the organisation needs to be focused on. And those actions will be evidenced by what’s going on outside in the rest of the world. 

The second thing that’s of interest at the moment is risk. So you’re seeing now there are new bills going through in the US, and CESOs are looking at what’s the risk across all of my platforms IT and OT. A drive for this is that it’s not been so easy to understand what’s going on with OT, because you’ve had all these flashing lights and an unconnected system, with a lot of tech but it’s just not connected.  

The reason they want to know what their risk is because there’s also a developing insurance market where a number of insurers are getting together and looking at how they can take IT and OT cyber risk and turn that into a sellable product. When we look at the potential of that market it’s probably 30-40 times the size of the complete OT market. What I can see we will get to in the next 2-3 years is a similar system to the black boxes currently being used by vehicle insurers, so you’ll have a premium and it will vary depending on your attitude to risk and your controls that are in place across the whole estate. That then allows organisations to make an economic decision because you might say I will stand the increase in premium which justifies me doing these things across my plant. 

This then becomes a very much return on investment decision. It’s not about fear, uncertainty and doubt it’s actually about economic imperative.” 

Every Wednesday we sit down with some of the biggest names in our industry, we dedicate our podcast to the stories of leaders in the technologies industries that bring us closer together. Follow the link here to see some of our latest episodes and don’t forget to subscribe.     

Joining us on episode 47 of The Tech That Connects Us was Trish Cagliostro Head of Worldwide Alliances at Wiz. Trish joined Laurie Scott and Andrew Ball. They only scratched the surface in a conversation that spanned Cloud Security, threat intelligence, the partner landscape, Cyber’s diversity challenge, the joys of softball and much more!

Trish is a thought leader in the cyber security industry, so whilst we had her on the podcast we needed to find out if the industry was getting cloud security wrong as is mentioned by commentators in the industry. Here’s what Trish had to say. 

“Cloud security is hard. It’s hard and it’s a little bit different from what the rest of the industry says. Cloud security isn’t so much of a problem for the born in the cloud companies, such as Netflix, they’re fine. Where this does become an issue is when a traditional enterprise goes to the cloud. Organisations go to the cloud for innovation, the costs savings are nice, but it’s the elasticity and the ability to endlessly expand and instantly expand globally that is powerful. 

However, the way these traditional organisations go to the cloud typically looks like this. They look at their applications on-premise, they go with what’s easy and upload some VMs into the cloud and expect to take their on-premise security structure with them. 6 months then go by, and the customer is thinking that they can’t innovate and they aren’t saving much money. So they want to look at what they can do differently from here. They’ll then start to refactor some of their applications, containerise, embrace some more modern application architecture, replatform and kick the Oracle legacy databases to the curb. 

Now the organisation will have a stopping point on their cloud adoption, they have their legacy on-premise tools supporting the legacy workloads. So now they need to go out and use some cloud-native services as all the cloud providers have cloud-native services. But they’ll have some very different types of computing that are very different in the cloud than they are on-premise. Then there’s the idea of a managed service which comes with the complication of the shared responsibility model. So at this point, the company will be looking at different tools from different vendors for niche cloud security. This is where the breach happens, all of a sudden, there are three separate data silos, the traditional on-premise tools, the cloud-native services from the cloud providers and the new types of security tools that were brought in to deal with the new types of cloud computing. 

So now these organisations still can’t innovate, they’re probably spending just as much money as they were in the first place, Then the cloud provider comes in and says ‘let me tell you about serverless’. The whole model is then broken. So in this instance, I don’t think it’s fair to blame the cyber security industry. It’s a shared responsibility between the industry and the customers as well, to think differently about security in the cloud. 

I meet with partners all the time, and they’ll say to me ‘Okay got it, it’s the same way we dealt with data centre security. But you can’t think that way. You have to think of a customer and the entire cloud journey they’re going on, and then understand how to build a security strategy that supports them across that. 

The other part of this is beyond just helping them with the security strategy and explaining that the customer will need to have an unusually long term vision with this and that we need to be transparent, understanding and really dig into what we’re doing in the cloud. A lot of time to the customers it’s not obvious, they’re normally using a managed service and think they’re good. You need to have a clear understanding of what your responsibilities are as a vendor, then make sure you have the controls and mitigation in place to account for what’s really important.  

I really do think that when we think about this we can’t just think about it in phases, we have to think about it holistically through the journey. 

Every Wednesday we sit down with some of the biggest names in our industry, we dedicate our podcast to the stories of leaders in the technologies industries that bring us closer together. Follow the link here to see some of our latest episodes and don’t forget to subscribe.     

On episode 42 of The Tech That Connects Us John Clifton and Jake Sparkes were joined by global Cyber marketing expert Reuben Braham. 

In the episode, we heard Reubens thoughts on the marketing trends that are emerging in the cyber industry. 

“Anything that we talk about regarding marketing trends, is actually a bit different to what we’d be talking about 18 or 19 months ago before we had the COVID 19 pandemic. 

Before the pandemic, it was different because we could travel and meet people face to face and be present. What I’m seeing now is that the world is ready for a more hybrid model of business, so our marketing needs need to focus on gearing up and being part of the virtual events and conversations, we’re having over Zoom right now. It’s something that is now more acceptable even for business meetings with CEOs, CMOs etc. So, we have to be ready for a hybrid business model.  

On the other side, we need to understand that people are going to be hit with a lot of virtual requests and that ‘Zoom fatique’ is real. All the different vendors and suppliers will want to have virtual briefings which will start to take its toll on our customers. 

The best strategies I’m seeing currently are around creating thought leadership content that can be circulated to your target audience, companies need to be building more blogs, building more thought leadership content and educating your market. 

When you’re building content you should be focusing on your perfect customers, understanding their pain points and doing your best to help them by being consultative with your approach. 

As a marketing department, you must be doing targeted research, and then use an account-based marketing approach, not just a shotgun approach trying to hit everybody. If you can build a library of very good content that can educate your audience and continue to educate them then that’s something that will have a massive impact on your business. 

In my first 6 months at Cyberint, our first task has been to build up our content library, I really believe that creating great engaging content will work wonders for not only engaging with your current and potential clients, but it’ll really help with our website SEO. Once you’ve built up that library of content potential customers will understand that you’re a player in the marketing, and they’ll start to differentiate your business from the competition.  

Virtual meetings and virtual events are starting to have their toll on people, and people would rather consume content at their leisure rather than at a set time. 

There’s also a lot to be said too for building out good automation and allowing 70-80% of your customers journey to be done through marketing automation. The more content you can give your potential client the more they’ll know about you and the more they’ll see you as the business to work with over your competition.” 

Every Wednesday we sit down with some of the biggest names in our industry, we dedicate our podcast to the stories of leaders in the technologies industries that bring us closer together. Follow the link here to see some of our latest episodes and don’t forget to subscribe.