interview Archives - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :

interview

5 Minutes With… Javvad Malik, Security Awareness Advocate at KnowBe4

 960 640 Stuart O'Brien
By:
0
0

In the latest instalment of our cybersecurity industry executive interview series we spoke to Javvad Malik (pictured), Security Awareness Advocate at KnowBe4, about the importance of training employees to avoid risks, common mistakes made in cyber defence strategies and why action blockbuster The Predator is the perfect movie for cybersecurity professionals… 

Tell us about KnowBe4

KnowBe4 is the world’s first and largest New-school security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering. Our main mission is to enable employees to make smarter security decisions every day, and that’s what our products are all designed to support.

Why is security awareness and training important?

Humans are the most attacked vector in any cyber security incident. As a result, security awareness and training is essential to equip employees with the knowledge and skills needed to navigate the digital world safely. By promoting a strong security culture, organisations can significantly reduce the likelihood of successful cyberattacks and minimise the potential impact when incidents occur.

What do organisations most commonly get wrong when it comes to cybersecurity?

Too many times organisations focus on the new shiny threats out there and focus on highly technical and often theoretical threats. The main threats most organisations face still revolve heavily around phishing, poor passwords, and unpatched software. By focussing on the fundamental controls, organisations can reduce their risk significantly compared to chasing the latest shiny tech.

What advice would you give someone starting out in cybersecurity

Be patient, learn your craft, find mentors who can help you grow into areas you want to.

What infosec technology could you not live without?

From a personal perspective, I think a password manager has become invaluable in creating, storing and managing credentials. I genuinely don’t know any of my credentials – which I think is a good thing.

What’s your favourite cybersecurity movie?

Predator, with Arnold Schwarzenegger. You probably are wondering why that is a cybersecurity movie, and to answer that I explained my thoughts here: https://javvadmalik.com/2020/10/29/why-predator-is-the-ultimate-ciso-movie/

5 Minutes With… Cathal Judge, CEO at CISO Assurance Global

 960 640 Stuart O'Brien
By:
0
0

In the latest instalment of our IT security industry executive interview series we spoke to Cathal Judge, CEO at CISO Assurance Global, about regulatory compliance in the cloud, exploration of Zero-Knowledge Proof, understanding privacy as a basic human right and the potential of quantum key distribution…

Tell us about your company, products and services.

CISO Assurance Global is a best in class security services provider, covering v-CISO, GRC, v-DPO, Cloud Security Architecture, Penetration Testing, and more. Our clients include Fortune 500s as well as SMEs.

What have been the biggest challenges the IT security industry has faced over the past 12 months?

We have been particularly focused on meeting regulatory compliance requirements within complex cloud architecture environments, enabling our client’s ‘Telco cloud-first’ digital transformation goals. A first in the industry. We work with regulators in areas that are not yet fully defined – specifically around encryption key management, to ensure absolute privacy and security of customer data, yet high availability as per business demand.

And what have been the biggest opportunities?

The opportunities to reduce risk and boost privacy are endless. We are exploring Zero-Knowledge Proof, AI and other areas as we build solutions to meet the various challenges facing our industry today.

What is the biggest priority for the IT security industry in 2023?

To continuously educate and shift the culture across all countries, to be more risk-conscious, to better understand privacy as a human right, to be more customer-centric, and to continually improve. We cannot overlook any area, by focussing too much on another area. Every organisation’s threat and risk profile is unique.

The new NIS2 Directive will have an impact on our clients, and we are perfectly positioned to embrace these Network Security requirements with our Security Architecture managed service offering.

What are the main trends you are expecting to see in the market ?

More uptake of AI, as digital transformation continues to accelerate. More data, wider attack surface, bigger risks, bigger breaches.

Better technology solutions incorporating encryption and key management, ZKP solutions and crypto security continue to evolve at a rapid pace. Advances in quantum cryptography.

What technology is going to have the biggest impact on the market this coming year?

That has to be Artificial Intelligence. As much as it is stealing the limelight, it is justified. Hackers will use AI, defences will use more AI. AI shifts the goal-posts dramatically.

In 2025 we’ll all be talking about…?

Quantum cryptography solutions coming to market, especially quantum key distribution going mainstream. AI being weaponized more, and AI defences becoming the go-to for organisations.

Which person in, or associated with, the IT security industry would you most like to meet?

Vitaly Buterin comes to mind. I would like to discuss the deeper philosophical views he may have around true decentralisation and security, for the people.

What’s the most surprising thing you’ve learnt about the IT security sector?

Imagine a world where quantum computers are able to crack any modern encryption with ease. The modern world would collapse… Upon researching quantum encryption, I came to realise that secrecy is built into the very fabric of our universe… On a quantum level, confidentiality is assured, because quantum states cannot be cloned or copied without changing the data itself. This means we can detect a hacker and instantly rotate the keys.

You go to the bar at the Security IT Summit – what’s your tipple of choice?

A ‘boring’ healthy fruit juice. If on a Friday I’ll order a tin cup with a steel umbrella shaped like a radar!

What’s the most exciting thing about your job?

Coming up with creative ideas to solve our client’s real world challenges, and then working with them from start to finish, building friendships along the way.

And what’s the most challenging?

I particularly enjoy challenges, so bring them on, whatever they may be!

What’s the best piece of advice you’ve ever been given?

Going back more than a decade, my mentor Julia taught me about the importance of embracing positive security awareness as a means of cultural transformation. This principle is still the most important – 80% of our consulting focuses on education and cultural transformation. When people truly understand ‘why’, the rest falls into place. Our core services are about empowering our customers, to take responsibility and ownership of Security and Privacy from the ground up, and the top down.

5 Minutes With… PortSys CEO Michael Oldham

 960 640 Stuart O'Brien
By:
0
0

For the latest instalment of our cybersecurity executive interview series we spoke to Michael Oldham, CEO of PortSys, where he works on access control solutions across many industries, including finance, government, defense, utilities, healthcare, education, non-governmental organizations (NGOs), construction, retail, and other market segments where secure access to enterprise information is vital

Tell us about your company, products and services.

PortSys is a global Zero Trust Access Control company.  Total Access Control (TAC), our Zero Trust solution, allows organizations to consolidate their access infrastructure, make it easier for their end users, dramatically improve security, reduce costs, and empower their businesses.

What have been the biggest challenges the IT security industry has faced over the past 12 months?

Complexity, complacency and lack of funding. Over the years we’ve tackled security challenges in the same ways over and over again: a problem comes up, some smart people create a solution for that problem, and we implement it in our datacenters.  Recently these issues have exploded with cloud-based offerings of IaaS, PaaS, SaaS – Everything as a Service, essentially. And we just can’t keep up on the security front.

Complexity hasn’t been any one person’s or team’s fault; but over the last three or four decades we created a Frankenstructure – an incredibly complex infrastructure monster that we have lost control of. The more technologies we bring in, the more prohibitively expensive it gets to own them and keep them up to date. Too many products from too many different vendors, all of which don’t work together, creates a massive amount of security chaos across the enterprise, giving hackers too many cracks in your armor to exploit.

In addition, it’s not a matter of if you get hacked – it’s a matter of when. That’s why being complacent, staying with what you already have while hackers continue to evolve their tactics, is a recipe for failure. Most organizations still rely on a castle-and-moat defense, an outdated approach that wasn’t designed to protect us in today’s perimeterless world.

When hackers breach a perimeter (and don’t fool yourself, they will), it’s game over. Once inside, they can pivot and attack – stealing data, compromising accounts, installing ransomware, or just laying in wait for the right time to spring into action. Most organizations don’t see it coming.

It’s not solely the fault of IT – long-term, short-sighted budget neglect by the C-suite is often at the root of these security lapses. It’s hard to pivot from what we’ve done in the past to what we need to do for future threats without adequate financial resources. Yet IT security is still often seen as a cost center. We need to become more than just a line-item expense to successfully protect – and grow – our organizations.

And what have been the biggest opportunities?

We can have a direct impact on how our organizations operate and create a competitive advantage as well. IT security was always a boat anchor that dragged down innovation, particularly around mobility. Today we have technologies that make accessing information  – from anywhere, on any device – easier and far more secure than ever. So employees, suppliers, business partners and volunteers can be more productive than ever.

The emergence of these relatively recent innovations accelerated as practically the entire world migrated to a remote work environment during the pandemic. These security technologies possess an often hidden – or at least little understood – superpower when it comes to digital transformation. With certain solutions, using Zero Trust principles of security, we can now gain a seat at the table when the big strategic decisions are being made: we can actually empower new strategies that ensure the long-term success of our organizations by improving productivity and protecting access to the crown jewels more securely than ever.

What is the biggest priority for the IT security industry in 2022?

Cleaning up the mess of the past three or four decades. There must be a strategic imperative to consolidate the dizzying array of technologies out there, shrink our attack surface, and empower the business for the long haul. With Zero Trust, we now have the right security approach not only to protect our organizations in today’s perimeterless world, but also to reduce costs and grow the business.

What are the main trends you are expecting to see in the market in 2022?

First, reduce supply chain risks. The Solar Winds attack placed a harsh spotlight on the inadequate controls that are in place across our technology supply chain.

Supply chain attacks are just another method the opportunistic hackers have launched, just another way to get inside our infrastructure where protections are few or non-existent. Once inside, they will wreak havoc, so it is critically important to stop their ability to access our resources and applications, and to create segmentation within our infrastructure to prevent any lateral movement.

The other trend will be to reduce the complexity of our security infrastructure. We have to more robustly secure our proprietary information and resources, and yet be nimble in doing so. Zero Trust has been talked about for years, but confusion about what it actually is and a lack of understanding, caused by overhyped marketing, slowed adoption. That marketing haze is starting to lift as organizations gain a better understanding of how a technology like Zero Trust Access Control helps ensure long-term success.

In 2025 we’ll all be talking about…?

The risks associated with multi-tenant cloud environments. It was inevitable that we would see a breach of a major cloud service that would impact many customers in a single attack, even in the security realm. The recent breaches in Okta and Microsoft cloud services are evidence of that. But  while significant, these breaches will not be the last. Over the next few years we will see more of these and IT security will rise in importance on the list of priorities by affected and concerned customers of these large multi-tenant providers. These services are incredibly tempting to criminal elements because organizations have started to put all their security assets into one cloud basket. Just imagine if they are able to get valid credentials and a convenient sign-in method to thousands of organizations, how much would that be worth? It’s too tempting of a target and it will be exploited in both the cyber and physical worlds.

What’s the most surprising thing you’ve learnt about the IT security sector?

How at risk most organizations are, and how many people just don’t see or  acknowledge and address those risks. They are too focused on the details to see the bigger picture.  They are too focused on just trying to keep up with all the security products they already have in place. They don’t have time to think outside of the box they’ve created.

What’s the most exciting thing about your job?

It’s different every day. I love talking with customers about how our technology improved their business. There are so many unique digital ecosystems out there that every day we learn of another way that we help organizations to stay more secure and more productive.

And what’s the most challenging?

Rising above the noise in the market. There are so many different marketing messages related to Zero Trust that it’s human nature to just tune everyone out. That’s why it’s so important to engage with folks on the front lines and at the decision-making level to make sure they understand which approach works best for their unique needs.

What’s the best piece of advice you’ve ever been given?

Never cheat on your taxes and always watch the money!

Succession or Stranger Things?

Stranger Things for sure! It’s more fun for me to see a bunch of people working together to fight unexpected challenges than to watch a group of people fighting with each other for their own benefit.

5 Minutes With… HANDD Business Solutions’ Sam Malkin

 480 320 Stuart O'Brien
By:
0
0

In the latest instalment of our IT security industry executive interview series we spoke to Sam Malkin (pictured, right), Lead Solutions Architect at HANDD Business Solutions, about the company, the security challenges presented by the shift to home working, the opportunities it also creates and the potential of Gaia-X…

Tell us about your company, products and services.

HANDD Business Solutions, a data-centric cyber security service partner. Headquatered in the UK providing services globally to protect and manage data throughout it’s lifecycle, At-Rest, In-Transit, In-Use and when it’s created.

What have been the biggest challenges the IT security industry has faced over the past 12 months?

Without a doubt the obvious challenge is the shift to remote and hybrid working. Many different areas arise because of this, securing BYOD, understanding privilege access, accelerated cloud adoption, data proliferation. The list is enormous, many organisations were forced to adopt new technologies to protect the health of their workforce. This meant forgoing the usual processes around procurement, security, privacy etc just in order to keep the lights on. We also saw Brexit and things like the Schrems II which always keeps us on our toes.

And what have been the biggest opportunities?

Ironically enough the shift to remote and hybrid working. New technology adoption and moves into as-a-Service type models give lots of flexibility and quite often cost savings. People can realise opex-v-capex models. Luckily for us regardless of the location data needs managing and securing.

What is the biggest priority for the IT security industry in 2021?

Unfortanately I think it’s probably still going to be around remote working and transitioning back into the office. Safe collaboration platforms and things like CASB, Zero Trust Networks and Identity management platforms for me. VDI vendors are probably going to do alright again.

What are the main trends you are expecting to see in the market in 2022?

I’m expecting new legislation across the world around data privacy, data residency etc. Insider threat and accidental data loss safeguarding will no doubt feature as folk continue to resist going back to the traditional workplace. I’d love to see some organisations develop a dedicated privacy function within their organisation, taking data privacy seriously and running it alongside a traditional SoC.

What technology is going to have the biggest impact on the market this coming year?

Edge Computing is something I’m very intriqued by. I’m looking forward to seeing how enterprises can adopt this and the challenges in securing that. I’m also hearing lots of good things from analysts about Privalege Access Management. With administrators being outside the office understanding what and who are making changes is going to be crucial.

In 2025 we’ll all be talking about…?

Gaia-X hopefully – it aims to create a federated open data infrastructure based on European values regarding data and cloud sovereignty. https://www.gaia-x.eu/

Which person in, or associated with, the IT security industry would you most like to meet?

Linus Torvalds.

What’s the most surprising thing you’ve learnt about the IT security sector?

I’m often surprised by the lack of security in some organisations. And where those organisations prioritise spending.

You go to the bar at the Security IT Summit – what’s your tipple of choice?

An IPA, the quirkier the better. I’ve been referred to as a “craft beer snob” on more than one occasion!

What’s the most exciting thing about your job?

Without a doubt meeting customers, understanding how they’re using the technology and ultimately solving their problems. Pre-pandemic, actually visting a customer site always gave me a buzz, shaking hands and having a coffee whilst talking data security. Perhaps that makes me a little sad?

And what’s the most challenging?    

No customer environment is the same. We’re fortunate enough to work with very flexible software which means I’m often trying to swot up on something to integrate with. It means I never stop learning though which is something I also get a buzz about. Particularly if it means doing some engineering in a lab or testbed. 

What’s the best piece of advice you’ve ever been given?

No one ever got fired for being early.

Succession or Stranger Things?

I had to Google this to work out what I was being asked, so neither. We do watch a lot of Paw Patrol and Cricket in my house!

5 Minutes With… Tenfold Security’s Helmut Semmelmayer

 960 640 Stuart O'Brien
By:
0
2

Helmut Semmelmayer currently heads channel sales at the software company tenfold software. Having worked on countless customer projects, he has extensive knowledge of the challenges that organizations face when it comes to protecting data from unauthorized access. His goal is to educate businesses and build awareness for current and future access-based attack patterns…

Tell us about your company, products and services

tenfold Software is a pioneer in the identity access management market by catering specifically to midmarket businesses. Our IAM solution provides a wide range of tools and out-of-the-box plugins at a fraction of the cost or complexity of enterprise IAM suites. By focusing on the features that mid-sized organizations actually need, we are able to offer a fast setup, intuitive interface and easy-to-use automation options. 1,000 satisfied clients and counting show that businesses want solutions that fit their scope and needs.

What have been the biggest challenges the IT security industry has faced over the past 12 months?

The COVID-19 crisis forced companies to adapt and either implement or radically scale up remote work. Employees needed additional equipment, schedules had to be adjusted, VPNs had to be set up, etc.

Obviously, business continuity was the first priority for organizations adjusting to the new normal. However, this meant that IT security concerns were often lost in the shuffle. For example: With many employees being furloughed or working reduced hours, the remaining staff members needed additional access rights to cover for their colleagues. Companies did not stop to think about how to assign these permissions correctly or ensure they are revoked later on.

And what have been the biggest opportunities?

Every crisis is also an opportunity, in this case by massively speeding up the digital transformation of our economy. By adopting remote work solutions, businesses are able to offer flexible hours and bring in new talent, both locally and from around the globe. Collaborating across vast distances is the future of work and will play a crucial part in solving the global challenges of the future.

What technology is going to have the biggest impact on the market this coming year?

It’s clear that traditional IT security approaches are no longer enough to protect companies from increasingly sophisticated targeted attacks, from complex social engineering campaigns to dedicated malware and ransomware attacks.

With cybercrime on the rise, zero trust architecture is becoming more important than ever. It also marks a key shift from securing the network perimeter to securing user identities. The default tools available in Microsoft are not up to the task, so more and more businesses are looking for ways to manage users and permissions in complex hybrid and cloud environments.

In 2025 we’ll all be talking about…?

Let me put it like this: If I look back five years and think about what we were working on back then, it’s clear that the present is completely different from any prediction I would have made at the time. By that logic, any prediction I could make about 2025 is going to fall short of the massive changes we are likely to see in that timeframe.

That being said, the pace of new developments in IT security has been increasing for decades and I’m certain that trend will hold for the next five years and beyond. The arms race between bad actors and cybersecurity firms will continue. Keeping companies and public institutions safe from new modes of attack will require research, monitoring and dedicated new technologies. 

What’s the most surprising thing you’ve learnt about the IT security sector?

One thing that continues to shock me is the lack of awareness for IT security, even in large companies. Security by design should be the general approach, but in reality, it tends to be an afterthought or ignored completely, even as digital threats become more and more dangerous. Recent examples like the Colonial Pipeline hack show that cyberattacks affect more than just computers; they affect the physical world and can have a massive impact on society. As IT security professionals, it’s our job to not just offer solutions, but also educate the public on the importance of cybersecurity.

What’s the most exciting thing about your job?

I work in an industry that is constantly changing and adapting to new problems and threats. It’s a very exciting and dynamic environment. As recent attacks and new cybersecurity laws show, the question of how to protect IT infrastructure is becoming increasingly mainstream. Helping organizations navigate these challenges and providing them with the right tools to manage these threats is incredibly rewarding.

What’s the best piece of advice you’ve ever been given?

When I first started in the industry, I was trying to read up on a broad range of topics that touched on our field of work. I quickly realized that this strategy doesn’t work in an industry as highly specialized as tech. My mentor opened my eyes to the fact that I had to choose certain topics to focus on and leave the rest to someone else. I still follow this approach in my current role at tenfold by focusing the organization entirely on IAM for midmarket businesses.

5 Minutes With… Veriato’s Chris Gilkes

 960 640 Stuart O'Brien
By:
0
10

In the latest instalment of our IT security industry executive interview series we spoke to Chris Gilkes (pictured), Director EMEA at Veriato, about the company and its solutions, key challenges posed by a remote workforce, the importance of innovation and why you should never stop listening to customers…

Tell us about your company, products and services.

Veriato was founded as a software company in Florida in 1998. We have roughly 40,000 customers in over 100 countries worldwide. Our primary focus is Insider Threat Detection, Employee Monitoring and compliance solutions.

What have been the biggest challenges the IT security industry has faced over the past 12 months?

The new remote world has ushered in new security problems, with teams across the globe scrambling to find solutions that extend the corporate security framework beyond just the office. A key success factor in going remote is maintaining visibility into your workforce. 

Often, visibility is achieved by extracting information from disparate data sources like network and log data in the hopes of compiling a digital landscape of your remote workforce. The problem with many of these solutions is that they don’t offer granular visibility into the endpoint and Network analysis is not enough. This is where our flagship product, Cerebral can help.

How does Veriato help companies adapt to the new challenges inherent with a remote workforce? 

From a security perspective, Veriato utilizes AI-driven micro-agents that sit on the endpoint, monitoring, and recording all user activity. Veriato proactively watches for signs of insider threat. The platform will send immediate alerts as well as provide risk scoring for the entire workforce. Because Veriato I son the endpoint and is not network-dependent it maintains visibility, and records all actions, to maintain compliance standards. Additionally, it can provide productivity reporting critical for managing remote employees.

What is the biggest priority for the IT security industry in 2021?

Maintaining corporate security, productivity and compliance while workers are remote.

What are the main trends you are expecting to see in the market in 2021?

Companies will continue a hybrid work model and continue to scale down their physical operations leading to a higher reliance on monitoring and analytics technology like Veriato.

What technology is going to have the biggest impact on the market this coming year?

Any type of technology that improves how employees work remotely.

Which person in, or associated with, the IT security industry would you most like to meet?

Brian Krebs, I’ve heard him speak at multiple events and he’s an interesting person with a great perspective on IT security.

What’s the most surprising thing you’ve learned about the IT security sector?

That the average number of tools an IT Security teams uses is 75, that’s absurd.

What’s the best piece of advice you’ve ever been given?

Never stop innovating and listen to your customers.

5 Minutes With… James Hart, Business Critical Solutions

 960 640 Stuart O'Brien
By:
0
0

For the latest instalment of our IT executive interview series we sat down with Business Critical Solutions CEO Jim Hart to talk about his company, industry issues, opportunities and what Peaky Blinders means to the Black Country…

Tell us about your company, products and services

Privately owned, BCS is the only company in the world that is dedicated to optimising digital infrastructure across the globe for our clients. We offer consultancy services, including project management, cost & commercial management and business strategy, across the development, implementation and operation of the IT asset lifecycle and have delivered 1,500mW of IT load of mission critical data centre space in every continent. Our 100% record of repeat business is testament to the quality of our solutions and we nurture the strength and longevity of our client relationships.

What have been the biggest challenges the industry has faced over the past 12 months?

Our recent European wide survey highlighted concerns that a shortage of sufficiently qualified professionals at the design and build stages will cause a bottle neck, with 64% of data centre users and experts believing there is a lack of skilled design and delivery resource.

And what have been the biggest opportunities?

As we see the greater adoption of the Edge there will be deployments of much smaller facilities on a multiple scale. We see that as a real opportunity as it is about managing an ongoing and overarching programme rather than a single project. While the hyperscalers will still be there, we believe this change will start to redefine a data centre going forward. The edge of the network will continue to be at the epicentre of innovation in the data centre space and we are seeing a strong increase in the number of clients coming to us for help with the development of their edge strategy and rollouts. 

What is the biggest priority for the industry in 2020?

The industry will continue to come under pressure from a resource perspective, there is a real lack of new talent coming to the market. We’ve got to start training and become ambassadors for the industry by going in to universities and telling STEM graduates about the data centre industry and how great it is – it’s an exciting place to be and we have to get out there and spread the word. Going into 2020, this issue will become more acute.

What are the main trends you are expecting to see in the market in 2020?

Into 2020 we expect distributed cloud infrastructure to drive edge computing. Allied to the advent of 5G, Edge will start to gain real traction as organisations require near-instant access to data and computing power to serve their customers, and they are increasingly looking to edge computing to provide a suitable infrastructure.

What technology is going to have the biggest impact on the market next year?

The adoption of serverless computing. Serverless computing is predicted to be one of the biggest developments in the cloud space, however, the serverless transition would require a strategic approach. Moving to serverless infrastructure requires an overhaul of traditional development and production paradigm, meaning outsourcing the entire infrastructure to the cloud

In 2023 we’ll all be talking about…?

We will be talking about high-speed mobile internet, artificial intelligence, big data analytics, and cloud technology which are set to spearhead companies’ adoption of new technologies and they will look to machine learning and augmented and virtual reality for considerable business investment.

Which person in, or associated with, the industry would you most like to meet?

The person at CERN who one day thought ‘we haven’t got enough compute power, I know, let’s ask the world if we can borrow their unused processing capacity’, along with downloadable books, one of the first examples of an embryonic cloud.

What’s the most surprising thing you’ve learnt about the sector?

When I first entered the sector, certainly for the first 15 years, it was very conservative with the rate of change very slow. The rate of change over the last 5 years or so has increased exponentially and what is sure one day is no more the day after. 

You go to the bar at the Security IT Summit – what’s your tipple of choice?

A cold pint.

What’s the most exciting thing about your job?

Being at the forefront of change and forging trends.

And what’s the most challenging?

Change.

What’s the best piece of advice you’ve ever been given?

A quote from Ghandi which was along the lines of ‘live as if you were to die tomorrow. Learn as if you were to live forever.’

Peaky Blinders or Stranger Things?

Peaky Blinders, you can’t beat a bit of stylised gangsterism from the black country!