Download
1 / 36
360 likes | 369 Views
In this edition u201cThe 10 Most Iconic Leaders in Enterprise Security, 2022.u201d we feature business stories of security leaders who fill gaps that organizations fail<br>
E N D
VOL 05 I ISSUE 01 I 2022 The Protection Across Seas Maritime Cyberthreats and Cybersecurity Iconic in Enterprise Secur?y, 2022 Ben Tan Founder and Managing Director BT Cyber Pty Ltd Tan Ben Safeguarding Data with World-Class Cybersecurity Solutions
EDITOR’S NOTE Secur?y, 2022 10 The Iconic Protecting YOU in Enterprise N ew threats emerge daily to define complex enterprise challenges in today's rapidly advancing technological environment. If you do not consider yourself 'tech-savvy,' it can be tempting as you will keep guessing about the latest threats and ways to combat them. But the reality is that there are several ways to make a difference in enterprise security. Even though you have all the tools and technologies, a security leader can share his creativity and valuable inputs and handle any difficult situation. After all, to handle the organization's security management, you need a team to brainstorm and solve the problems together. Security leaders continue to build a security team and protect the organization and the clients. Security leaders are changing the business scenario, are accustomed to adding technological tools, and do their best to secure the organization with their knowledge and experience. As a result, CIO LOOK comes up with its upcoming edition - “The 10 Most Iconic Leaders in Enterprise Security, 2022.” Through this edition, we feature the business stories of such security leaders who fill the gaps that organizations fail to fill. Data threats follow an enterprise into a secured area to access protected areas. Security leaders are aware of the surroundings when accessing sensitive information on the computer to prevent users from gaining access to sensitive data they should not have. Attacks can be in the form of “Nigerian Prince” style phishing emails or “Spear Phishing” or “Whaling,” which is directed toward the top- level executives, officials, and organizations. On the cover of this edition is Ben Tan, Managing Director and Founder of BT Cyber Pty Ltd. As a leading Cyber Security Expert in Australia and New Zealand, Ben helps organizations in the financial, insurance and manufacturing sectors defend their networks to mitigate the risk of cyber-attacks and data breaches. Have a Good Read! While security leaders insist on increasing security efforts, often, it is not until a breach occurs that a business becomes willing to invest resources into security. Even if you know the financial impact a security breach can have on the organization, they fail to realize the true cost of a breach. No business is exempt from attack; security breaches impact large and small organizations. Everyone can implement one of the most straightforward fixes here to have a security leader at the helm. Having a security leader in the organization secures the networks, data, devices, and identities of employees to keep up with the latest technologies. More and more organizations recognize the value of security threats, increasing the value of the security leader. Sourabh More
EDITOR’S NOTE Secur?y, 2022 10 The Iconic Protecting YOU in Enterprise N ew threats emerge daily to define complex enterprise challenges in today's rapidly advancing technological environment. If you do not consider yourself 'tech-savvy,' it can be tempting as you will keep guessing about the latest threats and ways to combat them. But the reality is that there are several ways to make a difference in enterprise security. Even though you have all the tools and technologies, a security leader can share his creativity and valuable inputs and handle any difficult situation. After all, to handle the organization's security management, you need a team to brainstorm and solve the problems together. Security leaders continue to build a security team and protect the organization and the clients. Security leaders are changing the business scenario, are accustomed to adding technological tools, and do their best to secure the organization with their knowledge and experience. As a result, CIO LOOK comes up with its upcoming edition - “The 10 Most Iconic Leaders in Enterprise Security, 2022.” Through this edition, we feature the business stories of such security leaders who fill the gaps that organizations fail to fill. Data threats follow an enterprise into a secured area to access protected areas. Security leaders are aware of the surroundings when accessing sensitive information on the computer to prevent users from gaining access to sensitive data they should not have. Attacks can be in the form of “Nigerian Prince” style phishing emails or “Spear Phishing” or “Whaling,” which is directed toward the top- level executives, officials, and organizations. On the cover of this edition is Ben Tan, Managing Director and Founder of BT Cyber Pty Ltd. As a leading Cyber Security Expert in Australia and New Zealand, Ben helps organizations in the financial, insurance and manufacturing sectors defend their networks to mitigate the risk of cyber-attacks and data breaches. Have a Good Read! While security leaders insist on increasing security efforts, often, it is not until a breach occurs that a business becomes willing to invest resources into security. Even if you know the financial impact a security breach can have on the organization, they fail to realize the true cost of a breach. No business is exempt from attack; security breaches impact large and small organizations. Everyone can implement one of the most straightforward fixes here to have a security leader at the helm. Having a security leader in the organization secures the networks, data, devices, and identities of employees to keep up with the latest technologies. More and more organizations recognize the value of security threats, increasing the value of the security leader. Sourabh More
C O N T E N T S Ben Tan Safeguarding Data with World-Class Cybersecurity Solutions COVER STORY ARTICLE 08 16 Protection Across Seas Maritime Cyberthreats and Cybersecurity 20 Charles Henderson Defending Against Emerging Cyber Threats 22 Michael Coden A Futuristic Leader Protecting the Present 28 onShore Securities Ensuring Freedom by Strengthening Cybersecurity Defenses
C O N T E N T S Ben Tan Safeguarding Data with World-Class Cybersecurity Solutions COVER STORY ARTICLE 08 16 Protection Across Seas Maritime Cyberthreats and Cybersecurity 20 Charles Henderson Defending Against Emerging Cyber Threats 22 Michael Coden A Futuristic Leader Protecting the Present 28 onShore Securities Ensuring Freedom by Strengthening Cybersecurity Defenses
Company Name Featured Person Brief Ben Tan Founder & Managing Director BT Cyber btcyber.net Pooja M Bansal Editor-in-Chief BT Cyber specialises in providing cyber security solutions. IBMers believe in progress that the application of intelligence, reason and science can improve business, society and the human condition. Charles Henderson Global Managing Partner and Head IBM X-Force ibm.com CONTENT FOLLOW US ON www.facebook.com/ciolook www.twitter.com/ciolook Senior Editor Alan Swann Executive Editors Sourabh More Cornelius Vander Starr Founder AIG aig.com AIG is a leading global insurance organization. Alex Spellman WE ARE ALSO AVAILABLE ON Kingston Technology kingston.com Kingston has grown to be the world's largest independent manufacturer of memory products. John Tu Founder DESIGN VisualizerDave Bates Art & Design Director Shyam Sonawane Associate Designer Sonia Raizada CONTACT US ON Johnson & Johnson its.jnj.com Johnson & Johnson is the largest and most broadly based healthcare company in the world. Joaquin Duato CEO Email info@ciolook.com For Subscription www.ciolook.com Boston Consulting Group-Platinion advisor.bcg.com BCG Platinion, believes that industry-leading organizations are bionic, successfully combining the capabilities of humans and technology. Michael Coden Senior Advisor at BCG SALES Senior Sales Manager Kshitij S. Customer Success Manager Jack Ryan Sales Executives John, Shrinivas Copyright © 2021 CIOLOOK, All rights reserved. The content and images used in this magazine should not be reproduced or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission from CIOLOOK. Reprint rights remain solely with CIOLOOK. Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax, and related services. Deloitte deloitte.com Punit Renjen CEO TECHNICAL Centene centene.com Centene Corporation provides high-quality healthcare services to members in all 50 states. Sarah M. London CEO Technical Head Aditya K. Technical Consultant Victor Collins onShore Security is one of only a handful of managed cybersecurity providers. Stel Valavanis Founder & CEO onShore Securities onshore.com SME-SMO Research Analyst Eric Smith SEO Executive Nikita Khaladkar JMARK has been providing innovative I.T. solutions to organizations of all sizes. jmark jmark.com Thomas Douglas CEO sales@ciolook.com May, 2022
Company Name Featured Person Brief Ben Tan Founder & Managing Director BT Cyber btcyber.net Pooja M Bansal Editor-in-Chief BT Cyber specialises in providing cyber security solutions. IBMers believe in progress that the application of intelligence, reason and science can improve business, society and the human condition. Charles Henderson Global Managing Partner and Head IBM X-Force ibm.com CONTENT FOLLOW US ON www.facebook.com/ciolook www.twitter.com/ciolook Senior Editor Alan Swann Executive Editors Sourabh More Cornelius Vander Starr Founder AIG aig.com AIG is a leading global insurance organization. Alex Spellman WE ARE ALSO AVAILABLE ON Kingston Technology kingston.com Kingston has grown to be the world's largest independent manufacturer of memory products. John Tu Founder DESIGN VisualizerDave Bates Art & Design Director Shyam Sonawane Associate Designer Sonia Raizada CONTACT US ON Johnson & Johnson its.jnj.com Johnson & Johnson is the largest and most broadly based healthcare company in the world. Joaquin Duato CEO Email info@ciolook.com For Subscription www.ciolook.com Boston Consulting Group-Platinion advisor.bcg.com BCG Platinion, believes that industry-leading organizations are bionic, successfully combining the capabilities of humans and technology. Michael Coden Senior Advisor at BCG SALES Senior Sales Manager Kshitij S. Customer Success Manager Jack Ryan Sales Executives John, Shrinivas Copyright © 2021 CIOLOOK, All rights reserved. The content and images used in this magazine should not be reproduced or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission from CIOLOOK. Reprint rights remain solely with CIOLOOK. Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax, and related services. Deloitte deloitte.com Punit Renjen CEO TECHNICAL Centene centene.com Centene Corporation provides high-quality healthcare services to members in all 50 states. Sarah M. London CEO Technical Head Aditya K. Technical Consultant Victor Collins onShore Security is one of only a handful of managed cybersecurity providers. Stel Valavanis Founder & CEO onShore Securities onshore.com SME-SMO Research Analyst Eric Smith SEO Executive Nikita Khaladkar JMARK has been providing innovative I.T. solutions to organizations of all sizes. jmark jmark.com Thomas Douglas CEO sales@ciolook.com May, 2022
C Ben Tan Safeguarding Data with World-Class Cybersecurity Solutions O V E R S Our vision is to deliver affordable cyber security consulting taking a holistic view of your business so that we can provide the right solutions and to ultimately become your trusted cyber security partner. T O R Ben Tan Founder and Managing Director BT Cyber Pty Ltd Y
C Ben Tan Safeguarding Data with World-Class Cybersecurity Solutions O V E R S Our vision is to deliver affordable cyber security consulting taking a holistic view of your business so that we can provide the right solutions and to ultimately become your trusted cyber security partner. T O R Ben Tan Founder and Managing Director BT Cyber Pty Ltd Y
W ith the increase in the number of internet users, cybercrime is becoming a more severe issue that must be handled correctly. To avoid being victims of data breaches and cyberattacks, governments, educational institutions, private corporations, and organizations must all have a cyber security framework in place. BT Cyber is at the forefront of artificial intelligence endpoint security with access to the most up-to-date worldwide AI-supported solutions. Its team of security specialists has international experience and is regularly upskilling to keep up with market changes. In our attempt to find "The 10 Most Iconic Leaders in Enterprise Security, 2022," CIO Look caught up with Ben. We talked with him to learn how he is driving a transformative change in the Cyber Security sector with his expertise. Cybersecurity, on the other hand, must be monitored regularly because it isn't a one-time event but a continuous process. BTCyberPtyLtd is delivering cyber security solutions to businesses across New Zealand and Australia in order to solve these looming concerns. Below are the highlights of Ben's interview. Briefly describe your professional journey up until now. BenTan, the company's Founder and Managing Director has assembled a team of professionals to monitor all operations and provide the best solutions. He focuses on delivering solutions at the greatest level of protection as one of the leading Cyber Security Experts in the two countries. I started BT Cyber in 2016 and have built a team of Cyber Security experts across two countries, overseeing the operations of BT Cyber, which has achieved year-on-year growth since being founded. What challenges did you face along the way? The most important challenge I face is securing funding for the business. It can be a tough, grueling process of endless applications, pitch meetings, and frequent rejections on the way to securing investors. Another challenge was hiring the right talents to join BT Cyber. This will hugely be influential to the success (or failure) of the business. Our expertise extends across the full range of cyber security services including consulting, penetration testing and AI endpoint security. What significant impact have you brought to the Computer and Network Security industry? As one of the leading Cyber Security Experts in Australia and New Zealand, I help organizations in the financial, insurance, and manufacturing sectors defend their networks to mitigate the risk of cyber-attacks and data breaches. Working closely with CIOs, IT Directors, IT Managers, Security Architects, and System Engineers to provide solutions for the highest level of protection. Tell us about BT Cyber and its foundation pillar. BT Cyber foundation is to Build Enterprise Resilience. We are providing Cyber Security services and solutions
W ith the increase in the number of internet users, cybercrime is becoming a more severe issue that must be handled correctly. To avoid being victims of data breaches and cyberattacks, governments, educational institutions, private corporations, and organizations must all have a cyber security framework in place. BT Cyber is at the forefront of artificial intelligence endpoint security with access to the most up-to-date worldwide AI-supported solutions. Its team of security specialists has international experience and is regularly upskilling to keep up with market changes. In our attempt to find "The 10 Most Iconic Leaders in Enterprise Security, 2022," CIO Look caught up with Ben. We talked with him to learn how he is driving a transformative change in the Cyber Security sector with his expertise. Cybersecurity, on the other hand, must be monitored regularly because it isn't a one-time event but a continuous process. BTCyberPtyLtd is delivering cyber security solutions to businesses across New Zealand and Australia in order to solve these looming concerns. Below are the highlights of Ben's interview. Briefly describe your professional journey up until now. BenTan, the company's Founder and Managing Director has assembled a team of professionals to monitor all operations and provide the best solutions. He focuses on delivering solutions at the greatest level of protection as one of the leading Cyber Security Experts in the two countries. I started BT Cyber in 2016 and have built a team of Cyber Security experts across two countries, overseeing the operations of BT Cyber, which has achieved year-on-year growth since being founded. What challenges did you face along the way? The most important challenge I face is securing funding for the business. It can be a tough, grueling process of endless applications, pitch meetings, and frequent rejections on the way to securing investors. Another challenge was hiring the right talents to join BT Cyber. This will hugely be influential to the success (or failure) of the business. Our expertise extends across the full range of cyber security services including consulting, penetration testing and AI endpoint security. What significant impact have you brought to the Computer and Network Security industry? As one of the leading Cyber Security Experts in Australia and New Zealand, I help organizations in the financial, insurance, and manufacturing sectors defend their networks to mitigate the risk of cyber-attacks and data breaches. Working closely with CIOs, IT Directors, IT Managers, Security Architects, and System Engineers to provide solutions for the highest level of protection. Tell us about BT Cyber and its foundation pillar. BT Cyber foundation is to Build Enterprise Resilience. We are providing Cyber Security services and solutions
that are driven by innovation to organizations in Australia. Partner with global cyber security industry leaders to deliver the best solutions. Helping clients to improve the security of their data and applications. Protecting data with world-class cyber security products and solutions. Expertise extends and is supported by Local and Global Vendors and supports the full range of cyber security services, including MSSP, Consulting, Penetration Testing, and AI Endpoint Security, delivering best practice solutions. As Managing Director, my role is to overseas this workforce flexibility and continue to improve this value. What is your take on technology's importance, and how are you leveraging it? I see technology has an important effect on business operations. No matter the size of your enterprise, technology has both tangible and intangible benefits that will help you make money and produce the results our customers demand. BT Cyber use of Technological infrastructure affects the culture, efficiency, and relationships of a business. We also influence the security of confidential information and trade advantages. How does BT Cyber promotes workforce flexibility, and what is your role in it? We promote workforce flexibility with the following concept: What will be the next significant change in the Computer and Network Security industry, and how are you preparing for it? · · · · · · · Focus on our core values. Be open-minded. Develop skill set. Be optimistic. Stay calm. Plan ahead. Have a strong support network. The future of cybersecurity is being shaped by the need for companies to secure their networks, data, devices, and identities. This includes adopting security frameworks like zero trust, which will help companies secure internal information systems and data in the cloud. BT Cyber continues training our employees, and we partner with the industry leaders in cyber security to keep up with the latest technology. We deliver best practice solutions through our partnership with leading cyber security vendors. What are your goals in the upcoming future? My goal is to protect as many organizations as possible and grow the business to the next level. It is an exciting time in this industry. What advice would you like to give the next generation of aspiring business leaders? Have a clear vision, be proactive, and never give up.
that are driven by innovation to organizations in Australia. Partner with global cyber security industry leaders to deliver the best solutions. Helping clients to improve the security of their data and applications. Protecting data with world-class cyber security products and solutions. Expertise extends and is supported by Local and Global Vendors and supports the full range of cyber security services, including MSSP, Consulting, Penetration Testing, and AI Endpoint Security, delivering best practice solutions. As Managing Director, my role is to overseas this workforce flexibility and continue to improve this value. What is your take on technology's importance, and how are you leveraging it? I see technology has an important effect on business operations. No matter the size of your enterprise, technology has both tangible and intangible benefits that will help you make money and produce the results our customers demand. BT Cyber use of Technological infrastructure affects the culture, efficiency, and relationships of a business. We also influence the security of confidential information and trade advantages. How does BT Cyber promotes workforce flexibility, and what is your role in it? We promote workforce flexibility with the following concept: What will be the next significant change in the Computer and Network Security industry, and how are you preparing for it? · · · · · · · Focus on our core values. Be open-minded. Develop skill set. Be optimistic. Stay calm. Plan ahead. Have a strong support network. The future of cybersecurity is being shaped by the need for companies to secure their networks, data, devices, and identities. This includes adopting security frameworks like zero trust, which will help companies secure internal information systems and data in the cloud. BT Cyber continues training our employees, and we partner with the industry leaders in cyber security to keep up with the latest technology. We deliver best practice solutions through our partnership with leading cyber security vendors. What are your goals in the upcoming future? My goal is to protect as many organizations as possible and grow the business to the next level. It is an exciting time in this industry. What advice would you like to give the next generation of aspiring business leaders? Have a clear vision, be proactive, and never give up.
CHOOSE OUR SUBSCRIPTION 1 Year 12 Issues $250 6 Months 6 Issues $130 3 Months 3 Issues $70 1 Month 1 Issue $25 Stay in the known. Subscribe to CIOLOOK Get CIOLOOK Magazine in print, and digital on www.ciolook.com
CHOOSE OUR SUBSCRIPTION 1 Year 12 Issues $250 6 Months 6 Issues $130 3 Months 3 Issues $70 1 Month 1 Issue $25 Stay in the known. Subscribe to CIOLOOK Get CIOLOOK Magazine in print, and digital on www.ciolook.com
Protec?on Across Seas Maritime Cyberthreats and Cybersecurity ceans have long been the O commerce. Humans have been using water bodies to transport products from one location to another for almost 5,000 years and have gained a better understanding of the strategic advantages of marine trade. Watercraft progressed from logs linked with rope to miniature, carved wooden vessels. The first significant trade routes appeared not long after, and the worldwide maritime transportation network was well underway. Marine transportation contributes to one-quarter of US GDP from this transition, or about $5.4 trillion, and most global supply chains depend on maritime transport for their basic needs. Outside of the United States, the sea and ports moved around 80% of global trade by volume and more than 70% by value. Global marine trade is gaining traction; in 2018, the industry grew by 4% globally, the most substantial rate in five years. central support pillar of international trade and Similarly, operational efficiency and profit drive maritime transportation in other critical infrastructure industries. The industry has seen an exponential increase in sea trade and has driven prices down 16 17 www.ciolook.com | May 2022 | www.ciolook.com | May 2022 |
Protec?on Across Seas Maritime Cyberthreats and Cybersecurity ceans have long been the O commerce. Humans have been using water bodies to transport products from one location to another for almost 5,000 years and have gained a better understanding of the strategic advantages of marine trade. Watercraft progressed from logs linked with rope to miniature, carved wooden vessels. The first significant trade routes appeared not long after, and the worldwide maritime transportation network was well underway. Marine transportation contributes to one-quarter of US GDP from this transition, or about $5.4 trillion, and most global supply chains depend on maritime transport for their basic needs. Outside of the United States, the sea and ports moved around 80% of global trade by volume and more than 70% by value. Global marine trade is gaining traction; in 2018, the industry grew by 4% globally, the most substantial rate in five years. central support pillar of international trade and Similarly, operational efficiency and profit drive maritime transportation in other critical infrastructure industries. The industry has seen an exponential increase in sea trade and has driven prices down 16 17 www.ciolook.com | May 2022 | www.ciolook.com | May 2022 |
internationally. This rapid increase in dimensions has resulted in ships, and the Maritime Transportation System is becoming more complex. Every ship in the industry has some common functions but is fundamentally different in operation, cargo and passenger capabilities, and crew requirements. The fact that one's country of registration, ownership, and management may all be different complicates applying legislation to vessels, necessitating the coordination of numerous countries when adjudicating an occurrence. This is why cybersecurity must be implemented and practiced by people engaged in all maritime activities. The maritime industry has spent years developing and deploying proprietary software and hardware, limiting its connectivity and risk exposure. Cybersecurity initiatives in the Maritime Transportation Systems (MTS) demonstrate how difficult it is to securely design, manage, and run a fully linked system—especially when these environments differ from ship to ship and port to port. successful. The next group consists of cyber activists with philosophy, politics, social movements, and other nonmonetary goals. Defacing websites, launching social media demonstrations, and committing cyber vandalism are common hacktivist techniques; while criminal in nature, the objective is rarely financial. These attacks are fuelled by enmity and lead to criminals completely destroying companies' systems or vandalizing them. Cyber terrorism has been a massive problem for all industries worldwide, and the maritime industry is no different. The employment of cybersecurity capabilities by a traditional terrorist actor could be driven by political goals and resemble an act of terrorism in real space—a violent criminal activity aimed to frighten or induce fear. This concern might cause major economic upheaval, either directly or indirectly. Terrorist groups frequently use cyberattacks for financial gain to fund other activities and recruit new members. This brings us to the next group, which is State-sponsored entities. The most prevalent goals for this type of entity are acts of financial, industrial, political, and diplomatic espionage in cyberspace. According to some estimates, intellectual property (IP) theft damages the world economy by more than $2 trillion annually. Governments worldwide spend a lot on these attacks to know about rival motives and design their strategies. Millions are being spent on cybersecurity by the same governments to protect their maritime activities, creating an endless loop of cyberwar. The MTS's greater reliance on merging OT and IT systems has brought new vulnerabilities and widened the attack surface in the marine environment. However, the emphasis and resources spent to combat these new threats are still lagging. All components in the MTS logistical chain work together to build solid programs, appropriately train staff, and maintain the operational efficiency required for all elements to function as one to prevent any Cyber-attacks. Companies have increased cybersecurity investment compared to the increase in automation and digitization in recent years to keep up with the rising attacks. A 400 percent increase in maritime cyberattacks occurred in 2022, and a 900 percent increase in attacks targeting ships and port systems in the previous three years suggests that the maritime industry is in the crosshairs of malicious cyber actors. There are many reasons attackers target the maritime industry and make hay. Attackers in cyberspace fall within some broad categories based largely on intent like pure cybercriminals, cyber activists, terrorists, and state-sponsored entities. Cybercriminals, like criminals in the physical world, are chasing monetary or other tangible incentives; they are not ideologues; they want the money. Annually, cybercrime damages the global economy by about $1 trillion. The MTS has roughly 33 cyber criminals who are responsible for the majority of ransomware activities. The attacks they carry have some large motive built around them and are often 18 www.ciolook.com | May 2022 |
internationally. This rapid increase in dimensions has resulted in ships, and the Maritime Transportation System is becoming more complex. Every ship in the industry has some common functions but is fundamentally different in operation, cargo and passenger capabilities, and crew requirements. The fact that one's country of registration, ownership, and management may all be different complicates applying legislation to vessels, necessitating the coordination of numerous countries when adjudicating an occurrence. This is why cybersecurity must be implemented and practiced by people engaged in all maritime activities. The maritime industry has spent years developing and deploying proprietary software and hardware, limiting its connectivity and risk exposure. Cybersecurity initiatives in the Maritime Transportation Systems (MTS) demonstrate how difficult it is to securely design, manage, and run a fully linked system—especially when these environments differ from ship to ship and port to port. successful. The next group consists of cyber activists with philosophy, politics, social movements, and other nonmonetary goals. Defacing websites, launching social media demonstrations, and committing cyber vandalism are common hacktivist techniques; while criminal in nature, the objective is rarely financial. These attacks are fuelled by enmity and lead to criminals completely destroying companies' systems or vandalizing them. Cyber terrorism has been a massive problem for all industries worldwide, and the maritime industry is no different. The employment of cybersecurity capabilities by a traditional terrorist actor could be driven by political goals and resemble an act of terrorism in real space—a violent criminal activity aimed to frighten or induce fear. This concern might cause major economic upheaval, either directly or indirectly. Terrorist groups frequently use cyberattacks for financial gain to fund other activities and recruit new members. This brings us to the next group, which is State-sponsored entities. The most prevalent goals for this type of entity are acts of financial, industrial, political, and diplomatic espionage in cyberspace. According to some estimates, intellectual property (IP) theft damages the world economy by more than $2 trillion annually. Governments worldwide spend a lot on these attacks to know about rival motives and design their strategies. Millions are being spent on cybersecurity by the same governments to protect their maritime activities, creating an endless loop of cyberwar. The MTS's greater reliance on merging OT and IT systems has brought new vulnerabilities and widened the attack surface in the marine environment. However, the emphasis and resources spent to combat these new threats are still lagging. All components in the MTS logistical chain work together to build solid programs, appropriately train staff, and maintain the operational efficiency required for all elements to function as one to prevent any Cyber-attacks. Companies have increased cybersecurity investment compared to the increase in automation and digitization in recent years to keep up with the rising attacks. A 400 percent increase in maritime cyberattacks occurred in 2022, and a 900 percent increase in attacks targeting ships and port systems in the previous three years suggests that the maritime industry is in the crosshairs of malicious cyber actors. There are many reasons attackers target the maritime industry and make hay. Attackers in cyberspace fall within some broad categories based largely on intent like pure cybercriminals, cyber activists, terrorists, and state-sponsored entities. Cybercriminals, like criminals in the physical world, are chasing monetary or other tangible incentives; they are not ideologues; they want the money. Annually, cybercrime damages the global economy by about $1 trillion. The MTS has roughly 33 cyber criminals who are responsible for the majority of ransomware activities. The attacks they carry have some large motive built around them and are often 18 www.ciolook.com | May 2022 |
Charles Henderson W e need to rethink this entirely," states CharlesHenderson, "We need to 'give up' on Security as we currently know it." they might do. I was more interested in the way things broke rather than how they were built. In my youth, I started hacking, making devices do something other than what they were intended to – it was a form of problem-solving that stuck with me for the long haul. It all started from there and led to a more than 20-year career as a hacker, being hired by some of the world's largest companies to outsmart their security technologies and strategies. According to the GlobalManagingPartner and Head of IBMX-Force, what you formerly thought safe is no longer so and cannot be trusted in this new reality. We've outgrown the necessity to keep the adversary out; now, we must master the art of discovering them in the victim environment before they gain access to critical data. As a hacker, I've found that one of the biggest challenges I've had to overcome is a dated, deep-rooted misconception of hackers as criminals, but it's also made me very passionate and incentivized me to educate the business community about offensive security and the value of hackers. Charles helps businesses stay ahead adversaries, using his 20+ year experience as a hacker.With the belief that modern business models have rendered the perimeter obsolete and our reliance on a plethora of trusted connections, Charles suspects a complete overhaul of our security strategy. Today, as the head of IBM X-Force, I have the privilege of leading a global team of hackers, security researchers, investigators, incident responders, and The firms that X-Force works with range from Fortune 500 companies to small and midsized businesses looking to improve their security posture or deal with a security incident. There is no greater asset than teamwork and cultivating an environment where each team member can feed off each other’s creativity, brainstorm, and problem-solve together. CIO Look caught up with Charles in our attempt to find "The 10 Most Iconic Leaders in Enterprise Security, 2022." Charles Henderson Global Managing Partner and Head of IBM X-Force IBM Below are the highlights of the interview. Brief our audience about your journey as a business leader until your current position at your company name. What challenges have you had to overcome to reach where you are today? My introduction to Security goes back to my early childhood –I was always fascinated with how things work, what they are supposed to do, and what more 20 21 www.ciolook.com | May 2022 | www.ciolook.com | May 2022 |
Charles Henderson W e need to rethink this entirely," states CharlesHenderson, "We need to 'give up' on Security as we currently know it." they might do. I was more interested in the way things broke rather than how they were built. In my youth, I started hacking, making devices do something other than what they were intended to – it was a form of problem-solving that stuck with me for the long haul. It all started from there and led to a more than 20-year career as a hacker, being hired by some of the world's largest companies to outsmart their security technologies and strategies. According to the GlobalManagingPartner and Head of IBMX-Force, what you formerly thought safe is no longer so and cannot be trusted in this new reality. We've outgrown the necessity to keep the adversary out; now, we must master the art of discovering them in the victim environment before they gain access to critical data. As a hacker, I've found that one of the biggest challenges I've had to overcome is a dated, deep-rooted misconception of hackers as criminals, but it's also made me very passionate and incentivized me to educate the business community about offensive security and the value of hackers. Charles helps businesses stay ahead adversaries, using his 20+ year experience as a hacker.With the belief that modern business models have rendered the perimeter obsolete and our reliance on a plethora of trusted connections, Charles suspects a complete overhaul of our security strategy. Today, as the head of IBM X-Force, I have the privilege of leading a global team of hackers, security researchers, investigators, incident responders, and The firms that X-Force works with range from Fortune 500 companies to small and midsized businesses looking to improve their security posture or deal with a security incident. There is no greater asset than teamwork and cultivating an environment where each team member can feed off each other’s creativity, brainstorm, and problem-solve together. CIO Look caught up with Charles in our attempt to find "The 10 Most Iconic Leaders in Enterprise Security, 2022." Charles Henderson Global Managing Partner and Head of IBM X-Force IBM Below are the highlights of the interview. Brief our audience about your journey as a business leader until your current position at your company name. What challenges have you had to overcome to reach where you are today? My introduction to Security goes back to my early childhood –I was always fascinated with how things work, what they are supposed to do, and what more 20 21 www.ciolook.com | May 2022 | www.ciolook.com | May 2022 |
intelligence analysts. The team provides clients -from Fortune 100 enterprise companies to small and mid- sized companies - with offensive and defensive security services. On the offensive side, our team of hackers is hired by clients to find, prioritize, and help fix exploitable vulnerabilities before attackers find them. On the defensive side, our team of first responders, investigators, and researchers helps clients rapidly detect, respond to, and investigate threats to reduce attacker dwell time and minimize impact. offensive Security, and I'm proud of how X-Force Red, IBM's hacker team within X-Force, contributed to elevating and destigmatizing the hacking profession, as well as raising awareness about the importance of penetration testing, vulnerability management, and adversary simulations to strengthen businesses' cyber readiness. X-Force Red is also sought out by some of the most renowned conferences in the global security community as featured speakers to help not only advance offensive security practices but attract aspiring talent to the field, including Black Hat, DEF CON, RSA, OWASP AppSec USA/Europe, and SXSW. the business value in an open, hybrid cloud approach, making the adoption of open security standards all the timelier and more important. daily, stemming from our cross-industry incident response and penetration testing engagements, threat monitoring capabilities, and open-source data, which we make available through the open-access X-Force Exchange threat sharing platform. What, according to you, could be the next significant change in the Security sector? How is your company preparing to be a part of that change? Tell us something more about your company and its mission and vision. Where do you envision yourself to be in the long run, and what are your future goals for your company? Undeniably, technology is playing a significant role in almost every sector. How are you leveraging technological advancements to make your solutions resourceful? IBM Security is a global security leader charged with helping businesses thrive securely, protecting their data, trusted relationships, and mission by leveraging one of the most advanced and integrated portfolios of enterprise security products and services. As part of this effort, the team I lead, X-Force, enables organizations to effectively manage risk and defend against emerging threats. IBM operates one of the world's broadest security research, development, and delivery organizations and monitors more than 150 billion security events per day in more than 133 countries. We serve all types of businesses, all the way up to the world's largest multinational corporations. And no matter who our customer is, we can scale to whatever their demands are at any given time. In Security, it takes a village to defend against a constantly evolving adversarial landscape, and the private and public sectors are both parts of that village. Following the Solarwinds compromise, and shortly after the ransomware attack on Colonial Pipeline to the more recent disclosure of the critical Log4j vulnerability, we've seen a rapid shift in how private companies and government security agencies collaborate to stay ahead of the threats. The progress we've begun seeing with more information sharing and threat-sharing partnerships between security teams and the government is the start of a new chapter in Security- what I call the democratization of threat intelligence. When you look at where X-Force has come since its inception, our long-term vision stays largely the same: to continue building expert teams of hackers, incident responders, intelligence analysts, and developers to resist modern threat actors and protect and inform the clients we serve. It's mistakenly believed that one of the biggest challenges in Security is complexity – but complexity is not the challenge; simplicity is. The current security construct is formed in such a way that businesses are accustomed to adding tools on top of the tool, technology on top of technology, in an effort to bolster their security posture against threats. As a result, businesses have entangled themselves in a web of complexity that they can't get out of and one that adversaries know all too well how to manipulate to their advantage. What would be your advice to budding entrepreneurs who aspire to venture into the business sector? An essential piece of advice I can offer is to value your team. There is no greater asset than teamwork and cultivating an environment where each team member can feed off each other's creativity, brainstorm, and problem-solve together. Success has no room for superhero syndromes – especially in the security industry, where it's essential to collaborate, lean on diverse skillsets, and each team member can cover the other's blind spots. IBM is a proud Alliance Partner in the Joint Cyber Defense Collaborative (JCDC) that DHS CISA formed, helping its critical mission to establish a collective and coordinated defense against cybercrime. In addition, we remain committed to democratizing our X-Force threat intelligence and developing new threat insights At its core, IBM's security portfolio is meant to help simplify Security for our customers, and we're doing that by relying on open technologies and solutions founded on open security standards, so interoperability, collaboration, and agility are never sacrificed. More and more businesses are recognizing Enlighten us on how you have impacted Security through your expertise in the market. As I mentioned earlier, there was a lot of education that needed to be done when it comes to hackers and 22 23 www.ciolook.com | May 2022 | www.ciolook.com | May 2022 |
intelligence analysts. The team provides clients -from Fortune 100 enterprise companies to small and mid- sized companies - with offensive and defensive security services. On the offensive side, our team of hackers is hired by clients to find, prioritize, and help fix exploitable vulnerabilities before attackers find them. On the defensive side, our team of first responders, investigators, and researchers helps clients rapidly detect, respond to, and investigate threats to reduce attacker dwell time and minimize impact. offensive Security, and I'm proud of how X-Force Red, IBM's hacker team within X-Force, contributed to elevating and destigmatizing the hacking profession, as well as raising awareness about the importance of penetration testing, vulnerability management, and adversary simulations to strengthen businesses' cyber readiness. X-Force Red is also sought out by some of the most renowned conferences in the global security community as featured speakers to help not only advance offensive security practices but attract aspiring talent to the field, including Black Hat, DEF CON, RSA, OWASP AppSec USA/Europe, and SXSW. the business value in an open, hybrid cloud approach, making the adoption of open security standards all the timelier and more important. daily, stemming from our cross-industry incident response and penetration testing engagements, threat monitoring capabilities, and open-source data, which we make available through the open-access X-Force Exchange threat sharing platform. What, according to you, could be the next significant change in the Security sector? How is your company preparing to be a part of that change? Tell us something more about your company and its mission and vision. Where do you envision yourself to be in the long run, and what are your future goals for your company? Undeniably, technology is playing a significant role in almost every sector. How are you leveraging technological advancements to make your solutions resourceful? IBM Security is a global security leader charged with helping businesses thrive securely, protecting their data, trusted relationships, and mission by leveraging one of the most advanced and integrated portfolios of enterprise security products and services. As part of this effort, the team I lead, X-Force, enables organizations to effectively manage risk and defend against emerging threats. IBM operates one of the world's broadest security research, development, and delivery organizations and monitors more than 150 billion security events per day in more than 133 countries. We serve all types of businesses, all the way up to the world's largest multinational corporations. And no matter who our customer is, we can scale to whatever their demands are at any given time. In Security, it takes a village to defend against a constantly evolving adversarial landscape, and the private and public sectors are both parts of that village. Following the Solarwinds compromise, and shortly after the ransomware attack on Colonial Pipeline to the more recent disclosure of the critical Log4j vulnerability, we've seen a rapid shift in how private companies and government security agencies collaborate to stay ahead of the threats. The progress we've begun seeing with more information sharing and threat-sharing partnerships between security teams and the government is the start of a new chapter in Security- what I call the democratization of threat intelligence. When you look at where X-Force has come since its inception, our long-term vision stays largely the same: to continue building expert teams of hackers, incident responders, intelligence analysts, and developers to resist modern threat actors and protect and inform the clients we serve. It's mistakenly believed that one of the biggest challenges in Security is complexity – but complexity is not the challenge; simplicity is. The current security construct is formed in such a way that businesses are accustomed to adding tools on top of the tool, technology on top of technology, in an effort to bolster their security posture against threats. As a result, businesses have entangled themselves in a web of complexity that they can't get out of and one that adversaries know all too well how to manipulate to their advantage. What would be your advice to budding entrepreneurs who aspire to venture into the business sector? An essential piece of advice I can offer is to value your team. There is no greater asset than teamwork and cultivating an environment where each team member can feed off each other's creativity, brainstorm, and problem-solve together. Success has no room for superhero syndromes – especially in the security industry, where it's essential to collaborate, lean on diverse skillsets, and each team member can cover the other's blind spots. IBM is a proud Alliance Partner in the Joint Cyber Defense Collaborative (JCDC) that DHS CISA formed, helping its critical mission to establish a collective and coordinated defense against cybercrime. In addition, we remain committed to democratizing our X-Force threat intelligence and developing new threat insights At its core, IBM's security portfolio is meant to help simplify Security for our customers, and we're doing that by relying on open technologies and solutions founded on open security standards, so interoperability, collaboration, and agility are never sacrificed. More and more businesses are recognizing Enlighten us on how you have impacted Security through your expertise in the market. As I mentioned earlier, there was a lot of education that needed to be done when it comes to hackers and 22 23 www.ciolook.com | May 2022 | www.ciolook.com | May 2022 |
Michael Coden A Futuristic Leader Protecting the Present I NIST Cybersecurity Framework and being named the th 6 most innovative cybersecurity leader of 2021. The one who achieved these honors is Michael Coden, one of the top cybersecurity leaders specializing in strategy, implementation, and resilience. He has an array of roles in the form of Managing Partner at Magjic, Senior Advisor to BCG, Associate Director at Cybersecurity at MIT Sloan, Advisor to Safe Inc., Advisor to The Decision Lab, and Member of the DBOS-Project. His advice and consultation attract Boards, CEOs, C-suites, and CISOs so that they gain from his valuable knowledge about IT and OT. magine boasting a CV with a letter of appreciation from the White House for leadership qualities in helping the National Security Council develop the in Business Administration from Columbia University, and a Masters in Mathematics from the Courant Institute of Mathematical Sciences at NYU. After graduating from MIT, Michael first started working for HP in their computer division, developing the first minicomputer timesharing system. He was recruited away by Digital Equipment Corporation (DEC) where he developed a new memory system that allowed 3 CPUs to access the same main memory for parallel processing, and the first multitasking operating system for minicomputers. Impressed with his achievements, a customer hired him away from DEC to automate a marine container shipping terminal. Using minicomputers and a unique database system he helped develop called MUMPS, he was able to reduce the loading and unloading of a 50,000-ton container ship from 3 weeks (manually) to 8 hours, 15 minutes. Michael was then invited to join Exxon corporation to invest in innovative technologies and started the Optical Information Systems (OIS) division of Exxon, one of the first three companies to commercialize semiconductor lasers. OIS was acquired by McDonnell Douglas, which used OIS lasers to deploy the US military satellite communications system – a ring of satellites around the earth that communicated securely using beams of laser light. This started his career in the cybersecurity domain. Michael is the author of 17 patents on network equipment, data protocols, cyber risk quantification, and fiber optic semiconductor devices. He has also authored numerous scholarly contributions and published The Fiber Optic LAN Handbook, with a circulation of 100,000 copies. He is committed to arming companies to protect themselves against cyber- attacks through his various advisory roles and his company Magjic. The First Attack of Knowledge “ Michael has a Bachelors degree in electrical engineering and computer science from MIT, a Masters Michael had the wonderful opportunity to co-found Codenoll Technology Corporation specializing in highly secure networks for companies across all critical industries, including organizations such as the US Air Force, US Navy, AT&T, and the New York Stock Exchange and many others. Codenoll was acquired by ADC Telecommunications, where he continued as Vice President of Technology and Marketing, developing secure hardware and data protocols. He then became President of an Israeli cybersecurity company, NextNine (now Honeywell), where he helped develop software to secure critical infrastructure systems used by companies like Shell, Motorola Cellular “ 24 Michael Coden Managing Partner Magjic Consulting I believe that one mark of a true leader is to always have a succession plan. Senior Advisor Boston Consulting Group (BCG) Associate Director Cybersecurity at MIT Sloan www.ciolook.com | May 2022 |
Michael Coden A Futuristic Leader Protecting the Present I NIST Cybersecurity Framework and being named the th 6 most innovative cybersecurity leader of 2021. The one who achieved these honors is Michael Coden, one of the top cybersecurity leaders specializing in strategy, implementation, and resilience. He has an array of roles in the form of Managing Partner at Magjic, Senior Advisor to BCG, Associate Director at Cybersecurity at MIT Sloan, Advisor to Safe Inc., Advisor to The Decision Lab, and Member of the DBOS-Project. His advice and consultation attract Boards, CEOs, C-suites, and CISOs so that they gain from his valuable knowledge about IT and OT. magine boasting a CV with a letter of appreciation from the White House for leadership qualities in helping the National Security Council develop the in Business Administration from Columbia University, and a Masters in Mathematics from the Courant Institute of Mathematical Sciences at NYU. After graduating from MIT, Michael first started working for HP in their computer division, developing the first minicomputer timesharing system. He was recruited away by Digital Equipment Corporation (DEC) where he developed a new memory system that allowed 3 CPUs to access the same main memory for parallel processing, and the first multitasking operating system for minicomputers. Impressed with his achievements, a customer hired him away from DEC to automate a marine container shipping terminal. Using minicomputers and a unique database system he helped develop called MUMPS, he was able to reduce the loading and unloading of a 50,000-ton container ship from 3 weeks (manually) to 8 hours, 15 minutes. Michael was then invited to join Exxon corporation to invest in innovative technologies and started the Optical Information Systems (OIS) division of Exxon, one of the first three companies to commercialize semiconductor lasers. OIS was acquired by McDonnell Douglas, which used OIS lasers to deploy the US military satellite communications system – a ring of satellites around the earth that communicated securely using beams of laser light. This started his career in the cybersecurity domain. Michael is the author of 17 patents on network equipment, data protocols, cyber risk quantification, and fiber optic semiconductor devices. He has also authored numerous scholarly contributions and published The Fiber Optic LAN Handbook, with a circulation of 100,000 copies. He is committed to arming companies to protect themselves against cyber- attacks through his various advisory roles and his company Magjic. The First Attack of Knowledge “ Michael has a Bachelors degree in electrical engineering and computer science from MIT, a Masters Michael had the wonderful opportunity to co-found Codenoll Technology Corporation specializing in highly secure networks for companies across all critical industries, including organizations such as the US Air Force, US Navy, AT&T, and the New York Stock Exchange and many others. Codenoll was acquired by ADC Telecommunications, where he continued as Vice President of Technology and Marketing, developing secure hardware and data protocols. He then became President of an Israeli cybersecurity company, NextNine (now Honeywell), where he helped develop software to secure critical infrastructure systems used by companies like Shell, Motorola Cellular “ 24 Michael Coden Managing Partner Magjic Consulting I believe that one mark of a true leader is to always have a succession plan. Senior Advisor Boston Consulting Group (BCG) Associate Director Cybersecurity at MIT Sloan www.ciolook.com | May 2022 |
99.96% of all cyberattacks in less than 1 second in the operating system at zero additional cost. This compares favorably with current expensive external SIEMs and analytics engines that typically require 4-5 hours and are only 80%-90% accurate. Moreover, DBOS can be "rolled back" to the state before the attack in less than 5 minutes, allowing much faster and more robust business continuity when compared with current backup/restore technologies. cluster management. Exciting and important are the cybersecurity functions built into DBOS. There are many use cases for it, so he believes that this could be the next generation of operating systems. Cyber protection strategies often take years to implement, at great expense. Companies need to make sure they can detect, respond, recover, and continue business operations. He would promote cyber risk quantification as a way of prioritizing cyber investments. Most importantly, he would like to see the applications being transformed to the cloud be transformed to DBOS for greater cyber-resiliency. His contributions to the cybersecurity industry have ranged from helping develop the NIST Cybersecurity Framework to developing several ways for companies to implement increased cybersecurity at a reduced cost. One of his contributions is BCG's Cyber Doppler, a method and patented tool for quantifying cyber risk that allows companies to make cyber investment decisions based on an ROI, which is calculated as: the "greatest reduction in cyber risk" divided by the cost of cyber projects. This method has allowed many companies to optimize their cyber strategy and spend. He shares, "I am currently on the advisory board of Safe. security Inc., which provides a cyber risk quantification product. I have also developed methodologies for enabling companies to develop common reusable cyber functions for multiple cloud service providers. Many companies have used this approach to reduce the time and cost of developing secure cloud applications and reduce security and audit operational costs. Reducing development time allows products to generate revenue more quickly; reducing operating costs allows software systems to be more profitable." He adds, "Additionally, I have pioneered dissecting "cyberculture" into "cyber behaviors and am a member of the Advisory Board of The Decision Lab, a behavioral science think tank. I have also helped develop methods for companies to cost-effectively increase their cyber resilience, which is my current focus." Focusing on the Idea Michael expects a significant shift in attention and investment from cyber protection to cyber resilience. He shares, "At BCG, MIT, Safe, and Magjic we have done a lot of work in this area, advising Boards, CEOs, C-suites, and CSO/CISOs to prepare, execute and deploy cost effective cyber resiliency in their organizations. Longer term, I envision a shift from writing applications in complex Linux/Kubernetes containerized environments to the more elegant and cyber-resilient DBOS serverless cloud environment. I am currently seeking companies who will volunteer to test the DBOS prototype that we have developed at MIT and Stanford." In his advice to budding entrepreneurs, Michael gives his concluding thoughts, Communications, GE Healthcare, Rockwell Automation, Schneider Electric, ABB, Yokogawa, Tokyo Electron and many others. His journey with the Boston Consulting Group (BCG) began when the company hired him to build its Cybersecurity Practice. He built one of the fastest growing and highly respected cybersecurity consulting practices, resulting in The Consulting Report naming him number 6 in "The Top 50 Cybersecurity Leaders of 2021. In 2020, he encountered DBOS, a new operating system developed at MIT and Stanford that will revolutionize cybersecurity. On January 1, 2022, he turned the BCG Cyber Practice over to his successors, resigning as Managing Director of BCG, where he remains a part- time Senior Advisor. Magjic. Michael says, "All organizations are targets and will be successfully compromised. Those that are resilient will suffer the least damage. Building ever more complex cyber-protection takes a long time and a lot of investment. Building effective detection, response, and business continuity plans can be made quickly at a much lower cost. Boards of Directors knowing that the company cannot protect against all possible attacks and encouraged by the new SEC rules that will require business continuity plans to be described in 10-K and 10-Q, will reorient organizations thinking to be more focused on resilience. At both BCG and Magjic, I advise Boards, CEOs, C-suites, and CSO/CISOs on prioritizing, activating, and implementing cyber-resilience that will reduce the impact and damages from a successful cyberattack." • Focus on the value your idea will deliver. First describe why someone would give their money to you. You must be able to concisely articulate the value of your product in 2-3 sentences. Then work backward from the value proposition to how you deliver that value, and lastly, the technology you developed.” Experimenting Ideas, Delivering Results Michael is working with a team of 20 faculty and students at MIT and Stanford led by Mike Stonebraker (Turing Award Laureate) on a new operating system that is a relational database built on "bare metal" (DBOS). All the applications run as stored procedures wildly fast in DBOS, without having an extra layer like Windows or Linux/Kubernetes complicating system operation and slowing things down (think 10x quicker). DBOS is also much more scalable than current operating systems eliminating the need for complex • “Twice a year I ask my team to give me a ‘Report Card.’ They gather together for two hours, without me in the room, and then give me an anonymous report on what I should do, and stop doing, to make their jobs better and easier – with feedback on how well I’m doing implementing their previous Report Card. The Gateway to Cybersecurity Specialization In addition to advising Boards and senior executives on cybersecurity, Michael's long-term strategy is to help commercialize the DBOS operating system. The DBOS prototype has demonstrated the ability to detect Michael's belief that the focus of cybersecurity needs to shift from protection to resilience is the mission of • I believe that one mark of a true leader is to always have a succession plan 26 27 www.ciolook.com | May 2022 | www.ciolook.com | May 2022 |
99.96% of all cyberattacks in less than 1 second in the operating system at zero additional cost. This compares favorably with current expensive external SIEMs and analytics engines that typically require 4-5 hours and are only 80%-90% accurate. Moreover, DBOS can be "rolled back" to the state before the attack in less than 5 minutes, allowing much faster and more robust business continuity when compared with current backup/restore technologies. cluster management. Exciting and important are the cybersecurity functions built into DBOS. There are many use cases for it, so he believes that this could be the next generation of operating systems. Cyber protection strategies often take years to implement, at great expense. Companies need to make sure they can detect, respond, recover, and continue business operations. He would promote cyber risk quantification as a way of prioritizing cyber investments. Most importantly, he would like to see the applications being transformed to the cloud be transformed to DBOS for greater cyber-resiliency. His contributions to the cybersecurity industry have ranged from helping develop the NIST Cybersecurity Framework to developing several ways for companies to implement increased cybersecurity at a reduced cost. One of his contributions is BCG's Cyber Doppler, a method and patented tool for quantifying cyber risk that allows companies to make cyber investment decisions based on an ROI, which is calculated as: the "greatest reduction in cyber risk" divided by the cost of cyber projects. This method has allowed many companies to optimize their cyber strategy and spend. He shares, "I am currently on the advisory board of Safe. security Inc., which provides a cyber risk quantification product. I have also developed methodologies for enabling companies to develop common reusable cyber functions for multiple cloud service providers. Many companies have used this approach to reduce the time and cost of developing secure cloud applications and reduce security and audit operational costs. Reducing development time allows products to generate revenue more quickly; reducing operating costs allows software systems to be more profitable." He adds, "Additionally, I have pioneered dissecting "cyberculture" into "cyber behaviors and am a member of the Advisory Board of The Decision Lab, a behavioral science think tank. I have also helped develop methods for companies to cost-effectively increase their cyber resilience, which is my current focus." Focusing on the Idea Michael expects a significant shift in attention and investment from cyber protection to cyber resilience. He shares, "At BCG, MIT, Safe, and Magjic we have done a lot of work in this area, advising Boards, CEOs, C-suites, and CSO/CISOs to prepare, execute and deploy cost effective cyber resiliency in their organizations. Longer term, I envision a shift from writing applications in complex Linux/Kubernetes containerized environments to the more elegant and cyber-resilient DBOS serverless cloud environment. I am currently seeking companies who will volunteer to test the DBOS prototype that we have developed at MIT and Stanford." In his advice to budding entrepreneurs, Michael gives his concluding thoughts, Communications, GE Healthcare, Rockwell Automation, Schneider Electric, ABB, Yokogawa, Tokyo Electron and many others. His journey with the Boston Consulting Group (BCG) began when the company hired him to build its Cybersecurity Practice. He built one of the fastest growing and highly respected cybersecurity consulting practices, resulting in The Consulting Report naming him number 6 in "The Top 50 Cybersecurity Leaders of 2021. In 2020, he encountered DBOS, a new operating system developed at MIT and Stanford that will revolutionize cybersecurity. On January 1, 2022, he turned the BCG Cyber Practice over to his successors, resigning as Managing Director of BCG, where he remains a part- time Senior Advisor. Magjic. Michael says, "All organizations are targets and will be successfully compromised. Those that are resilient will suffer the least damage. Building ever more complex cyber-protection takes a long time and a lot of investment. Building effective detection, response, and business continuity plans can be made quickly at a much lower cost. Boards of Directors knowing that the company cannot protect against all possible attacks and encouraged by the new SEC rules that will require business continuity plans to be described in 10-K and 10-Q, will reorient organizations thinking to be more focused on resilience. At both BCG and Magjic, I advise Boards, CEOs, C-suites, and CSO/CISOs on prioritizing, activating, and implementing cyber-resilience that will reduce the impact and damages from a successful cyberattack." • Focus on the value your idea will deliver. First describe why someone would give their money to you. You must be able to concisely articulate the value of your product in 2-3 sentences. Then work backward from the value proposition to how you deliver that value, and lastly, the technology you developed.” Experimenting Ideas, Delivering Results Michael is working with a team of 20 faculty and students at MIT and Stanford led by Mike Stonebraker (Turing Award Laureate) on a new operating system that is a relational database built on "bare metal" (DBOS). All the applications run as stored procedures wildly fast in DBOS, without having an extra layer like Windows or Linux/Kubernetes complicating system operation and slowing things down (think 10x quicker). DBOS is also much more scalable than current operating systems eliminating the need for complex • “Twice a year I ask my team to give me a ‘Report Card.’ They gather together for two hours, without me in the room, and then give me an anonymous report on what I should do, and stop doing, to make their jobs better and easier – with feedback on how well I’m doing implementing their previous Report Card. The Gateway to Cybersecurity Specialization In addition to advising Boards and senior executives on cybersecurity, Michael's long-term strategy is to help commercialize the DBOS operating system. The DBOS prototype has demonstrated the ability to detect Michael's belief that the focus of cybersecurity needs to shift from protection to resilience is the mission of • I believe that one mark of a true leader is to always have a succession plan 26 27 www.ciolook.com | May 2022 | www.ciolook.com | May 2022 |
I n a world driven by information, cybercrimes are constantly rising with the growing digitalization in every field. Cyber attackers are prepared to exploit even slight complacency. Being equipped against these attackers with solid cybersecurity defenses is a critical strategy. onShore Security is exclusively focused on ensuring the safety of the precious information of its clients, aiming to enhance the clients' freedom by strengthening cybersecurity defenses. Stel Valavanis founded onShore Networks in 1991, elevating and maintaining the cybersecurity defenses of every organization. banks and other clients. He expanded and created onShore Networks (former name of onShore Security), and then the company continued to grow as needed to best serve its clients. That was the driver for a lot of the growth of onShore. Many of onShore's clients were facing the sudden loss of their internet service as their provider shut down. Therefore, the company built its ISP almost overnight to ensure its clients could continue doing their work. In 2015, the company shifted its approach to focus exclusively on security when cybersecurity had become the most important thing for its clients. onShore Security knew that it would be the most significant part of the security industry, where the company could have the most impact and continue to expand its capabilities and service. Focus Exclusively On Security Stel's journey as an entrepreneur in the online space started when he was a sole proprietor, working for Security is A Process A core belief at onShore is that "Security is a process, not a product." A security operation is like a living thing, evolving, growing, and learning. A policy is tuned and refined using automation and human analysis, recursively becoming more robust with each cycle. The biggest challenge, and the core mission in cybersecurity, is to stay ahead of known threats, strategize for unknown threats, and prepare for the dangers that exist slightly beyond the event horizon of current technology. It's a constant struggle against bad actors. Anyone downplaying that is probably trying to sell you a product; Security without the work of the process. onShore Security is constantly challenging the notion that security can be purchased as a product off the shelf. onShore Security provides 24/7 real- time monitoring, correlation, and organization-wide network security data analysis. 28 www.ciolook.com | May 2022 |
I n a world driven by information, cybercrimes are constantly rising with the growing digitalization in every field. Cyber attackers are prepared to exploit even slight complacency. Being equipped against these attackers with solid cybersecurity defenses is a critical strategy. onShore Security is exclusively focused on ensuring the safety of the precious information of its clients, aiming to enhance the clients' freedom by strengthening cybersecurity defenses. Stel Valavanis founded onShore Networks in 1991, elevating and maintaining the cybersecurity defenses of every organization. banks and other clients. He expanded and created onShore Networks (former name of onShore Security), and then the company continued to grow as needed to best serve its clients. That was the driver for a lot of the growth of onShore. Many of onShore's clients were facing the sudden loss of their internet service as their provider shut down. Therefore, the company built its ISP almost overnight to ensure its clients could continue doing their work. In 2015, the company shifted its approach to focus exclusively on security when cybersecurity had become the most important thing for its clients. onShore Security knew that it would be the most significant part of the security industry, where the company could have the most impact and continue to expand its capabilities and service. Focus Exclusively On Security Stel's journey as an entrepreneur in the online space started when he was a sole proprietor, working for Security is A Process A core belief at onShore is that "Security is a process, not a product." A security operation is like a living thing, evolving, growing, and learning. A policy is tuned and refined using automation and human analysis, recursively becoming more robust with each cycle. The biggest challenge, and the core mission in cybersecurity, is to stay ahead of known threats, strategize for unknown threats, and prepare for the dangers that exist slightly beyond the event horizon of current technology. It's a constant struggle against bad actors. Anyone downplaying that is probably trying to sell you a product; Security without the work of the process. onShore Security is constantly challenging the notion that security can be purchased as a product off the shelf. onShore Security provides 24/7 real- time monitoring, correlation, and organization-wide network security data analysis. 28 www.ciolook.com | May 2022 |
Leading by Example Changing the Misconceptions The misinformed presumption that a company need not worry about cyberattacks because they have insurance is part of a more considerable misunderstanding of cybersecurity. Stel would love to see this presumption change. Many companies Stel has talked to misbelieve that they are inherently more secure if they move part of their operation to the cloud or believe they can pass on responsibility by engaging with third-party vendors. Stel doesn't expect every leader or member of a board of directors to have a high-level understanding of cybersecurity processes and practices. Still, there are a lot of myths and misunderstandings out there that inform security strategy and posture that Stel would love to see debunked. Another impact that onShore security had in the industry is the processes and policies that developed its Panoptic Cyberdefense. onShore Security hopes to lead by example and take cybersecurity beyond perimeter- based defense in its offering. onShore Security believes that all the traffic on the network needs to be analyzed, and its emphasis on detection is starting to manifest as more security operations focus on MDR and XDR. Speeding Up Processes A significant recent technological advance for onShore Security is introducing a new machine learning cluster into its stack. It will augment the ability of its expert analysts to correlate data to inform tuning, model larger data sets, more precisely ingest data streams, and speed up many of its processes. onShore Security is already seeing better outcomes with more speed. Elevating Defenses Stel believes that cybersecurity threats will continue to grow in the coming years. Attacks will continue to evolve to include disruptions that are felt offline, in real life, by people outside the scope of a business or organization. State-funded attacks on supply chains will cause issues and shortages that will range from inconvenient to deadly. He states that there have already been attacks on medical facilities that resulted in care being delayed or refused. There have been fatalities due to this, and he wants to elevate and strengthen defenses. Identifying the Source of Threats Accelerating attacks perpetrated by state-funded organizations is a significant change in the cybersecurity field, and onShore Security is already seeing this happen. These attacks are both parts of a cyber arm of military force and civilian groups, sponsored and funded by nation-states. Protecting Clients and the Community with Security Stel's advice to people looking to enter the cybersecurity space as entrepreneurs are to make sure they want to do it. Starting a business, especially in cybersecurity, will mean much time away from family, friends, and life outside the industry. It will mean spending a lot of time and effort on projects that may ultimately fail and seeing that as part of the ongoing improvement process. Stel says, "However, if you have the commitment and ambition to do amazing things, this is the place. Cybersecurity is an ever-changing and exciting field, and I feel that protecting our clients and the community is a just and worthwhile goal. At onShore, we believe that security gives us freedom, and it is very satisfying to see that in action, as our clients do what they do best without fear of cyberthreat.” Stel says, "Cybercrime will continue to grow, but it will be increasingly clear that we are not merely headed for a world full of cyberwar, but we are already living in it. The motivations and tactics of these cyber attackers will challenge a lot of ideas and practices that are central to the current common cyber defense strategy. On the other side, governments will expand regulation, and compliance with such laws will be a much more visible effort for businesses and organizations." Stel also believes that there is a change in cybersecurity insurance coming. He says, "Providers will be more discerning, requiring companies to qualify for coverage. Cyber insurance premiums and other costs will grow, but it will hopefully become more evident to more companies that insurance is not protection." 30 www.ciolook.com | May 2022 |
Leading by Example Changing the Misconceptions The misinformed presumption that a company need not worry about cyberattacks because they have insurance is part of a more considerable misunderstanding of cybersecurity. Stel would love to see this presumption change. Many companies Stel has talked to misbelieve that they are inherently more secure if they move part of their operation to the cloud or believe they can pass on responsibility by engaging with third-party vendors. Stel doesn't expect every leader or member of a board of directors to have a high-level understanding of cybersecurity processes and practices. Still, there are a lot of myths and misunderstandings out there that inform security strategy and posture that Stel would love to see debunked. Another impact that onShore security had in the industry is the processes and policies that developed its Panoptic Cyberdefense. onShore Security hopes to lead by example and take cybersecurity beyond perimeter- based defense in its offering. onShore Security believes that all the traffic on the network needs to be analyzed, and its emphasis on detection is starting to manifest as more security operations focus on MDR and XDR. Speeding Up Processes A significant recent technological advance for onShore Security is introducing a new machine learning cluster into its stack. It will augment the ability of its expert analysts to correlate data to inform tuning, model larger data sets, more precisely ingest data streams, and speed up many of its processes. onShore Security is already seeing better outcomes with more speed. Elevating Defenses Stel believes that cybersecurity threats will continue to grow in the coming years. Attacks will continue to evolve to include disruptions that are felt offline, in real life, by people outside the scope of a business or organization. State-funded attacks on supply chains will cause issues and shortages that will range from inconvenient to deadly. He states that there have already been attacks on medical facilities that resulted in care being delayed or refused. There have been fatalities due to this, and he wants to elevate and strengthen defenses. Identifying the Source of Threats Accelerating attacks perpetrated by state-funded organizations is a significant change in the cybersecurity field, and onShore Security is already seeing this happen. These attacks are both parts of a cyber arm of military force and civilian groups, sponsored and funded by nation-states. Protecting Clients and the Community with Security Stel's advice to people looking to enter the cybersecurity space as entrepreneurs are to make sure they want to do it. Starting a business, especially in cybersecurity, will mean much time away from family, friends, and life outside the industry. It will mean spending a lot of time and effort on projects that may ultimately fail and seeing that as part of the ongoing improvement process. Stel says, "However, if you have the commitment and ambition to do amazing things, this is the place. Cybersecurity is an ever-changing and exciting field, and I feel that protecting our clients and the community is a just and worthwhile goal. At onShore, we believe that security gives us freedom, and it is very satisfying to see that in action, as our clients do what they do best without fear of cyberthreat.” Stel says, "Cybercrime will continue to grow, but it will be increasingly clear that we are not merely headed for a world full of cyberwar, but we are already living in it. The motivations and tactics of these cyber attackers will challenge a lot of ideas and practices that are central to the current common cyber defense strategy. On the other side, governments will expand regulation, and compliance with such laws will be a much more visible effort for businesses and organizations." Stel also believes that there is a change in cybersecurity insurance coming. He says, "Providers will be more discerning, requiring companies to qualify for coverage. Cyber insurance premiums and other costs will grow, but it will hopefully become more evident to more companies that insurance is not protection." 30 www.ciolook.com | May 2022 |
