The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
Influential Business Leaders in Security services | CIO Look
1. A Technovert with Incomparable Leadership
Stelios
Valavanis
Stelios Valavanis
CEO
November 2019
Influential
Leaders in
Security
2019
Digital Revolution
Data Center Security:
Controlling Possible Threats
Securing Future
Cyber Security
Secure Your Network
with Intelligence
Editor’s Prespective
Network Security
Threats and Soloution
4. Revolutionizing Security
Sector with Strong Leadership
In today’s digitalized world Internet, Artificial
Intelligence, Cloud Computing, Internet of Things, and
many other technologies are all connected. All the
valuable data is stored in these systems. Securing this
information becomes essential, especially in the world
where various big network systems are interconnected.
This valuable information is at risk due to various security
threats. These security threats could be malware, viruses,
ransom wares, theft, cyber threats, trojans, hacking, and so
on. Leading these companies without any damage to
security is a great responsibility as well as challenging. This
gives these leaders an opportunity to demonstrate their
talents, skills, abilities, competence in ensuring security of
their organizations.
The cybersecurity sector is evolving at a rapid speed,
therefore it is essential to be able to grab the opportunity
to maintain a competitive edge over others. Having
traditional industry knowledge is surely helpful, but leader
should also be aware of the recent trends and new
developments within the industry. On a daily basis, one
should also take advantage of several publications available
in the market related to security domain. One should also
prefer to go through the daily news so as to keep updated
one’s intelligence. One should communicate directly with
customers and business partners, understand their needs
and deliver quality solutions as per their requirements.
Leaders in the cybersecurity sector should have strong
understanding of various business strategies, threats to
security, consumer needs, and how a company’s technology
can solve them. Leaders in security domain should utilize
technology and various resources to come solve the
EDITOR’S NOTE
5. challenges available in the security domain. In an increasingly flexible workforce, having secure
remote connectivity is essential. Delivering user friendly solution for remote connectivity that
enforces standardized security controls by using strong encryption methods regardless of the
device or network being utilized. Leaders in security should have the understanding of most secure
encryption methods and should have basic understanding of remote sensing and various secure
communication methods.
Leaders in security should keep in mind that its not just about protecting information of their
clients but it is nowadays becoming universal need and should be prepared to ensure security for
general public as well as students and practically for everyone who is in the online world. Their is
always a lot more to improve the quality of solutions in this domain and making information more
and more secure. So there is enough room for all leaders in this sector. They can adapt to all recent
trends and technologies and prevent biggest damages that come up with the security threats.
Influential leaders hold the capability to come with innovative solutions to destroy all the threats
available to security. This could lead to a more secure digital world.
Recognizing influential leaders in security, CIO Look has shortlisted, “Influential Leaders in
Security”
Featuring our cover story in which notable influential leader in security is highlighted. Stelios
Valavanis, CEO at onShore Security, is proficient leader who is bringing changes in the security
sector with his extensive experience ranging from OS and development to network design. Stelios
believes cybersecurity leaders should have a high degree of expertise in cybersecurity and IT in
general. They must possess expertise in things like risk management, and legal matters. They have
to guide their company and their clients through complex problems with many potential solutions,
and make the best choices for everyone. Sometimes, immediately solution is not possible, but
leaders need to hold their nerves to draw on both past experience and new ideas.
Also, make sure to go through the articles, written by our in-house editorial team as well as CXO
standpointsofnotableindustrypersonalitiestohavebriefinsightsofthesector.
Sharad Chitalkar
Influential
Security
Leadersin
2019
6. 08Cover Story
Article
A Technovert with
Incomparable Leadership
Stelios
Valavanis
Securing Future
Cyber Security
Secure Your Network
with Intelligence
Digital Revolution
Data Center Security:
Controlling Possible Threats
Editor’s Prespective
Network Security
Threats and Soloution
20 28 38
7. C O N T E N T S
Sebastián Stranieri
Make Operations Easier,
Simpler and more Secure
Steven Russo
With a Passionate Team,
Revolutionize, Cyber Security
3432
2416
Anita D’Amico
Envisioning the Future
and Making It Happen
Gregg Smith
A Promising Leader
in IP Security
10. A Technovert with Incomparable Leadership
Stelios
Valavanis
“ “We achieve our mission in three
ways: Panoptic Cyberdefense,
Cybersecurity Leadership and
Managed Security Systems.
12. start a software company and
identify as a technologist, rather
than a businessman. After getting
his physics degree, he again had
that same lack of clarity for
understanding ambitions towards
entrepreneurship. After that he
worked on several entrepreneurial
ventures, as much in art and media
as tech and IT. When he founded
onShore as a software
development company, it took
landing a few larger clients to
finally realize what he actually
needed to focus on. Since then, he
fully embraced the business world
and was able to rebuild onShore as
a prominent cybersecurity
company.
onShore Security has its own
proprietary platform, which allows
for a good amount of
customizability. But so much of
what a particular client needs has
to do with categorizing and
weighing criticality for events and
that’s embedded in rule-sets that
the company fully manage and
tune on an ongoing basis. In
addition to that, there are varying
compliance needs, and onShore
Security offers add-ons to satisfy
those.
All of the company’s clients share
one thing: the desire to do what
they do best, in a way that keeps
their business as well as their own
clients as safe and secure as
possible. Beyond that, clients are a
truly diverse pool of organizations
and businesses. The platform was
developed, in house, with this
diversity in mind. The platform
itself is highly customizable, but
the staff must also be prepared to
serve every kind of customer. In
the company, the team manages
and tune rule sets that are as
unique as clients, as well as
compliance requirements and
additional services and equipment.
In the tech industry, developing
good talent is a huge challenge,
especially in cybersecurity. There
is a large need for talent and there
are many opportunities for skilled
experts. Employee retention is
directly tied to building culture,
which can be challenging to do
from the top. As a CEO, it can be a
challenge to find the right balance
between process and flexibility.
Having a well-designed process
will make it easier when flexibility
is necessary, and to adapt the
process to meet changing
obstacles. Stelios advises
emerging leaders, “not to do it
unless you’re willing to make a very
big commitment.” Being the CEO of
a company can put undue stress
on a CEO’s family. As a CEO, there
is a feeling that there is always
more that can be done, and doing
anything not related to the
company is at its expense.
Staying informed is crucial. Stelios
makes sure to stay invested in
education and broadening his
knowledge and expertise. He still
attends events such as classes,
workshops, and seminars, as well
as regularly reading news and
developing theoretical material.
The best way to
predict the future
is to make the
future.
““
E
very leader must have
patience, discipline,
vision, opportunism,
adaptability, calmness
under pressure and
steadfastness. Staying the course
when the path seems difficult or
unknown, but the willingness to
explore and act as a pathfinder for
the community. These traits are
necessary for self-improvement
but the most difficult job is to
induce people to follow and
inspire them by setting good
examples. Stelios Valavanis, CEO
at onShore Security, is one such
proficient who is bringing changes
with his extensive experience
ranging from OS and development
to network design.
Below is his story:
Stelios has always been interested
in science and technology. He
started learning to program at the
age of 9 years but didn’t recognize
his entrepreneurial spirit, even
though his parents were
entrepreneurs. In high school, he
thought it would be a good idea to
14. like risk management, and legal matters. They have
to guide their organization and their clients through
complex problems with many potential solutions,
and make the best choices for all parties. Sometimes,
it isn’t immediately clear what the best solution may
be, and CEOs will need to draw on both past
experience and new ideas. In many other kinds of
companies, CEOs don’t have to be as much of an
expert in their company’s offerings. In cybersecurity,
a CEO should be well-versed in history, best
practices, and tested methods, but also able and
willing to explore and try new things. The problem
that cybersecurity solves grows more complex every
day, and it is the job of the cybersecurity CEO to
simplify and solve that problem.
onShore Security leads by example. It believes that
analysis and detection are the most important tools
in the box, and the company has developed the
capabilities in these areas to put it at the very top of
the security maturity stack. To get best results, it
pushes peers and competitors both so they develop
their own technology, as well as their people. The
company values its analysts and considers that
technological development is all ultimately to serve
experts and solving evolving obstacles in
cybersecurity by applying experience and adapting
the company’s hardware, software, and process.
onShore Security wants to continue to be part of the
national cybersecurity community in a meaningful
way and increase its outreach. It believes that
members of a community care for each other and
care for the community as a whole, and that this is a
uniquely dangerous time for the community. Stelios
asserts, “we, as a country, are at tremendous risk. I feel
both a personal responsibility as well as a financial
responsibility to my company to elevate the security
posture of every single company that we can.”
He constantly stays up-to-date on fast moving topics,
such as new regulations or ongoing issues in the
space and also learns a great deal from his own staff
and their experience. Communicating with peers and
experts in other parts of the same field is also a good
way to learn. According to Stelios “I’m always willing
to experiment to further my own understanding of
cybersecurity and we test out a lot of ideas and
hypothetical solutions in-house. Many of our passion
projects have informed us and become onShore Security
products.”
For budding entrepreneurs Stelios advises “Before
you do anything, you should know why you’re doing it. If
you’re goal is to make money, stop right there. Climb the
corporate ladder instead. It’s safer and easier. If you
want to do something amazing, don’t think small and
safe. Do something big, bold and if it fails, fail fast, learn
the lessons, and move on.” Build a leadership team
around by choosing carefully additional effective
leaders or by finding people that can be groomed and
trained for leadership roles. Most importantly, listen
to everyone, but use that information to chart own
course. Don’t be afraid to dilute equity if investors
brings additional leadership to the table. One has to
be prepared to take the good with the bad and see it
all as part of a rocky, but rewarding adventure.
Stelios believes cybersecurity CEOs must absolutely
have a high degree of expertise in cybersecurity and
IT in general. They have to have expertise in things
Why Do We Do IT? Because
Security Gives Us Freedom.
“ “
15. Case Studies
onShore has worked with one Midwestern bank for
the past three years. Since then, no network
breaches were witnessed and the bank now
completely relies on one managed security services
provider. The bank also states that banking
regulators, the C-suite and board are happy and
onShore has brought “calmness to a turbulent
environment.”
“It’s nice to have someone overlooking everything. We
didn’t have visibility over our entire network before
onShore. We have a lot more peace of mind and
can sleep better at night with onShore,” says
the bank.
Prior to working with onShore to
handle all of their network security, the
bank used numerous outside RMS to
provide cybersecurity, which did not
work well. Having worked with
onShore previously at another
Midwestern bank with over $3 billion
in assets, the bank’s CFO brought
onShore in to provide Cybersecurity
Leadership consulting, focused on
addressing major upgrades and network
changes.
Below are some of the services provided by
onShore as part of the consultation:
Ÿ Develop a scheduled monthly meeting
Ÿ Establish a preferred communications dynamic
Ÿ Participation in the bank’s IT steering committee
Ÿ Review and discussion of security related
projects
Ÿ Ongoing discussion and
recommendations for security
and architecture.
Ÿ Start discussion for development of risk
management practices and security policies.
onShore was selected so that cybersecurity could be
incorporated into bank planning and was then
selected to provide security orchestration – i.e.
onShore’s “SOC-as-a-Service.”
Cover Story
17. 1 Year
12 Issues
$250
6 Months
6 Issues
$130
3 Months
3 Issues
$70
1 Month
1 Issue
$25
CHOOSE OUR SUBSCRIPTION
Stay in the known.
Subscribe to CIOLOOK
Get CIOLOOK Magazine in print, and
digital on www.ciolook.com
18. Don't be afraid to imagine
something that doesn't exist. With
the support of diligent, smart
people and a network of contacts, it
can become a reality.
Anita D'Amico, Ph.D
CEO
Code Dx, Inc.
| November2019 |
16
19. Anita D'Amico-
Envisioning the Future and Making It Happen
eing a leader requires many different traits. One of
Bthe most important traits is having a vision for the
organization and executing on that vision. With
passion, determination and knowledge, a leader can
achieve their long-term goals. Anita D’Amico, Ph.D., CEO
of Code Dx, Inc envisions a future. is one such leader who
technology or process -- particularly in cybersecurity, and
is creating the technical road map to achieve that vision.
Below are the highlights of an interview conducted
between CIO LOOK and Anita D’Amico:
Kindly take us through your journey on becoming a
leader.
My journey began more than 35 years ago working in
advanced technology and then more specifically
cybersecurity. For the first half of my career, I worked in
almost exclusively male fields; there were literally no
women executives where I worked. So, I observed the
men who were successful leaders, and even asked some
to mentor me. I learned from them and then adapted
those lessons into a style of leadership that suited me.
Over the years, I have honed a way of asking questions,
communicating, and working with others that is my own
leadership style. Several men who were mentors
influenced my growth as a leader. But I think my
leadership style was molded from those early years when
I was both trying to fit in, yet also stand out for my
competence.
My background in experimental psychology gives me a
unique perspective on cybersecurity, and affected the
technical and leadership roles I’ve taken on. As a human
factors psychologist, I have a passion for helping security
professionals better understand the state of their
cybersecurity, streamline their workflow and be able to
make more effective and efficient decisions.
My leadership of Code Dx is representative of that. Our
Code Dx Enterprise Application Security Management
System automates labor-intensive Application Security
(AppSec) processes and provides security analysts with a
cohesive set of information they can use to make faster
and more effective decisions about prioritizing and
remediating software vulnerabilities.
How do you diversify your organization’s offerings to
appeal to the target audience?
Our target audience includes software developers and
security professionals. These individuals are faced with
the challenge of ensuring that their organization’s
applications are secure; however, the tools and processes
available to them are disjointed and labor-intensive. They
typically work with several point solution products
designed for static code analysis, dynamic application
penetration testing, and software composition analysis.
And they engage in time-consuming processes for AppSec
testing, correlation of results, triage, prioritization,
remediation, reporting, and compliance verification.
Code Dx Enterprise is different because it brings all these
fragmented tools and processes together into a single
platform and automates many of the processes. So,
wherever a user is in the AppSec workflow, there’s a good
chance that Code Dx is offering a capability that makes
them more effective or efficient. For example, Code Dx
automates the correlation and de-duplication of results
from many different AppSec testing tools; it also creates a
unified, correlated view of application security that can
be used for prioritizing vulnerabilities for remediation; it
tracks remediation progress; and offers multi-level
reports of software security status. With Code Dx
Enterprise, the AppSec process can be accelerated,
vulnerabilities fixed faster, and costs reduced.
What are the crucial traits which every CEO must
possess?
There are a number of traits CEOs must possess in order
to be successful leaders. First, a CEO must have the
ability to motivate his or her team.
I also believe a CEO must be able to build trusting
relationships with other organizations. Building strong
relationships with clients is essential to the growth of the
organization. Building trust with technical partners
expands market opportunities. And building trust with
those who support the company’s infrastructure, such as
financial and technology providers, gives the organization
a solid foundation in which to operate.
Furthermore, there is no question that CEOs must have
the ability to communicate to a variety of audiences. They
Code Dx, Inc.
| November2019 |
17
20. must be able to represent the company at different levels
of abstraction from a more visionary, strategic level down
to a more granular level.
Lastly, an essential trait of a CEO is that he or she must be
able to stay focused on the big picture and not react too
quickly to smaller incidents or opportunities – always
keeping the larger vision in mind.
As per your opinion, what roadblocks or challenges are
faced by CEOs in business? And what is your advice to
overcome them?
Being a startup in an emerging market can pose many
challenges. Code Dx fits into two emerging markets as
defined by Gartner: Application Vulnerability Correlation
and Application Security Testing Orchestration. In this
earlier stage of market maturity, there is typically no
consensus on all the technical capabilities that a product
or solution should offer; what customers consider
essential capabilities evolves over time. As the market
matures, the sophistication of the customers and the
solutions grow.
This is the situation in which Code Dx happily finds itself.
As customers use products like Code Dx Enterprise, they
get hooked on what it offers and they want more. So, the
challenge we continually face is keeping up with and
predicting what the market expects to see in the next
versions of our solution, whether it’s next year or years
down the road. The way we address this challenge is
having a very nimble way of responding to requirements.
Our process is to first develop a quick prototype of the
capability and get it into the hands of our customers to
evaluate. We then build that capability out as there is
increasing demand from the market. Being agile is key.
Another big challenge for any startup is generating
revenue. Startups live and die based on revenue
generation whether they are funded or not. My advice to
overcome this challenge is to use multiple avenues for
generating sales. At Code Dx, we make our product
available for sale through many channels: direct sales,
resellers, partners and OEMs. It’s particularly important
to build strong relationships with resellers and service
partners, as they are force multipliers. We feed
opportunities to our overseas resellers and partners, who
are better positioned to engage with customers. I believe
it is important to support and respect our channel
partners.
How do you upgrade yourself with ever-evolving
technological trends to boost your personal and
company’s growth?
To be successful and to grow, it is important to be open to
new ideas. I come from an R&D background. Our
company was actually spun out of Secure Decisions, the
cybersecurity R&D division of Applied Visions, Inc. In my
20 years in cybersecurity R&D, I’ve been able to keep my
thumb on the pulse of what is in the laboratories, because
I continue to look at what’s happening in R&D. I also
follow what’s being funded and what’s being published by
university researchers.
As an automated security solution provider, what is your
contribution in evolving industry of security services?
Our contribution to the AppSec industry is our dedication
to understanding the barriers software developers and
security analysts face in producing secure software, and
developing solutions to overcome those barriers. By
automating many different disjointed processes and point
solution products on the market, we make sure that
everyone engaged in AppSec gets more value out of the
processes and products they use, and save time and
money throughout the software development lifecycle.
What will be your future endeavors and/or where do
you see yourself in the near future?
Right now, the AppSec market is siloed from the network
security market. I see Code Dx as bridging that gap in the
near future. We are already starting to move in that
direction by adding information about infrastructure
vulnerabilities into our application security management
system. This will enable security analysts and CISOs to
more clearly understand the security risk that is posed to
an entire application whether it originates from the
application’s code or from the various computing assets
(i.e. server, workstation) on which that code resides.
| November2019 |
18
22. ovember 3, 1988, is considered as a turning point
Nin the world of Internet. 25 Years ago a Cornell
University graduate student created first computer
worm on the Internet, “Morris Worm.” The Morris worm
was not a destructive worm, but it permanently changed the
culture of the Internet. Before Morris unleashed his worm,
the Internet was like a small town where people thought
little of leaving their doors unlocked. Internet security was
seen as a mostly theoretical problem, and software vendors
treated security flaws as a low priority.
Today, there is a paradigm shift, Morris worm was
motivated more by intellectual curiosity than malice, but it
is not the case today. According to a 2015 Report, 71% of
represented organizations experienced, at least, one
successful cyber attack in the preceding 12 months (up
from 62% the year prior).
According to survey report, discloses that, among 5500
companies in 26 countries around the world, 90% of
businesses admitted a security incident. Additionally, 46%
of the firms lost sensitive data due to an internal or external
security threat. On average enterprises pay US$551,000 to
recover from a security breach. Small and Medium business
spend 38K.
Incidents involving the security failure of a third-party
contractor, fraud by employees, cyber espionage, and
network intrusion appear to be the most damaging for large
enterprises, with average total losses significantly above
other types of the security incident.
Let’s Take a Look at Recurrent Security Threats Types-
Denial of Service Attacks
A denial of service (DoS) attack is an incident in which a
user or organization is deprived of the services of a resource
they would normally expect to have. These attacks are very
common, accounting for more than one-third of all network
attacks reviewed in the report. A standard approach is to
overload the resource with illegitimate requests for service.
Brute Force Attacks
Brute force attack tries to kick down the front door. It’s a
trial-and-error attempt to guess a system’s password. The
Brute Force Attack password cracker software simply uses
all possible combinations to figure out passwords for a
computer or a network server. It is simple and does not
employ any inventive techniques.
Identity Spoofing
IP spoofing, also known as IP address forgery. The hijacker
obtains the IP address of a legitimate host and alters packet
headers so that the regular host appears to be the source. An
attacker might also use special programs to construct IP
packets that seem to originate from valid addresses inside
the corporate intranet.
Browser Attacks
Browser-based attacks target end users who are browsing
Threats
NETWORK SECURITY
Threats
&
SolutionsSolutions
| November2019 |
20
23. the internet which in turn can spread in the whole enterprise
network. The attacks may encourage them to unwittingly
download malware disguised as a fake software update or
application. Malicious and compromised websites can also
force malware onto visitors’ systems.
SSL/TLS Attacks
Transport layer security (TLS) ensures the integrity of data
transmitted between two parties (server and client) and also
provides strong authentication for both sides. SSL/TLS
attacks aim to intercept data that is sent over an encrypted
connection. A successful attack enables access to the
unencrypted information. Secure Sockets Layer (SSL)
attacks were more widespread in late 2014, but they remain
prominent today, accounting for 6% of all network attacks
analyzed.
Network Security is an essential element in any
organization’s network infrastructure. Companies are
boosting their investments in proactive control and threat
intelligence services, along with better wireless security,
next-generation firewalls and increasingly advanced
malware detection. The U.S. Federal Government has
spent $100 billion on cyber security over the past decade,
$14 billion budgeted for 2016.
Increased use of technology helps enterprises to maintain
the competitive edge, most businesses are required to
employ IT security personnel full-time to ensure networks
are shielded from the rapidly growing industry of cyber
crime. Following are the methods used by security
specialists to full proof enterprise network system-
Penetration Testing
Penetration testing is a form of hacking which network
security professionals use as a tool to test a network for any
vulnerabilities. During penetration testing IT professionals
use the same methods that hackers use to exploit a network
to identify network security breaches.
Intrusion Detection
Intrusion detection systems are capable of identifying
suspicious activities or acts of unauthorized access over an
enterprise network. The examination includes a malware
scan, review of general network activity, system
vulnerability check, illegal program check, file settings
monitoring, and any other activities that are out of the
ordinary.
Network Access Control
Network Access Controls are delivered using different
methods to control network access by the end user. NACs
offer a defined security policy which is supported by a
network access server that provides the necessary access
authentication and authorization.
Network Security is a race against threats, and many
organizations are a part of this race to help enterprises to
Editor’s Prespectives
| November2019 |
21
24. secure their network systems. Organizations like IBM, Symantec, Microsoft have created solutions to counter the global
problem of network security threat. These cutting-edge products show genuine promise and are already being used by
enlightened companies.
Good Network Security Solutions Traits
A real security solution should have four major characteristics;
Detect Threats
Targeted attacks are multi-faceted and specially designed to evade many point technologies attempting to identify and
block them. Once they are inside, the only way to find these cyber threats is to understand the behavior of the individual
attack components and use analytics to understand their relationships.
Respond Continuously
Today it is not important that an organization will be attacked, but important and more crucial is to identify when and
how much they can limit the impact and contain their exposure. This means having the capability to respond quickly
once the initial incident has been discovered.
Prevent Attacks
Malware is gettings quick-witted day by day. They utilize heuristics to change their code dynamically. A capable
solution should have an adaptive architecture that evolves with the changing environment, and threats today’s business
faces.
Integration
Today’s threats have multiple facets, and a single software or solution is not sufficient. Protection system should have
the capability to integrate with other security tools from different vendors to work together as a single protection system,
acting as connective tissue for today’s disjointed cyber security infrastructure.
Solutions In Market
Like infectious diseases, cyber threats will never be eradicated entirely, but they can be better contained and understood,
and their effects minimized. How can this be achieved? IBM has built an enterprise-level “immune system,” an adaptive
security architecture to battle today’s cyber pathogens. IBM has developed a vast fleet of products, QRadar, X-Force
Threat Intelligence, Trusteer Pinpoint Malware Detection, IBM Threat Protection System a dynamic, integrated system
to meddle the lifecycle of advanced attacks and prevent loss.
The IBM Threat Protection System integrates with 450 security tools from over 100 vendors acting as connective tissue
for today’s disjointed cyber security infrastructure.
Symantec is another major player in catering enterprise network security systems with Symantec Advanced Threat
Protection. Symantec ATP operates via a single console and works across endpoints, networks, and emails, integrating
with Symantec Endpoint Protection (SEP), and Symantec Email Security cloud, which means organizations do not need
to deploy any new endpoint agents. Symantec says, ATP is the only threat protection appliance that can work with all
three sensors without requiring additional endpoint agents. With ATP, Symantec’s goal is to deliver end-to-end threat
protection, prevention, detection, and response in a single pane of glass, offering more value to businesses than
individual point products can provide. Symantec Advanced Threat Protection combines multiple layers of prevention,
detection, and response.
| November2019 |
22
27. Gregg SmithA Promising Leader in IP Security
I
n today’s digital world Internet, AI, Cloud
Computing, IOT, and many others all are connected.
All the valuable information are stored in these
systems. Securing this data becomes crucial, especially
in the world leading companies where big network
systems are interconnected. A lot of valuable
information is stored and the data is at risk because of
the security threats. These security threats can be
malware, ransom wares, viruses, Trojans, hacking, and
so on. Leading these companies is a great responsibility
and motivation at the same time for any CEO as he is
the front face of the leading business and involved in
direct conferences with partners and customers. With a
firm believer of the proverb ’leader is born, not made’,
Gregg Smith, the CEO of Attilia Security is committed
to protecting the nation state data theft. He was also a
former CEO at Silent Circle and Optio Labs.
Below is his story,
Gregg’s journey into leadership started in scouting and
on the lacrosse field rather than in the boardroom. He
has completed his education from Westfield High
School and St Mary’s College of Maryland. His
experiences captaining lacrosse teams in high school
and college, as well as achieving Eagle Scout honors
have provided him with the necessary foundation in
leadership, to quickly propel him through the corporate
ranks, and eventually rise to CEO of several different
companies. From the various paths taken on his
leadership journey, he has learned that the most vital
aspect of leadership is putting importance on
teamwork. Cultivating and motivating a team of
talented and driven individuals to work as a team is
paramount to the success of any company.
With a strong focus to marketing products to the
enterprise and governments, he is a leader in both the
cybersecurity, mobile, and technology (SW/HW)
arenas. According to Gregg, In addition to a strong
leader, a CEO must be a good listener, a hard worker,
and most importantly strive to build a culture of “We”
vs. “I”. The best CEOs hire people smarter than
themselves – people, with profound knowledge in their
respective areas of expertise.
CEOs in the cyber-security sector need to have a strong
understanding of business strategy, threats, customer
needs, and how a company’s technology can solve it.
Gregg says, at Attila Security, the company value
customer input. The organization’s early adopters
provided significant feedback, and at one-point
customers began to pay for enhancements to bring the
offering to other areas of their business. The company’s
product GoSilent suite solves some of the biggest
security challenges facing both enterprise and
government agencies today. GoSilent is the first truly
portable security solution that can be used to safely
transmit sensitive data – even classified data-over any
network, including public Wi-Fi.
Attila Security, Inc.
| November2019 |
25
28. The biggest challenges faced by CEOs are growth,
capital, and hiring the right people. To overcome them,
Gregg believes, if you work as a team, you can
overcome almost anything. The cybersecurity space is
evolving rapidly, so it is necessary to be able to turn
quickly to maintain a competitive advantage. Having
historical industry knowledge is definitely helpful, as
well as knowing the current trends and new
advancements within the industry. On a daily basis, he
reads several publications and news blasts about the
current on-goings of the industry. Likewise, he acts as
the face of Attila as much as he can communicate
directly with customers and partners, speaking at
conferences, leading business engagement, and selling,
always selling.
Gregg regularly immerses himself within the industry
and focus mainly on staying up to date with industry
trends and maintaining a constant presence in the field.
He is going to continue as CEO of Attila Security. “This is
an exciting time for us as a company,” says Gregg. The
network security company has reached an outstanding
milestone and is now officially in-evaluation with NIAP-
meaning that it may be used to allow any IP-enabled
device to connect to U.S. government networks (over
any network, including public Wi-Fi). He is also planning
to grow the company’s Maryland employment base by
100% this year and increase the enterprise
deployments. He hopes to make Attila the market
leader in portable security. His unique vantage point
enables him to take a strategic approach to decisions
about the company’s capital growth, technology
development, and resource management.
About Attilia Security
In an increasingly flexible workforce, secure remote
connectivity is crucial. Attackers have shifted their
focus from the corporate infrastructure to the end user,
as this often represents a weak link in the security
chain. Whether users are connecting by insecure
networks or from personal devices, IT departments are
in the unpleasant position of trying to enforce security
without hampering productivity. Based in Fulton, MD,
Attila Security is directly tackling this challenge for
enterprises and government agencies alike by
delivering a portable, user-friendly solution for remote
connectivity which enforces standardized security
controls using strong encryption regardless of the
device or network being utilized. It is a leader in
endpoint security, with extensive experience in cyber
defense, Defense Industrial Based supply chain
management and enterprise security governance and
policy. The company’s award-winning GoSilent
technology was designed to protect governments and
enterprises from advanced cyber-attacks, zero-day
threats, and personal identity theft. The organization
protects connected devices from the tidal wave of
cyber activity estimated to cost the global economy
more than $400 billion annually.
Listen and assess, and
then listen again.
‘‘‘‘
| November2019 |
26
31. At present, cyber security is
playing a vital role in the
digital world and it is also
known as a standard technology use
for the protection of cyber
environment of an individual or any
organization. It is mainly known for
security culture which includes user
network, drives, software process,
information storage, application
security and system support which is
directly or indirectly connected to the
network. The prime objective of
cyber security is to reduce
continuously growing cyber risks and
cyber threats.
Cyber security technology consists of
a collection of tools, policies,
security concepts, risk management,
actions, and training. The technology
tracks protected networks, data
security from data attack, along with
cyber security and physical security.
The core functionality of cyber-
security is based on techniques
involved protecting information and
system from cyber threats.
How Cyber Security came into
Existence?
As with the history, cyber security
has huge network background with
its own findings and technology
aspects. In the early 1990s, a
research on information security and
policy was been introduced where
information was in the form of
accuracy and based on system
awareness. Under 2016 survey, 70%
of the organizations in the US were
adopted by US Security survey
which is comprised of NIFT
(National Institute of Standards
and Technology)
Cyber-security framework.
Origins of Cyber Security Platform
Cyber security is defined as a
package of safety solutions which
provides major security processes.
There are many sectors which are
consuming cyber security platform as
its major functionality for web
service network. The fundamentals
of cyber security process are,
Ÿ Application Security
Ÿ Information Security
Ÿ Network Security
Ÿ Operational Security
Ÿ Application security is covered
with technology that measures the
feasibility of the application by
finding, fixing and preventing
security exposers. There are
different techniques which are
being used as security platform to
emphasize safety at different
stages of the application cycle.
Application cycle includes
different segments such as design,
development, deployment,
upgrade, and maintenance. The
standard of security process is
consequently changing and
application cycle has also a
different process with different
standardization.
Techniques used in application
security are mainly focused on
its exposer of the application
security. Whitebox security is
used for reviewing the source
code and noticing security flaws
of the application through
manual functionality. Blackbox
security audit is used for testing
security functions where source
code is not needed.
Design review is used as an
application of threat model, and
works before the code is written.
And Tooling is the technique
which includes automated tools
that test security flaws with
higher positive rate.
Ÿ Information security is a core
source of information which is
confidential, integrated and easily
available. The primary focus of
this security process is to the
stable data protection while
maintaining a focus on efficient
policy application. Risk
management process is achieved
by identifying assets, threat
sources, and vulnerabilities and is
also followed by the effectiveness
of the risk management plan.
Information security mainly
works on confidential information
which is highly entitled to the
process.
Ÿ Network security sets a variety
of computer networks, used in
both public and private sector. It
also includes conducting
transactions and build
communications among
businesses, government agencies,
and individuals. All networks are
divided into two sections, private
network and public network.
Private networking is used
within the company and public
network access relates to the
open source network. This
security culture is highly
involved in most of the
companies, enterprises, and other
types of institutions. It is mainly
used for protecting and
overseeing the operations. The
| November2019 |
29
Securing Future
32. network resource is relatively protected by assigning a
unique name and a corresponding password. The process
is concerned with authentication of username and
password which implements its security concept.
Ÿ Operational security is a process that identifies
information which is critical and easy to determine by
competitor intelligence. It protects individual piece of
data that could be grouped together to give a proper
set of information. It includes critical information
essential for military commanders, senior leaders, and
higher management. The whole process also includes
technical and non-technical measures such as, use of
email encryption software, taking precautions against
spying data and securing confidential information not
to be shared on social media platform.
Operational security is a five-step process which
assists any organization to specify required
information,
Ÿ Identification of critical information
Ÿ Analysis of threats
Ÿ Analysis of Vulnerabilities
Ÿ Assessment of Risk.
Securing Organization Processes
Cyber security process plays a crucial role to impact
information security of the organization. It also explores
the “Relationship between Organization Culture and
Information Security Culture” and contributes into the
organization’s protection as well as maintains all kind of
information. Security process is a never-ending process
in which information is used as a resource tool to
manage statistics security culture.
The security process served five-step processes including
pre-evaluation, strategic planning, operative planning,
and implementation. The pre-evaluation process
identifies the awareness of information security within
employees in the organization. Strategic Planning offers
healthier awareness program where target gets sets
according to the grouping of people. Operative Planning
provides good security process which can be established
based on internal communication, security awareness,
and a training program. Implementation is four stage
process used as security process to implement
information. The process is used for management,
communication with organizational members, and
current employees.
Enhancing Future with Cyber Security
Cyber security is aggressively contributing to the IT field
concerned with reducing organization’s risk and data
break. According to research in 2016, 46% of
organizations carry “problematic shortage” of cyber
security, and is increased by 28% compared to 2015.
Also, government, commercial and non-governmental
organizations use cyber security for better and secure
platform.
The demand for cyber security is increasing rapidly as
professional security worker in all industries are
managing the volume of consumer data of finance,
healthcare, and retail. However, the use of the term
“cyber security” is more popular in all industrial areas
that will help organizations with security process culture.
Conclusion
Cyber security is equally important for local, state, and
central government as these organizations maintains a
huge amount of confidential data and records concerning
the country and its citizens. Yet there are many
government and commercial organizations that face
difficulties in protecting the confidential data due to lack
of inadequate secured infrastructure, and lack of security
awareness.
| November2019 |
30
34. Make Operations Easier, Simpler and more Secure
Sebastián Stranieri
Sebastián Stranieri
Founder
VU Security
“
“
At VU we want to resolve the
large vacancy in the industry by
providing training and becoming
one of the mayor cybersecurity
employers worldwide.
| November2019 |
32
35. The chances of frauds and risks are reduced,
thanks to a reliable cybersecurity infrastructure.
Taking this into consideration, Sebastián
Stranieri founded VU Security in 2007 to prevent fraud
and offer solutions to protect people’s digital identity,
after seeing an opportunity to introduce an innovative
security solution that would considerably simplify the
process of network authentication. Thanks to his past
experience in Trend Micro, Sebastián was able to
introduce simple and innovative solutions that are still
ground-breaking in the present day.
As a huge nerd and tech fan, Sebastián is always up-to-
date with the latest launches and technology events. In
order to upgrade himself with ever-evolving
technological trends, he also follows Elon Musk, Natya
Sadella and Phil Knight very closely, as both a source of
inspiration and advances in the industry.
Broad Range of Solutions
VU Security has 14 solutions of fraud prevention and
identity protection that can be adapted to the needs of
each client in various industries from finance, insurance
and government, to health, education and Oil Gas. It
is aligned with the good practices of international
authentication, as part of FIDO Alliance, the Open
Authentication Alliance (OATH) and the Open
Connectivity Foundation (OCF). It also works with the
Tech Accord to promote the implementation of
cybersecurity good practices worldwide.
Keep Going
Sebastián believes that as an Argentine CEO, one of the
roadblocks is overcoming the prejudice that VU is a
third country provider. Being selected as Partner of
the Year by Microsoft, finalist of JVP Moonshot
Challenge in New York and of the Korea-LAC Business
Summit 2019, among other recognitions, help VU
Security prove that its solutions follow the highest
standards and can therefore compete head to head
with companies anywhere in the globe. Since 2007,
many people have told Sebastián that he was crazy, that
he was never going to succeed or that the country
wasn’t ready for this kind of company or technology.
However, today the company is reaching new
territories and increasing revenues by over 30% every
year.
In a Frictionless Way
Sebastián mentions that VU provides frictionless and
digitally secure experiences that prevent fraud and
protect digital identity while improving citizens’ lives.
The company understands that today it’s easier
than ever before to pretend you’re someone
you’re not through a mobile device. Sebastián
asserts. Digital identities are being stolen and used
to take loans or make millionaire transactions. Some
banks still have a physical employee check by phone
call if the user has just made a transaction through
their online banking. That’s expensive, takes a lot of
time and what’s worse, the bank could still be talking
to somebody else. We know users want to avoid
interacting with institutions and organizations as
much as they can. We help companies see there are
other, easier and more efficient ways to check their
clients’ identities remotely; we show them it’s possible
to do so in a frictionless way.”
In the near future, the company hopes to
strengthen its operations in Europe and open new
offices in South Korea, India and Australia.
Redefining the role of CEO
According to Sebastián, the role of a CEO in
cybersecurity isn’t only about protecting clients,
it’s also about teaching the very own members of
the company and the general public, from
kindergarten to seniors, how to protect
themselves within the online world. Everybody
thinks This is not going to happen to me until it
happens. As a matter of fact, the main weakness
used by attackers is the lack of knowledge.
Furthermore, he believes that every CEO must be
curious to be one step ahead of the client’s needs,
which allows to continuously offer new solutions.
Secondly, as a CEO, he or she must be resilient to
adversities and trust their team so they can work
together to achieve the desired goals. Most
importantly, he or she must have a broad vision of
the industry, the newest advances and
movements within the ecosystem to make
decisions.
VU Security
| November2019 |
33
36. any doors i.e. Before the internet cybercrime was non-existent. With
Mthe coming of the internet age cyber is now the most prolific
imminent danger spot effecting every aspect of government, business
and people's lives. Cyber threats from all levels of bad actors and state
sponsored cyber-attacks are plaguing the world all over. As cyber threats and
crime have also taken a pace with this internet revolution, securing digital
assets/data soon became a necessity. Various organizations took the
responsibility to tackle such issues with their unique solutions yet, many are
still striving to attain a reliable system to operate on.
Meet Steven Russo—Executive Vice President at Eclypses, a leader who
understands the requirement of the markets, and desires to contribute in this
ever-evolving cyber-security sector. With the Eclypses team's significant
experience, as well as background in around payment card security, he firmly
believes that they have invented/developed cyber security solutions that will
revolutionize the protection of all forms digital data. The Eclypses team's
unique ideologies and methods assisted the process to attain many
achievements in company's pathway.
Our primary goal is to educate the world regarding MicroToken Exchange®
(MTE) technology and change the way that data is stored, transmitted and
secured, while in the end, simultaneously making the world a safer place to live.
Exceptional Offerings to Rely On
After creating MTE, Eclypses realized that its product is unique compared to
any other data security solutions available in the market. Like any other
With a Passionate Team,
Revolutionize, Cyber Security
| November2019 |
34
37. There are no
constraints
that are stopping
our ability to
succeed other
than those we
accept in our own
minds.
Steven R. Russo
Executive Vice President
Eclypses, Inc.
| November2019 |
35
38. company, with a breakthrough invention, MTE, the
initial challenge faced by Eclypses was 'how to
penetrate the market'. Thus, the company had to
understand how to engage the on-going markets and
why would a customer buy its technology. It
determined that they had to engage its customers to
comprehend their pain points and cyber risk they face
on a daily basis.
In addition, to the quote, We solved the Data at Rest,
Steven states that the company went on to address the
enormous vulnerabilities with Data in Transit, as well as
IoT and IIoT challenges, which include commands to
connected and or intelligent devices. Steven continues,
If one were to take a deep dive into the most significant
successful hack attacks over the past 36 months, it's clear
that the largest governments, enterprises, financial
institutions, tech companies and even Departments of
Defense have been unable to stop state sponsored bad
actors from executing successful intrusions.”
Traits One must Posses
Through vision, patience, compassion, persistence,
integrity, motivational drive, the right personality and
high levels of intelligence, our team has been able to
attain many milestones en route to success. However,
along with the above listed traits, 'being lucky' i.e.
occurrence of luck factor also plays a role. Focusing on
such valuable points, the company states that a C-level
executive must have determination to get the required
breaks, and certainly use their intuition to surround
themselves by a team of talented passionate
individuals.
Meanwhile, when cyber security comes into picture,
Steven believes and states that the individual must be
able to use their vision, while maintaining patience and
exuding compassion for their employees and teams.
This individual must portray persistence, maintain
integrity and trust both internal and external aspects of
organization. As per Steven, he or she i.e. the individual
is expected to be self-motivated and be able to
motivate others, along with a strong work ethic and
desire for success. They need to approachable and
personable, while using their high levels of intelligence to
overcome the many daily obstacles that keep coming on an
endless basis, adds Steven.
Overcoming the Obstacles
When it comes to challenges, there are far too many to
list down, for all types of evolving companies. Steven
expresses that successful executive management works
with their teams, and their varying personalities,
personal challenges, levels of competence and skills,
and degree of loyalty they possess as unique
individuals. The only real advice to use, is for managing
executives, to utilize all the talents and skills they
possess as leaders, such as compassion, persistence,
integrity and motivational skills, to maintain patience,
have compassion, provide consistent guidance, vision,
direction and leadership, while always holding people
accountable for their actions or lack thereof.
Additionally, executive teams must be able to
understand when to pivot and change direction by
making quick decisions and either succeeded of fail
quickly, then adjust as required.
Embracing New Advancements
In order to keep up with the times, staying connected to
other industry leaders participating in open forums is a
great start. Steven advices that we must always listen
to what others are saying, but verify the information
being disseminated and then trust the results.
Although, it is the job of Executive management to keep
their teams laser focused, it is also imperative that they
do not to wear blinders and go on trusting people on
baseless information. Leadership must keep their
heads on a swivel to read the market and ensure that
their team is aligned with the technology trends as well
as needs of its customers and future clients.
Additionally, it is important to stay on top of what your
competitors are doing to ensure that both you and your
company remain at the top of your game, continues
Steven.
On behalf of Eclypses, members of our Executive team
provide Keynote appearances in the public sector
throughout a variety of verticals, including David
Schoenberger, one of the MicroToken Exchange
inventors. We strive to bring to light the many
vulnerabilities today around the securing of sensitive
data, while educating other industry professions
regarding how successful attacks and be thwarted.
Additionally, we take college students and allow them
to participate in various areas of our company so that
they can garner real life experience, to help propel
them in their future career. We continue to be
members of several cyber associations and are working
closely with municipalities and state agencies to
address cyber concerns on macro level.
| November2019 |
36
40. Data Center Security:
The rise in cyber-crimes is one of the main causes of
Data center outages. As per the recent survey
conducted by industry insiders, cyber-crime caused
22 percent data center outages in 2015 opposed to 2 percent
outages in 2010. Adding to all these, now most of the data
centers are re-evaluating their security policies after the
recent WannaCry ransomware attack.
Data center outages cause companies to loss revenue in
many ways. However, the costliest loss is service
interruption and loss of IT productivity. So, the
organizations are now realizing that traditional security is
no longer secure enough to secure any data center. A recent
study has found that 83 percent of traffic travels east/west
within the data center, which stays undetected by the
perimeter security. In this environment, when an attacker
infiltrates the perimeter firewall, then can jump across the
system with ease, extract information and compromise
valuable data. Additionally, data centers can fail due to
trespassers or a terrorist attack or by natural calamities.
So, how can one secure a data center in the best way
possible from any kind of cyber threat? Don’t worry we’ve
got you covered, with the points below.
As the first step, one should Map the Data Center and flag
the hackers within the virtual and physical infrastructure.
The CSOs and CIOs with a system map of their systems
can react to any suspicious activity and take steps to stop
data breaches. Being able to visualize different traffic
patterns within a network helps to understand threats, that
eventually elevates the level of security.
Understanding and measurement of traffic flow within
the data center boundary are very important. In the case of
any interruption in traffic across east/west vs north/south,
protected vs unprotected one can get to know about a threat.
Additionally, vulnerable zones and unprotected traffic need
to be monitored for a better result.
Firewall rules need to be defined and implemented as per
requirements. Additionally, one should allow traffic only
after thorough verification and selectively allow
communication to ensure maximum protection. The key is
to identify, what;s legal and secured and what can be
blocked to enhance security.
One needs to Build a Team with executives who
understand how traffic flows within the premises and can
access secure information, take necessary measures to
secure important assets along with the implementation of
roadblocks for the attackers.
Security must move as fast as a data center’s technology
adoption and integration. Security Strategy Should
Change Alongside the Technology and it should not be
treated as an add-on option. Additionally, businesses also
should ensure that their virus protection, signatures other
protection features are up to date for better protection.
Businesses should Identify and Place Controls over high-
value assets, which will help to reduce risk. However, older
security solutions are completely blind to new threats, new
security companies have produced latest solutions that
protect data in the virtual world.
Access Restriction also needs to be imposed. Every
business should thoroughly check a person’s background
before giving the access to a prized possession. Access to
the main site and the loading bay must be limited,
Controlling Possible Threats
| November2019 |
38
41. additionally, two-factor authentications and fortified interiors with security guards and roving patrols would help to
safeguard the employees and the data center.
Installing Surveillance Cameras around the data center, alongside removing signs which may provide clues to its function
helps to locate an intruder. A buffer zone between the data center and all the entry points will limit unlawful trespassing to a
great extent. Additionally, the data center needs to be far away from the main road and it should not have any windows other
than administrative purposes for better security.
A data center should Check Test Back-Up Systems regularly as prescribed by the manufacturer. It should also ensure to
make a list and of Do’s and Don’ts in the event of an attack. Recovery plans and security plans also need to be checked
thoroughly.
Data centers are always a Soft Target for The Terrorists, as an attack on them can disrupt and damage major business and
communication infrastructure. So, security needs to be taken seriously and to do that proactive steps should be taken to limit
the impact of a terrorist attack.
Trained Security Guards needs to be posted inside a data center and they should be well trained. Security officers must
undergo strict site-specific training to monitor surveillance footage. Depending on the size of data center and the number of
security cameras multiple security officers may be required on duty. Security officers dedicated to inspecting surveillance
footage helps when it comes to securing a data center.
Disaster Recovery is very much important, that must be in place. If the data center stops functioning after an attack or
natural calamity, it must have a way to restore operations as soon as possible. To be ready for a disaster and to evaluate the
disaster recovery plan, it’s necessary to train staffs well and experience simulated disasters.
To avoid these obstacles, one needs a fair bit of knowledge of new security systems, solid plans, and comprehensive
visibility. The more work a data center can do up front in the above-mentioned areas the better the chances of success with
lesser outages.
| November2019 |
39
Digital Revolution