Hi Chris. Could tell us about your journey in cybersecurity?
I started my career in cybersecurity somewhat by accident. I had always been interested in computers. My parents supported my home computer purchases at a very young age. Over time, my technical expertise grew and I developed a real knack for working on electronics and computers. By the time I entered the workforce, I already had a high degree of computer literacy and added computer networking to my growing list of skills. During my time as a computer consultant, I was presented with a chance to do some security-related work with a firewall. From there, I was hooked on the cybersecurity space. Ever since, I’ve continued to grow my technical skills, while also expanding my knowledge around successful businesses operations, sales, and other important functions within a company.
From an InfoSec perspective, what challenges did the covid-19 pandemic pose for your team?
Like many businesses, we felt an impact. Unlike most other organizations, however, the impact was minimal. Prior to the pandemic, we maintained options for remote or hybrid work in most roles, and thus already had all the necessary polices and technologies to properly secure a remote workforce in place.
What sets Keyfactor apart from the competition?
Keyfactor simply has the best team of people I’ve ever had the pleasure of working with. Everything we do is done with world-class security, trust and teamwork in mind. These core values are embedded in every decision we make and are a driving force behind everything we do. These cultural values – which the entire team inherently embodies – are core to our success.
Beyond our culture, the integrity of our technology and the relationships we’ve enjoyed with our customers have shaped the industry-leading service we deliver. We live in a world where all digital identities cannot be trusted. However, establishing and maintaining trust is essential to operating a business in today’s digital world. As a digital identity management company, our technology exists to restore trust within people and businesses. Our customers recognize that we are true partners whose mission is to solve real issues that they grapple with when it comes to establishing trust.
Furthermore, our products are easy to deploy and use. With Keyfactor, our customers get one central platform to automate the lifecycle of every machine identity as we scale with their security needs. We also pay a great deal of attention to ensure our company is backed up by compliance standards that the industry knows and acknowledges as meaningful.
How do you envisage the cybersecurity landscape evolving in the years to come?
Cybersecurity is a huge landscape. However, there are a few trends that will continue to evolve over the next few years.
The first is how organizations proactively manage risk. This is essential to get ahead of the next breach or vulnerability. As the complexity of attacks continues to escalate, so does the complexity of determining risks. Organizations will need to begin to look at a combination of data to mitigate the impact of future attacks rather than just a single piece or source of data. To do this effectively, complete visibility into all elements associated with cyber risk will be required. This includes end users, devices, information flow, traffic patterns, and time and location details. With a complete and continuous inventory of all assets and associated data, organizations can then make risk determinations in real time to ensure protection. While this is no small task, enterprises need to think about what data is available and how it presents hidden risk elements to begin on this type of journey.
There will also be an increased drive towards automation in our networks. Human error is a leading cause of cybersecurity breaches. Automated device configuration allows organizations to ensure every device is trusted, compliant, and up-to-date while eliminating the mistakes that humans tend to make when configurating or updating devices. It also helps organizations respond more quickly when a risk is identified, as they know the end state the devices are in and can leverage automation across all devices to remediate any potential risks.
What three things would you advise business owners to do to optimize their cybersecurity?
Cybersecurity is a boardroom concern and needs to stay foremost in the minds of everyone. Boards need to understand variables like risk posture, relevant threats, and effectiveness of security controls. As such, leaders must always take stock of how well their cybersecurity controls are working and where they want to be.
When building your cybersecurity strategy, think not only in terms of the cost of strong cybersecurity, but also in terms of reputation or brand damage should your company be breached or have significant downtime due to a prolonged outage. Effective cybersecurity is about balancing spend with ROI.
Finally, leverage security assessment tools to ensure you’re not introducing vendors or software that inadvertently bring risks to your organization. Remember that cybersecurity is no one thing or product, but rather a combination of things that enables a business to continue to grow and scale when properly done.
As a cybersecurity leader, what metrics do you use to define success?
The most important metric leaders can use is how many people within the company participate in the cybersecurity process. Does your company have cybersecurity training and is it viewed as a part of a roll everyone plays in the success of the business? The more people that participate in cyber awareness and good cyber hygiene, the more successful the company is.
Each cybersecurity leader also will have defined metrics around incident mitigation and remediation or other cybersecurity events. For example, the patching rates of devices.
What is your top pick for a book on security that everyone should read?
These days I tend to read blogs more than books as the information in them tends to be more “up to the moment.” One blog I check daily is Kerbsonsecurity.com as it focuses on a broad view of the cybersecurity space.
What advice would you give someone who aspires to be a cybersecurity leader?
Read, learn, and then read some more. However, do not limit your learning to only cybersecurity related topics. To be an effective leader in a business you must understand the entire business and why it operates the way it does. You will also need to learn what motives people to make decisions and how to effectively use data to support ideas and initiatives.