Key steps every business should be prepared to execute in case of a breach, include:
Leverage the cyber insurance — This normally includes both legal and incident management resources
Forensically secure equipment — Don’t unplug, reboot, or begin restoration efforts until the experts had a chance to come in a forensically investigate
Begin documenting events, creating a timeline, and open internal communications with stakeholders
As a part of our series about “5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity”, I had the pleasure of interviewing Emil Sayegh, President and CEO of Ntirety, one of the largest managed cloud service platforms in the world. He is an early pioneer of Cloud Computing, recognized as one of the industry’s cloud visionaries and “fathers of OpenStack”. Emil launched and led successful cloud computing and hosting businesses for HP, Rackspace, Codero, Hostway, and now Ntirety. In addition to his leadership roles, Emil spent more than 15 years in the IT industry developing, marketing, and managing products for Dell, RLX Technologies, and Compaq. He holds nine patents.
Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?
I am an immigrant to the United States. I was fortunate enough to come to the US as a teenager to go to The University of Texas at Austin. I studied engineering for my undergraduate degree and then got a graduate degree from the University of Texas McCombs School of Business. I fell in love with Austin and never left. Today, I live here with my wife and four kids. We feel very fortunate.
Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.
I first got involved in security in 1996. This was during the time that computers and the internet were becoming ubiquitous. Working in tech, I saw how gullible users were and how evil hackers were. The gullibility did not just extend to consumers, but strangely enough to corporate IT and government agencies as well. I have stared deep into the dark world of cybersecurity and hackers — I quickly realized that I want to do everything in my power to make people more aware and to protect and defend lives, businesses, and privacy.
However, my inspiration really came when I was pulled into some of the first security implementations of the Navy/Marine Corps Intranet (NMCI) United States Department of the Navy program, which was designed to provide the vast majority of information technology services for the entire department, including the United States Navy and Marine Corps. It was a great honor to assist in the defense and security of our country. I have many memorable experiences working on the project, including briefing the Under-Secretary of the Navy on our security with several-dozen top brass attend the briefing.
Can you share the most interesting story that happened to you since you began this fascinating career?
I have two stories:
As CEO, hackers send emails masquerading as me all the time. This is a common problem with every public figure. One time, one of my direct reports got an email pretending to be me, asking the executive to buy gift cards and email the codes to the impostor’s address “urgently.”. So the executive in question, who is usually very security conscious, complied and bought the gift cards simply because it appeared to come from a person of authority. Luckily, before emailing the codes, he sent me a text letting me know “I got your gift cards,” which triggered me to ask, “what gift cards?” After sorting it all out, we ended up with 50 50 dollars gift cards! The good news is that we distributed those gift cards to well-deserving employees instead. The hacker lost, our employees won, but the moral of the story is:
- Always question uncharacteristic messages, especially those that are coming from top execs or people with authority
- Check the email address — it is very easy to spoof anyone’s address
- Confirm and double-check any “urgent” or unusual commands that involve money transfers or credential sharing
My second story involves one of our clients, a largest TV manufacturer. Ntirety provides security services for their entire smart TV application, which sits on every TV they sell. As you can imagine, with millions of TVs out there, there is plenty of room for malfeasance. We often don’t think of TVs as computers, but modern TV’s really are just mini-computers with a very large display. Cybercriminals try to hack into TVs all the time to steal personal information, hack into the cameras mounted on the TVs, use them as a jumping point to hack into attached devices, or even use the TV to mount distributed denial of service (DDOS) attacks. I had never thought that TVs would be so interesting to hackers, but they are. Our company protects against millions of attempted hacks into these TVs per year.
None of us are able to achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?
There are so many people who have mentored me throughout my career, but I am especially grateful to three people for believing in me and choosing me for my first CEO-like position as General Manager of the Cloud business at Rackspace. The exact words used by the Rackspace Chairman of the Board, Graham Weston, CEO Lanham Napier, and President Lew Moorman to describe me were “owner.” Had I not been chosen for that General Management job, I am not sure I would have become the CEO of three great companies later on. I have always forced myself to think like an “owner” instead of a functional leader, which has helped me view situations holistically and make decisions that enhanced its value. Most people think like “employees,” some may think and act in the best interest of their function, but rarely would you find people that think like “owners.” That different mindset quickly gets noticed in companies, as it is a very rare trait. I would often be tapped and promoted for this reason, and I am very grateful for Graham, Lanham, and Lew for believing in me.
I would also like to recognize one of my middle school teachers, who also happened to be a nun. She singled me out and told me that I was a “leader.” That was the first time anyone had told me that, and since then, that sentence and her expression have been fixated in my head and helped guide me to where I am today.
Are you working on any exciting new projects now? How do you think that will help people?
With the help of the Ntirety team, we recently introduction of the new Ntirety Managed Security Services suite, which not have come at a better time for our clients and partners as IT threats continue to increase and evolve with the pandemic.
With the opening of the 100% US-based Ntirety security operations center, our clients now have greater peace of mind having a trusted security operations center available 24x7x365. Our team of security experts using Artificial Intelligence and Machine Learning tools to proactively identify, investigate, and mitigate incoming mission-critical threats before they become serious problems, including:
- Cross-Site Scripting Vulnerability Detection
- Information Disclosure Vulnerability Detection
- Authentication Failure Alerts
- Denial of Service Attacks
- URL and DNS Filtering
- Secure Remote Access
What advice would you give to your colleagues to help them to thrive and not “burn out”?
View your career in this industry as a marathon, not a sprint. Pace yourself and always have a vacation planned on your schedule, so that you always have some time to look forward to relaxing with your family and loved ones.
Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry, as it is today, is such an exciting arena. What are the 3 things that most excite you about the Cybersecurity industry? Can you explain?
Excite is probably not the right adjective. I am passionate about cybersecurity and why it needs to seep into everything IT does — from software to IT infrastructure.
- Hackers have morphed from “lonely” individuals in basements into shadowy, nefarious, full-fledged, highly sophisticated organizations. Some could even be a nation-state or rival company. Combating them is truly a technological war of cat and mouse.
- We are still early in the IoT security game, and even secure IoT systems can still be a wealthy target for outsiders to attack. I expect there will be many devices that will bring a new scale to the threat vectors.
- The use of Machine Learning and Artificial Intelligence to predict and mitigate threats is still in its infancy. Throughout history, technological evolution and productivity gains tether to the concepts of efficiency, automation, and scale. This can’t be truer today with mitigating security threats
Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for?
The continued increase in ransomware should be top of mind for all businesses. No matter the industry or company-size, everyone is at risk. Social engineering tactics are evolving and becoming more sophisticated across the board. Phishing attacks have a domino effect, with data breach victims now frequently becoming the target for vishing attacks. Hackers are hitting with a one-two punch more than ever, which is why businesses need to start educating employees on how to respond when breaches do happen so that they and their customers don’t continue to be victimized.
Another threat that may already be festering inside organizations is a cybersecurity skills gap that is growing fast. There is a cybersecurity talent drought, an overall cloud talent drought actually, and business leaders need to figure out a way to address the skill gaps before those vulnerabilities are taken advantage of by the bad actors.
Do you have a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?
We work with a very popular retailer with a strong brand reputation in the market. They came to us after being hit with a significant ransomware attack, which was mismanaged by their previous hosting provider.
Our team quickly identified exposure points in the retailer’s infrastructure — their site had been locked up completely due to vulnerabilities in operational security, overall weak IT infrastructure, and misconfigurations, along with slow updating and patching — and implemented a solution to address current shortcomings and future-proof their IT environment.
What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?
In our Security Operations Center, we use some very sophisticated tools, some powered by AI and ML engines. A key tool is the Security information and event management (SIEM). The core set of capabilities for a SIEM solution includes data collection of potential threat patterns, parsing (or normalizing) data, and correlating that data to identify suspicious or problematic activity. . This processing and enrichment of data (using AI and ML) enables all forms of data analysis and can directly impact how effectively our SOC can catch nefarious activity.
Once the data has been ingested and normalized, the SIEM software correlates events across all of the aggregate data to identify compromise patterns and alert our SOC and then, if not mitigated, the end-user to suspicious activity.
The SIEM essentials include:
- Log Management: Collect, normalize, and aggregate log data to deliver efficient data access and management
- Real-Time Monitoring: Observe activity at the exact moment it occurs within your network environment
- Incident Investigation: Search and drill down on logs to further investigate a potential incident
How does someone who doesn’t have a large team deal with this? How would you articulate when a company can suffice with “over the counter” software, and when they need to move to a contract with a cybersecurity agency, or hire their own Chief Information Security Officer?
The first step for any team or individual is admitting that there is a security problem. They have to have the right posture and believe that they are at risk, even if they “can’t see it.” I always say only the paranoid survive. Only the paranoid cannot get lulled into a false sense of security and thing it can’t happen to them. Hacks and ransomware are everywhere — they even attack elementary schools and small businesses.
Second step is to consider solutions. The issue with hiring your own staff is that while cybercrime grows exponentially, businesses face a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased. Organizations must be resourceful, implementing these counterattacks in innovative, thoughtful ways. Approaches that have been proven successful to date include:
- Groom talent internally
- ‘Upskill’ and ‘reskill’ current staff
- Look outside traditional talent pools
- Roll out training programs for a broader base of employees
- Invest in outside-managed security services to fill gaps and improve overall cybersecurity stance. There are service such as virtual CISO or a fractional CISO that can also help.
As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a lay person can see or look for that might indicate that something might be “amiss”?
There are several signs of a cyberattack that everyone should be privy to, no matter where they work in a company or their level of technical knowledge:
- Phishing or unsolicited emails containing requests that are out of the norm
- Unusual server or PC reboots or high resource usage from unknown processes
- Repeated anonymous calls that are trying to social engineer an attack
- Suspicious emails asking you to send money immediately (usually “seemingly” coming from someone who is in charge, as I mentioned earlier in one of my personal stories), change bank address/destination, or buy gift cards
- Spikes in bandwidth
After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?
Key steps every business should be prepared to execute in case of a breach, include:
- Leverage the cyber insurance — This normally includes both legal and incident management resources
- Forensically secure equipment — Don’t unplug, reboot, or begin restoration efforts until the experts had a chance to come in a forensically investigate
- Begin documenting events, creating a timeline, and open internal communications with stakeholders
As more privacy measures come on the scene, legal counsel has been more engaged and aware of how a business’s IT posture plays into compliance. This includes the expansion of risk, data protection and vendor/3rd party management, and auditability. Learning how to implement and enforce consent management for data collection and legitimate usage is a high priority as new measures continually come into play. Overall, the constantly changing regulations require either fluidity in program or alignment with the strictest guidance and reflexing into other regulations — a tall order for businesses without a dedicated compliance manager.
But there are general good rules-of-thumb organizations can follow:
- Remember there is no getting around these privacy measures — and you shouldn’t want to circumvent them to begin
- Be prepared to make changes quickly and adapt to new regulations
- Have assigned resources to policies and procedures maintaining programmatic oversight
- Find the right partners help align business with regulatory changes
What are the most common data security and cybersecurity mistakes you have seen companies make?
Businesses are at risk of making many data security and cybersecurity mistakes. Some of the most common include:
- Overconfidence in their own capabilities
- Not understanding what data they have
- Underfunding security efforts
- Thinking they can handle threats themselves
- Not enforcing a cybersecurity training program
- Lack of governance
Since the COVID19 Pandemic began and companies have become more dispersed, have you seen an uptick in cybersecurity or privacy errors? Can you explain?
The managed chaos of cyber-threats is an everyday reality, but chaos escalates exponentially in times of challenge. The pace of major security incidents will continue to increase as threat actors have taken note of this significant shift to remote work and see this moment as an opportunity to exploit and attack systems. Along with Zoom’s surging popularity, malicious files with “Zoom” in their name also surged. Gateways to company data are suddenly available everywhere, with remote humans at the controls.
Ideally, organizations have covered some of the very basics:
- Secure VPN
- Endpoint protection
- Dual-factor authentication
- Strong password enforcement
- Firewall tools
- Regular updates
- Data backup
- Encrypted communications
This simple list only provides a taste of the amount of work, licensing, and configuration it takes to get to this point. Once you get to that point, another level of consideration kicks into gear: managing the human element and human behavior.
This novel climate is a perfect storm for cybercrime activity. Post-Covid-19, businesses cannot afford to be compromised in this fragile world where any resource can serve as an attack source. If there was ever a time for hackers to open their cybercrime toolbox, the time is now. Please stay safe by exercising proper online security hygiene. If you are not sure, or if this is not your company’s competence, this is the time to ask for help from experts.
Ok, thank you. Here is the main question of our interview. What are the “5 Things Every Company Needs To Know To Tighten Up Its Approach to Data Privacy and Cybersecurity” and why? (Please share a story or example for each.)
- Do you have Compliance and regulatory requirements in your industry?
- Do you have a documented and agreed upon plan to prevent cyberattacks & respond to an emergency?
- Do you have on-staff or on contract IT security and risk management expertise?
- Have you Implemented IT security tools and controls?
- Have you Aligned IT security and business priorities?
You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. 🙂 (Think, simple, fast, effective and something everyone can do!)
When it comes to cybersecurity, I’d like everyone — every individual and every business — to assume a healthy dose of “paranoia”. Question what you see. Not everything is as it appears, especially when it comes to security.
How can our readers further follow your work online?
This was very inspiring and informative. Thank you so much for the time you spent with this interview!