“Practice fire drills”, With Jason Remilard and James Beecham

Practice fire drills. Remember from school how awesome and fun they were? Well, it’s also fun to call your IT department in the middle of a day and say, “We have detected an encrypted file being sent out of the network through an encrypted channel. What now?” A team is only as good as its […]

Thrive invites voices from many spheres to share their perspectives on our Community platform. Community stories are not commissioned by our editorial team, and opinions expressed by Community contributors do not reflect the opinions of Thrive or its employees. More information on our Community guidelines is available here.

Practice fire drills. Remember from school how awesome and fun they were? Well, it’s also fun to call your IT department in the middle of a day and say, “We have detected an encrypted file being sent out of the network through an encrypted channel. What now?” A team is only as good as its coach and practice schedule. It is important to practice situations that are uncomfortable and hard to deal with during the day. The stress of a cyber-incident should not be taken lightly, and there are a lot of lessons from sports and the military that can be carried into your business.

As a part of our series about “5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity”, I had the pleasure of interviewing James Beecham, a Computer Engineer and Entrepreneur. James co-founded ALTR, an information security startup, where he currently works as CTO and has been issued two patents on ALTR’s proprietary blockchain technology. Previously, James worked at Dash Financial as the technology R&D lead, where he developed risk layers and algorithmic protocols for Dash’s electronic trading platform. He also worked as an embedded systems engineer at Texas Memory Systems, prior to its acquisition by IBM. James graduated from the University of Texas at Austin with a degree in Electrical and Computer Engineering, where his focus was embedded systems.

ALTR’s Data Security as a Service platform brings simplicity to the control of sensitive data consumption. Our cloud-native approach extends zero trust to the SQL Layer, stopping credentialed access threats and SQL injection attacks in their tracks. ALTR implements query-level observability, detection, and response over any datastore in a matter of days, not weeks or years, and brings a new level of protection across any enterprise’s modern data architecture.

Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?

Both my parents, my only other sibling — my younger brother–as well as my wife of almost 10 years, are all engineers. This means you either love our Thanksgiving Day dinner conversations, or you really don’t enjoy it at all!

We grew up playing all sports–except soccer, for some reason–and tinkering with everything from engines and computers to guitars, so we were always doing something with our hands. Then computer games got popular and our hands were still moving, just in small patterns with a mouse and keyboard. That 5-year period in middle school and high school, where games dominated our free time, is probably what solidified my love of computers and coding.

Living in Austin, computers were everywhere at the time, and it seemed to me that the life I wanted to live was being lived by many people all around me. I went to The University of Texas at Austin to study Computer Engineering and I have not stopped loving computers since.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

At a previous business, which specialised in trading and financial services, we had an Oracle database, which contained the company’s crown jewels, from customer positions to future orders to be placed on the stock market. Access to this information would have given competitors and other market participants an unfair advantage over others. We had attacks on that database from both the outside and within.

Trying to secure that database is what ultimately led to the creation of ALTR. Everything from access control to securing data at-rest were all challenges, either because our use cases did not allow for certain technologies to be present (high speed data access where every millisecond mattered) or the separation of duties was not present, at least to our liking. For example, we could not find a data at-rest protection solution that meant our DBAs did not have all the keys to the kingdom.

Can you share the most interesting story that happened to you since you began this fascinating career?

The story that is unique to my life is how the first company I worked for out of college was acquired by my mother. That is a slight exaggeration, but it is essentially true.

In my final years of college, I spent almost two years at IBM in internship and co-op programs which culminated in joining the IBM Extreme Blue Program in Austin — a top opportunity for a young engineer! After my internships, there were many full-time roles within the company that I could have accepted, but something just didn’t feel right. Maybe it was the image Big Blue had at the time, or maybe I was slightly fatigued from hearing so much about IBM over the years since both my parents were long-time, successful IBMers.

Instead I took my chances at a career fair where I found Texas Memory Systems, a small company doing really hard and really cool engineering work, including manufacturing their storage boxes. When I accepted a position with them, I went back home to my mom to show her the offer letter and bragged about how I wasn’t going to have to work at IBM. Her reaction was measured, “Good for you, honey.”

I started my new job only to find after 30 days that IBM had acquired the company, and my mother would become the CFO of the business unit which was recast as IBM Flash. When I called her on the morning of the announcement, she was apologetic and said something like, “fiduciary duty, blah blah, shareholders, blah blah.” Why she couldn’t tell me about the purchase when I bragged to her about not becoming an IBMet, I don’t know. In any case, I became an IBMer again but ended up leaving soon after that for Chicago to work in the trading business I previously discussed.

None of us are able to achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?

From watching engineers in Austin at both big and small companies, to hearing about the buying process for a company like IBM from my parents, I’ve been exposed to a lot of really helpful people throughout my life.

But there is one person whom I am very grateful to have met, and that is Christopher Struttmann. Chris is a cofounder of ALTR, and we met at the Wall Street company in Chicago. The interesting part is how we met.

I was introduced to Chris by another really awesome engineer named William Bittner from Connecticut, whom I met through my Extreme Blue internship. Chris and Will had attended the same small-but-mighty school, Florida Institute of Technology, and Will brought both Chris and me to Chicago–pulling me out of that IBM role — and introduced us saying, “This guy is one of us.” Where my knowledge and skills end, Chris’s begin, and I think that has made our relationship great. I have really enjoyed building a business with him at ALTR, and we have learned a lot together.

Will passed away a few years back leaving a gap in our lives ever since, and we both remain committed to Will and his memory, which is another thing that makes our relationship strong.

Are you working on any exciting new projects now? How do you think that will help people?

Here at ALTR we are working on extending data security into the modern times! Every day we are faced with old problems that require re-invented solutions. For example, ALTR DSaaS observes and evaluates application queries in real time, and recognizes aberrant data consumption. This approach greatly reduces the threats to data and brings security teams into line with their application development counterparts who have been protecting data at the query layer for some time now.

Development of this technology took a great deal of time and effort by our engineering team, and work continues on extending DSaaS in ways that will be even more beneficial to the enterprise. These types of projects often require years of effort and lessons learned.

What advice would you give to your colleagues to help them to thrive and not “burn out”?

Teamwork is what successful business is all about. Teams complete projects and achieve milestones, not individuals. But you need to be aware of how each member of your team is performing, and ‘feel out’ their level of stress and over commitment, as well as when they are hitting their stride. The ability of a colleague to sense when there is a problem and step in to help, or even suggest a solution that may extend the timeline or reduce the scope of the work, is key. This means cross training roles so others can step in and help, and it is what will allow your business to scale when one person might be getting burned out. It is important to recognize this when working in teams, and to find ways to shift responsibilities because every contributor is not always going to be at 100 percent. In the end, there should not be a single point of failure, just like with production systems.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry, as it is today, is such an exciting arena. What are the 3 things that most excite you about the Cybersecurity industry? Can you explain?

Adoption of SaaS — A business should spend its time and money focusing on the things it sells. Not running an email server, or network file share, or other IT systems. The ability for SaaS providers to not only provide better service and up time, as well as much better security, is a critical inflection point for cybersecurity experts. For example, no matter how long you have been an Exchange admin, I guarantee Microsoft has more experience and knowledge than you have, and Office 365 is more secure than your standalone on-prem Exchange server. Spending your time and money keeping the business running securely is better use of resources to reboot servers and make constant network upgrades.

SSO everywhere — The advent of large credential stuffing attacks means that passwords are still being reused across many different systems. I am at fault here, too. Single sign-on has become a saviour for many organizations not only to organize access to systems, but prevent silly, bad passwords from allowing access to your resources. I hope that the security experts of the world will force companies to adopt single sign-on technologies and prevent the siloed password problem that plagues us.

Automation — Cybersecurity is still a manual process for a lot of organizations, especially as tools and systems are aging at large enterprises. The ability to automatically detect and respond to, not only threats, but requests for data access from company personnel, will be critical as data and systems expand.

Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for?

The reduction or erosion of the perimeter is a critical threat. With the adoption of cloud and SaaS services, there will not be a way to keep outside actors out and inside actors in–they will all be the same.

We need to adopt a thought pattern that says, “Eventually all of my company access to data and systems will need to survive the open road of the internet,” is the next place that companies will end up after adopting cloud and SaaS solutions. We need to get comfortable with this new ‘public access method’ and adopt systems and tools that make businesses safe on the public internet.

Do you have a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?

I’ll be brief here. We help companies secure access to data. This means securing access through applications, but also direct access to data. For a long time, direct access to data has been possible and this has presented an unknown and unquantifiable risk. Unfortunately, a business’s processes and needs dictate security decisions, so security professionals need to constantly look for better ways to secure their data. But I think the main takeaway is that we are only human, and there are only so many hours in the day. Don’t get complacent just because something is working today. Tomorrow is a different day …ALTR is helping to solve these problems.

What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?

For our production systems there are a slew of tools and practices that we use to protect our customer’s data. I’ll mention one for the business and then a few for personal reasons. For our production systems centralized logging has been critical.

The ability to have everything in one place, and to have one tool to search and access has been great. Pairing this tool with an alert system, like Pager Duty, makes our lives so much easier. We can set alerts and alert thresholds and know and trust that a service like this will alert us if there is an issue. For me personally, and our employees, I think there are three things that make me feel comfortable:

  • Password Manager/SSO — Okta has been great, if you do not use it, you should! This prevents the scramble of removing people from many systems and lets your admins focus on a single point.
  • Laptop management software — we use Jamf for our MacBook pros. It allows admins to remotely manage machines, but also controls what can be installed on the laptops. This is especially critical for the work from home situation, as people are probably more comfortable and more likely to install something that is either bad or not needed.
  • VPN for IP whitelisting — I recommend you use this when possible. Some services still allow for IP whitelisting, and we find it helpful.

How does someone who doesn’t have a large team deal with this? How would you articulate when a company can suffice with “over the counter”software, and when they need to move to a contract with a cybersecurity agency, or hire their own Chief Information Security Officer?

If you are working within the constraints of a small team or small organization then I would immediately suggest using as many SaaS vendors as possible to offload the amount of items you and your team have to manage. For the most part, SaaS vendors for email, chat, files, CRM and accounting all come with smaller sized offerings for smaller companies and can be utilized to stay competitive for a small budget and team.

As it relates to a company’s product (where technology or access to data is the thing you sell) then that is a bit of a different topic. In that area, if you are small, utilizing third party cyber agencies and managed service providers makes a lot of sense. These will typically fall under managed firewall and managed SIEM for alerting and detecting.

Hiring a CISO will only be effective if the CISO can impact business decisions. This means the CISO needs a seat at the table with other C-suite executives, having the authority and respect to block a release or delay a business decision until they are comfortable with the security stance. This is really hard if you have not done this type of release blocking in the past, but if you are small now, it might be the time to start setting the precedent that says, “This project will not go live until x y z security items happen and are tested.”

As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a lay person can see or look for that might indicate that something might be “amiss”?

Using visualizations to see data access rates, data access times, and failed authorization attempts is a great place to start. There will be a lot of information to process as it relates to a company network and production system, and humans are almost always better at spotting strange points of a graph than processing data feeds. This means you need to be comparing week-over-week to see these changes, and from there you can automate responses as the graphs change.

From an endpoint perspective, focusing on laptops or desktops, I’ve always been curious to see both network use in terms of the number of new connections made from the endpoint, as well as the number of new software packages installed. From these two data points you can begin to understand when something isn’t right.

After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?

Be as upfront as possible and engage experts immediately, if you do not have the expertise on staff. This can mean keeping breach resolution firms on retainer, so you can be proactive. It is also important to have a practiced plan in place that is rehearsed, so everyone involved, at the very least, knows their role when conducting the investigation and mitigation.

How have recent privacy measures like The California Consumer Privacy Act (CCPA), CPRA GDPR and other related laws affected your business? How do you think they might affect business in general?

Businesses that collect and process personal information are being forced to increase data hygiene and security practices with these new privacy regulations. It’s important to point out that CCPA, GDPR and the like are mostly privacy-focused regulations with security aspects. There is a lot more to data privacy than just security, and businesses need to be ready to meet the challenges imposed around the privacy of data as much as they are with security.

What are the most common data security and cybersecurity mistakes you have seen companies make?

Not controlling end point devices is a common mistake, often because employees complain they make work too difficult, as is not embracing the insider threat. That is not to say that you have ‘bad actors’ on your staff or network, but these admin folks, who have permission to change data access rights, are targets within your organization and should be treated as such.

Since the COVID19 Pandemic began and companies have become more dispersed, have you seen an uptick in cybersecurity or privacy errors? Can you explain?

The two biggest issues I have seen with COVID’s effect on work from home practices are the relaxing of work environments and how that affects your decision-making as an employee. Getting a targeted phishing email in the office at the same time that others get the message is easier to detect. In a home environment you do not get that visual or physical feedback from your co-workers. The other issue is access to data and information. You could access file shares from behind the corporate VPN, but now at home, if you have not extended that VPN presence, shadow IT begins to rear its head and people will proactively move large amounts of files/data off network to their laptops or S3 shares “just in case” I need this data.

Ok, thank you. Here is the main question of our interview. What are the “5 Things Every Company Needs To Know To Tighten Up Its Approach to Data Privacy and Cybersecurity” and why? (Please share a story or example for each.)

Cybersecurity must become a requirement in your daily business. Yesterday, the only two sure things in life were death and taxes. Today we add a third, cybersecurity risk. Every decision you make, each process you create, every time you share data, and every new service you enable needs to have security as a part of the decision process and needs to be driven by safe practices.

SaaS vendors are better at securing their products than you are at running an on-premise version. The conversation has shifted from “Security of the cloud” to “Security in the cloud,” and this is a good thing. Removing as many requirements and tasks from your security teams by a) picking best in breed vendors, b) integrating those vendors with an SSO provider like Okta, and c) allowing your team to become experts at using security tools, will give your business the best chance to stay safe in an increasingly dangerous cyber world.

It’s people that make you vulnerable. Computers only do exactly what we tell them to do. A firewall doesn’t magically decide it wants to change its state. An S3 bucket by default now is not public facing. People need to be trained and aware of the risks their actions cause to the business. This includes everything from password policy to firewall settings, and just about everything in between. If people know and care about these things, the business will be well taken care of and safer than if people are under-educated and don’t care.

Practice fire drills. Remember from school how awesome and fun they were? Well, it’s also fun to call your IT department in the middle of a day and say, “We have detected an encrypted file being sent out of the network through an encrypted channel. What now?” A team is only as good as its coach and practice schedule. It is important to practice situations that are uncomfortable and hard to deal with during the day. The stress of a cyber-incident should not be taken lightly, and there are a lot of lessons from sports and the military that can be carried into your business.

Data Privacy is not Data Security. Data privacy entails a lot more than just secure storage and retrieval of information. In most cases it is better to split these responsibilities within your organization. If it’s not possible, then it makes sense to ensure your security team is up to date on compliance and privacy regulations, as well as best practices to ensure no gaps arise in your systems.

You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. 🙂 (Think, simple, fast, effective and something everyone can do!)

It would do a great deal of good if people were to use a different, strong, rotated password for each online service they use. This is achievable now very easily with integrated password managers in mobile operating systems and browser-based password managers. The reuse of passwords will continue to be a problem that only we solve! If you used the same password on a brand-new Silicon Valley startup fitness app that got breached two days after launching as you do your online banking, there is not much the bank can do or purchase in the security world that will help you. Until you can log into your bank account with your eye, it’s up to you to secure that access with a strong, different password per service.

How can our readers further follow your work online?

Follow our company ALTR on social media or our blog. Almost all my time and thinking is reflected there.

This was very inspiring and informative. Thank you so much for the time you spent with this interview!

    You might also like...

    Thriving With Music//

    5 Ways to Manage Stress With Music

    by Frank Fitzpatrick
    Courtesy of Sychugina / 

    Anxiety Over School Shootings

    by Rachel Ehmke
    Businesswomen talking in the office

    4 Steps A Manager Should Take To Prepare For A Tough Conversation

    by Ashley Stahl
    We use cookies on our site to give you the best experience possible. By continuing to browse the site, you agree to this use. For more information on how we use cookies, see our Privacy Policy.