“Use a strong password, and change it often”, With Jason Remilard and Doron Hetz

Social media is the weakest link in the chain of network security. Prior to deploying our security awareness program, we had seen cases where employees shared their travel plans, pictures from business events and similar information on their personal social media accounts. This information can easily be used in “spear phishing” against key individuals. In […]

Thrive invites voices from many spheres to share their perspectives on our Community platform. Community stories are not commissioned by our editorial team, and opinions expressed by Community contributors do not reflect the opinions of Thrive or its employees. More information on our Community guidelines is available here.

Social media is the weakest link in the chain of network security. Prior to deploying our security awareness program, we had seen cases where employees shared their travel plans, pictures from business events and similar information on their personal social media accounts. This information can easily be used in “spear phishing” against key individuals. In these situations criminals are gaining people’s trust to open a compromised link.

We are working hard to educate our staff on what is appropriate to share on social media and what is not. At the end, we want them to scrutinize any incoming communication and figure out who is the true sender of an email and understand what are his/her intentions.

As a part of our series about “5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity”, I had the pleasure of interviewing Doron Hetz, Senior Vice President of Engineering/Privacy and Security Officer at Casamba, one of the leading software firms servicing the post-acute care industry. Doron joined Casamba in 2014 as Vice President of Operations coming from global oil services leader, Baker Hughes. He is an experienced leader with more than 25 years of progressive growth in technology leadership with expertise in the latest in information technologies, application development life cycles and project management within R&D and normal business environments.

Doron earned his bachelor degree in Computer Science and Electrical Engineering from the Technion — Israel Institute of Technologies (IIT) and his Masters in Business Administration with a focus on executive leadership (EMBA) at the University of Houston. In addition, Doron is a certified Six Sigma Black Belt, Microsoft Certified Professional, and Microsoft Certified Trainer.

Doron and his wife Nirit live in Calabasas, California with their four children Maya (17), Leah (16), Ella (11), and Ben (10).

Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?

I was born and raised in Israel. Like all Israelis, I spent time in the military — specifically as an officer in the navy. After completing my service, I then worked with the Israeli Ministry of Defense on various network and communication security projects. I moved to Houston in 2001 when I joined Baker Hughes, one of the world’s largest oil field services company. I worked there for more than 12 years in various technology and operations roles. I joined Casamba in 2014 as the VP of Operations and have since added security and engineering to my responsibilities.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

My path toward a career in cybersecurity really started when I joined the Israeli navy nearly 30 years ago, and later with the Israeli Ministry of Defense. While working with the Ministry of Defense, I became involved in ensuring secure communications through multiple devices. And I’ve been passionate about security ever since.

Can you share the most interesting story that happened to you since you began this fascinating career?

While working at the Ministry of Defense, I was the lead engineer for a visual verification of threats on a radar detection system. The way the process works is that, in order to launch a defensive attack on an airborne missile or an aircraft, there must be visual verification first. Because all the codes between the radars and the missiles themselves are encrypted, my team’s charge was to decrypt that information. At that point, we would be able to use our cameras to secure the needed visual verification and subsequently launch a counterattack to protect our borders. It’s obviously a high-stakes, high-stress environment. But I would say that much of that prepared me for where I am today.

None of us are able to achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?

I’ve worked with a lot of great people over the years, but I’d say that the single most important person in helping me shape my career was my father. Not only did he provide great guidance and support, but because he worked at the Ministry of Defense and had the same level of clearance as I did, he served as a great sounding board for any questions or issues I was facing.

Are you working on any exciting new projects now? How do you think that will help people?

One of the major projects I’m working on is creating Casamba Cybersecurity 2.0. It’s designed to be a secure environment for our employees, our customers and patients. The major challenge in creating this kind of computing environment is that it needs to strike a balance between offering a necessary level of agility while still providing a high level of protection.

What advice would you give to your colleagues to help them to thrive and not “burn out”?

One of my responsibilities is to make sure my team is happy. Considering how stressful cybersecurity is, this is not the easiest of tasks. But that’s why I always try to smile and keep a positive attitude. Cybersecurity isn’t just a “want” in today’s world, it’s a “need.” So if I can create a positive, upbeat environment, I’ve put my team in the best position to succeed.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry, as it is today, is such an exciting arena. What are the 3 things that most excite you about the Cybersecurity industry? Can you explain?

The cybersecurity industry is rapidly changing because the criminal element is continually looking for, and finding, new areas to attack. What drives me to succeed in cybersecurity is:

  • The increased threat level we all face. Cybersecurity used to just be a concern of banks, financial services firms and the like. As we’ve seen in recent years, anyone and any business can be a target these days because cybercriminals are targeting personal information, corporate data and more.
  • It’s not a 9 to 5 job. Criminals don’t adhere to business hours. So you need be on 24/7. And because of that, it’s a rapidly growing field.
  • Cybersecurity is really about the team. There is no individual who can do everything. Because of that, you’re only as strong as your weakest link. I enjoy building and managing these teams to deliver the best results.

Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for?

Obviously I can’t divulge too much, but what I can say is the major area of focus is the need to innovate through security. Our staff, like so many others, are now working from home and in a less secure technology environment. So we’ve needed to create an open system that allows for collaboration and high productivity, while keeping it secure and close to external threats. These competing requirements dictate the need of the team to think outside of the box, and always look for holes and way to close them, without effecting operation.

Do you have a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?

In November 2019, Casamba was the victim of a sophisticated ransomware attack. Because we serve the healthcare industry, our cybersecurity strategy has to not only protect company and employee data, but also that of the healthcare practitioners and the patients on our platform. Thanks to a robust crisis plan and our work with top-tier security consultants, we were able to minimize the impact of the attack. This meant there was no exfiltration of data, which is priority #1. We also worked tirelessly with vendors and customers to ensure there was an acceptable level of operation while we took the necessary step of rebuilding our computing environment.

The key takeaways from this incident extend beyond the obvious value of a comprehensive plan. In a situation like this, when time is of the essence, the real key is to empower leadership to make split-second decisions based on the overall crisis strategy. Further, frequent and detailed communication with customers and partners is critical during this time — especially in the immediate hours and days of the attack. By keeping everyone apprised of what was happening and our remediation efforts, we were able to allay a number of concerns these audiences had.

What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?

While I don’t want to disclose too much about our cybersecurity tools, I can tell you that we have leading-edge systems that scan files as well as those that scan the network. We have also disconnected all VPNs, and replaced them with centralized credential administration with rolling passwords. We’ve also adopted the edge computing architecture — essentially shortening the “distance” between what the user is using and the cloud services they are accessing.

Even with all this technology in place, there is still the element of human error we needed to address. This is why we deployed security awareness training for all employees. Because we get so many emails over the course of a day, it’s important that our employees are always on guard against phishing scams, viruses and the like. Our training program is designed to educate and test all our staff on the ways cybercriminals try to attack you and the company network. There’s no one measure that can keep your network safe. It’s truly a group effort.

How does someone who doesn’t have a large team deal with this? How would you articulate when a company can suffice with “over the counter” software, and when they need to move to a contract with a cybersecurity agency, or hire their own Chief Information Security Officer?

At the end of the day, when it comes to cybersecurity systems, you get what you pay for. That said, if budget remains an issue, there are still options for you based on financial restrictions. It all starts with having a thorough cybersecurity plan to protect your network. And your plan, regardless of the size of your business, should focus on providing staff with the same level of agility, productivity and efficiency while delivering a high level of security.

As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a lay person can see or look for that might indicate that something might be “amiss”?

There are a few things that go a long way in keeping your computer and your network protected:

  • Don’t click on suspicious links. If it looks out of the ordinary, or it’s from someone you don’t know, it’s best to have a healthy level of suspicion.
  • Use a strong password, and change it often. Passwords are often the first line of defense against cybercriminals. Having a password that’s easy to guess, or worse, one you’ve written down where someone can easily find it, means you’re an easy target. The longer and more complex your password, the better. And then change it often.
  • Know how to wipe your devices if they’re lost or stolen. Your company phone or iPad stores a lot of private, confidential information. If you leave it on a plane, in a taxi or on the subway, whoever finds it can quickly and easily access this critical data. But if you wipe it remotely, all you’ve done is lost your device, not company secrets.
  • Lock your computer when you leave your work station. You might just be headed to refill your coffee or headed into a quick meeting, but this is just the opening that a criminal needs to access your files. Lock it up and use a strong password.

Cybercriminals, and the crimes they commit, get more sophisticated every day. So it’s also important to just stay mindful of the latest techniques and adhere to the best rule of all — if you’re the least bit concerned about something, best to ask someone in your IT department for help.

After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?

The first moments after an incident like a data or security breach are critical in mitigating its effects. The most important first step is to ensure that your customers and employees know that something happened and you’re actively working to resolve it. Depending on the nature of the issue, they may need to disconnect their technology or other efforts to isolate the threat. You likely won’t have all the answers in those early moments, but quick, decisive action can help lessen the impact.

How have recent privacy measures like The California Consumer Privacy Act (CCPA), CPRA GDPR and other related laws affected your business? How do you think they might affect business in general?

Because we service the healthcare sector, we adhere to privacy measures as mandated by Health Insurance Portability and Accountability Act (HIPAA) and are covered under the HIPAA carve out of CCPA. Because we don’t do any business in Europe, we are not compliant with GDPR nor do we need to be.

What are the most common data security and cybersecurity mistakes you have seen companies make?

The most common mistakes I’ve seen is companies believe they are secure or that it won’t happen to them. Getting too comfortable and letting your guard down can lead to big problems later should your company become victim of an attack. The other major mistake I’ve seen is when companies don’t treat their security plan as a “living document.” They think that once it’s done, it’s done for good. That is bound to create problems as cybercriminals are constantly coming up with new techniques. If you’re not adapting and modifying your plans, you’re going experience problems down the road.

Since the COVID19 Pandemic began and companies have become more dispersed, have you seen an uptick in cybersecurity or privacy errors? Can you explain?

We as a company have not seen an uptick because we ramped up our efforts the moment the pandemic hit. But it’s certain that cybercriminals are definitely trying to take advantage of the more people working remotely because of COVID-19. This means more phishing emails, scam texts and the like. People may think because they’re working off a home network, they have less to be concerned about. But that’s not going to stop the bad guys.

Ok, thank you. Here is the main question of our interview. What are the “5 Things Every Company Needs To Know To Tighten Up Its Approach to Data Privacy and Cybersecurity” and why? (Please share a story or example for each.)

While I could certainly think of dozens of things that every company should know when it comes to cybersecurity, and all of them are important, I’ll focus on these top five because they are most impactful:

  • Develop and continually update a security plan. Several years ago, Casamba revised its security plan and tools. At that time, we researched top-tier security products and advisors, which helped us choose the appropriate protection. For a long time, we followed our procedure and protocols and felt we are well suited to protect our networks and data. An annual audit even verified this.

When we were subject to an aggressive ransomware attack in November 2019, our tools and processes quickly identified and isolated the threat, eliminating any exfiltration of data. But we needed to understand what needed changing to avoid future episodes like this. So months later, when we revisited the event, we identified that we needed to re-evaluate our security plan more frequently, recognizing the ever-changing threat. We now review and adjust our security plan several times a year.

  • Create a culture of security awareness at your company. A little bit of time and money spent of training and education can deliver immeasurable saving down the road. 
    Prior to the November 2019 incident, like most in our industry, we believed that discussing security during company town halls and team meetings was sufficient to educate our staff regarding potential threats. But clearly we need to do more.

We are now working to create a culture where network security is top of mind for all employees. As part of this, we deployed a new security awareness program, in which staff engages in frequent training, receive emails about security tips and tricks, and we even “phish test” our employees to make sure our efforts are resonating.

  • Social media is the weakest link in the chain of network security. Prior to deploying our security awareness program, we had seen cases where employees shared their travel plans, pictures from business events and similar information on their personal social media accounts. This information can easily be used in “spear phishing” against key individuals. In these situations criminals are gaining people’s trust to open a compromised link.

We are working hard to educate our staff on what is appropriate to share on social media and what is not. At the end, we want them to scrutinize any incoming communication and figure out who is the true sender of an email and understand what are his/her intentions.

  • Continually reevaluate the tools you use and the “open connections” (e.g., vendors, clients). It’s these connections that cybercriminals look to exploit. In our efforts to keep re-evaluating our tools and “open-connections,” we recently identified a new vendor that provides a superior platform to our technical staff. They offer access to the data center without the need for VPN as well as resetting the password after each use. This essentially eliminates the ability of an attacker to steal credentials.
  • “Shorten the distance” between the computer and the cloud service. Like with the open connections, anything you can do to shorten the distance between the computer and the cloud services they use can deliver benefits immediately. We employ edge computing because it does just that.

With the COVID-19 forcing our staff to work remotely, we needed to create a secure environment where we can monitor the desktops and networks of our staff, while they are using personal equipment on residential networks, at times serving other in our employees’ household.

To address those concerns, and following our adoption of edge computing, we deployed virtual desktops with multi-factor authentication. Through this, we have improved the security by physically isolating the desktops from external users and un-authorized application as well created a higher perming solution from our employees.

You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. 🙂 (Think, simple, fast, effective and something everyone can do!)

My philosophy when it comes to network security is that teamwork drives success. And this means teamwork throughout the company, not just for those working on the technology side. It’s this approach to teamwork that, I believe, can deliver the best results.

How can our readers further follow your work online?


This was very inspiring and informative. Thank you so much for the time you spent with this interview!

    We use cookies on our site to give you the best experience possible. By continuing to browse the site, you agree to this use. For more information on how we use cookies, see our Privacy Policy.