Eforensics BestInerviews OPEN PDF

THE TEAM
Dear Readers,
With this open issue of the magazine we would like to invite you
to read a collection of our best interviews so far. Weve chosen
twenty from those we did since June 2015 and gave them a new
look.
Hopefully you will find some time during your summer vacations
to go and take a look - all those perspectives are fascinating,
with some a lot has changed. To show you that, we invited our
interviewees again to tell us what was new.
We would like to thank all companies and their representatives
for sharing their experiences with us and our audience. We hope
that we can continue the conversation for years to come!
Enjoy your reading,

eForensics Mag
Team
i
THE TEAM
Editor-in-Chief
Joanna Kretowicz
joanna.kretowicz@eforensicsmag.com
Editors:
Marta Sienicka
sienicka.marta@hakin9.com
Marta Strzelec
marta.strzelec@eforensicsmag.com
Marta Ziemianowicz
marta.ziemianowicz@eforensicamag.com
Senior Consultant/Publisher:
Pawe Marciniak
CEO:
Joanna Kretowicz
Marketing Director:
Joanna Kretowicz
DTP
Marta Strzelec
marta.strzelec@eforensicsmag.com
Cover Design
Hiep Nguyen Duc
Publisher
Hakin9 Media Sp. z o.o.
02-676 Warszawa
ul. Postpu 17D
Phone: 1 917 338 3631
www.eforensicsmag.com
All trademarks, trade names, or logos mentioned or used are the property of their respective owners.
The techniques described in our articles may only be used in private, local networks. The editors hold no responsibility for misuse of the
presented techniques or consequent data loss.
ii
iii
TABLE OF CONTENTS
5
92
Barricade
CAT
13
99
Access Data
Stealth Worker
21
105
ReSec
MinerEye
30
112
Hades
Protecode
39
119
Lucy
TopSpin
45
126
QuadMetrics
Secbro
52
140
WiActs
Lenzner Group
60
150
Cynja
Cyber Blog India
72
157
Logical Ops
Hexigent Forensics
78
169
Panopticon Labs
IronScales
BARRICADE
David Coallier
Founder
Published: June 12th 2015
INCREDIBLY EXCITING
TIME FOR THE SECURITY
INDUSTRY
Barricade works so well thanks to artificial intelli-
inspect the responses of the servers they are attack-
gence. Can you explain how the system differen-
ing. Because our intelligence does not happen on
tiates between normal and malicious activity? Is
the customers servers but on our side we also get
it just statistical similarity to other events, or is
access to much larger computing powers and ulti-
there something else to it?
mately a holistic view of an actors behaviour over
We use various techniques for judging and ranking

the accuracy of our results.
The first part is all based on statistical similarities.
her whole lifespan.

Does your system ever seem creative in the way
it learns?
The second part is a comparison with known signa-
It is quite funny to see the divergence of opinions
tures. Whilst we dont believe signatures to be effi-
it has with us about what might constitute abnor-
cient in the modern world of security they do serve
mal behaviour. Even though we are influencing its
a purpose for us which is helping the machine
learning and inflicting bias (not unlike a parent),
learn about known malicious behaviour.
most times the engine discovers very small behav-
We also randomly select sequences of interactions

and we manually review them. We use the term sequences of interactions a lot because we inspect
ioural changes that we dont catch and in a sense

has its own opinion of what the world looks like
(not unlike a child growing up).
the whole behavioural lifecycle of an actor and
An interesting fact is that many of our learning
groups of actors.
models are based off of the insurance industry with
For instance, if ten attackers are distributed around

the world, based on their behaviour they might
end up being clustered in the same group. We
look at the type of requests they make but we also
survival and risk modeling. Some other models are

taken from the financial industry (lots of transactions all the time), others are borrowed from the
computing vision and biology fields. There are
plenty of really clever learning techniques in vari-
based on statistical analysis and fit of the data to
ous fields that can be used.
each model.
What was a bigger challenge: finding models
A better fit means a stronger belief.
that fit in your idea or integrating them together? Have you ever had a situation when two
learning models were just not compatible?
We have incompatible data models all the time
and thats where domain expertise comes in as
well as weights. We run a lot of different predictive
models for a single decision.
Do you think artificial intelligence and machine

learning are the future of security? Is processing
speed enough to outrun hackers creativity and
win the cybersecurity arms race?
Theres no doubt about it and this is where were
going. One of the biggest problem the security
space faces is the massive divide between the se-
Every predictive model used in a single decision is
curity functions and the operations function of the
assigned an importance-value (similar to human
organisation. The processing power is there, meth-
biases). This is the engines belief system. If two,
ods can be borrowed from other fields, and we
three or five models disagree, their importance-
now understand that design is primordial to prod-
value decides which model has more klout than
ucts. It shouldnt be about outrunning hackers
the others. The weights are dynamically assigned
creativity but more about developing systems that

learn new behaviours in real-time and present find-
ings to the users in a meaningful and non-
at the moment and its all up to us to make the
obtrusive manner.
transition.
Do you think that this divide demands a major
Barricades philosophy states that security is a
reorganizational effort to fix, or will changing
strong differentiator between companies. Can
our attitudes suffice?
you elaborate on that point?
This is a question that I ask myself quite often and
The answer is twofold.
always come up with the same answer.
The first is that by investing and developing a
The problem is not the organisations attitudes.
security-aware culture it shows your customers that
We, the security industry, are the problem.
you care about them. You care about their informa-
We must provide the developers and operations

with better products for instance.
tion, you care about their families, their lives.

Some of them are paying money for your services
the least you can do is treat them with respect. It
We must build products that integrate with other
also tells them they can depend on you for running
tools that are part of the everyday toolset. We
their businesses, or sharing private pictures with-
must redefine the pricing models and user inter-
out being scared of seeing this information sold on
faces.
the internet.
By providing the organisations with much more in-
The second part is that a correctly implemented
tuitive products and making security accessible in-
security will increase specific things like business
lieu of exclusive, the attitudes change. As simpler
uptime, security tools can help you resolve issues
products are provided and more people adopt
in a faster manner, and will again provide your cus-
them, the risk-awareness, the culture of the organi-
tomers with confidence and loyalty in your service.
sation starts shifting, and the attitudes will change.
It should always be about the customer and the re-
The security industry is in a place not too dissimilar
spect of the customer. Security increases your prod-
to where computing was only a few years ago in
ucts quality, ultimately driving up customer loyalty.
the sense that you had to be an expert to run, manage, monitor and fix servers. Products came along
and provided the IT industry with an alternative,
something much more accessible and approachable. I believe security to be in a similar situation
Agreed, but at the same time the main factor of

competitiveness remains the price of your services. Do you think that does not apply to security, or maybe we should start thinking about it
as Security-as-a-Cost-Saving?
8
It completely applies to the security industry. In
The problem with the security industry at the mo-
fact cost is a direct reason why so many SMEs
ment is that its products are geared towards secu-
[small and medium enterprises edit MS] are left
rity analysts and security experts. Only a new
in the dark. They cant afford the upfront contracts
breed of security companies will be able to make
or they dont have the technical skills necessary to
the Internet of Thing secure and security available
use these expensive products. There are new pric-
to the everyday person. This is a very exciting time
ing models nowadays that can be leveraged. For
for the security industry as a whole, scary for many
example, our pricing is based on traffic.
incumbents as well.
A customer that has more servers will pay more
Is there something generally misunderstood
than a customer who has a personal site with very
about cybersecurity among the people you talk
little traffic but they both benefit from the same
with?
computing power and same probabilistic models.
The biggest misunderstandings I see is that peo-
There are other pricing models models which are
ple think security is hard or that it simply doesnt
also very beneficial to the customer and allows the
work. This is a symptom of an industry which con-
business costs to grow as they grow. Its evident
sist only of products made for analysts and security
from the number of SaaS [Software-as-a-Service
savvy individuals. Security is hard, yes, but manag-
edit MS] Security products coming into the market-
ing security shouldnt be hard.
place that new and refreshing models are greatly

appreciated and adopted. See the incumbents trying to adapt their pricing models to reflect that
How about among the companies you work

with?
trend is another strong indicator of the readiness
As were mostly selling to SMEs we talk to a lot of
of the market and the industry.
teams without security experts, we hear some very
Are you worried about the unavoidable issues

with security in the age of the Internet of
Things?
interesting opinions. Many small and medium businesses dont seem to think they are at risk if they
dont process payments. Another common misunderstanding is the too-small-to-be-hacked. To us
Im not worried at all. Im excited! Im more than
however the biggest misunderstanding is the be-
excited in fact, I dont think the Internet of Things
lief that security is a scary thing. It seems as if the
can become mainstream if security isnt intrinsicaly
security industry has been inadvertidly fearmonger-
built into it.
ing for many years and often-times this has
prevented the security discussions from happening
(until something happens). Again this calls for a
within organisations.
new breed of security products that will allow peo-
We dont like that and are really working on making a difference in the industry by allowing businesses to understand that security is serious, but if
ple to get started with their security really easily,

and have these products fade into the background
and not be distracting.
you are prepared, have testable, automated secu-
Its an incredibly exciting time for the security indus-
rity as well as clear visibility into whats happening
try!
then you are ready to respond to security incidents

in a much more mature manner.
What would be a perfect security system: a simple or a complex one? Barricade is one of the
One way to achieve that, and that is what we be-
simplest systems to use, but the technology be-
lieve in, is by making security issues as natural as
hind it is quite complex if not complicated. Is
software bugs. Software bugs are still annoying but
there a one-size-fits-all solution?
they are easier to deal with because people have

been provided with tools to allow them to prepare,
get notified, identify, priotitize, test and fix these
issues in a continuous manner. Security should be
a natural part of operations and businesses rather
than a side-function.
To us its quite simple. For security to be used

more broadly, the products need to address the
non-security experts. I dont think therell ever be a
one-size-fits-all security product but for instance
were working on helping businesses prepare and
respond to incident in a more positive manner. An
Do you sometimes get the impression that some
example from our product is when we detect some-
companies are not as much as scared of security,
thing we give you a recommendation on how to fix
but simply surprised that its a thing they should
it and what that recommendation does. A second
think about?
example is that when you implement one of our
You are completely right. A lot of people just

arent aware of the importance of their assets, their
data and their reputation. A lot of people put the
security discussions aside because they are usually
very uncomfortable due to the traditionally high
associated costs and the perception people have
recommendation, were giving you a discount on

you rmonthly cost. We call that progressive pricing. The idea is that you should be able to use security products regardless of your level of security
knowledge, whether you are an expert or you
know very little.
of the security industry. Moreover, security is rarely
What conditions should security systems fulfill in
at the top of the priority list for most companies
order to be effective in todays world?

10
The application development lifecycle has changed

a lot in the last few years. The security systems need
to be focused on the user-experience at every level
from simplicity of installation, to having upgrade
paths, have simple pricing structures, be real-time
and more importantly they should not be an impendance. Forcing users to use new security tools for
notifying and managing their incidents is not right.
For security products to become an intrinsic part of
the ecosystem, they need to integrate with existing
technologies like PagerDuty, Slack, HipChat, etc.
The tools used by the developers and operations
teams shouldnt have to be changed.
By making security simple and positive, people
wont be scared of security. Whilst theyll understand
it is serious, theyll also understand that it is possible
to deal with security in a responsible manner.
What is a single most important thing youve
learned about cybersecurity and would like to
share with our readers?
You will go through security incidents and its ok. Its
part of todays world. Just be prepared, find tools
that dont waste your time, and try and build a riskaware culture by encouraging good security practice. If you are a business find products that will
grow with you, if you are a customer, use products
that have strong security practices.
Be responsible.
Thanks so much for talking with us!
11
About Barricade:
Our Mission is to democratize security through simplicity. From the companies who are creating the next generation of web and mobile experiences, to anyone putting a website together for the first time, Barricade is the security platform to protect what's valuable to you.
WWW
12
ACCESSDATA
Abdeslam Afras
Vice President of International Markets
Published: July 21st 2015
WE ARE ENTERING A NEW AGE

OF COMPUTING
What are your predictions for AccessDatas fu-
In your opinion, what is the biggest challenge
ture in international markets? Any changes or
AccessData will have to face in the near future?
new directions?
I think one of our key challenges to navigate in the
We view international markets as a significant
near-term has to do with the collection of potential
growth opportunity for AccessData. Our company
forensic evidence in the cloud. Since electronic in-
has made the strategic decision to double down
formation can be stored anywhere in the world, we
on our core business of eDiscovery and digital fo-
will be dealing with a maze of cross-border legisla-
rensics solutions. As a result, were making signifi-
tion and privacy laws that differ significantly from
cant investments right now in both people and
one country to the next. Moreover, establishing
products to make sure that we have the right level
chain of custody with evidence collected in the
of support in all of our key markets. For example,
cloud is very difficult. Added to these forensic chal-
were investing significantly in our ability to investi-
lenges are the data security challenges in the
gate Internet activity, collaboration tools, the ability
cloud. For example, some of the free cloud-based
to process cases with up to 500 million items, multi-
services such as Google Drive and Dropbox are
case search, mobile phone examiner tools and
now being used to store illegal photos and files
much more. Weve also stepped up our training
with which to launch malware attacks. There are
programs in the UK, Germany, Netherlands, Austra-
also gaps in Service Level Agreements that often
lia, China, Singapore, Mexico, Chile and other coun-
dont define the role and responsibilities of cloud
tries. We have an exciting milestone coming up in
service providers at a time of a malicious incident.
2017: AccessData will celebrate its 30th anniversary,
Of course, tools such as AccessDatas FTK are built
a pretty tremendous achievement in this business.
to help overcome the challenge of conducting digi-
We continue to grow year over year and have never
tal forensics collection in the cloud, and we will con-
been in a stronger position to accelerate that
tinue to develop our forensics products in order to
growth in international markets.
meet these growing challenges.

14
Can you see an international consensus happen-
Can you see any new trends in Forensics that
ing in the future on how to deal with cross-
you would like to explore and implement?
border issues with investigations in the cloud?

Do you think some kind of cooperation is more
likely to emerge between countries or businesses?
Our view is that mobile devices will be the dominant topic of conversation in the coming years. People are really moving away from traditional computers and toward mobile devices; as they do that, the
Yes, I do think we are moving in that direction. Spe-
criminal activity goes with them. These devices
cifically, with the increase in cyber crimes, govern-
bring with them a large number of new challenges
ment authorities appreciate the seriousness of inter-
and opportunities and we intend to pursue them
national crime and therefore have a common inter-
aggressively. We forecast strong demand from or-
est in cooperating. One of the biggest challenges
ganizations looking for mobile device forensic tools
of cloud computing to investigations, however, is
that are tightly integrated with litigation support
the cross-border nature of cloud services. In many
and eDiscovery tools. This is our sweet spot at Ac-
cases, data may be stored in another country, so
cessData, so we feel well-positioned for this trend.
law enforcement has to rely on mutual legal assistance or other forms of international cooperation.
In the past, there have been various forms of support, but the trend within the European Union is towards applying mutual assistance more freely. I
Do you think the international environment will

become easier or more difficult to navigate for
digital forensics experts? How about for AccessData?
think we are seeing more trust of each others pro-
We have definitely seen major progress as an indus-
cedures, which has to be the cornerstone of coop-
try in this area. In the past, it was almost impossible
eration in investigations.
to find forensics experts in markets outside of the

US and UK. That has changed and Im definitely
seeing a lot more talented digital forensics experts
15
working in markets around the world now. For ex-
proving our software. For us at AccessData, its im-
ample, in Germany, where I am based, a few years
portant to always consider the background, work-
ago I knew all of the digital forensics experts indi-
flow and practices of our diverse user base, ensur-
vidually. Today, the field is much deeper here and I
ing we deliver usable tools that will help clients
suspect that will simply continue to grow in the
get results quickly and easily.
next two to three years as more corporations set

up their own in-house forensics labs. You can also
see an upswing in the training programs and academic courses that universities are offering around
What are AccessDatas plans for dealing with

cyber-physical environments and cyber-physical
crimes? Any frameworks, strategies?
the world, including new digital forensics study pro-
Earlier this year, AccessData Group divested our
grams in places such as the UK, Germany, Latin
cybersecurity business (Resolution1 Security), ena-
America and Asia.
bling us to focus exclusively on our core businesses
Do you think that the future growth of the field

will be so big that we will see digital forensics
experts coming more from different areas of IT
and simply picking up the tools and methodology, instead of from strictly forensic background?
of eDiscovery and digital forensics. However, the

use of forensics tools are extremely valuable for Incident Response teams because they help investigators understand how an intrusion happened,
what it entailed, where it occurred, when it took
place and possibly even why the attack was
launched. Moreover, while were focused in the
Absolutely. In fact, we can already see people mov-
world of digital forensics, the fact is that most
ing into the forensics world without any forensics
cyber-physical crimes must be investigated with
experience. Sales people, for example, are very
digital collection tools.
keen to move into this area and most of them have

little or no forensics background. Some technical
people have changed their focus from IT fields
such as Backup/Archiving to Digital Forensics.
Weve been watching this development closely be-
How do you see AccessDatas products keeping

up with the development of the cloud and the
growing tendency to keep information in the
could rather than on hard drives?
cause this trend creates some unique challenges
We are heavily focused on cloud-based solutions,
for software companies. With users bringing more
both in terms of our ability to deliver our products
diverse backgrounds, usability of the tools has be-
over the cloud and our ability to investigate an indi-
come increasingly important. We take that into con-
viduals usage of the cloud. In terms of delivery
sideration when designing, implementing and im-
over the cloud, we see a growing acceptance of

16
the idea that users are open to the idea of doing fo-
based forensics conducted in most countries within
rensics in the cloud. Right now, this demand is small
the next 6-18 months. From a vendor standpoint, I
and focused on corporations but we expect it to
am expecting new RFPs for cloud forensics from
grow and become acceptable across all vertical mar-
European countries by early next year and expect that
kets. Cloud-based delivery of eDiscovery solutions is
we will see similar approaches in APAC countries
already a widely accepted norm so we see it as only
shortly down the road.
a matter of time before this bleeds over into forensics and takes hold. On the investigations side, the
Do you think companies cybersecurity strategies,
ability to investigate Internet usage is a wide spread
as seen through AccessDatas experience, are
reality today. Between social media, email and Inter-
enough? Is there something fundamental that has
net usage, you can do more to reconstruct a persons
to change in the corporate approach to cybersecu-
activity then you ever could with more traditional
rity?
hard drive analysis. So that is where our focus is and

will remain in the near term.
Our view is that, given the increasing pace and complexity of data security threats, corporations abso-
FOLLOW-UP: How has the role of cloud solutions
lutely must adopt new executive-level approaches to
evolved since then?
cybersecurity to protect critical business information.
Cloud solutions have developed much faster than
Formal processes should be implemented to identify
most experts anticipated and have now become
and prioritize IT security risks and mitigation plans.
extremely important. I believe we will see cloud-
The challenge for corporate executives, of course, is
17
that its an ongoing battle, with new digital assets being created every day and new attacks being developed daily as well. Since the sophistication of assaults and complexity of IT environments have risen
rapidly, this challenge cuts across operations, risk
management, legal and technology functions. Companies should make this a broad initiative, while partnering with a leader such as AccessData for incident
response management.
Do you have any thoughts, experiences or advice
that you would like to share with our readers?
Sure, one thing your readers should keep an eye on
in the coming years is that the digital forensics industry is going to grow significantly as we enter a new
age of computing shaped by the Internet of Things
(IoT). As the IoT introduce more devices, more data
and a variety of evidence types into our world, we
must identify new approaches in order to gain access
to this rich source of potential evidence. All of the
new connected applications will be pieces of evidence and will make the industry much bigger and
even more valuable in the next few years, pushing us
to a whole new level. Many existing challenges are
exacerbated by the cloud, jurisdictional issues and
international coordination, but the current environment also brings unique opportunities for new investigative approaches, which I am looking forward to
monitoring.
Thank you for speaking with us.
18
Has your company changed in any way since the interview?

AccessData has experienced some exciting growth in the past couple years. At the corporate level, we named a new CEO last November (Keith James, who was previously our
EVP of Worldwide Sales & Marketing) and then a new Chairman last January (Victor Limongelli, who was the previous CEO of Guidance Software), so we have dynamic corpo-
SPECIAL EDITION
FOLLOW-UP
rate leadership. As far as product innovation, last October we announced the simultaneous launches of Summation 6.0 and FTK 6.0, improving interoperability between the
industrys only integrated forensics and e-discovery software platform. The new versions
of the flagship products have been well received by customers, business partners and industry observers. AccessData has significant momentum in the international forensics software marketplace right now.
How has the field changed?
In terms of the field of forensics product sales, I would say the sales professionals in our
industry are unique and its no longer good enough to be a usual business-to-business
sales person. In our industry in 2016, everyone in the field needs to be an expert, but also
a trusted partner. We take that commitment seriously and have been working even harder
to establish trust, credibility and value with each one of our customers. We feel its our
responsibility to not only understand the products and the software requirements, but to
deeply understand every customers unique needs so that we can effectively collaborate
with them to solve complex problems. In this new era in our industry, we want to function
as a partner who is there to set up every customer for success.
How did your view on forensics change?
One thing I have observed as a change is that forensics has become a requirement in virtually every single organization. The number of cases and the sizes of individual cases has
increased dramatically. We are expecting cases in the range of 1PB very soon. Mobile forensics has a much higher priority importance than ever before. There are still not enough
experts in the industry to support the demand, but we can see a lot of people are studying forensics in universities all over the world and the number of new professionals coming into our business should be viewed as good news for all of us who want to see the industry continue to grow.
19
AccessData Group has pioneered digital forensics and litigation support for more than twenty years. Over that time,
the company has grown to provide both stand-alone and enterprise-class solutions that can synergistically work together to enable both criminal and civil E-Discovery of any kind, including digital investigations, computer forensics,
legal review, compliance, auditing and information assurance. More than 130,000 customers in law enforcement, government agencies, corporations and law firms around the world rely on AccessData software solutions, and its premier
digital investigations products and services.
WWW
20
RESEC
Dotan Bar Noy
Co-founder and CEO
Published: August 10th 2015
DONT SEARCH FOR

THREATS, PREVENT
THEM
We continue to see a growing number of large
When Organizations consider adding a new secu-
and unforeseen data breach attacks throughout
rity measure they should look at the following fac-
the international marketplace. In your opinion,
tors:
why do so many large corporations fail to defend themselves against cyber threats and what
do they need to change in their strategies, if
anything?
Organizations, especially in recent years, are very
focused on trying to improve all aspects of their
cyber defenses. Their perception of defense has
broadened and they are combining active preven-
The actual security level offered by the underlying technology. Does it actually solve a real problem or is it just a cool, well marketed solution.
Ease of use and flexibility. What is the level of
impact on the end users? Does the solution require ongoing daily maintenance in order to operate? How simple is it to modify its policy?
tion techniques and detection solutions with intelli-
How well the solution fits my organization a year
gence and network monitoring systems. The prob-
from now? Can it fit changes we intend to imple-
lem is that these layers of defense are still easily
ment in the near future?
breached by advanced modern threats, and these

sophisticated threats are becoming very common.
In addition to that, the multitude of solutions in
the organization also cause two additional problems: Overwhelming the IT/security departments
with a lot of irrelevant information, and preventing
users from performing valid actions.
Organizations need to rank solutions in a manner

that ensures the chosen set of solutions they use
will provide the desired level of security, while allowing the users and IT departments to keep on
doing their work.
Do you think there is a way of limiting the
amount of information IT departments get without compromising their work? After all, it relies
22
heavily on intelligence and staying well in-
Follow-up: Are we any closer to a perfect solu-
formed. Is there a compromise?
tion now?
I think the correct approach to this would be to cre-
There are many interesting solutions emerging that
ate segregated segments within the organization,
seem to make the life of the "average" hacker
each with its own security policy. The transfer of
much harder. The question is, how quickly will they
data between those segments (e.g. from the IT seg-
be adopted by organizations, and how will the
ment to the main product segment) should be
threats evolve to try and beat these new security
closely monitored so that threats cant spread
mechanisms?
across domains. Obviously, segments use the

lower security settings should be protected by additional measures so that an infection will be
quickly detected within that segment. Creating the
correct balance between usability and security is a
In your opinion is cybersecurity perceived as

magical by everyday users? Is it becoming an
expert domain, where nothing is really understood by anyone outside of the IT department?
continuous process that should not be taken
I think cybersecurity is becoming an expert do-
lightly.
main. The vast amount of solutions and tools dic-
Is it possible to create a perfect (or as close to

perfect as possible) security solution that has a
minimal impact on the end user?
tates that in order to stay up-to-date with current

technology (threats and resolutions) a person must
be fully dedicated to this field. This, unfortunately,
causes people that are not experts in this domain
As a goal to strive to YES. That is part of our mis-
to perceive cybersecurity as somewhat magical.
sion at Re-Sec and we strongly believe it can be
It is absolutely vital that people that deal with secu-
done. This mission becomes much easier once you
rity have a deep understanding of the limitations
put your focus on prevention (by white listing safe
and capabilities of the tools they are using in order
elements in the data that are allowed to pass)
to make the right selection of tools for each task.
rather than detecting the exact name of the threat.

This is analogous to going to the doctor and receiving a prescription for antibiotics. The doctor
doesnt have to go through the process of precisely identifying the name of the threat. Instead, it is sufficient to detect the general family in
order to cure the patient.
The end-users, on the other hand should not be

required to understand the security technology
that is used. They should be allowed work as usual
and I would recommend organizations to favor solution that require a minimal amount of changes to
the way users do their work. Placing complicated
and cumbersome barriers before the users some23
times triggers them to look for ways to accomplish
education by practicing real-life cyber warfare.
their work, that actually bypass security measures
Many of them attempt to translate their under-
thus achieving the exact opposite result.
standing and knowhow in order to create new and
Israel is commonly acknowledged as being a
innovative defensive solutions.
leader in cyber security. What are, in your opin-
Do you see a difference between how compa-
ion, the key factors that enable this type of inno-
nies in the U.S. defend themselves compared to
vative environment?
Israeli companies?
Israel cyber industry emerged from the need to de-
We see two main differences in the security ap-
fend critical infrastructures and key industry organi-
proach of U.S. VS Israeli companies. The first differ-
zations from a very large number of sophisticated
ence is that U.S. companies follow a strict set of
attacks that happen on a daily basis. A generation
cultural rules and regulations, while Israeli compa-
of young and talented experts receive the best
nies are often governed by less formal set of rules.

The second difference is that Israeli companies are
more acceptable of innovative technologies and
more open to experiment with early stage vendors. This relates also to the previous question and
is part of the reason Israel offers an easier market
for new cyber solution companies. However, making the transition from Israel to the U.S. market is
often very challenging for companies that originate in Israel.
You describe the U.S. enterprises as following
strict, culturally driven regulations. Can you
elaborate on that? Do you think that cultural differences have a big impact on business cybersecurity? Should they?
A simple example would be device control Vs. policy. Many U.S. organization understand the potential risk allowing employees to use a DOK on their
home computer and then in their office environ24
ment. Employees are often instructed not to use
Follow-up: Would you answer this question dif-
untrusted DOK devices, but the organization is
f e re n t l y n o w ? H a s a n y t h i n g c h a n g e d ?
not enforcing this policy by installing a device-
Since then, we were also selected as one of
control on the users computer. In Israel that would
CRNs emerging technologies for 2016 and men-
not be the case. As a result, one of the common
tioned in Gartners reports a few times.
attack vectors when performing penetration testing on U.S. organization would be to leave a USB
DOK near (or at) the office. Social experiments
found that in most cases these devices were soon
after used by employees on the organizations computers (often with the good intention of returning
the data to its owner).
Recent developments have made it important for

organizations to enable users to go back to working as they used to, and simplify their layers of
threat prevention. I recently spoke with a customer
in the New York area that is using 4 different endpoint solutions as well as multiple cloud-based
Sandboxes and Anti-Virus tools. He was right to
Re-Sec was selected by Kaspersky as one of the
dedicate himself to trying to automate his cyber
top security startup companies for 2015. What
security processes, as otherwise his entire IT de-
gives Re-Sec, as a young and growing company,
partment would collapse. For me, the worst part
such a competitive advantage? What do you do
was to learn that even after implementing all of
different?
these solutions, he still got breached and suffered
Re-Secs solution is unique in the cyber prevention
damages.
landscape. Our solution creates a unique, fully-
From a strategic standpoint, what are some of
automated layer of prevention that is not based on
the biggest challenges organizations currently
signatures or behavior analysis. Our Content Dis-
face in the cybersecurity space?
arm & Reconstruct (CDR) makes prevention a simple and deterministic (!) process. Our motto Dont
search for threats. Prevent them. is exactly the
change we are offering to the perception of prevention. Our solutions ensure that the organizations data is completely free from known and unknown malware, APT, Zero-day threats, without
changing the way users do their job or creating a
lot of additional work for the IT department.
I see great challenges in creating a unified cyber

policy that balances the security needs and allowed risk levels for every user group in the organization. Organizations need to map valid scenarios
for every user and match the correct set of tools to
it so that the risk level caused by this scenario is
acceptable. Users receive information via a multitude of channels including email, web, removable
drivers etc. and the organization MUST enforce a
25
uniform cyber-policy that encompasses every data
those demands. It is now on whoever sets the regu-
channel for every user and potential attack vector.
lation to ensure its relevance to the everchanging
Regulation and administration are very susceptible to the snowball effect and their growth can
get out of control rather quickly. Are you wor-
threat landscape and its fit to organizations that

come in a wide range of sizes with very different
needs.
ried that future efforts in that regard may result
What do you think are the most important les-
in unnecessary complications?
sons CISO can learn from the latest cyber inci-
Yes. In some cases we do see trends in regulations
dents?
that may, in the future, prevent organizations from
In many cases we learn about incidents months
accomplishing their job. It is important to remem-
after they take place so it is hard to react in real-
ber there should be a balance between the origi-
time, as you are actually solving a year old prob-
nal purposes of the regulation (which is often the
lem. A few points that were emphasized lately:
need to protect customers of the organization by

enforcing a predefined level of security) with the
need of the organization to operate. I think that
regulations should be closely tied to the available
Keep you system up-to-date and monitor published vulnerabilities patches. Make sure your users
are using up-to date tools and applications.
technology and should not fail to take into consid-
Utilize to the fullest the solution already inte-
eration the productivity of the organization.
grated. In many cases installed solutions are not
Follow-up: Has anything changed? Whats your

current perspective on this?
As far as we can see, the regulation is moving to
cover more sectors, but not disturbing their operations. A good example is the latest addition to
HIPPA that includes protecting against Ransomware as part of its regulation requirements:
http://www.lexology.com/library/detail.aspx?g=0b
6b00ce-a492-4234-b9fe-a1329a9e08f0
utilized to full potential thus leaving possibly

solved vectors open for attack.
Training and culture employees need to be
aware of the risk and organizations need to educate employees about risks and the dangers that
their actions make cause.
Look for solutions that solve YOUR problems. A solution that works well for others may not match the
needs of your organization. Judge each solution
based on its actual benefit to your organization.
We do see organizations follow the path described

by regulators and create the priorities according to
26
Do you believe businesses should work towards better communicating with each other about threats?
Nobody likes to talk about how their breach occurred and what exactly failed, but an alliance between enterprises could make the environment a
safer place.
I think that mutual sharing of security information will
benefit all parties on the long run. However, it is difficult to motivate this process between competitors as
this often stands in contrast to the short term goals
of that business. To summarize, I think this is a very
interesting, yet complex, topic and would love to further discuss this on a different occasion.
Do you have any thoughts or advice you would
like to share with our readers?
Yes, we see many small vendors, like ourselves, struggling to offer interesting and useful solution to organizations. The cyber battle will not be won anytime soon, but the part of learning about new challenges and looking for solutions is the fun part. I
think it is vital for the IT/security departments to enjoy the search and make it a major part of the routine. We at Re-Sec see it as our mission to allow organization to be prepared for the rapidly changing
threat-landscape that they are facing today and will
be facing moving forward.
Thank you for talking with us!
27

We continue to grow the manpower in both our Israeli R&D and our US offices, while also increasing the number of ReSec customers and partners. We
recently finalized training for a Washington DC-based integrator and are working with a few MSPs to offer our solution to small and medium businesses as
SPECIAL EDITION
FOLLOW-UP
well. A couple of months ago, we also launched ReSecure Cloud Mail, an extension of our product suite that secures popular cloud-based webmail services including Microsoft Office 365, Gmail and others. This new offering
provides our global customers with additional coverage for users of these platforms and complements our existing threat prevention capabilities on enterprise email, web, FTP, endpoints and digital vaults. This is another way we address the SMB and assist them in preventing cyber threats without integrating
complex solutions.
The field is always changing with new threats from one side and new technologies trying to battle them on the other. Our concern is that organizations will
be left behind if theyre unable to quickly adopt the new technologies. It
seems enterprises end up behind the technology curve due to a shortage of
professional employee and budget concerns as well as the lengthy deployment time of many solutions and complex internal processes.
How did your point of view on forensics change?
Forensics play a crucial role in identifying and defeating advanced threats that
are becoming more common nowadays. Since it is such a unique and rare
tradecraft, it is important to use it when and where needed. Using forensics experts to examine every file which is slightly suspicious and ended up in the
sandbox would be to waste this valueable resource. Its much better to process all files using CDR first, and then use forensics on the rare files that are
flagged and quarantined.
28
About Dotan Bar Noy:

Dotan Bar Noy. CEO and Co-Founder of Re-Sec Technologies Ltd
Lt. Commander Israel Navy has more than 10 years of management experience in several leading companies and startups in Israel and US.
Re-Sec is an Israeli cyber threat company that develops a software that Prevent and Monitor known & unknown cyber threat from entering the
organization. At the core of the Re-Sec solution is a unique process called Content Disarm & Reconstruct (CDR) .
CDR rebuilds, at real time, incoming data (e.g. PDF, office, open-office, images etc.) according to a defined white-list of safe data elements
matched to users actual needs/ policy. Re-Sec solution is integrated in medium to large enterprises such as Banks, Infrastructure, Government,
Telco, Media etc.
WWW
29
HADES
Robert Cross
Founder
Published: 27th August 2015
CYBER SECURITY IS
EVERYONES PROBLEM
You run a company that produces security soft-
cal one than technological? This is when we
ware, but you are also launching Hades a
started discussing disruptive concepts to exploit
Crowd Hacking Platform. Can you tell us more
this possibility, which was the beginning of HA-
about this project?
DES.
Great question and absolutely! My current com-
After doing some research we started piecing to-
pany, PSC, is primarily focused on software security
gether some of the puzzle. Most of our research at
forensics, offering an unprecedented level of
the time suggested many in the black hat commu-
power of understanding your software security
nity if they had an opportunity would use their tal-
risks through the combined solution of software
ents to make money legitimately. However, most
and services.
were adverse to being part of corporate Amer-
Software is only one layer of many when considering a holistic cyber security strategy. Like the rest
of the world Im a victim of overstimulation from
social and traditional media and the hourly stories
of companies being compromised or hacked. At
the same time you hear about companies launching new security products to thwart hackers but
the hits just keep coming. This was a profound moment of realization that the rate of technology invention in the cyber domain is not keeping pace
with the rate of human (hacker) innovation. The
question we asked ourselves, Is it possible the
ica and didnt feel their backgrounds or credentials would land them the dream job, instead have
to play office politics under the typical big company bureaucracy. In some sense this crowd likes
being off the corporate grid and able to play by
different rules or no rules. Their skepticism lies with
corporate America not being okay with fostering a
no rules environment where this crowd can legitimize their talents, nurture and grow their skill sets,
be professionally respected, socially accepted and
earn a great living and get paid their worth. By far,
the majority prefer going to the bank rather than
worlds cyber security challenge is more a sociologi31
jail and have a passion for finding ways to exploit
enthusiastic than we ever anticipated, it was al-
systems especially from big brands.
most as if we tapped into their inner geek. We
On the other side you have corporate America and

our Governments who are clearly losing battle after battle in the current global cyber war happen-
were finding our entire meeting would be spent

talking about HADES and how disruptive the concept was towards current cyber security strategies.
ing 24x7x365. They are being out maneuvered
In this arrangement will HADES work as a guar-
and no matter how much money they spend or
antor of trust and safety? Will anonymity do the
new technology they throw at the problem they
trick alone?
still have to be right 100% of the time and the

hackers only have to be right once. The odds are
in favor of the opposition. Everyone of these companies if they had the opportunity to hire the Iceman (famed hacker) to protect their networks
would do so in a heartbeat if assured the hired gun
could be trusted with the crown jewels which is
where it falls down. Everybody wants to touch the
flame with assurance of not being burned.
We have strong relationships with C-Suite executives at PSC and we started socializing the concept
of hiring a hacker for feedback. We started to
construct a strawman concept of operations
where HADES would provide a neutral and virtual
Anonymity is just one layer of protection. Certainly

for the corporate side there will be lawyers involved and service agreements in place. Also,
there will be controls in the operational environment that will also add layers of protection. Most
importantly, corporations are not providing access
within the HADES platform to their live actual network. I will refrain from disclosing all of the layers
of protection.
For hackers the amount of information we will require will be kept to a minimum and payment
mechanisms will be flexible including via bitcoin
and other currencies not tied to identities.
platform for two diametrically opposed parties to
We already have crowd sourcing, crowd funding
engage in a mutually beneficial transaction. Both
and thanks to you, soon well have crowd hack-
parties would have anonymity to protect concerns
ing. Do you believe in the crowd?
on both ends. Essentially, both parties have an opportunity to commercially engage in a protected
and safe environment to put their best up against
each other where anything goes or engagements
can be designed to achieve specific results. The
initial reaction from C-Suite executives was more
I believe crowd sourcing is an incredible way to increase the participation and leverage the global
workforce in an unprecedented way. Everyone has
their 9 to 5 job but crowd sourcing provides another way to contribute expertise to others outside
32
of their normal day job. I also believe it is one of
view the answer is more sociological than technical
the purest forms of capitalism in human resource
and the purpose of HADES in providing a crowd
management. It creates a marketplace for individu-
hacking platform is to engage the cyber under-
als with unique skills to hang a shingle and com-
world and create opportunities for hackers to en-
pete for work globally and start building their per-
gage in legitimate transactions. It will be interest-
sonal brand. Perhaps some day companies will
ing to see if a schism is created and the tide is
lease their employees daily based on a crowd
turned based on viral adoption by both corpora-
sourcing model and gain tremendous flexibility in
tions and hackers. The fun part will be observing
talent and access to labor markets once thought
the social dynamics within the HADES environment
impossible. You never know
between different individuals and groups.
Do you think its possible that the Internet can
Cyber security is everyones problem and the best
self-regulate when it comes to cybersecurity? Is
solution is for the private sector and public sector
the cooperation between actors people and
to continue to collaborate. When a Government
companies enough, or will state-level interven-
and its citizens are under attack than its inevitable
tion be necessary?
for state level intervention, I believe thats one of
The current answer is no, I dont believe the

internet can self regulate, but I also believe the
internet hasnt had a fair shot to do so. From our
the reasons we pay taxes. Its unfortunate there are

gifted individuals that would rather take down a
power grid than help contribute to society in another meaningful way. We are hoping HADES will
upset the current balance of power in the cyber
underworld and perhaps provide an alternate
channel for those individuals to express themselves in a positive way.
So basically your vision is to have talented individuals who are incompatible with the system
come out and in the cyber community. Thats
an ambitious project! Do you think they will
have to face some bullying for making compromises?
Great question. I think one of the most exciting
33
aspects of HADES will be having a front seat to wit-
Great question! The concept of HADES is very dis-
ness exactly how the social dynamics play out.
ruptive and some early feedback from C-Suite ex-
How will groups form, how will hackers rate each
ecutives and potential investors is the world may
other and recruit one another. How will they split
not be ready for it, which is why I think its time.
and share the bounty. Will they tilt up virtual businesses and carve out a niche. It truly will be a window into an underground world that someone will
write a book about someday and provide insight
into behavioral dynamics in such communities or
subcultures. Very fascinating!
Regarding bullying, we will have some basic
rules of engagement while within the HADES environment to maintain a professional decorum. We
will reserve the right to suspend accounts based
Conveying a message that engaging HADES either

as an early adopter or as an investor is low risk will
be a challenge but if we put in place the necessary
controls I think well have a great story to tell.
Another challenge is earning the trust of both communities (corporations and the hacker community)
and to give them confidence their identities will be
protected. We must be authentic in everything we
do.
on out of bounds behavior interfering with com-
Marketing to two different audiences will also be a
merce within the environment. We are hoping
challenge but I think will be way too much fun. Cer-
there will be some self-policing but we will have
tainly for the corporate side of the company there
our own hacker staff to ensure such things when
will need to be professional, conservative and
they occur are being monitored and dealt with ap-
clean branding and messaging. However the
propriately. I think it will be a great learning experi-
hacker facing side will need to be completely the
ence for all involved. HADES in greek mythology
opposite empowering these folks to feel like digi-
brought order and balance to the underworld, we
tal bad asses. We joke sometimes that some of
are hoping to provide that at least within our envi-
these folks when they were in school used to get
ronment.
slammed into the lockers and their lunch money
Your Credo says HADES CROWD HACKING

PLATFORM PROVIDES SOCIAL CYBER ENGAGEMENTS ALLOWING HACKERS AND CORPORA-
stolen by the bigger kidsnow its their turn to do

the slamming and make money doing it. Im very
excited about this challenge.
TIONS TO LEGITIMATELY COLLABORATE.
The ultimate challenge is capturing the interest of
What challenges do you predict when trying to
the hacker community. Early feedback suggests if
organize it?
we build it they will come! but I know to impress

this crowd our platform will have to be nothing
34
less than exceptional. My personal goalI almost
PSCs target market is very broad. Essentially any
envision the scene from the movie Willie Wonka
company that produces a product which contains
and the Chocolate Factory when they first enter
software or offers a service resulting from software
the candy room with the chocolate waterfall and
capabilities is a potential client. Software is eating
everyone cant believe they can eat everything
the world from our cars toyes even our tooth-
they see (my favorite scene). I want that same reac-
brushes. Our lives are wrapped in code with more
tion when a hacker becomes a member of the HA-
and more of our life experiences these days are a
DES community, they cant believe its real and
result of software.
there are no rules and they can destroy and exploit

everything they see. I know its a big lofty goal but
it would be a lot of fun to achieve that reaction out
them. If we can make it as addictive as todays
video games then we will have achieved one substantial milestone.
One obvious challenge every start-up has is attracting like minded investors whom share your vision.
So its not just about ensuring trust between the
engaging parties, its also about them trusting
you. Do you think you will be able to balance
your business reputation with your hacking
cred?
HADES target market would be companies

(F1000) having an interest in engaging an advanced platform to defend their networks or are
producing a connected product.
It kind of sounds like there is something more
behind it. In your opinion is cybersecurity perceived as magical by you or everyday users?
The internet has been described to me by other
experts as the Wild West and if youre connected
youre not only a target but most likely have been
compromised and you dont even know it. Everyone carries around a connected super computer in
their pocket these days which is constantly trans-
HADES isnt about my hacker cred, its about
mitting data about your life. When we download
theirs. They are the star of the show. My talent and
an application or install an upgrade of the latest
credibility is being a broker of commerce and be-
OS we are served up a 25 page license agreement
ing able to bring two parties together to engage
we are supposed to read and they conveniently
for mutual benefit. I advocate for both communi-
put an Accept button and 99.9% of consumers
ties and my currency is making connections and
will hit to bypass and install the latest version. We
driving successful results.
trust these companies to protect our data and iden-
Who is your target market in PSC? Is it same as

Hades?
tities blindly in a digital world described as the

Wild West. As to your question, to a certain de-
35
gree I believe most folks dont want to think about
in everyone. There is a whole community and sub-
the true risks of blasting their data to everyone.
culture out there that is never heard or seen but
Most want to believe cybersecurity is magical
wants to have a voice and a positive impact but
and because their data is going to a company like
has never been asked.
Apple, Google or UBER with insane valuations we

automatically trust they are spending the right
amount of money and engaging in latest techniques to thwart hackers. The people who dont
What do you think is the biggest challenge

standing before the cybersecurity community
right now?
believe its magical are the ones who still have
Bringing knives to a gun fight and being too con-
beepers and flip phones
servative in their approach to securing their assets.
Where can we find a healthy a compromise between being paranoid about cybersecurity and
ignoring it, as everyday users and as enterprizes? Does a compromise like that even exist?
There are several companies sponsoring bug
bounty programs opened up to a crowd sourcing
model. As one example, Google every year holds
Some would say we have already lost the war and

its no longer about bullets and bombs but bits
and bytes. If this is truly the case then a fundamental disruptive shift must happen in how we approach cybersecurity.
Which new cybersecurity trends would you pick
as the most crucial?
a contest for anyone who can break into Chrome
Social engineering. Most of the population have
wins a prize. Bounty programs while not main-
had technology thrusted upon them and forced to
stream yet are gaining popularity and probably the
embrace it or become irrelevant and therefore
best example of a healthy compromise. HADES is
might be easily fooled. On the other hand you
leveraging the same paradigm with a goal of stan-
have the younger millennial generation who from
dardizing the approach of such testing using
birth has been broadcasting and sharing their data
crowd sourcing as the model and tapping into a
in a digital world. Technology to this generation is
labor market best suited to be the testers and pro-
like another appendage on their body. They are
viding it 247 because the real threat is 247.
too trusting and believe a social contract exists
Do you have a business philosophy that stands

behind your actions?
I have many business philosophies, but the one be-
with the keepers of their data and that these companies spare no expense to keep it out of harms
way. I believe both generations are equally at risk
for social engineering attacks.
hind HADES is a belief that there is inherent good

36
Do you have anything you would like to share

with our audience? Any thoughts, experiences?
Sure. HADES is an exciting concept and one we
hope will explore the sociological boundaries of
building a disruptive model to engage new participants in the current raging war in the cyber domain.
We firmly believe in our tagline The Power of
Black and providing a community to actively participate in ways not possible up to this point and in doing so can help turn the tide in a war we are quickly
losing.
I truly appreciate your magazines interest in what
were trying to do and for extending us this platform
to introduce a large audience our company. Lastly, if
there are individuals reading this who want to participate please have them reach out to me by email
rob.cross@hadescyber.com
Thanks for talking with us!
37
About Hades:
HADES is a start up technology company colliding CYBER | CLOUD | CROWD SOURCING | SOCIAL to disrupt the current Cyber Security marketplace.
HADES seeks to harness the power of Hacker innovation enabling a collaborative and anonymous engagement with corporations seeking to
change their cyber security posture from the Hail Mary Pass to Pro-Active!
WWW
38
LUCY
O l i v e r M n c h o w
Founder
Published: September 8th 2015
BUILD SECURITY
AWARENESS IN ORDER TO
PROTECT YOUR COMPANY
Tell us a little about your company you offer
How enthusiastic are employers to phish their
an unusual service.
own workforce?
Lucy is the result of 17 years experience answer-
At first: not so much. But if you start discussing
ing questions for businesses related to their IT se-
with the project manager you soon reach the fol-
curity. Recent scandals put phishing attacks in the
lowing conclusion: phishing or malware simulation
minds of company execs who realize that they are
tests are not something we offer with a malicious
unprepared should they get hacked. We started
intent. Its rather something that helps everyone in
offering penetration tests in 98, assessing the in-
the company assessing possible threats and
frastructure and recommending ways to improve.
achieving a common goal: building security aware-
LUCY was a natural progression as companies be-
ness in order to protect the companys main as-
gan asking us questions like how likely is it that
sets. In the interest of every single employee. So
an employee might click on a link and trigger the
when you start such campaign you need to put
disclosure of sensitive data on external media?
yourself in the companys shoes and emphasize
or how aware are our employees regarding the
that your interest is not to harm anybody. Instead,
threats that come along the use of email software
replicating the hacker attacks aims at strengthen-
or webmail services?. Until now companies had
ing their security.
to hire external contractors to answer those questions. But with LUCY, companies can simulate their
own customized phishing attacks to identify where
they are at risk. LUCY comes with many e-learning
modules giving the employers the tools to bridge
the gaps.
How often when discussing with the manager

does the trust problem come up? I can imagine
that malicious intent or not, security strengthening or otherwise, knowing that your boss
tested you in this way can be harmful for internal relationships.
40
We understand that
money from many bank accounts by getting users
trust is essential to
to click a link that active an ActiveX plugins
maintain working re-
(http://www.geocities.ws/rayvaneng/w0297_06.ht
lationships and that
m). If you go a little further back (think Kevin Mit-
when testing people
nick) some hackers have always known that indi-
rather than systems,
viduals make both easy and valuable targets.
there are many

things to consider.
The first is that, the
actual phishing verifi-
You are based in Switzerland. Do you think the

European market is different from the one in
USA?
cation should only be done as a part in the overall
When I compare the security protocols of Ameri-
security awareness campaign. We provide direc-
can and European companies, I dont see much dif-
tion on how to communicate to your employees
ference. It is not so much a question of continent
and how to structure the tests to minimize these
or country it depends on the assets you want to
problems. We emphasize training your employees
protect. Differences are only in the legal aspects of
about the internet threats first then adding random
attack simulations. Some European countries do
phishing tests and performing them over a longer
not allow any personal data collection through
period of time. When done properly, employees
phishing campaigns everything has to be ano-
understand that these tests are simply a part of
nymized. There are also a few differences on the
what must be done to protect themselves. Part of
question of the location of an attack server. Many
the message companies are trying to convey is
European companies do not allow (mainly for the
that these threats are real and that as a company
financial sector) the transmission of any sensitive
they are serious and will do what it takes when it
data such as Windows credentials to third party
comes to protecting their information.
servers that might be located abroad. Thats why
There have been many phishing attacks recently.

Why do you think that is?
There have always been phishing attacks, but the
term phishing seems to part of the security conversation at the moment. These attacks were always
happening. One in particular I remember was back
we dont offer LUCY only as a service (SaaS) we

also offer it as a download so companies are able
to set up the attack infrastructure in their own environment.
Are there any differences in phishing attacks between EU and the US?
in 1997 by Chaos Computer Club. CCC stole

41
Of course there are regional differences based on
But recently we noticed also bigger companies in-
the company who gets attacked. But the differ-
vesting more and more in our Commercial Edition.
ence is only the victims name. Not so much the
So at the moment our company is growing at the
technology or the patterns behind the attack.
right speed, allowing us to enhance the product
You test passwords as well. How would you

grade the security awareness level in that regard?
with patience and step by step. Within the next 23 years we aim at expanding our market share
thanks to a very competitive pricing approach.
Combined with our unique experience not only in
Password quality tests are sometimes comprised in
testing individuals but also in including the tech-
some phishing scenario. For instance, a company
nical outlooks, I see a big future ahead of us.
might decide to send a fake password-quality

checker to employees to check if they could enter
their password on external websites. Sometimes,
we observe some interesting results there. Surprisingly, companies with strong password require-
Are you not afraid the community edition will

serve as a double-edged sword, being used
against your efforts to make the cyberspace
safer?
ments forcing their users to change their complex
We focus on attack simulations and built certain
passwords every 4 months do not necessarily have
restrictions into the product. Thats why we call
much stronger passwords than companies with
LUCY the cyber crash test dummy. There are cer-
lower password standards. Of course in you wont
tain exploiting frameworks and malware building
find passwords like password, secret or
toolkits out there which criminal hackers will use in
123456 but you will rather find many pass-
real attacks. LUCY isnt one of them.
words like Holiday2015, Holday2014 as

users having trouble memorizing all the passwords
only use common words with some iteration at the
beginning or the end.
What are your plans now? How do you plan to
grow your company?
What challenges do you see your company facing in the nearest future?
When you launch a new product, you always face
many challenges. One of our advantage over the
others turns out to be also our biggest challenge
so far: our price. Since our fees are 10 or 100 times
We started to offer LUCY as a free Community Edi-
lower that our main competitors, we notice that
tion for companies under 100 users. It was a suc-
the old saying if it doesnt cost much, then it cant
cess as we counted soon more than 2000 active
be worth much is hard to root out of some minds.
LUCY installations in companies all over the world.
So we are working hard on convincing companies

42
that a good product does not necessarily need to
reputation do you see any other way of over-
be expensive to work well. Another challenge is
coming that problem?
building brand value and trust in general. The

most obvious example of why it is crucial is our
Technical Malware Simulation. With this module,
we check if computers are vulnerable to common
malware threats and attack methods (APT) by actually simulating all the bad behaviors of a malware
but without really harming the computer or network. This is the only LUCY module where
employees are not involved. It works
more like a virus scanner that can be
downloaded from an IT security
officer on a workstation and
then be executed to measure
resilience against APT attacks.
But before executing malware
simulation tools, one needs
to trust the company behind it. And as a young
company, we still have
work to do to make all
our products and technology
as open and trustworthy as possible. In
Europe, it worked very well so far one of our first
clients is the equivalent to the FED in the states. In
USA there is still some work left but I am confident we will get there.
The client is either already vulnerable or not. LUCY

only helps to uncover weaknesses. As a company,
you can either figure out if you have security issues
and address them OR put your head in the sand
and hope that nothing bad happens. We know
that it takes a long time to build trust in the market.
Although LUCY is a new product, we have

been in IT security for 17 years. In
these cases we let our clients
speak for us.
If you had to bet, which attack
would you say is going to be gaining popularity now?
There will be always some fancy
hacks. But on a larger scale, spear
phishing attack with customized
malware that slides though all
monitoring systems and remain
inside corporate networks is gaining more and more popularity. And
since there are an increasing number of vendors

popping up on the market who start analyzing the
host level and the network level to detect anomalies caused by malware, I think we will see more
and more APT attacks where common services (like
Trust is essential when offering any type of secu-
twitter) are abused as a CC server to control mal-
rity services, this requires even more it asks
ware in companies of course only during busi-
the client to be vulnerable in order to become
ness hours to not raise any suspicion. I am curious
stronger later. Other than brand building and

43
to see how this traffic will be filtered from the com-
panies. And if you look at all the security events
mon background noise monitored by every big com-
where responsible people the opportunity to meet
pany.
each other, you can already observe how things
Do you believe that better communication be-
have changed during the last few years.
tween enterprises would benefit the overall level
Would you like to share any thoughts or advice
of security?
with our readers?
Of course. But its already happening today on differ-
Sure: dont panic. But being cautious wont hurt ei-
ent levels. For example most of my clients are al-
ther. This advice applies to any email, web down-
ready in contact with each other, exchanging infor-
load, smart phone usage etc. A smart, cautious user
mation about products, threats etc. But also look at
will still be 10 times more efficient than any IT secu-
the way most security products work. Threats get
rity product out there!
analyzed almost in real-time, then compared with

data from online central databases and the patterns
Thank you for talking with us.
created from such attacks are shared between com-
WWW
44
QUADMETRICS
Wesley Huffstutter
NOTE:
QuadMetrics was acquired by FICO this year, after this
interview took place.
INNOVATION IN
CYBERSECURITY IS
IMPORTANT
Where did the idea for QuadMetrics come
Applying the scientific method gives you an ad-
from?
vantage. How would you judge the state of co-
The idea came from years of research at the University of Michigan. Co-founders Mingyan Liu and
operation between cybersecurity experts and

academia?
Manish Karir were working on understanding and
I think the state of cooperation between cybersecu-
measuring the reputation of a given network within
rity experts and academia can be difficult at times.
the entire Internet.This research included Manishs
There are academic researchers that publish data
expertise in cybersecurity and developed into un-
hackers can use maliciously, which causes tension.
derstanding the cybersecurity risks of networks.
This is often because researchers need their work
The research caught the eye of the United States
to be validated and peer-reviewed to achieve ten-
Department of Homeland Security who has the
ure or promotion. It can also be symbiotic, as aca-
same problem as the rest of us: the need to assess
demic researchers have the ability to try to solve
networks completely from the outside and deter-
difficult problems and fail, which is a risk that a
mine risk. When I say completely from the out-
company just cannot afford. This allows new com-
side, I mean no appliances or software to install
panies to form or existing companies to license the
and no redirection of traffic logs. For companies
technology. At the same time, there are a lot of cy-
like ours, it is assessing vendors and 3rd parties.
bersecurity experts and companies selling the
For Homeland Security, it is understanding the risk
equivalent of snake oil. For them, it looks like it
of critical infrastructure like power plants, dams, or
works one time so they believe that it can work in
air traffic control. We developed this further into
every case and they make claims that they cannot
providing details for network managers to reduce
back up, to the frustration of academia. I think the
the risk of their networks.
technologies that will be successful will be based

on real science and have defendable data.
46
Your company offers two indicators measuring a

companys security: QuadMetrics Security Rating and Security Breach Prediction Index.
Do you think the cybersecurity field should
adopt a uniform ranking system? Would it be
beneficial?
Obviously we do, but until now no one has provided meaningful numbers. We recognize that
there are others trying to quantify a security
posture.The difficulty in quantifying a security pos-
ments to their network and justify spending. The
ture is that cybersecurity data is so dynamic. The
second is the Security Breach Prediction Index.
problem with many ranking systems is that they are
This is the probability of breach in the next 3-12
only tracking a few items and do not actually meas-
months. This provides users with an understanding
ure risk. In other words, todays score is not predic-
of risk. [Note: FICO has updated both of these
tive of tomorrows or next months score.
solutions.]
For example, if you spend weeks cleaning up your
It is a constant problem with assessing any sys-
previously neglected network and you were given
tem you can either do a dynamic analysis and
a numerical score for your network, your score
measure change or judge the static position. Do
should be good. But if you go back to not paying
companies understand that, or do they need ex-
attention, that score was not predictive. It is just a
plaining?
snapshot in time. While a dynamic score is useful

to measure changes in your security posture, however, it would be impossible to use this score to determine premiums for cyber insurance or answer
the question, Should I give vendor A access to
my network?
Generally speaking, companies understand. The

advantage of two scores is one ends up being tactical and the other strategic. Companies like that.
Measuring and tracking your security posture and
risk can keep you motivated and provides a way to
show improvement to the executive management
That is why we offer two important numbers. The
team. One struggle we encounter is that when we
first is the QuadMetrics Security Rating which is
provide a large amount of data that needs to be
your current security posture. This is the dynamic
fixed to a small IT security department, they feel
security posture that can help CISOs track improve-
overwhelmed. Professionals often get so caught

chasing the newest issues that the large gaping
47
holes of old issues are still there because they

never examine their policy. We have been told
that just having the scores there makes the tasks a
little less daunting and allows you to set goals for
the team.
How accurate are they?

Very! The peer-reviewed academic research shows
that we have an over 92% accuracy when predicting the breaches of last year. I was asked the other
day about a network that was breached and their
You said QuadMetrics provides analysis of net-
SBPI was 97.1 at the time of breach. We joke inter-
works from the outside, without access to the
nally about shorting stocks based on our data but I
networks. How can you do that?
have forbidden our team from doing that.
Ah, good question. We have gathered a massive
Telling your team to refrain from that is one
and diverse dataset of security related data for the
thing, but Im sure a time will come when how a
entire Internet. Some of the data is aggregated
company protects itself in cyberspace is a viable
from external sources and others we developed on
indicator for potential investors. Its not happen-
our own. To give you a sense of scale, we are cur-
ing right now probably only because we dont
rently adding roughly 300 million data points a
have universal methods of measuring risk and
week. We break our data down into three catego-
breach probability, and youre already working
ries: active threats, latent threats, and mismanage-
on that. Do you think companies will like it?
ment indicators. Active threats are things like botnet activity where we see SPAM emanating from
your network. Latent threats are things that could
cause problems in the future or could be used to
cause harm to others; think of open recursive DNS
resolvers, or NTP for DDOS attacks. The last is mismanagement indicators. Simple examples of this
are TELNET enabled servers, infrastructure leakage, like printers available to the outside, selfsigned SSL certificates, and so on. We also have
some more proprietary measures that track the human element in cybersecurity, which by the way, is
most indicative of risk when used with a large and
diverse dataset. We take all this data, and combine
it with our incident data, and are able to do machine learning and make accurate predictions.
I agree. Given some of our discussions, I think it

will happen sooner rather than later. There needs
to be a universal method of measuring risk but
only if it is a true measure of risk, not just a score
or a letter grade. We think of ourselves as providing the kind of information a ratings agency might
provide or a FICO
Score would offer, except for
cybersecurity. You asked if companies being evaluated will like it and I would say that depends on
your security posture. Those with strong security
postures or those with a lower chance of breach
are going to feel rewarded for their hard work.
The others will protest, but I honestly believe that
it is important to have this risk priced into their
share price. I think the carrot here is lower cyber
48
insurance premiums and the stick is the stock
bleed vulnerable to look for it. It allows them to ex-
price.
amine if their procedures match their policy. Even
You offer security assessments on third-parties

as well, partners and vendors do you believe
that services like that should become a standard
practice, a routine security background check on
anyone you do business with?
if it is password protected, why should we be able

to talk to your database? We had a customer realize that when they brought up new servers they
were misconfigured. We noticed that a financial
institution had left a development port open,
which turned out to be from a contractor. Its
Absolutely. As companies place a greater focus on
about enabling network managers to be strategic,
their own cybersecurity, why give a vendor or third
knowing risk, and prioritizing their efforts.
party with poor cybersecurity practices access to

your network? Double check your cyber insurance
policy; third party risk might not be covered. And
it is not just hacking ofyour network. Is your data
in the cloud really secure? If choosing between
Dropbox or Box is one more secure?
Which one is more secure?
Box.
Can gathering information really prevent
threats, or does it just allow to prepare for
them?
Having a red team in your company in addition

to the IT security department seems like the
easiest way of keeping your CISO awake right
now that service, if implemented at all, is often
outsourced. Will companies be forced to change
that?
I think publicized security incidents keep the CISOs awake. And now that we are seeing CEOs
leaving their company over breaches, I think many
other executives might lose some sleep, too. I
think the greater issue is availability of resources,
both financial and talent. If your company has the
Both, but the greater argument would be that it
resources to implement a red team, that is great.
keeps them focused and thinking strategically. So
Cost and expertise is why it is often outsourced.I
often we find in our conversations with CISOs and
dont see that changing anytime soon. But I also
network managers that they are fighting fires and
dont see many companies in a position to be able
chasing known vulnerabilities. They are deep in the
to hire red teams. However, in this scenario, our
weeds. They are reactive, not proactive. We allow
tools certainly help the companys security team,
our users to think about their attack surface and
or blue team prepare, reducing their risk, reducing
question why their conference room VOIP phone is
their attack surface and think more proactively,
available to the outside, not wait until it is Heart49
therefore making it much more difficult for red
Ive been mentoring startups for 15 years and have
teams.
a good sense of pattern recognition in determin-
Your company is a start-up in your opinion, is

it hard for enterprises like that to be noticed?
Or does the innovation attract enough attention?
Right now our innovation has been enough. We
had interest before we released our first product
just from word of mouth and people who have
heard of our research. No one is truly doing risk or
ing which ones will be successful. Many of them

approach me directly or are introduced to me by
someone I trust. If Im introduced, I frequently
take the first meeting. You have to earn a second.
My selection is generally based on if I find the project interesting or if I feel I can add value.
Do you have any advice you would like to share
with our readers?
offering probabilities like we are. In one case, the
Sure. I would like everyone to think about their net-
venture capital arm of a large company discovered
work in a more proactive manner. So much of cy-
us and wanted us to talk to their CISO.We showed
bersecurity is reactive, looking for signatures of
the CISO the tool and they purchased it. Word of
known vulnerabilities.I want readers to understand
mouth is how eForensics Magazine found us but
their cybersecurity risk, measure it and track it. Un-
we will not rely on it for much longer. We will
derstand their exposure due to third parties and
probably start our first marketing push soon.
the exposure they present to their clients.
Do you think that innovation that comes with
Thank you for the interview!
start-up culture is important to the cybersecurity

field?
I think all innovation in cybersecurity is important.
I think startups can be at an advantage in solving
many problems, especially ones that start out in
smaller markets. In cybersecurity, where both solutions and problems are so dynamic, we will continue to see great innovation come from startups.
You help other start-ups. How do you choose
which ones to support?
50
About FICO:
FICO acquired QuadMetrics in 2016, and continues QuadMetrics support for a holistic, dynamic, and proactive approach tomanagement and
quantificationof the cybersecurity risks faced by enterprise networks.
FICO is a global analytics software company, which is now applying its technology, as well as the collective experience of the QuadMetrics team,
to tackle one of the most challenging problems in Cybersecurity themeasurement of cyber riskwith the goal of creatingactionable metrics
that are immediately useful for mitigating enterprise cybersecurity weaknesses, and ones that arepredictivein nature.
WWW
51
WIACTS
Yaser Masoudnia and Bam Azizi
NOTE:
SINCE THE ORIGINAL INTERVIEW THE WIACTS PRODUCTS

NAME CHANGED FROM ID TO NOPASSWORD - WE
APPLIED THAT CHANGE IN THIS VERSION OF THE
INTERVIEW AS WELL.
END OUR RELIANCE

ON PASSWORDS
What gave you the idea to develop WiActs No-
ment, single sign-on, and second-factor authentica-
Password?
tion solutions, but this market is dramatically
Yaser: From our previous work experiences, both

my co-founder, Bam, and I knew first-hand the
headache of working with dozens of SaaS apps on
daily basis, each of them protected by a different
set of credentials such as passwords and second
factors. Keeping track of all these credentials was a
big struggle for us as end-users. Additionally,
every time that we wanted to reset our password;
we needed to take extra steps and then ask the IT
admin for further instructions. It would often take
them up to a couple of weeks to do so because
they were too busy dealing with large number of
changing. Nowadays, we see a significant increase

in the number of medium sized companies and
even small, yet, fast-growing companies who have
convenience and productivity concerns in addition
to security concerns. They are now becoming
more interested in entering the market for identity
management and single sign-on solutions. In terms
of the industries, our customers come from different industries, such as insurance providers, healthcare providers, tech companies, entertainment
companies, educational institutions, online vendors, banking and financial institutions.
users with several accounts and SaaS apps. That
What is the problem that your product solves
was one of the main reasons why we decided to
for these companies?
address the authentication and identity management problem.

Who are your customers?
Yaser: Our customers are a wide range of companies from small tech startups to large financial institutions. Until recently, only large enterprises had
security concerns and would buy identity manage-
Yaser: The biggest problem of using conventional

credentials, such as passwords and second factors,
is the inconvenience they create for the end-users
and IT admins who manage their accounts. This
causes a number of insecure practices that pose
threats to the security of every company. In light of
the latest news of cyber-attacks compromising sec-
53
ond factors and hackers breaking into thousands
den multi-factor authentication, well-designed sin-
of Gmail accounts, we are reminded that second
gle sign-on, and user provisioning. Our solution
factors are vulnerable to a number of threats includ-
allows companies to secure their users access, em-
ing social engineering and phishing. At WiActs, we
ployees access, and partners access to all of their
are here to solve this problem.
accounts, on all of their devices, without conven-
So do you believe that insecure practices and
tional credentials such as passwords.
sloppy security management comes primarily
What do you mean by next generation of iden-
from inconvenience, not from lack of aware-
tity management?
ness?
Bam: Our identity management solution is de-
Yaser: Both. In many cases, users doesnt have
signed around strong multi-factor authentication
enough information and not trained. Even in com-
that substitutes passwords and second factors. Ba-
panies that offer cybersecurity training, employees
sically, every time users try to get access to any of
and IT admins think that attacks only happens to
their accounts, on any of their devices, they simply
others not us. We dont have enough sensitive in-
enter their username into the log-in page, which
formation for anyone to attack us. It is only when
we provide for their company. After clicking the
their information is compromised that they start
log-in button, they receive a notification on their
looking for solution to prevent future attacks. But it
previously registered smart device directing them
is in fact too late then and damage is done.
to our authentication app called NoPassword.
How do you plan to solve this problem?
Once theyre locally authenticated based on their

biometrics, we extract several hidden features from
Bam: We offer the next generation of identity man-
their phones to authenticate them. Once the users
agement solution that is comprised of strong hid-
get successfully authenticated, they will gain access to their launch pad, where they can access all
their apps.They dont need to enter another username or password.
How long does that process take?
Yaser: Login process with WiActs NoPassword
takes as long as entering a long password. But remember, once the user is authenticated and gains
access to their launchpad, all of their accounts and
54
apps are simply just a click away, more convenient
What makes your solution different from other
than entering a password. It doesnt get any faster
identity management solutions?
and easier than this.
Bam: Let me put it this way, they are the painkill-
Are passwords really that unreliable, or is it the
ers, where our solution is a cure. What I mean is
people that use them?
that they hide all passwords behind a one master
Yaser: Both. First, no matter how safe and complicated is your password, it is still vulnerable to different type of attacks including social engineering
and especially phishing. Over 75% of attacks
happen based on stolen credentials. Secondly, users unsafe practices, such as setting up weak passwords, makes companies accounts more vulnerable to attacks. Since we eliminate passwords and
the role of users in setting and entering
conventional credential, NoPassword
makes the authentication process immune to
cyber-attacks.
password. This means that if that one password is

compromised, then all of the users accounts and
passwords have been compromised as well. In our
s o-
lution there are no passwords that

can be obtained by introducers
and hackers. Unlike WiActs, none
of the existing single sign-on solutions are able to offer the low friction, hidden multi-factor authentication that doesnt add an extra
step to authentication. They dont of-
fer geo-fencing nor geo-location authentication that tremendously improve
u s e r e xperience
Does NoPass-
and secu-
word when
rity.
working with
various applications eliminate passwords altogether? Has the companys Twitter account still
got a password somewhere?
Lets keep
in mind that in todays market an IT admin of a
company not only needs to purchase an identity
management system and single sign-on solution
Bam: With over 500 apps that are federation
but further shop for a second factor authentication
authentication enabled, passwords are completely
that can be separately integrated with the system
eliminated. With accounts like Twitter that only
they already have in place. Not to mention, be-
password based authentication, we have a new ap-
cause the integration process is not only labor-
proach that we are in the process of filing utility
intensive and expensive, in most cases it requires
patent. Therefore, I cant explain it further.
extensive training and coding experience. Our solu55
tion is designed to be the easiest solution to be

implemented by IT departments. It doesnt need
the extensive training or coding. It doesnt need a
second factor to be added on top of it. The IT admin can assign apps and accounts to all of their users simply with a few clicks of a mouse.
At the same time, all that the users need to do is
to download the WiActs NoPassword app on
their smart phones and scan a QR code which is
provided for them. Then, they will have easy, secure, and password-less access to all of their accounts. There is absolutely no learning curve to using NoPassword.
On your website you state that there is no reason to compromise between privacy and security, no need for sacrificing convenience. Dont
you think that this simplification occurs just on
the surface, for both the end user and the IT admin, but at the same time makes security more
obscure? Do you see a problem with security becoming magical and difficult to understand for
users?
Yaser: No, right now people know about the
threats of cyber-attacks and still risk their privacy
and information for the sake of convenience. Using
WiActs NoPassword, we take the responsibility
of securing multiple accounts from users and admins and make the process easy for them. This
doesnt make it any less secure because we take
care of the security in the background.
56
One of the ways to avoid compromising privacy in
that not only does the IT admins not want to go
your platform is that the biometric data is not trans-
back to the previous solutions, but that their users
ferred out of the device used to log in that of
are happier and more productive with the ease of
course means having the device handy is the only
using NoPassword.
way to log in. Still, people lose their phones, smart

devices get hacked. If a company uses NoPassword doesnt it make all smartphones in that company an obvious target?
Yaser: Even if that is the case, it doesnt compromise the security of NoPassword. All the information on the smartphones is encrypted and the key
to encryption is not saved on the app. Therefore, if
What are the biggest challenges you see standing before your company? How about before
the whole cybersecurity field?
Yaser: The facts that biggest challenges is that companies and people dont take the threat of cyber
security seriously. They dont think it can happen
to them, only to others.
someone hacks into your phone, there is nothing
If you had to point out the single most important
they can get out of the NoPassword app. In case
trend in cybersecurity right now, what would it be?
of lost or stolen phones, because we use our smartphones so much these days that we usually realize
in a matter of minutes if our phone is not with us.
As soon as the user contacts us with the news of
misplaced or stolen phone, we will disconnect
their phone from our system.
Bam: Sharing too much information with thirdparty. As we work with various companies, a wide
range of sensitive information is shared with them.
When we share information, we lose control over
that information and our privacy. Hackers increasingly target these third-party providers and conse-
What sort of accounts and apps are NoPass-
quently valuable information of many users are
word compatible with?
compromised. Example of companies suffered
Bam: Right now, NoPassword is compatible with

over 5,000 popular business SaaS and web apps.
Within the next two months, it will be compatible
with almost every app. I strongly believe that we
have to end our reliance on passwords for our
from these attacks are Target, Ashley Maddison

and Even IRS. It is important for companies to put
a well-structured mechanism in place to protect
the information of their employees, customers and
business partners.
authentication solutions. I recommend to every
Another trend is bring-your-own-device (BYOD).
small, medium, and large enterprise to consider
Very limited number of companies has a guideline
WiActs as a free trial, and they will quickly realize
for using BYOD and this causes security threat
57
both from external attacks and internal mismanagement of devices. The reality is that employees will
bring their devices including smartphones to work
even if it is against the guideline. Therefore, the best
solution is to use provisioning and deprovisioning to
manage the use of personal devices for work purposes. In our case, we use employees smartphones
to our advantage.
Do you have any advice or thoughts you would
Yaser: Take cyber security attacks seriously, it can
happen to anyone. Dont use easy to remember simple passwords: absolutely no pet name, name of significant other, street address and similar things.
Dont use sticky notes and spreadsheets to remember passwords. Dont overshare on social media.
Dont use similar passwords for all accounts.
58
About WiActs:
Its a Sunnyvale base startup, has developed an Identity Management and Single Sign-On solution for enterprises based on multi-factor authentication system. WiActs platform called NoPassword authenticates users using biometrics and other hidden features on users smartphones. WiActs NoPassword gives users the luxury of secure login on all their accounts but without the need for passwords. In this world where weak password management is the main reason behind data breaches, substituting passwords with more secure authentication solutions takes cyber security to the next level. Moreover, WiActs identity management system allows the IT admin to securely provision and deprovision users and control
their access of their accounts.
The company was founded by Yaser Masoudnia, PhD., CEO of WiActs, and Bam Azizi, CTO of WiActs. The company is well received among a
wide range of companies from small tech companies to large financial institutions and healthcare providers. We asked Yaser Masoudnia and Bam
Azizi to tell us more about their solution.
WWW
59
CYNJA
Heather Dahl
Co-founder
Published: October 14th 2015
BEING SAFE ONLINE IS JUST

AS IMPORTANT AS BEING SAFE
WALKING DOWN THE STREET
There is a story and a big idea behind your company. Can you tell us something more about it?
Once upon a time, I found my nephew, Grant,
There was nothing cool, nothing awesomenothing that truly captured this dynamic virtual world.
So I had no choice, I had to write this book myself.
fighting some dragons, whichto be honests-
The first step was to email my friend Chase Cun-
truck me as pretty useless. No disrespect to drag-
ningham, who fights cyber bad guys for real. Why
onsor dragon slayersbut theyre old-school. So
dont we write a way cool book for kids about cy-
I said, Cmon Grant, why dont you fight the real
bersecurity? I said. And Chase replied Dude,
bad guysthe ones that live in our computers?
yeah!
He had no idea what I was talking about.
We both agreedwe live in a digital world that is
This was frustrating because fighting bad guys is

his passion. And there are lots of bad guys in cyberspace.
continually under threat, and there wasnt anything

for kids that connected them to this world. We
wanted to write a cool story about cyberspace that
would grab a kids imagination, teach them about
So I decided to buy him a book that would explain
being safe onlineand possibly even inspire the
the wild cyber world of worms and zombies and
next generation of security professionals!
Trojans and show him how awesome this world

the world I work inreally is. It would also introduce him to an important life lesson: We now live
in an era of digital crime.
NadaZilchZip
In just two years, The Cynja has grown into a book

series published in English and Dutch, a regular
comic strip, activity books, blog, subscription newsletter and childrens workshops all designed to
help families make smart digital choices. This fall
we will be releasing Code of The Cynja Volume
2, offering a Spanish translation of Volume 1, and
61
launching a new app to help protect kids online
Cybersecurity is quite a difficult topic. Do you
called CynjaSpace!
think kids are ready? Will they understand it and
What is the target market for Cynjas game and

comics?
PC Magazine did some independent testing and
found The Cynja made kids go Cool! The kids
loved it and their little reader test base is eagerly
anticipating the next issue. And theyre not the
only ones weve heard from. Weve received fan
learn form it?

As cybersecurity professionals, we know first-hand
how the cyber world is filled with battles between
good and evil. And if your child is using connected
devices, its important they know that too. The fact
is as our children live digital lives, we must become
digital parents.
mail from young Cynjas all over the world, includ-
Youd think that would come easily, given that we
ing photos of homemade Cynja costumes, as well
work in tech, but Im continually surprised to hear
as hearing about an eight-year old reader holding
how many of my colleagues dont talk about the
a Cynja party that included a Cynja swag bag for
dangers they see on their screens at work back at
all his guests.
home with their kids. Often they say their kids
While we initially thought our story would appeal

to kids ages five to eight years old, we were surprised to find the story resonating with kids of all
ages. Parents often learn about information secu-
wont understand since its hard enough to explain

our jobs to most adults. At The Cynja, we say its
never too early to talk infosec with kids: you simply
need the right story.
rity while reading along with their kids. The news
If we are to make an impact, we must remember
headlines we all hearthe Sony compromise or the
that children need to be taught about technology
Target breachare, sadly, all too real and devastat-
on their terms. And what were those terms? Well,
ing, even though its hard to visualize the way they
there is nothing more basic to a childs understand-
happen and their impact. Visualizing this virtual
ing of the world than the struggle between good
world is an important step toward cybersecurity be-
and evil: its the basis for so much of childrens lit-
ing taken seriously by everyone everyday.
erature and entertainment.
Its important for kids and parents to understand
We all know better than anyone that the cyber
together that being safe online is just as important
world is filled with just these kinds of struggles
as being safe walking down the street.
and a whole pantheon of new monsters and villains. If youre creative with your storytelling, youll
quickly see our work world is as thrilling as any ad62
venture book. Our industry is more relevant to kids
What about adults? How many people in the
future careers than perhaps their aspirations to be-
USA are aware of cyber threats? Shouldnt we
come dragon slayers or learn wizardry that tradi-
start from educating them?
tional kids stories focus on.
What weve found since writing our first book is
Telling kids simple stories that spark their imagina-
that a parents concern about their childrens digi-
tion, yet explain the key concepts of a digital life is
tal lives unites families across all nationalities, lan-
an important educational step. We live in an amaz-
guages and socio-economic backgrounds. Its why
ing digital world that has brought enormous bene-
our book series is now available in English, Dutch
fits: But as many of us in this profession know, just
and Spanish with more translations on the way. An
as you can do good or bad in the real world, so
adult might not necessarily be concerned as to
you can do good or bad in cyberspace. Theres a
whether their personal data will be compromised
whole new world of digital crime out there but
in the next large breach but they are very, very con-
you can and should do something about it. Thats
cerned about their child becoming a victim to on-
the kind of conversation we need to start having
line dangers.
with the children in our lives.

63
Cyberspace isnt the Magic Kingdom. Its the Wild
We are the ones who have the power to change
Westonly worse, as its a place where its really
the direction of our kids digital futures.
difficult to observe people as they make choices

and experience the consequences. At The Cynja,
we focus on teaching the technology to kids. And
for the adultswe help inspire them to become
role models for kids both in their daily lives and virtual worlds. And to do that, an adult doesnt need
a deep technical knowledge they simply need to
be transparent with all the children in their lives
about how they make choices online. Who do our
kids aspire to be in their digital world if they dont
get to watch us live ours?
Being a cyber role model is more than being a successful Internet entrepreneur. Its living a smart and
ethical life online. Its treating people and data
with respect. Sounds straightforward, no? But
heres the problem: Its hard for many kids to see
At The Cynja, we offer parents multiple resources

from our books, web comics to our Cynseis Connection newsletter and our Birds, Bees & The Botmaster columns to arm adults with common sense
digital expertise. But more importantly, each of us
must live transparent digital lives, where kids can
see how we make smart choices online. In this digital era, we must transform ourselves into super cyber role models and it doesnt necessarily require
formal techincal education as it does teaching kids
about respect and smart choices whether they are
on a playground or using social media.
You build a whole new world for Cynja to inhabit. Where did the idea come from? Who is
the Cynsei?
their parents as digital role models because their
Were so proud that PBS NewsHour described our
parents dont open up their online lives to their
book as geekily accurate. Chase and I set out to
kids. In email, social media, online shopping or
write a kids adventure story rooted in real technol-
web surfing, parents operate in virtual isolation to
ogy. In fact, Chase and what he does at work, is
their children. Our kids arent riding tandem as we
our inspiration for the Cynja character.
drive our digital lives; but thats the view of the cyber world that kids need to experience. Just like
daily life, its not a fairytale; its a place where there
are real consequences.
Chase provided insight into what it was like to

fight real battles in cyberspacein all their glorious, geeky detail. But we then had to turn this into
something a kid would relate toand so I spent a
Im here to tell you, all adultstechies or notare
lot of time with my nephew trying to see the world
the role models for all the children in our lives. If
through a six-year olds imaginationand what its
we are concerned about our childrens digital wel-
like to be the hero of your own magical battles
fare then we are the ones who must fill this void.
against bad guys.

64
We wanted to illustrate The Cynja in a way that

readers could understand the gravity of being
stuck in an infected network or encountering malicious malware. Shirow Di Rosso, our illustrator,
who we call the Artmaster, was an IT engineer, so
he knew exactly what this world looked like and
how to visualize it in an imaginative yet accurate
way. We were dazzled by the results.
Rodney Joffe is the inspiration for The Cynesi, the
wise mentor of cyberspace who teaches the Cynja
how to defend the Internet from the Botmaster.
Rodneys one of the nations top cyber experts and
Chase and I were fortunate to work and learn from
him. His passion for cybersecurity is contagious
and it fueled our passion for teaching others about
this new world. Thats what brought us together to
write this book. Rodney is the kind of noble warrior
we hope the next generation will look to for inspiration.
Heather, you are a journalist by trade, so why
take interest in cyber security?
Because if you arent practicing online safety while
practicing journalism you are putting your sources,
colleagues and newsroom at serious risk. Our
pledge as reporters is to protect those who allow
us to tell the stories that shape our world has
moved into the digital realm, yet not all journalists
recognize the additional ethical responsibility new
technologies have placed on the practice of our
craft.
65
From a recent survey of investigative journalists by
locked device as a risk to his sources identiti-
the Pew Research Center in in association with Co-
eseven though all communications with these
lumbia Universitys Tow Center for Digital Journal-
individuals are easily accessible with the swipe of a
ism: Just 21 percent say their organization has
screen!
taken steps or implemented policies in the past

year to protect journalists and their sources, while
36 percent say their organization has not, and 42
percent do not know. About half (54 percent) report getting no formal training or instruction on
electronic security issues from professional sources
such as journalism associations, news organizations
or journalism schools. While this survey primarily
focused on government surveillance of reporters,
And so I write about practicing journalism and cybersecurity for The National Press Foundation. I
write because as our newsrooms continually transition into the digital era so to do our responsibilities as journalists. We must not only write stories
for multi-platform organizations, we must also practice safety as reporters spanning both the real and
virtual worlds.
what we do know is that digital crime has grown
Our sources, the people we rely on to help tell our
exponentially in recent years to think some of
stories, should have trust that we as journalists
that malicious activity hasnt been directed at jour-
practice the highest standards of smart digital hy-
nalists is nave.
giene. But indicators have shown this might not be
In the past year, Ive had one too many conversations with journalists who dont actively consider
digital safety to be a serious part of their job. Its
more of a nice-to-have rather than a requirement of our work. Ive met reporters who brag
about disabling their antivirus program, seen photographs of sources in a manner that exposes the
persons sensitive data in the background, learned
the case. Sources have the right to demand that

you, as a journalist, will keep their data as safe as
possiblestarting by locking your devices containing their contacts and communications. We must
understand these cyber crimes and their impact on
our industry and how we practice our craft because
the future of journalism depends on our digital
safety.
of news managers using the same passwords on all
My work today places me squarely at the intersec-
their accounts, and so many journalists who dont
tion of journalism and online security. And so if just
lock their mobile phones with four-digit pins or
over half of the respondents in the Pew survey say
thumb prints that it boggles my mind. Ive had a
they arent receiving any formal instruction on secu-
Congressional reporter brag that he who would
rity issues from their employers or journalism or-
fight in court before disclosing his sources to
ganizations, Ive made it my personal mission to
authorities but didnt consider the theft of his un66
help my peers learn about the real virtual world, so
predator & cyberbully reporting, and Internet us-
to speak.
age reports.
What are your companys plans? Whats your
Kids learn how to safely navigate online through
goal?
trust and respect and built upon the Respect Net-
Were building cyberspace with training wheels for
work
kids! Its called CynjaSpacea digital experience
Our goal at The Cynja is to become the destina-
that educates kids on making smart choices by in-
tion where kids begin their digital livesthe place
teracting with our original comic characters and ex-
where kids become cyberheroes!
pert storylines. Behind the scenes its providing parental activity controls, protections and guidance
on digital parenting.
In the real world, we ease kids into adulthood. But
in the digital world, they are thrown full-force into
the wild. As parents, teachers, and organizational
leaders we struggle to be proper digital guardians
and role models. With CynjaSpace, you get a safe
Do you predict any major obstacles coming your

way?
Let me ask you thisare these words too difficult
for you? Basilisk, snuffleupagus, supercalifragilisticexpialidocious, Quidditch, Oompa Loompa. I
hope not! Theyre all part of the magical world of
childrens literature.
environment where kids can learn to be responsi-
However, give many adults these words: Darknet,
ble digital citizens. CynjaSpace gives families:
cipher, binary, encryption, proxy server. All of a sud-
Cybersecurity protections such as spam blockers,

malware detection, malicious site tracking & warnings, antivirus.
Controlled data sharing with trusted connections
through parental approvals, cyber privacy protection, ad blockers, purchase blockers, and protections against data collection & mining, secure storage.
Granular parental controls & activity reports providing age & subject appropriate content blocking,
den, I hear a different storythese words are too

hard and complicated.
The difference is we approach Dr. Seuss and childrens literature with an open mind, prepared to let
our imaginations absorb all sorts of meanings. And
we learned that a fizza-ma-wizza-ma-dill is a bird
that eats only pine trees and spits out the bark.
Hand an adult a childrens story about technologywell, they get a bit freaked out. Why? Because theyve already decided the digital world is
too difficult to comprehendno matter how sim-
67
ple the concept. And whats funny is, that same
over 50 times more than those of adults! Were of-
adult is often more than happy to help their child
ten so focused protecting our kids from so many
figure out how Quidditch is played.
threats in the real world; we forget that in cyber-
Sometimes well see a child really immersed in our

books but then when their parent flips through the
pages they decide the content is too challenging
based on their own perceptions. Its sad to see a
childs budding interest in tech get immediately
quashed because the adult in their life doesnt
want to understand the digital world. Id argue that
space bad guys are stealing childrens identities to

open credit cards, apply for loans, rent homes and
even receive health care. Bad guys make money
by selling and reselling the same childs identity
over and over. And they get away with it because
parents dont think about monitoring their son or
daughters identity.
a childs understanding of a darknet is more valu-
Why is this important? Children could potentially
able to their future than learning the diet of an
lose out on future jobs, internships and loans that
imaginary bird or the rules of a sport played on fly-
require a clean background check or credit re-
ing broomsticks. In todays era of digital crime, kids
portall because they were victims of identity
need to know that a darknet is what cyber crimi-
theft as kids. Growing up in the real world is diffi-
nals often use to hide their illegal activities.
cult enough that I dont want childrens digital lives
So we decided not allow an adults uncertainty
to hold them back.
about technology taint a childs motivation to learn
If we truly want a secure future, we must ask our-
about their future. And thats why we decided to
selveswhat are we doing to protect all the kids in
focus our efforts on encouraging young minds to
our lives? One place cybersecurity professionals
absorb what an Oompa Loompa is as well as a
can begin protecting our most vulnerable assets is
proxy server because their futures depend on an
by safeguarding the identities of the kids in our
understanding of technology in a way that ours
own lives our children, nieces, nephews, grand-
didnt.
kids, neighbors, our childrens friendsby protect-
What do you think about the recent hot topics

in cybersecurity world? Do you think educating
kids can help prevent such problems in the future?
Child identity theft is considered to be one of the
fastest-growing crimes. Kids identities are stolen
ing those we can and educating those we talk

with. And we must teach kids to understand that
their identities are to be protected online just as
they do in their daily lives.
Many parents outside of security circles dont consider their childrens identities until later in life. But
68
as we know thats too late. So lets start by teach-
2. Consider purchasing a service that will monitor
ing kids the value of their identity and parents the
your childs identity for signs of identity fraud. This
warning signs that their childs identity might be in
is a gift Im giving the kids in my life for the upcom-
jeopardy.
ing holiday season.
Have you shared your name, birthday, address or
3. Every Sweet 16 birthday celebration shouldnt
identification number with someone you dont
be considered complete until youve checked your
know online?
son or daughters credit report. That way if you find
When you share information about yourself on a

website, do you look for the SSL lock?
Has the government sent a notice saying your
child didnt pay income taxes or that your childs
identification number is being used on other peoples files?
any evidence of fraud or misuse, you have time to

correct it before they apply for a job, school or car
loan, or a new apartmentwhen they, or you, are
ready to move out of the nest.
Remember treat your kids personal information
like you treat your own. Be a cyber role model. It
seems these days everyone wants information on
Are you getting collection calls or bills in your
all of us that they dont really need. So be espe-
childs name for services you didnt receive?
cially guarded when it comes to sharing your
Did you get declined for government benefits because the benefit is getting paid into another account using your childs identification?
If your wallet was stolenwere you carrying information about your children inside?
If the answer is yes to any of these questions, its
time to act! Or if youre a child, tell your parents!
childs identity because you might be putting their

future at risk. And make sure your kids know when
to say no to sharing online. Because in my lifemy
young nephew is the most valuable asset of all.
What advice do you have to share with our readers? How about with their kids?
Magic! Its the basis for countless childrens stories
filled with adventure and excitement. Its also how
And as infosec professionals, we can encourage
many kids think cyberspace works. Theres nothing
parents to do the following:
like seeing our childs reaction when the slight of a
1. Check whether your child has a credit report by

asking each reporting company.
magicians hand produces marvelous results. However, as cyber professionals we know the Internet is
no illusion. A technical understanding of their digi-
69
tal lives is a crucial life lesson for todays young gen-
we begin explaining cyberspace for what it isa
eration.
place thats anything but a fairytale, a place with real
If your kids are like my nephew, they ask a lot of

questions. I mean a lot. Some I can answer and others require a search using my smartphone. Yet, when
it comes to their questions about technology its often easy to just say, Its magic! Which is a fun and
exciting answer, however my nephew is at an age
where I realize that explaining the wonders of their
world is crucial to developing his critical thinking
skills and build a foundation of knowledge which will
span their lifetimes.
consequences instead of predictable happy endings,

and a place thats based on actual systems and programs developed by real people. We can do this by
using our professional expertise to explain how the
Internet works. We are in a position to teach our kids
a basic technical vocabulary that will deliver benefits
for the rest of their lives. While technology may
seem like magic, it is not. Thats the distinction we in
Infosec must help children understand.
After talking with my InfoSec peers, I believe many

of us often feel that our kids dont truly know what
Mom or Dad or their Aunt or Uncle does on the job
because we find it difficult to explain our work to
most adults, sometimes even our bosses. Or we
think that our kids wont understand because we decide its too complicated for them. Maybe its easier
to let kids think that in tech we wave our magic
wands at code or pull rabbits out of servers. Except,
we all know thats not an accurate reflection of our
industry.
Yet, we continually worry about our kids experiencing the not so nice side of cyberspace. But weve
never explained to them how it really works. One
has to ask, how can a child consider a cyber threat
to be real when they believe in cyber magic?
Its time we move our conversations with kids beyond training dragons or learning wizardry. Its time
70
About Heather:
Heather C. Dahl writes about the magic in technology. Shes a journalist who has covered politics and foreign affairs on the ground and now she
researches battles in cyberspace. Heathers an Oregonian living in Washington, DC. Heather earned a B.A. from Willamette University, a Masters
in Journalism from Columbia University, and an MBA from The Johns Hopkins University.
About Cynja:
The Cynja is a multi-platform media company focused on making kids awesome in cyberspace through their fun comic series about technology
and cybersecurity.
WWW
71
LOGICAL OPS
Paul Hoffmann
Director of Certification Programs
Published: October 16th 2015
WITHOUT MEASUREMENT HOW

DO YOU KNOW HOW YOURE
DOING?
Tell us, how difficult is it to develop a certificate
The biggest challenge is perception of value. If the
these days?
certification is perceived as valuable, then it will be
With all of the tools available, the process is easier

than it has ever been, but the environment is difficult, given the perception of paper certificates. In
successful. Awareness of the certification is a close

second. People have to know about it. They go
hand in hand.
order to overcome that perception, a certification
Certification is now one of the most important ways
program has to be developed using rigorous con-
to prove your expertise in cybersecurity. Do you
trols that validate the process.
think that we can trust certification? Can having a
What gave you the idea to create a new certificate?

There is a gap in cybersecurity at the generalist
level that our CEO, Bill Rosenthal, identified. When
we tested the idea with our partners, they were
highly supportive. Logical Operations has been creating instructor-led training materials that support
other certifications for more than 30 years. We already know what it takes to support the learning
side of a certification; we just decided that it was
time for us to become a certifier ourselves.
What challenges do you think youll have to
overcome on your way there?
specific certificate really tell us how good a professional is at their work?

There are two ways to validate skills: certification
and experience. With such a great gap between
the number of cyber professionals needed and the
number with experience, certification is the next
best way to determine an individuals knowledge.
However, an individual needs to know what the certification covers and what they need to know. If
someone chooses a specific certification as a perquisite for a job just because it is popular, they may
not be identifying the right candidate for that job.
This is a point that rarely gets any exposure, almost exclusively when pointing out that HR departments and recruiters have trouble identify73
ing their technical requirements. Do you see a
them. Get as much formal education as you can rea-
solution?
sonably afford, but that should not be where any-
The solution is the Holy Grail for the certification

industry. How can you use an exam or some type of
measurement to predict performance? I think that
standards are important. In Cyber Security, NICE is
one stops. Keep seeking knowledge. I think that is

where the college philosophy is inefficient. College
is not the only source for knowledge, and when you
leave, you dont know everything.
trying to tackle this solution. They created a stan-
There are already many certifications out there
dard lexicon, so that at least everyone was able to
what do you think will make yours special?
understand they were talking about the same

things. I think every industry kind of settles out
eventually, but cyber is moving so fast and is so important that the government is trying to jump start
it.
Follow-up: Has anything changed since then?
The gap has only gotten wider. However, there are
more companies trying to jump into the Cyber Security training and certification.
This also ties in with the saying yes to no college philosophy. Is college education really be-
CyberSec First Responder (CFR) fits into a gap between existing certifications. There are so many aspects of cybersecurity that you cant cover all of
them in one certification. And many of the certifications on the market today are specific to particular
technologies. But, not everyone uses the same
technology. CFR is a stepping stone and generalist
certification. It is meant to prepare a broader number of people to detect and respond to cyber
threats in any environment.
Follow-up: How did that project go?
coming this inefficient costly and not providing
The CFR certification is currently going through
opportunities?
ISO 17024 accreditation. It should be completed
College for the sake of a degree is really not worth

the paper. It really is the same question as using
certification to predict performance. If a student
this fall. The ISO standard sets CFR apart from

other certifications by adhering to strict international standards for professional certifications.
goes to college to receive a universal education
If its general in approach, is it also entry-level?
and really tries to learn to learn, then whether it is a
How challenging would you say you want the
Junior College or Ivy League does not make as
certificate to be? Whats the perfect CFR holder
much of a difference. Those who have knowledge
profile?
will always have more opportunities if they seek
74
Yes and no. I think that the CFR certification is entry
We hear many companies are concerned whether
level to Cyber Security and incident response, but it
the talent pool in IT and cybersecurity fields will
expects that you already know networking. Its entry
be big enough to support growth in the upcom-
level the same way Algebra is entry level to Calculus,
ing years. Do you agree with that prediction?
but is expects you to know Arithmetic. The perfect

CFR candidate would be an IT worker with 2-5 years
worth of experience who wants to be more effective
at identifying and responding to attacks on organiza-
We certainly agree that the talent pool isnt where it

needs to be yet. But, that is precisely why we are in
the certification business now. All hands on deck.
tional networks. Data have shown it takes an average
You state in your summary on LinkedIn: I believe
of 8 months for a company to detect a cyber breach.
that which is measured will improve. Isnt that a
Most of those breaches are discovered by people
very cold approach?
other than the cyber security specialists. CFR is designed to give all IT workers an understanding of cyber security so that they can be prepared to recognize problems more readily. We are hoping that CFR
can bring that average detection time down significantly.
I dont believe in feel good medals and being rewarded for showing up. But that said, is it cold to
think that there is nothing that we cant do? I think
human nature is to excel. Channeling that nature to
excel personally requires an honest inventory of your-
75
self and then improving those things that you wish to
http://logicaloperations.com/subject-matter-experts-
improve. The inventory is nothing more than a meas-
needed/
ure of where you are. Without the measurement how

do you know how youre doing? It is like a ship with-
out a rudder. How does it get where it wants to go?

How can our readers help with the CFR certification?
Take our CFR course and get certified to respond to
cyber threats. And, encourage your organization to
CyberSAFE certify all end users. The biggest help,
however, would be to participate in the process. Certification development requires an incredible amount
of subject-matter expertise. Currently, our greatest
needs include getting survey responses to validate
the exam objectives for the next iteration of CFR and
finding subject-matter experts (SMEs) to participate
in development workshops. Your readers can respond to the survey here:
http://logicaloperations.com/cfr-survey/ [note: this
survey has been closed for a while now!] or they can
submit themselves as SME candidates here:
76

We are putting more and more into our cyber security offerings.
The Skills Gap has only gotten wider.
SPECIAL EDITION
FOLLOW-UP
How did your point of view on cybersecurity change?

More important than ever.
WWW
77
10
PANOPTICON LABS
Matthew Cook
Co-founder
Published: October 22nd 2015
GAMES ARE NOT ONLY WHERE

THE MONEY IS, BUT THEYRE
ALSO A LOT EASIER TO HACK
THAN BANKS
Where does the idea of Panopticon Labs come
wood movie industry. In 2014, for example, the
from?
worldwide box office revenue generated by mov-
Ive been a huge video game player since I was a

kid, especially when I got my first game console,
an Atari 2600. In college, I worked briefly for
FASA, a pen-and-paper role-playing developer
who was transitioning their Battletech franchise
into the video game space. After graduation I transitioned into cybersecurity, designing systems to
ies was about $39.1 billion, but video games

pulled in almost 2-3 times that amount somewhere between $80-95 billion depending on how
you measure and who you cite during that same
year. Next year the games market is predicted to
keep growing, and is predicted to break the $100
billion mark before the end of 2015.
find fraud in online banking, billpay, and credit
We dont hear that much about frauds or crimes
cards, but I was always looking for a way to get
in video game world. How bad is it?
back into games. In 2012, I was reading an article

about how expensive and damaging in-game
fraud and abuse was in a MMORPG (massively online role-playing game) I was playing, and realized
that my expertise of building fraud detection tools
for banks could be used to solve the same issues
for online game companies.
Right after I co-founded Panopticon Labs I spent

several months interviewing executives at more
than 50 different game companies, and I asked
them almost that exact same question. Almost
without exception, they told me that fraud was one
of their top issues, because they felt that anything
that makes their players unhappy with the game
I think we are all aware of how huge gaming in-
whether its account takeover, cheating, credit card
dustry is becoming. Do you have any numbers?
fraud, botting results in a much greater chance
Do you think it will continue growing?
that the player will abandon the game and take
The online game industry is huge, and actually

pulls in more money a lot more than the Holly-
their money with them. To try and fight back, the

publishers I interviewed had spent huge amounts
79
of time and resources, either on 3rd party tools
mon GO was released and instantly not only shot
adapted from other industries, or more commonly
to the top of the Apple App and Google Play
by building their own custom rules and reports in-
Stores game lists, but also surpassed the number
ternally, to try and find the bad guys. Almost every
of users for popular social networking apps, like
solution they described, unfortunately, generated
Twitter and Snapchat. Not surprisingly, were not
less-than-satisfactory results. Just about everyone I
seeing any evidence that the bad guys are moving
spoke to told me that there was still a huge need
away from games towards any other, weaker tar-
for better risk and fraud tools and techniques, ide-
gets, so it looks like cheating, fraud, account take-
ally designed from the ground up to solve the
over, and player abuse will continue to be a prob-
unique problems and challenges that come from
lem for the foreseeable future. Even worse, the
running an online game for hundreds of thou-
tools the bad guys are using to hack game clients,
sands, if not millions, of monthly players across the
as well as to compromise player accounts, are con-
globe.
tinuing to improve as well, making it easier than
Follow-up: How does the situation look now? Is

it different in any way?
ever before for even unskilled users to try their

hands at illegal activities. Unfortunately, most of
the companies we talk to are still relying primarily
Well, Im thrilled to report that online games are
on in-house tools, and on fundamentally manual
still going strong. In 2015, it was estimated that on-
processes to try and stop the bleeding, although a
line games generated almost $100 billion world-
few of the larger publishers weve followed up with
wide. Earlier this month, the mobile game Poke-
recently have told us that theyre finally ready to

start re-evaluating the effectiveness of their solutions, and possibly add additional layers of analytics and alerting on top of the things theyve found
useful in the past. This is encouraging since history
shows that any complex system (like online banking ten years ago, as well as with online games today) really cant rely too heavily on any one security strategy. Any time money is moving online, you
really have to employ a layered approach to security if the operator is truly serious about identifying
and stopping bad guys quickly and efficiently, getting them out, and then keeping them out.
80
Are players themselves sufficiently aware that
Honestly, no. At the end of the day, gamers feel
reporting fraud in the game is a viable option?
that security is basic table stakes: they come to
Ive never personally seen published figures on the

usage of this feature in any specific game, however
I do think its fair to say that the perception
amongst publishers and operators is that players
who bother to take the time to report bad actors
whether thats through a reporting form or via a
game forum post represent a vocal minority compared to their overall player base, and that many
incidents that are witnessed by players never get
reported. As a player who makes use of this sort of
tool whenever I think I have something useful to
report, I can definitely say that more times than not
that report never seems to get followed up on, or
if it is, they never tell me anything about it. Whenever that happens, its human nature to wonder
whether or not anyone is actually reading those reports and why I even bothered, so Id definitely recommend that publishers err on the side of transparency wherever possible, and send their players
who do take the time to report bad activity some
sort of resolution notice (even if its just a simple
message letting them know We completed our
investigation and while we cannot report our findings we appreciate the time and effort you took in
reporting it.
play online games to have fun, and dont want to

have to think about all the different ways that their
accounts may or may not be hacked, exploited, stolen, or abused. When they log in, they expect their
hard-earned items and virtual currency to be just
where they left them. With more and more games
being released every day, however, publishers
really have to realize that tools that take days to
find bad actors and weeks to actually ban their accounts are simply not keeping up with the bad
guys, and start thinking about using advanced security techniques, like behavioral analytics and
anomaly-based alerting on unusual or suspicious
player behavior. Also, if an operator is waiting to
react to player reports of potential abuse, they
really should, instead, start looking for opportunities to be proactive, instead, ideally by alerting
their players to suspected attacks against their accounts before any virtual items or currency are stolen. The reality is that there are just too many other
awesome new games out there that a player can
switch to if and when their stuff gets hijacked - lots
of times, players dont even bother hassling with
reporting the theft they just quit, taking their
money with them. This problem is even worse in
free-to-play games because the same low barrier
Follow-up: Do you think that since then aware-
to entry that gets a player into the game in the first
ness among gamers has improved?
place also exists for competing games as well, all

of which are trying hard to steal that player away.
81
Do you think preventing video games frauds/
Not really. As a gamer myself I can tell you that
crimes/breaches is important? Its only games.
people play games for one reason: to have fun.
They should be an entertainment, so not being
Fun can take many forms, but all that matters in
taken too seriously
the end is that the game seems fair (however
Games are lots of fun, I totally agree, and I love

playing them. But what many people forget is that
games, just like other entertainment like music or
movies, are also businesses that require the skills
of artists, programmers, database architects, business analysts, level designers, animators, musicians, playtesters and a horde of others, all of
whom need to be paid for their work. Businesses
care about their brand and damage to their reputation. In addition to loss of revenue, player satisfaction is incredibly important. The quality of modern
games has improved so much that some now actually cost more to make than the biggest Hollywood
blockbusters: the recent game Destiny, for example, is estimated to have cost more than $500 million to produce. Just to give you an idea of how
big that really is: this summers biggest movie,
the player perceives that to be the case) and that

the game itself is engaging and compelling. Many
publishers have interpreted that as meaning that
modern games have to look more and more polished, and offer a raft of increasingly complex features such as large group-versus-group battle arenas, fancier visual and physics effects, etc. Not
every game has to compete this way, of course:
mobile games, for example, tend to cost far less to
develop than their console or PC counterparts
(but, ironically, can actually cost far more to market
due to the crowded and chaotic nature of mobile
app stores), and platforms like Steam combined
with low-cost development tools like Unity have
kicked off an independent developer Renaissance
resulting in fantastic games that are fun to play
and that only cost a few dollars to purchase.
Avengers 2: Age of Ultron only cost half that to
What about online banking? How safe it is? How
make (around $250 million). With so much money
it is connected with video games (as Matthew
at stake, and so many jobs on the line if a game
specializes in that).
fails, I can absolutely see why game companies are

taking this issue so seriously, and as a player myself Im happy that they are.
I spent more than 12 years building anti-fraud

tools for banks and online bill payment services,
and learned a lot about the tools fraudsters used
Do you think that this amount of money in-
to hack into peoples bank accounts and steal their
volved changed the public perception of gam-
money. In the late 90s and early 2000s, I had a
ing industry?
front-row seat when banks made a big push to get

customers to start using online bill pay instead of
82
paper checks, and witnessed the massive influx of
scan, a victims computer, identifying all the poten-
fraud that soon followed. It took the banking indus-
tially valuable information on that machine so it
try over a decade to even make a dent in online
can be exfiltrated out to its controller. This class of
banking fraud, but eventually they did manage to
malware isnt so concerned about targeting spe-
harden their systems against the bad guys; online
cific kinds of applications or accounts; its literally
bank fraud still does happen, of course, but at a
looking for anything and everything that could
much lower level than a decade ago. What sur-
prove valuable to the hacker or embarrassing to
prised me was that when I started actually research-
the victim photos, files, documents, browser his-
ing the tools that game fraudsters were using to
tory, user IDs, passwords its all fair game. If you
hack into game accounts, I discovered that many
think about it this approach makes sense: more
times they were often using the exact same tools
and more, we rely on cloud services like Dropbox,
and techniques as bank fraudsters. With so much
Google Drive, or Apples iCloud service to store
money going through online games, this makes to-
our information and make it accessible across dif-
tal sense: history shows that bad guys always fol-
ferent devices we own, so as a result the real prize
low the money towards softer, less well-protected
for cybercriminals more and more are the creden-
targets, and right now, unfortunately, games are
tials that make it possible for the user to access
not only where the money is, but theyre also a lot
that information their IDs and passwords. When
easier to hack than banks. Bottom line: fraudsters
games went online, requiring the player to use the
arent going away any time soon theres just too
exact same types of credentials to access their ac-
much opportunity for them to ignore, so unless
counts, gamers exposed themselves to the exact
people suddenly all stop playing games online (un-
same risks as online banking and payments users
likely) theyll have to be driven out.
had been fighting against for years. This is why
Could you give our readers examples of how

tools and techniques they know might be used
in video game context?
game account security tools like email confirmation, device reputation and geolocation, or secret
questions are so vulnerable to defeat; the sad truth
is that cyber criminals have had years to learn how
In my experience many game account breaches
to defeat them and are well-versed in developing
often seem to be collateral damage as a result of
specialized attack tools to do so.
any number of different malware kits ending up on

a players device. Malware developers have focused for years on building hard to spot (and even
harder to remove) tools designed to infect, then
You have just published a blog post about about

the lack in security confidence and security
awareness. How does it look? Is the awareness
83
high between gamers? Do they care about secu-
Absolutely. Over and over when surveying publish-
rity?
ers about the tools they wish they had access to in
I think what youre talking about here is the recent

PlayFab survey of online gamers, where they asked
about how important a games security was in
their decision to purchase it. Whats particularly interesting about that study is that while the game
publishers all already know that security is important, it comes around full circle and shows how the
players view that same issue. The most interesting
thing to me was the finding that traditional definitions of security like protecting against the theft of
credit card numbers or personal information was
actually not a huge deal for more than half their respondents, Instead, the majority said that game
experience was a more important criteria. The message that game publishers and developers should
take away is clear: if you want your game to sell
and to be successful, you have to do whatever it
takes to make your players happy, and to keep
them safe. This means going way beyond the obvious stuff like encrypting a credit card transaction or
by securing the players personal information, and
aggressively targeting the bad guys who are already inside the game, ruining the experience for
everyone else.
Does it also mean you need to put in extra effort to make sure that security does not interfere too much with the game experience?
the fight against fraudsters, one of the requirements that was universally listed was zero impact
on their games infrastructure. Given how complex
a very large client/server game application is, and
how sensitive it can be to anything that introduces
lag into that environment this is perfectly understandable and reasonable. Luckily (for Panopticon
Labs, anyway) that requirement doesnt have to be
a hindrance, and in fact is core to the way we monitor and model gameplay behavior. In our opinion
the best tools operate alongside game servers and
clients, not as an operational component of either.
Architecting our solutions in this way guarantees
that at no point will a tool like Watchtower ever
negatively affect the players experience, as well as
assures that our tools cannot be reverse engineered (since theyre essentially invisible to the
end users). I know from building tools for years to
detect fraud in large financial services and electronic transaction platforms that anything a bad
guy can see is something they eventually will defeat its not a question of if but when, so any
game operator investigating potential anti-fraud or
risk management tools should always keep that in
mind.
Who is the main target of such attacks and why?
Any game thats making money for its creators is a
target, unfortunately. Worse, were finding that the
more players (and money) the game attracts, the
84
more attractive it becomes to bad actors. Its a vicious cycle: the developer and the publisher invest
months of work and lots of money to build their
game, market it, get it on Steam or in the app store,
and then just as they start to see some success
BAM! here comes the fraudsters. At their core, these
sorts of bad guys are opportunistic: all they want is
to make a quick buck for themselves at everyone
elses expense its just a business for them. Unless
the publisher is very vigilant and aggressive in getting them out, they can easily drive the good players
away and kill the game before it has a chance to
earn back its development budget, let alone turn a
profit.
What kind of attacks gamers usually have to face?
Attacks aimed directly at gamers are similar to attack
aimed at online banking customers. Just like online
banking, online game accounts can contain valuable
resources that have real-world value to other players
(virtual currency used to purchase things in-game,
rare items, weapons, armor, or high-level characters
that took weeks or months of effort to build up). To
make things worse, were finding that the damage
done to the player usually goes beyond the game;
lots of times the same malware that the bad guys
use to steal a players game ID and password also
ends up compromising their other online accounts,
too, like email, Paypal, online credit card and banking information, and potentially any other private information stored on the device.
Follow-up: Is there anything new to look out for?

Over the past few months weve definitely seen an
increase in the number of malware attacks directed
towards newly-released titles that have generated
huge amounts of buzz and hype in the period leading up to their release date - games like Blizzards
Overwatch of Niantics Pokemon GO, sometimes as
early as the same week that the game was actually
released. As bad guys continue to step up their attack game, publishers and operators are finding it
harder than ever to react to threats in a timely manner, meaning that gamers, more than ever, have to
be aware of their environment, and to really think
about the potential consequences of their actions
before they download an app claiming to help
their game play via clever hacks or even cheats designed to give them an unfair advantage over other
players. Not only are such tools unsporting at best
(lets face it, nobody likes a cheat, even if the game
was free to download and play), but also because,
more often than not, the clever cheat app is nothing more than a honey pot whose true function is to
install a bunch of hard-to-remove malware onto their
machine, malware designed to not only steal their
online game IDs and passwords, but that can also
just as easily compromise their social networking
sites, financial and bank sites, shopping and eCommerce accounts, etc. The words if it seems too
good to be true, then it probably is have never
been more appropriate than they are right now, unfortunately, and as gamers we have to think long
and hard about that phrase before we click on that
85
link to a sketchy gray market site, or download that
possible for them when they do get in by keeping
Overwatch wallhack, no matter how tempting it
vigilant about keeping your machines software up-
seems in the moment.
dated (Secunia PSI is a great tool for this for Win-
What would you say was more common having a

Steam (or other similar) account or in-game subscriber account hacked?
dows machines in my experience), by always using

different, unique passwords for every single app (yes
its hassle, but do it anyway a tool like Zetetecs
Strip Password Manager really helps keep them
Again, its difficult to quantify things like exposure
straight), and by keeping financial data and home
levels since any game publisher or operator is under-
banking credentials secure, even going as far as us-
standably wary of releasing these sorts of statistics.
ing a dedicated bootable USB stick to launch a very
More than anything the key factor seems to be
secure OS like Ubuntu before logging into your bank-
money the more of it thats passing through a
ing or bill pay site.
game, the greater the temptation for the bad guys.

Unfortunately, many clients weve talked to seem to
literally have no idea how much gray market actors,
hackers, or cheaters are hurting their players and the
You have 3 different solutions: Watchman Searchlight, Dragnet and Watchtower. What is the difference and who is every each of them for?
longevity of their games, or that tell me their games
Searchlight is a targeted tool designed to help the
dont seem to attract those types of criminals
game publisher measure the size and scope of mali-
while a quick check of their player forums show
cious activity already happening inside their games.
theyre overflowing with angry complaints of stolen
Using game logs, Panopticon Labs models 90-180
accounts, burglarized virtual items or currency, or
days of historic in-game activity, and delivers a re-
roaming hordes of cheats and bots. For gamers, the
port identifying suspicious activity such as gold farm-
most important things to remember are that obscu-
ing, botting, account and virtual currency re-selling,
rity is not the same as security (in other words, just
and account hacking. Dragnet extends the capabili-
because you dont think youre doing anything to
ties of our automated risk engine over a series of
call attention to yourself doesnt mean that theyre
scheduled reports, allowing the publisher to not only
not interested in you, and might even be attacking
find and measure the bad guys activities over time,
you as we speak), and that you are not an exception
but also gauge the effectiveness of their efforts to
to any rules its human nature to reassure yourself
combat them. During a Dragnet project, Panopticon
that maybe, just maybe, Im different or special, and
Labs serves as a business advisor to the game pub-
the bad guys will simply pass me by. They wont. So
lisher, and assists them with designing effective
assume the worst, and try to make it as difficult as
strategies that make the best-possible use of our

86
analytics and intelligence. Watchtower is our real-
underlying technology that powers a report is work-
time risk alerting and research tool. Watchtower
ing flawlessly (our last Searchlight project, for exam-
alerts are designed to give the right people at the
ple, was estimated at being 98.7% accurate in cor-
publisher the right information at the right time, so
rectly identifying large, organized rings of virtual cur-
they can make quick and effective decisions about
rency farmers and gray market re-sellers). The period
which players to ban. All our tools use, at their core,
where where risk analytics solutions succeed or fail is
a self-learning behavioral analytics engine that mod-
in the gap between successfully identifying bad ac-
els 100% of all players activities 100% of the time.
tors and actually taking the correct action against
This engine proactively identifies unusual or suspi-
them. To put it bluntly, were finding that any
cious behavior and generates alerts in the form of
reports-based solution that relies on taking periodic
Anomalies and Suspect Flags. Watchman is de-
action against bad actors, whether thats doing a
signed to model player behavior in any online game
once-a-month ban hammer sweep, or even a
regardless of platform (PCs, consoles, or mobile).
weekly purge of suspected cheaters, is simply not
Follow-up: How have your solutions evolved since

then?
fast enough to keep the the bad guys from simply

making new fraudulent accounts to replace their
losses. They dont have to play by the same rules
Learning new things about online video gaming,
that the operator does, so they can move faster than
and about how fraud and risk threats that target the
any rules review committee or periodic report can
industry, is why everyone who works at Panopticon
ever hope to keep up with, let alone get ahead of.
Labs does what they do. Because theres just so

much financial opportunity available to smart,
technologically-savvy bad guys as a result of the continued popularity of online gaming, the threat landscape for games is constantly changing and evolving. The single most important thing we learned
from our clients since we last spoke was that they
confirmed for us something that we long suspected;
any report-based tool, no matter how efficient or accurate, simply cannot keep up with the bad guys
pace of innovation - theres simply too many of
them, and the financial rewards are too great. What
we discovered was that it doesnt matter if the the
In response to this reality, weve consolidated our

three previous solutions (Searchlight, Dragnet, and
Watchman UI) into a single product, Watchtower,
which combines our industry-validated, automated
risk engine with a custom-designed alerting and research console built from the ground up for the online game industry. Using Watchman, online game
operators and publishers can get the same sorts of
bad actor reporting that was possible with Searchlight and Dragnet direct to Watchtower, then use
that tools Account and Session Search tools to
quickly find similar examples of confirmed bad activity, and even take immediate action on that intelli87
gence via Watchtowers optional Interventions sys-
out, laughing and chatting over our headsets stuff
tem. Our goal is to enable game operators to com-
that was pure science fiction when I was a kid. Thats
plete their research activities, then take concrete, de-
why I still play games and why I think that, even with
cisive action on confirmed bad activity in five min-
all the bad stuff, theres never been a better, more
utes or less, dramatically shortening the interval be-
exciting time to be a gamer. If any of your readers
tween learning of an in-game threat and actually
want to know more about this, Jane McGonigals
eliminating it from the virtual world.
gave an excellent TED talk in 2010 titled Gaming
I used to play many games. I dont do this anymore as I tend to lose track of time. Its not good
to spend 6 hours per day gaming before your fi-
can make a better world thats I highly recommend

they take a look at.
nal exams in high school, huh? What do you think

about it social-wise? Or education-wise. Is it a
growing problem of our times that people get
sucked in games and never get out or are games
a good educational/entertainment tools?
Thats an interesting question I cant speak for anyone else, of course, but for me modern online video
games and their ability to bring players from all parts
of the world together in a shared, virtual world is
one of the most exciting technologies of the 21st
century, and I think that their meteoric rise in popularity over the past few years proves that there are
many, many others who feel the same. I think about
what it was like as a kid sitting in front of my parents
TV playing Asteroids or Kaboom! on my Atari 2600
with a friend, then compare that against what I can
do now, and Im blown away every time. The other
night, I was running through an online dungeon with
ten other people, half of them scattered across the
US, the other half connecting from places like Australia, England, and Germany, all helping each other
88
After rereading the interview, how has your perspective changed?

From where we sit, I think its safe to say that were most definitely seeing a dramatic
decrease in the time it takes for a game to be released, and then for bad actors to
pivot their fraud and attack tools towards that game.
SPECIAL EDITION
FOLLOW-UP
Since we last spoke, for example, several new online games were released that enjoyed immediate and major critical and commercial success, titles like Blizzards Overwatch (released on May 24 for PC, Xbox One, and Playstation 4) and, just last week,
Niantics/Nintendos Pokemon GO for mobile. In both cases, major cheating, hacking, and in-game fraud issues were reported by scores of unhappy players in just the
first week of the games operation. In addition, in April, we worked with online threat
researchers at Kaspersky Lab to help signal-boost their findings about a whole new
class of advanced malware built to enable account takeover of player accounts for
the online game distribution platform Steam, called Steam Stealer. These are the
most public examples of very large games or services that have come under concerted attack by bad guys out to enrich themselves at the game publishers and the
players expense, of course, but there are many others, more each and every day, so
clearly this problem seems to only be getting worse, not better.
Thats why were working harder than ever to educate game development, IT security, publishing, and even online game monetization and finance teams about the
very real risks that fraudsters, hackers, and cheaters pose to their businesses and to
the long-term health and stability of their games. As players ourselves, everyone at
Panopticon Labs knows that theres nothing more fun than losing yourself for hours
in a masterfully-crafted virtual world, but as security professionals and businesspeople, we also understand that it takes money to keep the game servers running, to
pay artists and writers to continuously create the ongoing content that players expect, and to hire the programmers, modelers, composers, tech support reps, community managers, accountants, admins, and other staff that make those artistic visions a (virtual) reality. Bottom line: hackers kill virtual worlds, which has a very realworld impact on the gamers who love them, as well as on the livelihoods of the people who make a living making them for us. I and everyone who works at Panopticon
89
Labs has a personal story they can cite where a game we loved playing, a game we invested weeks, if not months, of our lives playing and that we probably spent hundreds
of dollars supporting, was cut down in its prime by the unwanted actions of a relatively
few bad apples.
But the publishers and developers weve worked with have their own stories; about un-
SPECIAL EDITION
FOLLOW-UP
expectedly losing jobs they loved, working on games they hoped would endure for
years, after just a few brief months due to a sudden loss of revenue and irrevocable
player attrition due to these same bad actors activities. Its time for online game publisher and operators to learn that they dont have to accept this as just another cost of
doing business.
90
About Matthew:
Matthew Cook got his first taste of video games at age 8 while visiting his fathers office at a CIA family open house in Washington, DC, shooting
down pixelated space aliens on a government mainframe. He attended art school at the School of the Art Institute of Chicago, where he learned
to program his first PC. After spending 15 years designing and building online cybersecurity and risk management tools for companies such as
CheckFree, Fiserv, Yodlee, and Guardian Analytics, he co-founded Panopticon Laboratories, where he focuses on Product and Business Development. He blogs about video games and security at: http://www.panopticonlabs.com/founders-blog
And yes, he still plays games every day.
WWW
91
11
CYBER ADVANCED
TECHNOLOGY
Bruce Khavar
CEO
Published: November 4th 2015
THE UNHACKABLE
CLOUD
What is your product?
Our current product is a fresh take on cyber security; however, we will expand to the cyber operations and cyber content delivery in 2016. In cyber
security we have two families of devices Anubis
and Ammit. The Anubis Family is designed for
enterprise-level cyber security support and the Ammit Family focuses on protecting the end-point
and Edge-of-the-Cloud domains such as smart
buildings, Smart homes, handheld devices, and so
on.
given time. As a result, CAT effectively removes

the possibility of obsolescence from existing technologies and nullifies the complexities, costs, and
harmful effects of assimilating new programs.
What protection does your product provide?
Todays global internet is wrought with security
flaws and incomplete solutions. Security is not inherent in todays internet. Well-publicized security
breaches are causing billions of dollars of loss and
uncertainty in the safety of the lives of billions of
people. In addition to security, todays internet has
What services do you offer in addition to the
many more problems that are not visible to the lay-
product?
man relating to performance, reliability, and other
CAT products and services are systems-oriented,

meaning they are designed to securely create a
community of wares that enhances the reliability of
global operations. Moreover, we are offering supplemental and complementary cyber security and
content delivery services to our devices and rele-
issues. Protection within cyber security is a complete and comprehensive security; this, through
the endpoint devices and the supportive services.
This service will be subscription-based or through
another arrangement which will be providedby major players.
vant deployments. CATs security systems not only
What sacrifices will have to be made by custom-
provide comprehensive solutions for todays needs
ers willing to integrate their systems with your
and requirements, but also predict and allow seam-
product?
less integration with future innovations at any

93
We have designed a brand new technology from

the ground up. The specific details concerning
how it works is our proprietary Secret Sauce.
Just like the hamburger from your favorite burger
joint, the recipe is top-secret.
How can you guarantee complete protection
from both known and unknown threats?
We only guarantee what we know our technology
is capable of doing, and today, that is to provide
protection for our customers high-value assets. In
the near future we will expand security coverage to
all areas of the cyberspace. Our confidence in the
Anubis and Ammit systems was earned by achieving consistent results through rigorous testing by
teams of highly qualified engineers, penetration
testers, and top-of-the-line equipment.
Customers will make no sacrifices. Their investment in CATs technology will help protect them
Can you tell us more about the Cyber World? Is
from a multitude of hazards and financial loss.
it just and exclusive network with Anubis and

Ammit as gatekeepers? How is it different from
How is your product different from cloud solu-
the normal internet?
tions already in place?

The term Cyber World refers to the next generaWe are introducing a more mature cloud, while
tion internet with its own characteristics and specifi-
standing on the shoulders of all existing common
cations. It implies that the internet is no longer sim-
cloud protection knowledge. Our differentiator is a
ply a network of computers with interconnected
new paradigm in cyber security. We call it our Se-
hardware, but instead a dynamic space with a cy-
cret Sauce.
ber soul and cyber existence. Todays internet
How does information transit the boundary between your environment and other environ-
has many shortcomings, and security is a major

one. Consider that as the Internet
ments?
94
Of Things implementation expands, we will see
created. I hope our comrades do take this chal-
over 50 billion devices connected globally. I esti-
lenge seriously and attack. No matter the out-
mate over 60% of those devices will be unsecured.
come, challenges will bring progress and stronger
Content delivery, business operations, and per-
protection for the innocent end-user. Releasing
sonal activity on the internet will continue to be-
Anubis and Ammit is not about personal pride for
come more visible as the internet in the current
me. This is not an egotistical attempt to gain fame
state cannot support this level of use. The solution
and glory. It is about helping people and organiza-
is CATs new paradigm erected from ground up
tions prevent getting ripped off by criminals. The
with security, reliability, and performance in mind.
CAT Cloud is designed to protect high value as-
What is the new Internet Paradigm?
sets, and this piece is architected from ground up

to be unhackable. Only attempts from the best
The architecture of the existing internet is very
penetration testers can demonstrate the strength
rigid and dictated by how IP addresses are organ-
of it. We are inviting the best and brightest to con-
ized. Protocols are essentially orchestrating rela-
firm that the CAT Cloud is, in fact, unhackable so
tionships amongst the static addresses. Whereas
that normal citizens rights and equity will be pro-
the new paradigm is the evolutionary result of
tected and not invaded by any criminal force.
present-day demands of the internet. We now require interoperation of all elements of the internet.
One aspect is the Internet of Things, but the truth
of the Cyber World reaches way beyond IOT as a
new sense of cyber existence rather than connecting devices in IOT.
You claim the Cyber World is the unhackable
cloud - are you not worried that saying this will
only attract people who take challenges way
too seriously?
The whole project seems to be a major recontruction of the concepts already in use - is that
right? If yes, how did it start? Did it emerge
from frustration with current problems and endless issues?
As they say, Rome was not built in one day. We are
not claiming that this is our project. Instead we
have recognized there is a natural evolution happening, and we are the pioneers offering a real
world solution for the previously unsolvable prob-
I do not worry! I consider the work of fellow pene-
lems in todays internet. Security breaches are hap-
tration testers and ethical hackers constructive. I
pening everyday and have brought some of the
see them as scientists that study all angles of
worlds major security firms and specialists to their
cyber-disease and poke and prod in an effort to
knees. The solutions already in use are not work-
identify the weaknesses so that a vaccine can be

95
ing. The natural flow and expansion of the Cyber
tions. The move to this framework will happen
World demands a disruptive paradigm shift.
gradually, in a very natural and smooth way. The
This movement has to be as unobtrusive as possible while showing respect for an all legacy world
that includes devices, protocols, APIs, and others.
Through years of experience in factory automation,
CAT has created an almost perfect integration technology and environment that paves the way for
global integration of todays legacy world and future innovations. CATs system-oriented approach
allows for seemingly obsolete devices and technologies to extend their lifespan and continue to
be useful. Therefore, many goals are being accomplished simultaneously: economic factors, preserva-
reality is SaaS and other similar concepts are

mostly products of marketing and political motives
rather than a move toward addressing the pitfalls
of cyberspace evolution. Sadly, the technological
basis is an afterthought of money and marketshare. SaaS and others like it have not offered any
technological advancement. They only work on different OSI layers, mostly layer 5 and up! This is
only the beginning. Many of those concepts have
to change and morph to meet revenue goals while
leaving the cyber inhabitants their customers
high and dry.
tion of investment in terms of money, time, and
If a company uses the Cyber World as their
skills, and the ability to jump to the new paradigm
framework they will still have to contact the out-
while supported by the infrastructure of the old.
side world, and therefore they will open the
OT-OCN offers not only secure servers, but also

hand-held devices, datellite devices, and com-
gates for potential attackers. How do you think

the human factor will play out in your solutions?
plete infrastructure solutions - that is a very com-
If our solution was merely a framework, there
prehensive operation, far beyond a simple SaaS
would be much potential for infiltration. However,
model. Do you predict companies will be mov-
OT-OCN is a serious evolutionary and revolution-
ing completely to use your framework?
ary paradigm shift that is already in progress and
OT-OCN stands for Operation TechnologyOperation Centric Network. This is an encapsulation of what is going on in todays cyber-centric
businesses; therefore, there is no need for a formal
adaptation. A strong and highly needed feature of
OT-OCN, like security for instance, will act as a
beachhead for the rest of the important cyber solu-
will not wait for anyones approval. People want to

live and do business safely on the internet, regardless of semantics. Whoever offers a safe and reliable solution first will become the world leader
and Cyberspace Darling. One should always recognize that the human factor is present, it demands our respect, and we are counting on it. The
human factor will determine the winner of the title
96
Cyberspace Darling as well as clear the least re-
must see global collaboration. Meanwhile, we will
sistant path for devices to find their most effective
progress by offering reliable security and operation
counterpart to offer a predictable solution in IOT.
solutions to our customers and members of our
This is a very complex subject, and it merits an arti-
movement.
cle of its own.
Recently we had an epidemic of serious zero-
As one of the features of the OT-OCN you
day vulnerabilities, mostly connected to the
added counter-attacks on hackers 0 can you ex-
Hacking Team leak. You say your products give
plain how this works? Will your own hacking
protection against zero-day attacks - does it
team go after attackerS? Will they seek to inca-
come from the nature of your solution? How
pacitate them or just scare them?
does that work, since even, if protected by your
I have practiced martial arts for many years, and

one teaching is when you are attacked you must
services, your clients will still most likely use application that are vulnerable?
defend. We all know the most effective defense is
The key is that we have addressed and resolved
an offensive strategy. Everything has to be real, I
the problem at its root cause. It is important to con-
have no tolerance for fake strategies or scare tac-
sider the varying degrees of vulnerabilities and
tics. I will be glad to expand this in future articles
how you can strengthen each weak point. Unfortu-
and workshops we will hold for your readers.
nately, consumers are sold fake solutions that focus
How did the testing process look? The simulation had to be big to ensure a level of safety
and remain sustainable, did it pose any challenges?
on the problems created by architectural flaws and

shortcomings in the same old internet. Cyber security companies claim they can stop attacks. Then
why are these attacks still happening? This cycle
will not end without engaging the OT-OCN para-
We are very happy with the testing progress. We
digm shift in strategy and technology. Of course,
are utilizing massive parallel systems to simulate
cyber-attacks are a global epidemic and the de-
the real world as much as is possible. The key is
fense strategies should be proactive in nature; this
that the strength is in the new architecture, not
by aggressively facing the challenges based on re-
brute force alone. Of course a paradigm shift does
alistic assessments.
not come easily. There is a need for global understanding, which includes access to education and
tools from the devices, to end-users, corporate entities, and governments; for a new internet, we
How about the IoT protection - I assume the devices would also have to be a part of the closed
network? Do you predict that it will take a lot of
97
integration and cooperation with multiple hardware providers?

IOT protection is very interesting and crucial to address. As IOT expands, billions of points of penetration will be exposed, and 60% of these will have
no protection. This must be solved starting from a
solid infrastructure, all the way down to the end
points. OT-OCN will be refreshing, pleasant, and
effective news for existing IOT users expectations
and demands.
What are the next steps for CAT?
We have been invited by Korea Cyber Security Association and Korea Information Technology Research Institute to unveil our groundbreaking enterprise solution to a group of Korean government
officials, CEOs, CTOs, and industry experts on November 12, 2015. We plan to showcase our technology by inviting seasoned KAIST research hackers and demonstrate that we can protect high valued assets for all cyber attacks, including zero day
attacks. We are confident and believe that our technology will raise the industry standard from antihacking to unhackable.
98
12
STEALTHWORKER
Ken Baylor
CEO
Published: November 23rd 2015
INFOSEC PERSONNEL SHOULD

HAVE A BROAD UNDERSTANDING
OF GENERAL INFOSEC
PRINCIPLES AND DISCIPLINES
Could you introduce yourself and your company
who charge, in some cases, 40% of the candidates
briefly to our readers? What does Stealth
salary for placing them. They are expensive proc-
Worker do?
esses from both a time and money perspective.
I have lead information security teams at tech com-
What do you think we can expect in information
panies, such as Symantec, McAfee, and Pivotal
security recruitment in the near future? What
Software, and financial companies, such as Wells
will change?
Fargo for the last 15 years. While I have met exceptional security people over that time, there have
always been fewer talented individuals than were
needed.
It has to rapidly evolve. In the USA, we have

209,000 open cybersecurity jobs yet there are only
65,000 CISSPs in the country (all of which already
have jobs). The employment model cannot tackle
With every conversation I have with a CISO, they
this problem, but an online marketplace for cyber-
admit their team lacked skillsets and it was impact-
security talent can.
ing their ability to protect their company. We

formed Stealth Worker to tackle this exact problem: making information security talent available
quickly at a reasonable price.
Why does every company need to pay a low salary

for a policy and procedure person? Wouldnt it be
better if that person freelanced to 10 companies
(each of which would get a major cost savings) and
How would you assess the state of recruitment
he or she could triple their earnings? We expect to
in cyber security at the moment?
see information security personnel take charge of
The mandatory employment model for cybersecu-
their income and career trajectories.
rity is a key bottleneck. Recruitment is either done
Do you think that multitasking between many
in house, which results in a slow 3-6 month on-
companies wont affect effectiveness?
boarding process, or outsourced to headhunters
100
For many InfoSec personnel, it will make them

even more effective. Rather than become a generalist they can become a specialist with very deep
skills, e.g. If a malware analyst in a bank sees only
10 samples a year, they can learn only at a limited
rate. If they are exposed each year to hundreds of
samples, from different geographies, they get a
whole new level of understanding. They can see
how malware evolves, and how to predict new variants and methods. They get to see how best in
class organizations respond, and they become
much more valuable at what they do. The same
principle exists for most of the InfoSec disciplines.
On your website, it says that the Stealth Worker
believes the current cybersecurity market is inefficient what does that mean?
The market contains many overworked InfoSec departments that are overwhelmed by the volume of
From a hiring perspective, a CISO could review the
their work (because they do not have the skills to
needs of a company and decide he or she needs
solve them), yet are too busy to evaluate, purchase
10 different skillsets. They make a list of them and
and implement the vendor solutions that could ac-
then start the slow recruiting process. To no-ones
tually solve their problems. Shelfware is a waste of
surprise, most candidates possess only one or two
everyones time.
of the key skills, and some of the newer ones are
On the vendor side, the sales engineering model

is critically broken (leading to high expenses, long
sales cycles and lower closure rate), but that is a
topic for another day.
very hard to fill. They are also expensive. Many CISOs have to compromise. They hire four or five
candidates, all of which are expensive compared
to IT candidates, and then find their budget is
blown and recruiting must stop. So many CISOs
What challenges do CISOs face when staffing
lack the critical skill sets needed to protect their
their departments?
company.
101
A related issue is how inefficient the employment
right talent, and get non-InfoSec people out of the
model is. Assuming one of the critical skills listed
critical path.
by the CISO was Checkpoint firewall skill, they

have now hired a person to manage their firewalls.
Once the firewalls are optimized, this person may
really only work for 5 hours a week, yet gets paid
You have to fill your ranks as well how do you

recruit Stealth Workers? Or do they just come
to you instead?
for 40. This inefficiency is crippling businesses with
There are many skilled Information Security people
huge salary costs.
who enjoy challenges and love to learn. We give
Isnt it the effect of very narrow specializations

in IT security? Maybe having a broader set of
skills to fill up 40 hours a week with work
would solve this issue just as well?
InfoSec personnel should have a broad understanding of general InfoSec principles and disciplines.
However, not all people are experts at all things.
An excellent penetration tester may be a sub-par
them the opportunity to work with new startups

and technologies. Theres a strong network effect
as friends recommend it to their friends. Great
Stealth Workers have a passion for learning and
want to bring in extra income for their families. We
mostly spread by word of mouth.
What is the cause of talent shortage in cybersecurity? What can be done to solve it?
auditor. The learning curve for some specialties
With much of our economic and national security
may be thousands of hours, and not all employers
now on the internet, cyberspace attacks can have
will support this investment.
serious real world effects. Software is still eating
How hard is getting your InfoSec department

staffed with people who possess the right skills
for your company?
When you add in: getting roles filled in a reasonable time and at reasonable costs, it is almost impossible. CISOs can leverage their personal networks and create buzz to join them, but that only
works if your previous company is like your new
one, and company needs are rapidly evolving. CISOs need to take a new approach to finding the
the world, but the whole software stacks need to

be protected. We need cybersecurity people to do
that.
The scope of cybersecurity has rapidly evolved
from GRC compliance on one side and system
hardening on the other, to protecting all devices
and components. The enterprise perimeter has
long been left behind: connected cars, IOT and
cloud microservices are now in scope. The security
specialists needed to protect these grow slowly
with time and experience.
102
Do you think that its possible to ensure security
Cybersecurity is a great profession and will remain
for IoT as it emerges, or will it be a long process
exciting for many years to come. Consider learning a
riddled with attacks and breaches?
new skill and getting paid for it by taking on extra
It is possible, once the exposures are understood. It

is an area where either understood risks or Fear, Un-
work. It will open many doors.

certainty and Doubt (FUD) will dominate. Access to

experts with deep IoT knowledge will enable enterprises to fully understand and mitigate their actual
threats. The scalable way to do this is by hiring an
IoT expert, and keeping them on retainer for a few
hours per month.
Hiring freelancers has many benefits for companies, but Is freelancing the best way for security
professionals as well?
Absolutely. It depends on where you are based:
some states in the USA, like California, allow you to
take on supplementary work for a non-competitor.
Others choose to freelance. One issue stopping individuals from freelancing successfully in the preStealth Worker days was lack of consistent opportunities. Were making consistent opportunities available.
For full-time freelancers, they generally double or
triple their salaries, while those taking on extra work
(8-10 hours per week) earn an extra $40-50k USD
per year.
Do you have any advice or thoughts you would
103
About Ken:
Dr. Ken Baylor is the founder and CEO of Stealth Worker. For the last 10 years he has served as CISO at multiple tech and financial institutions.
He is recognized as a leader in Data Protection, Bank Security, Agile Information Security and Regulatory Compliance. His recent speaking engagements include RSA, Blackhat, and FS-ISAC. Dr. Baylor is a Certified Information Systems Security Professional (CISSP) and a Certified Information Systems Manager (CISM).
WWW
104
13
MINEREYE
Yaniv Avidan
CEO
Published: December 3rd 2015
MOST OF THE INNOVATION

IN CYBERSECURITY IS
COMING FROM STARTUPS
Hi Yaniv, how have you been doing? We con-
These steps will assist in buying time until a reac-
tinue to see a growing number of large and un-
tion and respond to an attack will take place. In to-
foreseen data breach attacks throughout the in-
days world enterprise data landscape compels to
ternational marketplace. In your opinion, why
this process as data changes, formats and file
do so many large corporations fail to defend
types varies on a daily bases, where enormous vol-
themselves against cyber threats and what do
umes of data is generated by the minute.
they need to change in their strategies, if anything?
In the past few months I see a shift in the importance of defence, awareness, it is growing rapidly
Hi I am great. For the past few weeks I was on the
yet the leading approach is based on a high wall
road presenting MinerEye promise, meeting indus-
and a castle. Companies protect their data with
try leaders, discussing these issues and providing
the help of firewalls and hard coded policies. I
answers to serious challenges that are out there.
have noticed in many worldwide organizations that
It is a known fact that todays modern warfare has

changed and shifted. Cybersecurity plays an increasingly important role, we are exposed to some
sophisticated attacks from unexpected malware,
forcing us to act fast and change defence methodology. This process divided into two main steps:
the responsibility on data protection and identification and the actual cyber-attacks are divided between two separate departments. The first is handled by the business and risk control units, and the
second is handled by the Chief Information Security Officer (CISO). This fact worries me, you may
think of it as defending your castle by deploying a
Identifying most valuable assets which are usu-
small number of troops who are spread over a
ally ones sensitive data and IP.
length of 10 mile wall, when you have no idea
Increasing control over the sensitive data and

improving intelligence.
where or when the breach will take place and

much worse youre not sure where your critical
assets are located.
106
I feel it is my duty to demonstrate and explain the
that focus on automatic knowledge sharing be-
reason why CISOs must take over the entire re-
tween organizations. Their biggest value would be
sponsibilities.
when the time to eradicate attacks will be reduced
Well, if you have limited forces to defend your
dramatically thanks to collaboration.
wall, shouldnt the solution be to recruit more
Do you see a difference between how compa-
troops?
nies in the U.S. defend themselves compared to
Data inflates in meteoric pace and so are threats to
Israeli companies?
it. Security teams will never be able to hire and
I must admit I find more similarities than differ-
train security analysts that fast and we havent yet
ences. Perhaps due to size and power U.S. repre-
discussed budget issues. Security operations con-
sents bigger targets, therefore we witness a higher
sist of both routine and nonroutine jobs. Both have
cyber-attacks events which gains a bigger media
the ability through automation to increase team ef-
publicity. An interesting fact is how cultural differ-
ficiency and lower operational cost. Thats where
ences play a role, Israel who is known as a start-up
MinerEye focuses its promise.
nation is more open to try and quick to adapt to
Do you think that cybersecurity in companies

could benefit from better communication?
No doubt. Alongside automating the identification
of threats to sensitive data, I see many ventures
new technologies in the market than corporate

America.
Your solutions is made to identify and track sensitive data. What do you mean by sensitive
data? How your solution can identify, which data
are more sensitive/important and which are less.
Are those least ones less protected?
Data protection is a field that requires enormous
efforts and resources. MinerEye has developed a
unique technology that minimizes this efforts to
nearly zero by automating critical activities. Every
C level executive in a company knows to tell between public information and a piece of data he
would like to control; business models, processes,
unique intellectual property, trade secrets, customers and employees private and protected info etc.
107
The challenge MinerEye has managed to solve is

the knowhow in categorizing, classifying and mapping the data in order to help an organization to
define and determine better data protection strategy. We developed a unique technology that can
point the similarity among two data files without
extracting the content. This process is done for
enormous data volumes (up to one terabyte)
within few hours.
MinerEye provides automated identified and categorized data divided into clusters of similar documents and files, while filtering out those cluster
files that do not match the file patterns. Our platform supports the essential part in data protection,
an ongoing continuous identification and classification of sensitive data. By visualizing sensitive data
clusters and their attributes, the system GUI enables users to tag the data and build private classification convention while, the backend, focuses on
it mean thats it is self-learning system? How

does it learn? Is it trustworthy?
scanning, mapping and matching collected data to
VisionGrid also known as Data Security Intelli-
clusters, while the machine learns on the knowhow
gence provides a pre-emptive valuable intelli-
of a specific data behaviour.
gence for sensitive data which forces Data Protec-
On September 2015 the Gartner Maverick report

announced MinerEye technology as a respected
promise for creating a continuous control over information assets platform while monitoring and
alerting normal behaviour.
tion systems to act. MinerEye has shifted paradigms and concepts in classic machine learning by
enforcing technology fusion as pattern recognition
and computer vision. The technology gives a new
definition to the word learning when a machine
can infer correlation between two pieces of data,
Tell us something more about The VisionGrid
based on numerous examples. In case there are no
Data Self-Learning Loss Prevention. What does
example to learn from the technology has the capa-
108
bility in building its own world of definitions by
Your company is a start-up in your opinion, is
automatically categorizing the data.
it hard for enterprises like that to be noticed?
MinerEye talent team is made of a leading industry

experts with vast worldwide experience in data pro-
Or does the innovation attract enough attention?
tection and cyber security malware. We have man-
I think you cannot have the one without the other. I
aged within a short time to prove and bring value
see a global rapid growth and hype around start-
to few dozen companies from various verticals and
ups with growing numbers of worldwide accelera-
information. The MinerEye integration with other
tor programs, expos and contests hosted by lead-
security systems, has proven a substantial increase
ing 500 fortune companies as Microsoft, Google
in system effectiveness in regards to data manage-
E&Y and many more. It helps to get an exposure,
ment and protection this fact is doubling our prom-
sends the excitement and spread the needed buzz
ise within first days of solution implementation.
as you are bringing a new breakthrough promise.
What was your inspiration? Is there is any philosophy that drives the company?
These days are especially promising for companies

in the cyber-security arena. We notice a growing
hunger, the industry is maturing, ready to embrace
MinerEye is inspired by the human eye mechanism
new approaches, and treat them as problem solv-
and its interaction with the brain. The eye trans-
ers.
lates objects it sees into electrical signals and the

brain categorizes and mines those signals when
correlating them with new information. My favourite example is with kids as they see for the first
Innovation is key in a fast-moving environment

like cybersecurity. Do you feel start-up culture
has a better chance at it than big corporations?
time a little dog with no correlation to breed their
We can actually see it. Most of the innovation in
parents teach them that this is a dog. As adults, we
cybersecurity is coming from startups and small
are able to categorize all different breeds under
companies. To start with startups have the ability
the title dog even when we see a new breed for
to shift strategies and priorities a lot faster than big
the first time. The MinerEye solution operates un-
organizations. Working in large organizations, I
der the same methodology. MinerEye overcomes
have seen a lot of very talented people who hold
the need for pre-define rules and uses one time
great ideas but are being slowed down or even re-
example to tag similar cases just like the human
jected by their company. Great ideas have proven
eye and the brains do.
to be executed faster and better by small, talented

and balanced teams.
109
curity will happen in waves of evolution, rather
than all at once, with priority on security effective-
face in the cybersecurity world?
ness as a key driver. The end state I envision,
Businesses are more digital-oriented hence they

are moving in a fast pace. Security officers cannot
trust traditional approach that will create a bottleneck, slow down the business and even create a
would be a much more convenient automated cybersecurity and compliance that run in the background of businesses enabling it rather than limiting it.
block, therefore there is a need to evaluate and
consider automated security processes especially
among people, devices, threats and data. The end

result is not only connected to an immediate ROI
yet to team efficiency and productivity.
Everything related to device connectivity and analyzing the environment, business agility and data
availability. I can foresee the next wave of attacks
Where can we find balance between cybersecu-
focusing on changing data rather than stealing it.
rity and convenience, in your opinion?
This will add a totally different dimension to cyber
The bad news is that I cannot predict comfort in

this space. Cybersecurity isnt a game you simply
security and will affect the way organization prepares itself.
choose not to play. Therefore, companies will need
Do you have any thoughts or advice you would
to adjust to this new threat landscape and take the
right steps. Up until now, this area was neglected

and the market got flooded with shelfware reports state one of the top reasons for shelfware is
that 19% of IT departments do not have sufficient
knowledge nor resources to implement the software. Thats where good news come in. More and
more cybersecurity ventures looking at automated
solutions and improved user experience throughout their product life cycle as a major requirement.
Latest Gartner Maverick research report (published
25 September 2015) states that automated security may be closer than we think. Automation of se-
It is no secret we are facing with a new combat

zone named cyber world. This fact bringing an exciting era with a true need for fast, creative innovative ideas. There are amazing, smart, and skilled
out of the box thinkers, with a can do approach,
who are turning ones vision into a reality. I encourage all those talents to join us with this amazing
venture. I would like to thank you for this interview
and the opportunity you have granted to share my
thoughts and MinerEye revolutionary promise.
110
About Yaniv:
A veteran in data analytics and cyber security domains with over 15 years of hands-on experience. Formerly leading a global cybersecurity program in Intel corralling resources across different teams and organizations spread across multiple geos. Before Intel, Yaniv led several programs
with the Israeli DoD working closely with Lockheed Martin and Cubic defense systems. Yaniv holds a B.Sc. in information systems engineering
from Ben-Gurion University and is a LTC. (res.) in the IDF.
MinerEye is a graduate of Microsoft Accelerator TLV Batch #5:
http://www.geektime.com/2015/01/27/watch-the-waze-for-cancer-patients-and-10-other-startups-at-microsofts-israeli-accelerator/
WWW
111
14
PROTECODE
Mahshad Koohgoli
CEO
Published: December 30th 2015
BUILD SECURITY
AWARENESS IN ORDER TO
PROTECT YOUR COMPANY
Could you please tell our readers a little about
codes technology complements the binary analy-
yourself?
sis and vulnerability detection capabilities of Syn-
I have been working for over three decades in the

technology industry, and led Protecode Incorporated as the CEO Protecode was purchased by
Synopsys, Inc. in November of 2015. My specialty
is in new technology businesses, having success-
opsys AppCheck solution by providing improved

Open Source Software (OSS) license detection via
source code analysis, OSS compliance and governance features, and Protecodes proprietary Global
IP Signatures Database.
fully managed four companies from the ground up.
Your company helps discover open source and
Before this, I was the founder and CEO of Nimcat
third party content in a code portfolio. How im-
Networks, as well as Spacebridge Networks, and
portant is it for software developers to keep
Lantern Communications Canada. I have also held
track of this?
various technical, marketing, and commercial roles

within Newbridge Networks, Bell Northern Research, and Nortel.
Why did Synopsys acquire Protecode?
Synopsys acquired Protecode to strengthen its position in the software quality and security market.
Protecodes technology enhances Synopsys Software Integrity Platform by both bolstering and extending its software composition analysis (SCA) solution, which provides visibility into the security,
quality, and license compliance of third party com-
Today, resourceful software developers use a combination of previously created code, commercial
software, open source software, code from outsourced contractors, and their own creative content to
produce the desired software functionality. Use of
open source software has become widespread in
almost every technology segment and all organizations. Therefore, the sensitivity to understand the
pedigree of all code components, code ownership, and the need for compliance with open
source software licenses, and the necessity of un-
ponents used to build software products. Prote113
derstanding and managing security vulnerabilities
Protecode automated tools identify components
in third party code, has increased.
that are in the public domain, but they also high-
Organizations that do not have a clear view of their

code composition risk running afoul of quality, licensing obligations, export control obligations,
and security exposures. Uncertainties around quality and intellectual property (IP) ownership can delay product shipments, lower a companys valuation, and reduce the ability to create partnerships.
For example, concentrating on the compliance aspect only, ensuring clean IP before a software transaction, or ideally, as early as possible in the devel-
light components that are questionable (when a

supposedly proprietary software file matches code
from open source), or are unknown (they dont
match public domain code and have no identifying
information). Sometimes there is a reference to a
developer inside a software file, and we need to
make sure that the developer did work for the company that owns the code. Audits are serious business and we make sure every piece of a software
portfolio is accounted for.
opment cycle, can reduce the time and cost re-
If somebody wanted to audit their friends code,
quired to correct any risk issues that can arise.
where would they start? What rules would they
On your website there is information that you
have to obey?
perform audits in one week. Can this quickness
An audit process aims at identifying, and reporting
affect the quality of audits?
on all attributes, such as the project name, version,
Software audits are a serious matter there is very

little room for error in the delivery of these services. Protecodes automated discovery tools are
backed up by thorough inspection by one of our
audit experts. The expert resolves uncertainties
(for example, open source files that have been
modified and the original licencing and copyright
information have been altered), and signs off on all
(open source or otherwise) software components.
license, copyright, security vulnerabilities, license

obligations, export control restrictions, etc., of
every piece of code. Truthfully, except for in the
simplest and smallest code portfolio, a manual
audit of a companys code portfolio takes time, is
inaccurate and is costly to conduct. Manually performing an audit makes it difficult to discover partial matches of code snippets and identify files containing no header information. Automated code
scanning solutions can sift through large portfolios
You said that there is very little room for error
quickly and efficiently, detecting outside code and
while performing software audits. What is a pro-
retrieving licensing and other attributes of external
cedure when such mistakes do happens?
components. Our automated analysis tools can accurately process thousands of files per hour.
114
The open source audit process usually involves:

Establishing a legal framework (NDA) between
the parties involved and the auditor.
Question and answer between the parties involved to establish some a-priori knowledge about
companys development practices, their open
source usage history, contracting or outsourcing
processes, etc.
Automated analysis of the target code portfolio.
Expert examination of the results and sign-off.
Creation and delivery of high-level and detailed
reports.
promise the applications using that open source

project.
The open-source community takes much effort

in making open-source software as good and se-
Is there a common code mistake that leads to a
cure as possible, with many people testing the
well- known vulnerability, and yet you keep see-
same thing, it seems a lot easier. Do many vul-
ing it over and over?
nerabilities sneak through?
There are impairments that programmers should
The nature of open source software is collaborative
be aware of, yet it happens regularly. Some of the
review and development, a community of program-
mistakes, such as database query injection flaws,
mers coming together to work on a project. Open
broken authentication, weak encryption, and inse-
source software developers often have a functional
cure file-access references, are quite common.
perspective, focused on creating a dynamic and

innovative, best-in-class software product. Open
source projects can be very large, sometimes containing millions of lines of code. Although many
Are those just simple omissions and honest mistakes, or do they emerge from the lack of professionalism or expertise?
eyes can review a piece of code, there is a still pos-
A lot of it is lack of expertise or knowledge and is
sibility of some programming oversight or impair-
not malicious in its intent. This is a specialized un-
ment seeping through that allows a hacker to com-
dertaking which is why it is often best to have a

dedicated team or to use a code composition
115
analysis tool that is connected to a vulnerability da-
policy, adoption of a software request/approval
tabase.
process, establishing a base line of existing code
Is there awareness about legal issues surrounding code reuse? How often do you find yourself
explaining to developers that just because the
code is open-source it does not mean they can
use it without addressing those issues?
portfolio, and regular analysis and management of

code arriving from outsources, etc. Real-time solutions that can analyze and flag violations of the
software policy as code is checked into the corporate library, or even at a developers workstation, is
also part of the OSS adoption process. Finally, inte-
As you indicated, there is a common misconcep-
grated build analysis ensures that there are no sur-
tion surrounding open source software. Open
prises before the final artifact is shipped to the mar-
source is wonderful and accelerates development
ket.
of complex projects, as long as its use is understood and managed. We have seen an increasing
awareness of the legal obligations associated with
use of open source software. I would say that while
most developers would admit knowledge of copyright issues of any code, in practice, the due diligence associated with the copyright and the permission to use a code (conveyed in a license) is not
there.
Apart from using your services, what can companies do to ensure their code is properly managed?
Over the years, we have compiled a number of
best practices that organizations can adopt to better manage their code base. Organizations that follow our series of simple steps will have better success in managing their code. To organizations, we
highlight the components of what is called an
To software developers and project managers, we

recommend separating commercial, open source,
and proprietary code, maintaining original software licenses and folder structures, and ensuring
every source file has identifying header information. We also encourage regular scanning and
analysis using an automated software scanning solution which can significantly reduce the effort and
risks in any software-based technology organization.
Some easy steps to code management success:
Better Code Organization A systematic topdown structure clearly separates the software modules that have common compliance characteristics
and eases identification of open source software,
third-party commercial, and proprietary components.
Open Source Software Adoption process (OSSAP).
Clear File-Level Information Headers in source
This process includes establishing an open source
files are an invaluable source of information regard116
ing the pedigree, ownership, licensing, and pur-
Perhaps smaller companies are willing to take risks
pose of a specific file. Developers must retain the
and a larger organization will shy away from that
existing headers or clearly identify proprietary files.
risk. Smaller companies do not have the policies,
Audit Early and Audit Often the more frequently

organizations audit their code the better. Also, the
earlier impairments are detected and rectified, the
lower the cost of fixing the problem.
checks, and balances in place that larger companies have established when it comes to dealing
with open source software or 3rd party code. It is
often not an intentional mistake, but rather a resourcing or awareness issue. The lack of internal
You have worked across many industries, and
resources allocated to identification, tracing and
with companies of various sizes. How different is
the maintaining of open source and other third
it working with giant corporations and with
party code in a project impacts smaller companies
start-ups?
even more. Smaller companies have to work more
We have audited over a thousand software portfolios, some as small as 2,500 files, and a few as
large as 300,000 files, and we have found licensing
and security impairments, to various degrees, in all
efficiently with limited resources so often need to

build upon previous work as opposed to reinventing content from scratch freeing developers up
to focus on core business development.
of them. For example, many companies still do not
Do you have any advice you would like to share
have an open source adoption policy or if they do,
with our audience, any thoughts?
it is not communicated well within the organization. Many organizations lack the standard practice
of including an author tag and stamping their copyrights on their software files, leading to additional
effort and delays in establishing code ownership.
We found that this practice is ignored mainly by
smaller companies (up to 50% in a small portfolio),
while larger organizations have a more rigorous
process in place for standardizing copyrighted
header information.
Organizations developing quality software face

many competing pressures. We know about how
software touches every facet of our life, directly
and indirectly. The excitement around the emerging Internet of Things (IoT) is another reminder
that software will be everywhere, and every piece
of software will be connected to another piece of
software. As this interconnectedness increases, the
software applications and solutions developed by
programmers become increasingly complex, with
Why do you think smaller companies are more
growing code bases that house a mix of proprie-
susceptible to making this mistake?
tary, third party, and open source components.
117
With the increase in the complexity and size of code,
find the assessment process arduous, either because
the management of the code base becomes critical
the code portfolio is not clearly organized, or there
as does the need to identify security vulnerabilities,
is poor record keeping and an inadequate level of
ensure clear IP ownership, and comply with third
code composition documentation. The most effec-
party code obligations. Organizations that imple-
tive way to manage a code portfolio becomes regu-
ment a managed adoption of open source will see
lar audits, preferably aided by automated code scan-
accelerated development, reduced costs and im-
ning and software composition analysis tools.
provement in quality of their software. At some

point, all projects go through a software audit. Many
About Mahshad Koohgoli:

Mahshad Koohgoli has more than 25 years of experience in the technology industry. His specialty is in technology start-up businesses, having successfully managed three companies from the ground up. Previously, he was founder and CEO of Nimcat Networks (acquired by Avaya in 2005) and founder of Spacebridge Networks and Lantern Communications Canada. Prior to these
ventures, Mahshad held various technical, marketing and senior roles in Newbridge Networks, Bell Northern Research and
Nortel. Mahshad has a BSc and a PhD from the University of Sussex, England.
WWW
118
15
TOPSPIN SECURITY
Doron Kolton
CEO
Published: February 4th 2016
EMPLOYEES AND MANAGERS

NEED TO BE EDUCATED AND BE
AWARE OF THE DANGERS AND
CONSEQUENCES OF AN ATTACK
Hello Doron, how have you been doing? Would
Today, theres a general understanding in the indus-
you like to tell us something about yourself?
try that there is no way to prevent intruders from
I have been enjoying high tech for over 30 years in

different positions. Half of the time I spent in the
security arena and I find the cyber security to be
challenging and exciting with different points of
view to look at the same challenges that this industry introduces. There is always a place for new
ideas and approaches.
getting into the organization. At TopSpin, we believe that a unified approach, which combines different security engines that work in parallel to identify the attackers activity within the organization, is
the way to go. Such a combination allows defense
professionals to aggregate and correlate information gathered by multiple engines, and gain an accurate incident report. The reports that our DE-
Can you introduce us to TopSpin Security? What
COYnet system provides give a clear view of the
is it about, what do you do?
trails of the attackers, what they are after and how
Essentially, we provide a powerful deception and

detection solution that enables organizations to
quickly pinpoint malware and other cyber risks that
have penetrated their peripheral defenses. We are
they are operating inside the organization. As

such, it helps security managers understand what
theyre up against, and quickly take targeted action to eliminate the threat.
backed by very prominent investors such as
Can you tell us more about these reports? Can
Shlomo Kramer, Mickey Boodaei, Zohar Zisapel,
you give us an example of perhaps some surpris-
and Rakesh Loonkar who have founded and
ing things that may come up in a report?
seeded cyber security successes including Check

Point, Imperva, Trusteer, Palo Alto Networks, Aorato, Adallom, Lacoon and many others.
Our reports can put into use data correlation from

multiple customers networks. More often than
not, these correlations can help us to detect suspicious activity faster and minimize the time a cus-
120
tomers network is at risk or even avoid the risk
Maybe people should have more contact with
altogether. In the past, we were also able to detect
cyber threats to be more aware of them?
malicious activity and malicious source days before

they were posted on public black lists. We also
found insiders who leaked data through unauthorized channels. These capabilities give our customers a real security edge.
Security teams always have a lack of resources.

More often than not, they have to deal with products that trigger a lot of false alarms (aka false
positives) while on the other hand, theres a shortage in professional security analysts and expertise.
How does DECOYnet engage with attackers?
Thats why it is very important that we provide
How does it know who is an attacker?
them with products that are easy to deploy, require
DECOYnet takes several activities in order to engage the attackers and draw their attention. It
starts by automatically (and persistently) setting as-
minimal configuration and provide accurate, digestible and actionable information thats essential
for their analysis.
sets inside the organization that mimic the organi-
Why do some products trigger false alarms? Is
zations assets, such as the operating system, the
this a common occurrence? And how do you
file system and the applications running on those
stop it?
assets. The mimicked assets can be part of current

subnets of the organization or parallel subnets. DECOYnet publicizes the mimicked assets throughout
the network in order to lure attackers, fool them
and slow down their attack.
Unfortunately, false alarms, or false positives, are

all too common in traditional security solutions.
For example, a cautious IDS or WAF administrator
will apply a high sensitivity level, increasing the
chances that regular, non-malicious activity will get
DECOYnet additionally distributes mini-traps to
interrupted and interfere with peoples work. Us-
assets within the organization. The mini-traps are
ers, managers and customers hate that because its
fake credentials that are set in assets in the regis-
annoying and disrupts productivity. This is an inher-
try, in files on the file systems, etc. These mini-
ent weakness of any approach in which the deci-
traps are pointing the attackers into the mimicked
sion to mark an event as suspect lacks absolute cer-
systems that are spread all over the network.
tainty, and is common in prevention technologies.
It looks like you want your solution to be as

easy as possible for the end user. Do you think it
is very important to provide such solutions?
The world and the activities in organization is very

complex; there are many different tools, users are
changing their activities, etc. This causes severe
problems in prevention products. In order to iden-
121
dangers and consequences of an attack. But its up

to us, as solution providers, to give IT and security
professionals effective tools with which to tackle
the security issue, and allow their users (the company employees) to work uninterrupted in a secure
environment.
Do you have any philosophy behind the company? What is your mission?
TopSpins mission is to provide security products
that are accurate, easy to use and take into consideration the limitations that organizations are facing. We want to help our customers to stay two
steps ahead of the attackers. Were working very
closely with our customers on the direction of our
product and we are seeing great enthusiasm from
them.
tify whether activities are malicious or not, you
need to understand the context of the activities
and correlate the different events into incidents.
Without having the real context of the activities,
youre doomed to trigger false alarms.
Do you think that making simplifying usage for
the end user can result in people viewing cybersecurity as magical, and therefore driving
Do you live in Israel? And is your company

based in USA? Whys that? And what do you
think about growing cyber security market in Israel?
Like a lot of other Israeli companies, the research
and development of the products is based in Israel
while the sales, support and marketing is in the US.
them away from understanding whats really hap-
The growing cyber security activities can be re-
pening?
lated in part to several companies that started this
Well, users need to work and they cant be expected to understand the complexity of cybersecurity. Certainly, employees and managers need to
be educated and they need to be aware of the
industry in Israel and to the IDF activities which provide a sort of greenhouse where a lot of young
talent is grown. These extremely smart engineers
are not only good at developing technology, they
122
also feel they can do everything and change the
CEO and the Board regarding the significance of
world. And in a way, they do just that!
cyber security investments and plans.
Is Israel facing the same shortage when it comes
How do you think this issue can be solved? Or
to talent pool as the rest of the industry?
will it have to come to even more spectacularly
Sadly, this is an international phenomenon. Israel

has many talented engineers and security experts.
On the other hand, we have many cybersecurity
catastrophic security breaches for CEOs and

Boards to start taking this seriously without mentioning it multiple times?
companies both established as well as startups
As I mentioned, we see that awareness amongst
so while the talent pool per capita is big, so is the
managements is steadily increasing. In this respect,
competition for talents.
I am optimistic that, with time, we will see more

face in the cybersecurity world?
The main challenges facing organizations today
can be divided into two main aspects: technology
and management. On the technology aspect, today with the different communication channels in
and more investments going into cybersecurity.

However, history does prove that major breaches
especially those that are followed by negative publicity serve as a catalyst for companies (affected
or otherwise) to take action.
use within organizations and on the Internet, or-
Cyber security will be involved in all parts of our
ganizations are more interactive than they used to
life, starting, of course, with the work place, and all
be. All these new communication channels are ex-
the way to our cars and homes. In each of the dif-
tremely important for the organizations productiv-
ferent areas, one must assess the risk vs the invest-
ity but they also create an abundance of vulner-
ment to mitigate the risk. From this point of view, I
abilities that attackers can exploit in order to infil-
would concentrate on protecting the data in the
trate the organization and extract significant data.
organizations and protecting the infrastructure (mu-
On the management side, while theres a growing

awareness to risks, in many organizations, the crucial importance of cyber security is still not fully understood by all levels of management. CISOs often
nicipality, energy, water, etc.). We have to remember that the attackers will always go first after the
easy targets so not investing in protection is a
certain way to get hacked.
need to fight in order to elevate and educate the
123
Any important plans for the future that you would

like to share with us?
During 2016, we plan to continue to expand our
footprint in North America and enhance our development efforts. To do that, were growing the team,
adding more muscle to both the R&D as well as to
the sales and marketing groups.
Any tips or tricks for cyber security enthusiasts?
If you are not certain about how to start a data protection plan, take time to figure out what your most
valuable assets are and begin by protecting those
Always assume that youve already been hacked
Some protection is better than no protection
124
About Doron:
Doron Kolton, founder and CEO of TopSpin, has 30 years of managerial experience developing advanced software and data security solutions.
Prior to founding TopSpin Security in 2013, Doron was in charge of web application firewall (WAF) development as VP of Engineering of Breach
Security, a position he continued to hold after the company was acquired by Trustwave. Prior to that, Doron held a number of senior management positions including VP of R&D at Gilian Technologies, Head of the Software Department at Motorola Semiconductors (Israel) and Software
Development Manager at Radway.
WWW
125
16
SECBRO
Przemek Shem Radzikowski
Founder
Published: February 24th 2016
IF WERE GOING TO BE
SERIOUS ABOUT SECURITY, WE
NEED TO ADDRESS INTERNAL
THREATS
Hello Przemek, how have you been doing? You
tium of prominent telecommunication companies.
are definitely an interesting character. What
Since those early days, the group has deepened its
would you like to tell our readers about your-
cybersecurity R&D activities and actively works to
self?
develop emerging cybersecurity technologies.
Firstly, let me thank you for inviting me to take part
We specialize in conducting research on behalf of
in this interview. Ive really enjoyed reading some
our partners and clients: mostly financial organiza-
of your earlier ones, great collection.
tions, governments and tier 1 telcos. Our projects
Im the Chief Security Researcher and Founder at

Secbro Labs, a small cybersecurity research and
development organization. Ive been in the industry for about two decades and have had the
chance to work across the globe on key assignments with government, military, telecommunication and banking. Actually, Ive just come back
tend to tackle very specific topics which are critical

to our clients abilities to remain one step ahead of
the bad guys. I guess you can say that Secbro
Labs are a niche researcher. We solve problems in
areas where our clients lack deep expertise or
when they cant justify building their own in-house
R&D capabilities.
from China where I was helping one of our telco
Lets say a large bank wants to take the plunge into
clients improve the security of their next genera-
the cloud, but they dont trust the cloud provider
tion of products.
nor their security practices. From our clients per-
Tell us something about Secbro Labs. What do

you do?
spective, defending their reputation and the safety

of their data is just as important as overall security.
Best practices and standards are great, but our cli-
Secbro Labs had its beginnings in early 2007,
ents demand to hear not just the fancy marketing
when we were tasked to research and apply ad-
but also the hard truth from a source they trust
vanced cyber-attack countermeasures for a consor-
even if at times its bad news. Thats where we
127
come in; a trusted third party capable of conducting detailed vetting and independent research.
One of our last engagements was the evaluation of
a cloud-based virtual hardware security module
(vHSM) implementation. We formulated the attack
vectors, refined the approach and built a proof of
concept (POC) to support our assertions. Then we
set out to break it, or tried very hard to break it.
These types of exhaustive penetration tests provide the necessary validation and give rise to corresponding countermeasures. Obviously, all this happens within a controlled and sanctioned environ-
level management are aware of any pending Red
ment. Think white hat. Depending on what we
Team action. This ensures that the organization
find, we may decide to take the research further
does not pre-empt the attack by changing its nor-
and create variant attack vectors. The output of
mal day-to-day activities. Our aim is to identify
these could lead to any number of novel security
weaknesses by any means possible; the output of
solutions.
which is used to improve their defensive posture
Some of our clients are developing their own products and services both hardware and software.
Here we participate in security architecture and design phases to develop and incorporate security
and assess the effectiveness of existing countermeasures. I do admit that unleashing a barrage of
attacks and applying our trade craft with full consent from the target is a huge perk of the job.
features. Knowing that our input has helped secure
You have an interesting target market. Why re-
the next generation of our clients products is a
search and development organizations and
great feeling and we are very active in this space.
higher education partners?
At times, we may also be tasked to take on the
Naturally, we cant be experts in every field and
role of the Red Team. For those unfamiliar with the
partnering with other R&D organizations, higher
term, a Red Team is the name given to a group of
education and fostering relationships with like-
white-hat hackers who test an organizations digital
minded security specialists, gives us the ability to
defences by employing the same nefarious tech-
respond to a wide variety of problems. Individual
niques used by real attackers. Typically, only CxO
security researchers tend to be focused in narrow
128
silos they have very deep knowledge in a rela-
The aim is to give our clients the best level of pro-
tively few security domains. By leveraging our com-
tection. Knowledge and know-how are the new cur-
bined expertise and resources we are not only able
rency.
to go very deep but also very wide. Cooperation

at this level has delivered very positive results and
our aim is to have these research activities translated into applicable solutions. Partnering is very
important to us and we see it as a key element of
our long-term strategy.
Truth be told, there are a number of large and

seemingly reputable organizations who specialize
in purchasing 0-day exploits from researchers.
These are then sold on to country states or individuals with questionable motives, at a considerable margin. We dont believe in this type of a busi-
Im very aware that not every idea is a good idea.
ness model. I guess, in the end, its a question of
Some are definitely innovative, but only a few will
whether you want to improve security or whether
ever gain widespread adoption. Thats the defen-
youre in it to make a quick buck.
sive side of security. The offensive side has no such

restrictions and the bad guys definitely have the
advantage. Mitigating attack vectors doesnt al-
You are running many research projects at the

moment. What are you the most interested in?
ways come with a clear path. Sometimes you need
Thats a difficult question to answer. Ive never
to look in very unusual places and we are always
been able to slot myself into one area or another
on the lookout for fresh ideas or a new spin on old
because Im active in many domains. But if I had to
ones. At times, innovation occurs unexpectedly, or
look at our current activities Id say: stealth tech-
as a result of unrelated research activities. And so,
nologies, software defined perimeters, zero trust
we devote a large chunk of our time to studying
models, SDN & NFV, single packet authorization,
the latest research literature and frequently invite
covert channels, data exfiltration, denial of service,
individuals who can teach us something new.
side channel attacks and cloud-based deep learn-
Thats the thing about this industry, you never stop
ing.
learning.
Our clients are concerned about a number of ar-
New ideas tend to culminate in places where
eas, none more public than DDoS attacks. Getting
theres new blood and new technology, and univer-
to understand the technical aspects of DDoS at-
sities, think tanks, capture-the-flag competitions,
tacks, as well as the end goal of the attackers, can
independent consultants, disgruntled systems ad-
be exhilarating. At times, its like being inside a
ministrators and even rogue hackers, may be just
good detective novel.
the type of people with whom we wish to partner.

129
Increasingly, though, these attacks are merely a
tive. However, in the wrong hands that same capa-
smokescreen to conceal the real agenda the exfil-
bility, a set-and-forget bot, could just as easily be
tration of valuable data. While the target is busy
used to wreak havoc across the internet by autono-
dealing with the DDoS attack, a few gigabytes of
mously creating a zombie army. With almost $4
important data leaving their internal network is
million in prize money up for grabs, the incentive is
easy to overlook amongst all the chaos. Corporate
certainly there. We need to be careful what we
espionage is alive and well and in many cases,
wish for.
fully sanctioned by country states.
Thats because there is a need to put a blame on
Ive worked with the eastern powers and the
someone. Do you think that governments will
western powers and have spent enough time
be having problems dealing with responsibility
studying attacks originating from both to say that
online for much longer?
its difficult to pin the blame. There are simply too

many variables to consider and way too much
internet in between to point the finger. Saying
that an attack originated in North Korea or in the
US (or any other country for that matter) is completely unfounded. It is very difficult to discern
from the attack traffic alone who is pulling the
strings in the background. It makes me laugh when
I hear the mainstream media blame one country
over another.
I believe youre referring to the attribution problem. The first thing people demand after a breach
or an attack is to know who is responsible and on
the internet that isnt always possible. In traditional
warfare, where soldiers are deployed on the
ground, its easy to tell who is responsible by the
uniforms they wear, the language they speak and
the equipment they use. On the other hand, the
internet wasnt designed with these types of cues
in mind and it is still very difficult to track down the
Follow-up: Has anything changed since we did
responsible party. In most cases, many months of
the interview in regard to DDoS attacks?
forensic effort and multinational cooperation is re-
There has been an interesting announcement from

DARPA, which launched the Cyber Grand Challenge an all-machine hacking tournament. This
quired to get to the bottom of an attack. It is foolish to think that there is truth in statements naming
an attacker immediately after the incident.
cyber defense competition aims to discover, prove
The vast majority of attacks are never investigated
and fix software flaws, without any human assis-
past the bare essentials because coordinating such
tance. Such an automated detect and patch capa-
effort across geographic and political boundaries is
bility at the binary level is no doubt a worthy initia-
resource intensive. Only the largest organizations
130
and governments are in a position to devote peo-
can be routed through a botnet that only needs to
ple and money to finding the responsible parties.
erase the packets originating address and substi-
And yet, even these well-funded investigations fre-
tute its own to mask the true origin. This is the
quently yield little evidence. The internets relative
bread and butter of any self-respecting false-flag
anonymity (you can still cover your tracks if you
operation.
need to) and lack of accountability makes attribution very difficult.
Although there are many techniques which can

help in attributing the blame for an attack, they re-
I read once an inquisitive question on this very
quire a very high level of cooperation among ISPs,
topic. Im paraphrasing here, but the gist of it was:
telecommunication providers and jurisdictions. De-
if cars have license plates, why cant packets?
spite some progress, attribution techniques can be
Clearly, the technical facets of this are a long way
foiled easily if their use is anticipated. At best, they
off from being solved. IPv6 does permit for better
can reveal a source machine, at worst, a poor
attribution than IPv4 because it tracks the source
schmuck with a compromised computer not the
of the packet more reliably but not well enough
attacker.
to point the finger.

While attacks occur in the blink of an eye, the internet changes very slowly. Having said this, even if
IPv6 was fully adopted, an IP address would hardly
be spoof proof. Packets can be bounced through
multiple machines on their way to a target. They
You also run a blog. What do you blog about?

Yeah, the blog is called Dr.Shem a bit of forward
thinking there, considering that Im still in the process of finishing my PhD. The doctorate is very
much a work in progress and I decided to grab the
domain before it got snapped up by somebody
else.
The blog serves as a therapeutic outlet for much of
whats rattling around my head. It contains a lot of
stories and thoughts about projects, some travel
writing, experiences with different cultures, general
observations, technical guidance, security bits and
pieces, and, of course, a rant or two. I try to write
something at least once a fortnight, or whenever
inspiration refuses to let me sleep. There have
131
been earlier attempts at blogging, iterations of
Africa and the Middle East. What have you been
which are still out there on the web.
doing there and was it related to your profession?
Dr.Shem has stood the test of time and still remains
Ive spent a good chunk of my professional life work-
my go to place for things I need to get off my chest.
ing across Africa, Middle East and Asia, and they
Ive deliberately kept it neutral of any single purpose
truly are amazing parts of the world. I hope every-
because neither life nor work are ever single fac-
one gets to experience the cultures and spectacular
eted. Were all human beings in the end, with emo-
scenery. So many stories to tell.
tions and passions and talents. It was never going to

work for me had it been only a technical dumping
ground. My brain doesnt work like that and neither
would the blog had I tried to keep it tidy. All too often Ive come across well curated blogs that have
faded into obscurity and ceased to be relevant because the author has moved on in life and no longer
fits within the rigid confines set out by blogs original
subject matter. Anyway, thats my take on it.
Back when I was just starting out in the industry, I

was doing a lot of work with mining and hydrocarbon clients. At the time, I was based in Western Australia where the resources sector accounted for the
majority of economic activity. Eventually, I ended up
in Asia, based out of Singapore and working in Thailand, Malaysia & Indonesia. By the end of the 90s, I
was asked to work on a project in Nigeria. It was my
first introduction to Africa. Nigeria was still recover-
How about you? Do you think that one day you
ing from a civil war fought some twenty years earlier.
will move on in life and just leave your blog?
Corruption was endemic and a white man on the
Anything is possible, I guess. Perhaps one day someone will invent an easier, or better, way to publish
our thoughts. I dont see anything changing in the
immediate future. Its still hard to go past the written
word. Video blogs and podcasts have their place,
streets of Lagos or Port Harcourt was only asking for

trouble. There were very few places I was permitted
to visit without an armed escort. Africa was, and still
is, a treasure trove of experiences but nowhere near
as dangerous as it once was.
and I do my fair share of consuming them, but creat-
I owned a tech consulting firm that engaged in haz-
ing video or audio casts involves additional equip-
ardous geographies. No project was too difficult
ment and post-production time. Writing only re-
and no country too dangerous. These days, I would
quires a pencil and paper (or smartphone). I like the
never accept such assignments without a proper
simplicity of that.
evacuation and compensation package. Still, Id
You have been involved in many different projects

in many different countries, most recently across
probably do the same again if I was starting out in

the industry.
132
The continent was beginning to emerge as a real
What Im not so proud of is the corruption that ac-
powerhouse: governments, military and financial or-
companied nearly everything. From the customs offi-
ganizations all growing fat on the resources boom.
cials at the border to the cops directing traffic. There
They all wanted the same things: access to the latest
was little chance of moving equipment into the coun-
technology, data centres, fast networks and mobile
try without bribing someone. And if you didnt, the
communications. And of course, with new technol-
equipment would either go missing, be acciden-
ogy, there was an immense demand for infrastruc-
tally damaged or thered be so much red tape that
ture, consulting and security services. Domestic skill
the operation would cease to be financially viable.
shortage was the norm and most of the work in infra-
Ive seen a forklift be deliberately driven into
structure deployment, communication, security and
$2,000,000 worth of telco equipment simply be-
architecture was done by external contractors. What
cause the US-based importer wasnt familiar with
we did helped deliver much needed services to
how things worked. Theres always a fat cat skim-
some of the poorest people on the planet. Im really
ming proceeds into his (or her) own pocket. Eventu-
proud of that aspect of the job.
ally, though, you need to make a decision. Either ter133
minate operations and leave or stop fighting the sys-
While my family continues to be involved in long-
tem.
term ventures, my brother and I saw a window of op-
After my initial introduction to Africa, I joined Microsoft Consulting Services as a Senior Regional Architect & Security Specialist. Over the next 8 years, my
project operations expanded and stretched across
some 40 countries. In many cases, I was exclusively
responsible for architecting end-to-end systems for
entire nations. It wasnt easy, but Im very proud to
have been involved on those projects. I learned a
lot, experienced a lot and saw much of the conti-
portunity to capitalize on a small but lucrative market. One particular year, the majority of West Australian capsicum-producing farms (bell peppers, for the
non-Australians) were devastated by floods. Having
a few hectares of land at our disposal, my brother
and I teamed up to grow capsicums. I provided the
initial investment and took care of sales and marketing, while my brother oversaw day-to-day operations.
nent, but stress had a negative impact on my health.
We were smiling ear to ear for the next two years. A
In the end I got quite ill. The lifestyle had finally
typical crate of capsicums usually sold for twenty dol-
caught up with me. I decided to make some
lars but during that period we were earning twice
changes and left the company to recuperate, re-
that, on some days thrice. For a short while, we were
group and refocus.
the largest grower in the state. Of course, nothing
You also have been awarded many times And selected to represent the Young Vegetable and Potato
Growers of Western Australia on a tour to New Zea-
lasts forever. By the third year, the big boys up north

had recovered and wed lost our competitive advantage.
land. Whats that? It looks pretty weird in between all
This question isnt connected to cybersecurity
of the Microsoft awards.
why do you need a Masters of Arts, in Journalism
That seems like a lifetime ago now. I was selected to
no less?
go to New Zealand and yes, I was growing vegeta-
*Laughing* I should have known that youd be ask-
bles at the time. But its not as weird as you might
ing questions about my softer skills. The answer is
think. My family has been in agriculture for many
quite simple. Cybersecurity is a very challenging and
generations and my childhood was mostly spent
dynamic field. The security industry demands a high
amid various farms, horse studs, milking sheds, com-
level of vigilance and engagement that frequently
bine harvesters and plenty of game hunting. Im still
spills over into personal time.
very fond of the farm lifestyle, self-sufficiency and

off-grid living.
I consider myself to be fortunate that a childhood

hobby has turned into a lasting career. Of course, on
134
occasion, I still find myself tearing out my hair in frus-
foundation for many jokes. In that respect, our con-
tration. The role isnt without its pressures, and peri-
nection was on two fronts: exploring the world and
ods of stress are part of doing what I do. Its one of
writing about what we saw. Billy was a complete
those non-negotiable aspects of the job some-
technophobe but we connected on a level com-
times it feels like five jobs in one and your brain
pletely devoid of any technical discussion. Our
really needs a break.
friendship evolved and grew. His stories of a roman-
And so, in a field that demands focused concentration, Ive found that its just as important to find outlets external to the confines of ones day-to-day ac-
tic past in journalism inspired me to try something

different. Thats the journalism connection but there
is a bit more to the writing story.
tivities. I try to paraglide, hike, cycle and write, as of-
I started learning English for the first time when my
ten as possible.
family immigrated to Australia in the 80s. One of my
Ive had some amazing mentors over the years,

many within technical fields, but just as many outside. One of them, Billy,was someone who taught
me to look and experience the world through different eyes, an amazing individual who could disarm
any situation with a smile and a joke. Sadly, hes no
longer with us. But the lessons he taught me continue to resonate within everything I do. He was a
teachers advised me to keep a daily diary hoping it

would improve my vocabulary. Maybe it worked, and
I still keep one to this day. My fondness for writing
coupled with Bills journalistic experiences tipped
the scales towards the MA in Journalism. Its unlikely
that I will ever take advantage of the degree in a professional sense, but it has certainly contributed to
my personal growth.
journalist who worked for a number of prominent
How is Secbro doing? Are you facing any chal-
newspapers and had seen his fair chunk of the
lenges at the moment? Is being based in Switzer-
world. He was still pulling night shifts sub-editing
land an advantage or a disadvantage?
well into his seventies, not because he had to but

because he loved what he did.
Secbro Labs are expanding, so no complaints on

that front. Our list of clients and partners has been
Once a year, together with his group of geriatric
growing organically since we started, and we like
mates, we would pick two or three countries to cycle
that, slow and steady growth. Weve been fortunate
through. Wed pack our bikes, tents, sleeping bags
in that our performance on past projects speaks
and disappear for 3-4 weeks into the wild. Back
louder than any marketing campaign ever would.
then, I was the baby of the group by a margin of
We dont tend to engage in advertising nor do we
some 30 years the name stuck and became the
solicit business from organizations that arent already
135
familiar with our work. It goes without saying that
spending. Those two things are linked and together
trust is one of the most important aspects of doing
create a compelling business environment.
business in cybersecurity. Without trust you really

have nothing.
Attracting and retaining top talent can be a challenge, particularly in a highly volatile economic set-
Our clients and partners demand impartial and unbi-
ting. When Switzerland unpegged the Franc from
ased opinions and our research follows strict scien-
the Euro in January 2015, it sent quite a few ripples
tific methods. Some of our projects are quite sensi-
throughout the country. The Swiss Franc dropped
tive and secrecy is very important, particularly in the
30% overnight. This was great news for Swiss export-
intelligence and financial sectors. In recent years,
ers but not so great for individuals earning power.
Switzerland has been compelled to relax some of
People tend to go where they can make a better life
their secrecy laws but many of our clients still prefer
for themselves and their families its natural and
this jurisdiction. Secbro Labs are in it for the long-
you cant fight that. All we can do is hedge against
term. We not only need to protect our clients repu-
such uncertainty by expanding into euro-
tations but also adhere to ethical vulnerability disclo-
denominated jurisdictions. But even here, things are
sure practices. Maintaining that professional respect
changing. Telecommuting is becoming the norm
and trust is more important to us than any short-
and its not uncommon for an entire project team to
term gains. We arent afraid of saying No to any
be composed of individuals scattered throughout
client nor of walking away from a project when it
the globe.
threatens that trust.
The cybersecurity field is suffering from a major
Switzerland has a very long history with research and
talent shortage do you see how the situation
development. Their forward-thinking investment poli-
could be made better?
cies have attracted a large ecosystem focused entirely on furthering R&D activities. There are financial
benefits as well as access to government-sponsored
resources. Of course, that was back in 2007. Things
have shifted quite a bit in recent years. Switzerland is
still a great place to do business but there are other
regional hubs opening up with similar, and sometimes better incentives. Ireland is a good example of
a country transforming itself not only through its investment in ICT, but also through R&D per capita
Whenever there is a boom, there will always be a

short-term gap in supply. Given the recent security
incidents, its fair to say that security is at last receiving the attention it deserves. All too frequently, security was a mere afterthought, a tiny and often overlooked subset of IT. Thats slowly changing. Just look
at the number of CSO or CISO roles that have been
created recently. Security has been given the visibility it needed and a seat at the CEOs table. But for
136
every CSO, there are probably 20 other technical po-
within. Organizations would benefit greatly by identi-
sitions that also need to be filled. Security folks are
fying and investing in existing staff who have an inter-
good at what they do because of experience, and
est in security and the aptitude to raise the bar.
building such capacity isnt easy. Pushing people

through education, be it university, online courses,
self-study and certifications is one thing. Equipping
Follow-up: Would you say the talent gap has gotten wider? Have you observed any changes?
them with the level of experience necessary to make
The talent gap seems to be getting wider. Were
a significant contribution during a crisis is something
seeing a higher inflow of people from low-tech fields
altogether different.
into the growing security field. It was to be ex-
Its important to bring in the specialists when the

situation demands it, you cant do without them, but
pected, but this only makes finding the right candidates that much more tedious.
that doesnt scale over the long-term. If we are to be
You took part in our Predictions for cybersecu-
serious about security, we need to start looking at
rity in 2016 project, so we know your thoughts
building capacity from within.
about upcoming trends. Is there anything you
Whatever happened to the master and the apprentice way of passing down important skills? Appren-
would like to add? Any comments about the recent cybercrimes?
ticeships and mentorships have lost their appeal in
Too many organizations still focus their attention on
the tech industry, but I think security could benefit.
external threats. When you talk about security, or cy-
We still have them in other professions: plumbers
bersecurity, most executives still feel that the threats
apprentice, for example. I do agree that experience
are out there on the internet. And yes, of course,
cant be taught, but we can certainly teach the les-
the internet is the Wild West where pretty much any-
sons learnt: what to do when, and more importantly,
thing goes. But if were going to be serious about
why.
security, we need to address internal threats, too.
Many will argue that its cheaper to hire from the out-
Weve seen data loss prevention (DLP) systems start
side than it is to reskill or ramp-up an internal candi-
to gain mainstream adoption but, in most cases,
date. Similarly, waiting around for an internal candi-
these are woefully ineffective and poorly imple-
date to ramp-up may not fit the organizations imme-
mented; usually only to appease the standards or
diate requirements. Both may be true in certain situa-
certification body security by check box. Whats
tions. My take is that if we want a long-term solution
the point of deploying DLP when your staff can sim-
instead of a short term Band-Aid, we need to look
ply take a photo of the computer screen? Ive seen
137
companies use hot-glue guns to block USB ports be-
to invest in their people, technology or insurance
cause they were serious about security. Coinciden-
sometimes all three. Too frequently, however, they
tally, they failed to notice that each workstation was
choose the two latter examples because dealing
also fitted with an R/W optical drive.
with the human aspect of security is messy. Its so
Even when DLP is properly deployed and enforced,

there are still plenty of ways data can be exfiltrated.
People get caught up in the technology but forget
about the human aspects of security: social engineering, phishing, baiting and pretexting. Far too many
much easier to pay an insurance premium and deploy a device at the perimeter and say, There, now
were secure. Thats part of the problem. The industry still sees technology as the preferred panacea for
all security problems.
companies fail dismally on educating their staff on
People come with different aptitudes, different tech-
the social aspects of an exploit. There was a saying I
nical backgrounds, and some, just couldnt care less.
heard a while back that demonstrates this lack of so-
Are people the weakest link? Frequently. Are they
cial awareness: A young spy will try to break the en-
solely responsible for an incident? No. The good
cryption. An old spy will just steal the encryption
news is that companies are starting to improve their
keys. Relying on technology alone wont help the
internal policies and education. Mostly because in-
organization when the keys to the kingdom have
surance premiums are getting higher for those with-
been stolen.
out appropriate security training programmes.
We keep hearing that people are the weakest link
Ive lost count of the number of organizations Ive
when it comes to cybersecurity. Their lack of
worked with over the years. Conversely, I can count
awareness is a reason why many companies are
on one hand the number of organizations that me-
victims of cyber threats and attacks. Do you agree
thodically approached the human aspects of secu-
with this?
rity.
I dont want to generalize because there are many
examples where people did the right things, or

things they were told to do, and the organizations
still got hit. Its unfair to blame the individual. A company has a responsibility of providing adequate security training to their employees, period. It all comes
down to perceived risk. An organization has limited
options in how to spend its money. They can choose
138
About Przemek:
Przemek (Shem) Radzikowski is the Chief Security Researcher and Founder at Secbro Labs GmbH. For over two decades, he has worked on key
assignments with government, military, telecommunication, finance and multinationals where he was responsible for the technical excellence,
delivery and governance of highly complex Security, Cloud and Data Center projects worth in excess of $65 million. In addition to holding numerous security credentials, such as CISSP and CISSP-ISSAP, he has received an MSc in Information Systems Security, MA in Journalism, BEng in Electronic Systems and is in the process of completing his PhD in Cybersecurity.
WWW
139
17
LENZNER GROUP
Tracy Lenzner
Founder and CEO
Published: March 2nd 2016
RECRUITERS NEED TO
BE COMPETENT IN THIS
SPACE
Hello Tracy, how are you? Could you tell our
gan to escalate in the 90s, multinational organiza-
readers a little bit about yourself?
tions were building and expanding their informa-
Founder and CEO of LenznerGroup, a global provider of executive search services, exclusive to the
Security, Technology Risk and Digital Innovation
arenas. As a trusted advisor, I bring over a decade
of specialization in digital risk, by placing leaders
responsible for securing highly regulated organizations and enterprise technologies worldwide.
tion risk capabilities. During this time, LenznerGroup successfully recruited CSO/CISOs, global
leaders and practitioners in Cybersecurity, Digital
Investigations and Forensics. Today, our search
practice has grown to include Enterprise Security,
Information Security and Compliance, Technology
Risk Management, Digital Investigation and Forensics, Privacy and Policy, Cyber Defense and Threat
In your work, you deal with recruitment for
Intelligence, Cyber Law and Policy, Advisory, M&A
high-level digital forensics positions. What got
and NextGen R&D.
you into this industry?

I was attracted to security, particularly cyber, because of the industrys passion, creativity, integrity
and dedication to protect and defend. Additionally, the intersection of technology, risk and people, was (is) a complex, dynamic and universal challenge.
How would you assess the state of recruitment

in digital forensics right now?
With an exponential rise of threat vectors, terror
attacks and crime, coupled with rapid growth in
technology, high demand for qualified digital forensics experts continues. According to the Transparency Market Research, Feb 15, 2016, the global
LenznerGroup is recognized as the first (interna-
digital forensics market was worth US$2 billion and
tional) executive search consultancy to specialize in
is estimated to reach US$4.9 billion to 2021.
IT Security, IT Investigations and Forensics, senior
Given global expansion in mobile, computing, and
level recruitment. As Internet and related crime be-
other devices connecting our world, the digital fo-
141
rensics field is expected
the largest market share, due to an increase in us-
to evolve. For example,
ing digital forensics in providing evidence in a
adoption of cloud-based
court of law. Consulting services and managed
applications, along with
services providers will also continue to expand
development of new
globally, along with abundant opportunities for
a u t o m a t e d f o re n s i c s
digital forensics talent over the next decade.
tools, will expand certain

segments and create
new opportunities, particularly in the Managed
Where do you think the biggest problem lies in

recruitment for digital forensics?
Services space, and others. Areas of digital foren-
First, recruiters need to have competency in this
sic growth include biometrics, privacy, malware,
space. Knowledge about digital forensics, and re-
DOD forensics, scripting and programming, intelli-
lated domains, such as IT investigation, cybersecu-
gence or counterintelligence, Mac OS and Linux
rity, threat intelligence, software and computing, is
mobile forensics, advanced information technol-
required to effectively identify, assess, benchmark
ogy research, software malicious code behavioral
and attract talent. Second, position descriptions
analysis, advanced data analytics techniques such
and job postings are often not effective. They fre-
as investigative data linking, social network analy-
quently contain vague profiles, require skills that
sis, statistics, artificial intelligence, machine learn-
are not germane, include extensive lists and broad
ing and predictive modeling to name a few.
range of requirements, versus critical must
Where would an aspiring digital forensics practitioner, or someone looking to switch positions,
go looking for job offers? Is there an ideal space
to do that?
haves. Third, there are relatively few standard job

titles and roles, many practitioners wear multiple
hats across Digital Forensics, Incident Response,
Cybersecurity, Intelligence, Investigations, eDiscovery, Forensic Accounting, Analytics, and Compli-
Both the public and private sector, including nearly
ance. This can make it difficult to effectively iden-
every police department, is in need of trained can-
tify and recruit the right skill set. Finally, the global
didates with suitable credentials. Key industry mar-
workforce needs greater access and awareness of
kets for digital forensics practitioners include finan-
digital forensic careers and resources, along with
cial services, information technology, defense and
continuous education, training, and advancement.
aerospace, law enforcement, law firms, professional services, healthcare, education, transportation and logistics. In 2014, law enforcement held
Digital forensic specialist - how would you describe such person?
142
The majority of forensics professionals hold under-
investigations and forensics functions also report
graduate degrees, often advanced degrees, numer-
into Corporate Security and therefore, share a simi-
ous technical certifications and training in digital
lar reporting structure, as well as attorney-client
forensics and related fields. Their backgrounds fre-
privilege. Corporate investigations and Information
quently include government, law enforcement and
Security are generally separate divisions, however,
defense industry experience. Digital forensics tal-
they often share dotted lines of communication.
ent is typically passionate about technology, com-
Depending upon the industry, size of organization
puting, the legal system and justice. The forensics
and sector, there are some CISOs who are responsi-
space has three main areas: collection and preser-
ble for information-related investigations and foren-
vation of digital evidence, analysis and extraction
sics.
of information from digital evidence, and interpretation of digital evidence to gain insight into key
aspects of an offense. As a result, digital forensics
requires right and left-brain thinking, by combing
Do you think there are misconceptions - or perhaps differences of opinion - about what qualifications forensic examiners should have?
through well-developed analytics, qualitative and
Overall, there is a wide range of prerequisites and
quantitative reasoning, strong project manage-
position requirements for forensics experts, from
ment and problem solving acumen. Lastly, these
education, training and professional certifications,
individuals are typically detail-oriented and meticu-
to experience level, industry and career trajectory.
lous in using forensic tools, investigative methods,
Second, forensics specialization(s), domain exper-
and documentation of time sensitive, confidential
tise, and other competencies can be highly fo-
information.
cused and/or broad. Third, functions often overlap
What is the status of forensics in private companies? Does it have a place within IT departments, or within corporate security? Isnt that
division outdated a little bit?
other roles and disciplines, such as incident response, investigation, threat intelligence, digital
forensics and cybersecurity, to name a few. As a result, it may be difficult for organizations to effectively recruit and retain talent in this competitive
Great question. Traditionally, internal (corporate)
field. Finally, there are some common misconcep-
investigations and forensics, generally reports into
tions about forensic roles and criteria. For exam-
the Chief Security Officer (CSO), Chief Legal Coun-
ple, digital forensics and eDiscovery are not the
sel, Global Risk Leader, or C-Suite. Corporate inter-
same role. They provide different functions, but
nal investigation is protected by the attorney-client
are mistakenly used interchangeably by some. As
privilege. With that said, the vast majority of digital
such, increasingly, a majority of litigation focuses

143
on electronically stored information (ESI), which
Given the competitive marketplace and complexity
can be retrieved through eDiscovery and/or digital
in digital forensics, organizations need to establish
forensics. However, data collected in eDiscovery is
relevant career tracks, challenging roles, opportu-
not always accessible on a computer and can be
nity for advancement, attractive compensation
limited. Therefore, digital forensics is often needed
packages, venue for continuous training and
for deeper recovery and autopsy of a hard drive.
growth around advanced technologies, and dedi-
There are also key differences in how information

collected is presented. eDiscovery usually results in
a factual report, developed for a legal team; a digital forensics expert may be required to present
findings and provide expert testimony in court.
cated efforts to recruit and retain talent. In addition, flexible hours, as well as remote roles, are particularly attractive to forensics professionals. Students and individuals interested in entering digital
forensics, and/or who have computer experience,
such as coding, computing, analysis, engineering,
And then? Whats next on a digital forensics ca-
related class work, education, training and/or re-
reer path? Is there such a thing?
lated degrees, might be ideal candidates. Addition-
Given the complexity of technology and global

threat expansion, digital forensic professionals with
domain expertise will continue to be in high demand in both private and public sectors worldwide. Overall, the digital forensics market is cur-
ally, soft skills, including project and team management, stakeholder engagement, business acumen,
flexibility, and strong written and verbal communication skills, are critical for individuals seeking leadership roles, relevancy and advancement.
rently divided among mobile device forensics,
Do you see any difference between men and
cloud forensics, network forensics, database foren-
women when it comes to building a career in
sics, computer forensics, and others. In 2014, com-
digital forensics?
puter forensics accounted for the largest market in

both criminal law and private investigations. LenznerGroup recently conducted an independent
search of digital forensics opportunities. Our research indicates there is significant increase in new
job titles, as well as a growing trend for subspecialty, digital forensics specialists across many
industry sectors.
Overall, the talent gap in cyber is causing serious

problems globally. Raytheon and the National Cyber Security Alliance (NCSA) commissioned the
study Securing Our Future: Closing the Cyber Talent Gap, which surveyed young adults ages 1826
in 12 countries around the world. The study revealed a gender gap, with females trailing when it
comes to cyber education. In the U.S., 74 percent
of young women and 57 percent of young men
144
said schools did not offer the skills that are needed
Limitations in corporate staffing resources can sig-
to pursue a degree in computer sciences.."It's
nificantly exacerbate talent acquisition in digital fo-
just woeful that we don't have anywhere close to
rensics. Internal recruiters and generalist search
the number of women we need in the cyber work-
firms, often lack experience and knowledge in re-
force. Cybersecurity today is masculine, and de-
cruiting digital forensics experts, and in many
fense is as well. We want to drive to change that,"
cases, this can delay procurement efforts in hiring
said Paul Crichard, head of cyber intelligence for
qualified candidates by months, along with un-
Raytheon UK. "The best cyber professionals are
wanted risks and exposure for organizations need-
often hidden amongst the masses. They just
ing this talent. Moreover, not understanding the
haven't been made aware of what cyber is and
digital forensics practitioner, sub-specialty do-
whether they will suit it."
mains, key nuances and career incentives, can
Advancements in technology and computing have

created a new space for digital crime and global
thwart successful recruitment efforts and/or retention.
threats. As a result, there will be continued global
Increased competition for experienced digital fo-
demand for qualified digital forensics and cyber
rensics professionals, especially with mobile de-
risk professionals regardless of gender. Organiza-
vices, Cloud and Internet of Things (IoT), will con-
tions are seeking qualified and dedicated individu-
tinue to expand worldwide. Cybersecurity pros
als who are committed industry professionals. All
are most likely to leave to find more challenging
areas of digital forensics require specialized skill
work, better pay, and more flexible working
sets, deep industry knowledge and experience
hours, accordingly to Javvad Malik, security advo-
across law enforcement, defense, research, con-
cate at AlienVault, the author of the report in CSO
sumer or corporate environments. Government,
News, 1/26/16. Office location also played an un-
defense and consulting in this space (either full-
expected role in employees' decision as well. Ac-
time employees or private contractors) also require
cording to the survey, 34 percent of cyber profes-
certain minimum training standards, drug testing
sionals would leave for a different job if they could
and security clearance.
get more challenging and exciting work. Better
How about the recruiters? What are the most

common yet terrible mistakes and the most overlooked opportunities?
pay was in second place at 23 percent, followed

by flexible working conditions at 17 percent.
How will digital forensics field evolve, in your
opinion?
145
In 1984, the FBI launched the Computer Analysis
multiple digital domains (e.g. digital forensics, in-
and Response Team, and the following year, the
vestigation, cybersecurity, technology, law, privacy,
British Metropolitan Police fraud squad created a
compliance, policy, and risk), sub-specialization
computer crime department. This was the begin-
certifications and experience (cloud, mobile, IoT,
ning of the Computer Forensics field, now referred
Big Data and certifications like Hadoop, Horton-
to as Digital Forensics. Currently, digital forensics
works, MongoDB, Splunk, Cloudera, EMC, IBM,
includes Computer forensics, Mobile device foren-
HP Vertica, Oracle, SAS, etc.), awareness and rele-
sics, Network forensics and Database forensics.
vant understanding of the latest security threats,
These key areas require additional domain exper-
emerging trends, knowledge of laws, industry regu-
tise, experience and certifications relating to the
lations, international privacy and standards, policy
investigation of various types of devices, media or
and compliance requirements, and involvement in
artifact and/or industry. Globally, sub-specialty fo-
professional associations and industry groups,
rensic and cyber experts will continue to be highly
working groups, webinars, research, white papers,
sought, particularly around biometrics, robotics,
conferences and networking for all levels.
artificial intelligence, behavioral sciences, international privacy, and Internet of Things, etc. The 21st
Resources include:
century has already entered the new age of Third
Training & Certification Programs - The Interna-
Wave Computing (embedded solutions intuitive
tional Society of Forensic Computer Examiners
computing, aka intelligent systems). Our techno-
(CCE Certification), International Association of
logically driven, physical and digital intercon-
Computer Investigative Specialists, The SANS Insti-
nected worlds, will bring exponential complexity
tute offers forensics, cyber and related courses in-
and advanced risk, creating new disciplines and ca-
cluding Forensics Global Information Assurance
reer opportunities for digital forensics, investiga-
Certifications (GIAC), Intense School has a Com-
tion and cyber professionals globally.
puter Forensics Boot Camp, to name a few. Areas
Finally, do you have any advice for those among

our readers who would like to advance their career in digital forensics, despite their current position?
of focus include cryptography, forensic analysis,

computer networks, investigation and incident response, malware, mobile device security, ethical
hacking, cloud computing, management and accounting fraud. In addition, forensic software pro-
Know thyself. Most careers in digital forensics re-
vider experience is essential. A wide range of open
quire continuous education, training and profes-
source and vendor software and tools is available,
sional growth. This field requires a desire to learn
in conjunction with training, certifications, and

146
products designed for digital forensics, cyber secu-
cialists (IACIS), High Tech Crime Investigation Asso-
rity, security analytics, and eDiscovery. In addition,
ciation (HTCIA), Silicon Review, ASIS International,
digital intelligence, investigation tools, and re-
Information Systems Security Association (ISSA),
search are also critical. For example, the Computer
International Information System Security Certifica-
Forensics Tool Testing (CFTT) project at the Na-
tion Consortium (ISC)2, Information Systems Audit
tional Institute of Standards and Technology
and Control Association (ISACA), International As-
(NIST), and Carnegie Mellon University develop re-
sociation of Privacy Profwssionals (IAPP), Globl In-
sources, training, tools and research for law en-
formation Assurance Certification (GIAC), among
forcement and related communities.
others.
Certifications Best Computer Forensic Certs for
Digital Forensic Science - For Practitioners, Aca-
2016, according to Toms IT Pro, October, 2015:
demics, and Researchers, among others. Digital
Certified Computer Examiner (CCE)

Computer Hacking Forensic Investigator V8 (CHFI)
Certified Forensic Computer Examiner (CFCE)
Certified Forensic Examiner (GCFE) & Certified Forensic Analyst (GCFA)
CyberSecurity Forensics Analyst (CSFA)
Forensic Science offers a broad range of resources

that include: Organizations, Computer Forensic
Blog, On-line Challenges, Software and Hardware
Vendors, Regional Computer Forensics Laboratories, Digital Forensic Forum, Videos and Research:
http://www.digitalforensicscience.com/associations
/
Women in Digital Forensics - Although women
Publications - eForensics Magazine, Forensics
today comprise more than half of the U.S. profes-
Magazine, Digital Forensics Magazine, Legaltech
sional workforce, they only play a small role in infor-
News, CyberSecure News, Journal of Digital Foren-
mation technology (IT). According to the National
sics, Security and Law, International Journal of Fo-
Science Foundation (NSF), women constitute 28%
rensic Computer Science, ALM Legal Intelligence,
of the Science and Engineering workforce.
Dark Reading, CISO Magazine, CIO Magazine,

eWeek, Computerworld, SC Magazine, CyberWire,
and others.
The National Institute for Cybersecurity Careers

and Studies (NICCS) provides a description of resources in cybersecurity, computer science and
Organizations & Associations - International Soci-
technology fields. Women in Cyber Security (Wi-
ety of Forensic Computer Examiners (ISFCE), Inter-
CyS) and The Womens Society of Cyberjutsu
national Association of Computer Investigative Spe-
(WSC) are among the groups listed. Both are 501C

147
organizations that provide programs for young students to adults that promote networking, education,
mentoring, resource sharing, internships, research
and career opportunities:
https://niccs.us-cert.gov/home/women-minorities
DF Women - Bridging the gap between genders in
Information Security, is a relevant blog for women in
digital forensics and related fields. Its authors, who
are currently earning BSc (Hons) in digital forensics,
discuss their backgrounds and provide articles and
abstracts on Computer Crime, Network Security, Social Engineering, Criminology and Computer Forensics: Women in Digital Forensics blog:
https://dfwomen.wordpress.com
148
About Tracy:
Tracy Lenzner is founder and principal of LenznerGroup, an executive search consultancy, exclusive to the Security, Technology Risk, and Digital
Innovation arenas. For over a decade, Tracy is recognized for successfully placing tier I executives, responsible for securing global organizations
and enterprise infrastructures, including mobile, Cloud and IoT. She brings a proven record partnering with a broad range of stakeholders, helping to harness cyber talent across the complex landscape of risk, security, and digital domains. Tracy brings over 18 years of expertise in executive search, business development and consulting, deep industry knowledge, and an elite network of global influencers spanning business, government, defense, academia, and investment community.
WWW
149
18
CYBER BLOG INDIA

Rachiyta Jain
Co-Founder
Published: April 2nd 2016
PEOPLE ARE SO UNAWARE

ABOUT CYBER CRIME AND
SOMETHING HAD TO BE DONE
Hello Rachiyta, how have you been doing? Can
have a dedicated WhatsApp helpline service which
you introduce yourself to our readers?
keeps our followers posted on the go and often
Thank you Marta, first of all for getting in touch. I

am the Co-founder of The Cyber Blog India and
pursuing an undergraduate course in Integrated
B.Tech Computer Science Engineering + LLB
(Hons.) with specialisation in Cyber Law. I am engaged in various activities like legal consulting,
people contact us for guidance if they themselves

or someone they know needs help. Recently, we
also started a documentation drive under the
name My Cyber Crime Story to create a database of real life stories of cyber crime victims. You
can find the page on Facebook.
technical and legal writing, blog management and
The start was a little rough because being stu-
public speaking.
dents, we werent taken seriously for our offline en-
Tell us something about The Cyber Blog India.

Is it only a blog?
gagements. However, within first 6 months, we

won our first National Award, The Cyber Blogger
of the year 2015 after which we picked up pace
The name The Cyber Blog India gets everybody
with our offline activities. I then won a state award
confused. We started as a blog initially but went
from the Chief Minister for my work with Cyber
on to expanding in other directions as well. We at
Blog India for contributing in women safety and
Cyber Blog India are of the opinion that Aware-
education. This womens day I was honoured by a
ness and sensitization is the key to cyber safety.
National newspaper and on 15th March, 2016 The
Thus, apart from blogging, we go to schools, col-
Cyber Blog India won the Social Media for empow-
leges and organisations right from grassroots to
erment awards in online Safety Category across en-
urban areas spreading the word about how to stay
tire South Asia. All awards and recognition are
safe. We offer consultancy services to advocates,
purely an outcome of team effort and have been a
police and people in general and in fact, we have
constant source of motivation.
trained law enforcement agencies in India. We

151
Is the cybersecurity blogging scene active in In-
point that he got the domain and started Cyber
dia? Any other websites you could recommend,
Blog India. And the next moment, I remember I
besides your own, that the rest of the world
got a call from him, I am starting a blog and you
should be watching?
are writing with me. It took me time to decode
With Digital India revolution running in full swing

across the nation, the frequency of cyber security
bloggers has seen a rise. The problem arises with
the technical jargon often used, which a layman
fails to understand. This is what we at The Cyber
Blog India keep particularly in mind while drafting
any post. Cybermum India is my personal favourite
what he was saying and up to, but we started writing gradually. Initially, writing was tough with researching but then you get hold of it. Then we
called schools in our towns, offering free workshops and managed to get a few. With time, we
got five more people joining us doing different
things. Today we are a team of seven.
and I would recommend every parent to follow it,
I believe cyber security is a problem of a virtual
the reason being issues covered and language.
world which knows no leaps and bounds. We
Anybody with basic understanding of English can
wanted to start with a small step and focus on In-
understand the author.
dia, considering the lack of awareness. However,
Where did the idea of establishing such a blog

come from? Your posts are in English, so why India, not a The Cyber Blog Global or something like that?
Nitish Chandan, our founder, and I were working
with Gurgaon police under the able guidance of
Mr. Rakshit Tandon when we actually saw the condition of cyber crime in India. The number of cases
the majority of issues we address are universal and

hence our readers. The name is so just because we
need people from India to read as we believe the
basic level of cyber awareness is not up to the
mark here.
Could you tell us about those first trainings you
provided? Were they what you expected they
would be?
everyday kept the police on their toes all the time.
Our initial training sessions were for small groups
Thats when we were determined that this one
of 20-30 people. We ourselves were a little scepti-
month of learning shouldnt go in vain. People
cal about how much of what we had to tell they
were so unaware about cyber crime and some-
knew before hand and we were not let down at all.
thing had to be done. We tried contacting people
As expected, people knew close to nothing of
to organise awareness sessions but it didnt work
what we delivered. Everybody was scared at first
out. Later in December, Nitish was restless to the
but that wasnt our purpose and we discussed how
152
staying alert and following simple tips can help

them stay safe. Our helpline was flushed with queries and appreciation post session which served as
a motivation. Not just that, we have been recalled
for sessions in these places too.
What do you think is the level of cyber security
in India?
On the infrastructural front, we are good, not the
best I would say. But when it comes to people,
there is a long way to go. In metropolitan areas,
the situation is still better. The major problem is
grassroots and thats why we at CBI focus in such
ously in the field. There are individuals training the
areas.
police in urban areas. As I said before, the focus is
People give out their ATM PINs over the phone to

strangers. Nobody has an idea of what just happened when they fall prey to skimming attacks. Or
less on rural areas but I believe not long before

these areas are approached as well. Maybe it is because the figure of crimes reported is far less here.
leave that, when such things happen they dont
The biggest injustice to your online presence is
know where to report. When they go to lodge an
a guessable and same password for multiple ac-
FIR, they get turned away because the police
counts I found it on your page. Nowadays we
nodal at grassroots are unaware that legislation for
have so many different accounts, social media,
such crimes exists. The first step is to tell people of
mails, storage apps How can we remember all
how to keep themselves safe. This naturally re-
of those passwords?! What do you think about
duces the victims.
this problem?
Are there any top-down initiatives in India that
Haha! I didnt know that was coming. Those lines
aim to help with this problem, or is the grass-
that you pointed out specifically have a funny back-
roots movement more active? Maybe its the
ground. Nitish is a passionate writer. He would
other way around?
keep writing and saying quotes like he is the next
We have cyber security enthusiasts at the organisational level as well as individuals working vigor-
big thing. We were travelling back from college

one day when this one broke on me and my first
reaction was, what crap do you keep coming up
153
with? But now when I think about them, they per-
pockets. So with time, after establishing a name
fectly encapsulate the meaning and I am pretty
and being recognised, we started charging for a
sure he will pat himself on the back when he reads
few services we offer, however, the majority of
this because I never appreciate him to his face.
them are free of cost.
Coming back to your question, passwords are the
But all that we earn goes into the betterment of
most elemental form of security offered by each
the blog and adding more services. For now, no
platform. They are prone to simple brute force at-
money goes into our personal pocket. All seven of
tacks which can crack an obvious password within
us are working as volunteers in it. Later, we do plan
seconds. If not that, a little social engineering
to take a professional approach and incorporate
would do. For problems like these, we have appli-
servicesand products which can earn us money.
cations like LastPass and Keeper. You can store

passwords of multiple accounts secure here and all
you need to remember is one complicated master
What is the biggest challenge such a blog has to

face on everyday basis?
password. You can now have unique complicated
Staying up to date with happenings around the
passwords for each account which are difficult to
techno legal domain is one of the biggest chal-
crack. Other applications, like Google Authentica-
lenges. We have to constantly keep ourselves up-
tor and Duo Mobile, add a second layer of security
dated to give something new and of interest to the
to your accounts. You can use these with whatever
reader.
accounts they can be synced, Gmail and Facebook

are a few to name. So now even if you shout out
your password on the road, no one can access
your account without the code in your phone.
Time is another issue. Attending college from 9 to

5, loads of assignments, tests and quizzes already
take up so much time that sometimes taking out
time to write gets very difficult. Not to forget we
As I noticed on your LinkedIn, The Cyber Blog
try and create our own infographic with the posts.
India is your volunteer work. Do you think you
And I personally review each and every post that
could earn money running a cyber security
goes up on the blog. We are a small team and eve-
blog? Or is it hard and will instead stay as a
rybody is constantly working beyond their comfort
hobby?
zone doing multiple tasks. So yeah, at times a tad
The blog did start as volunteer work but with time,

we realised it was a lot of money and we, being all
students, couldnt continue to empty our parents
bit difficult but when you really want to do something, I guess you keep it rolling and constant motivation and support from the team does help.
154
Has the blog helped you with your studies at

any point?
We have not learnt from books as much as we
have learnt while blogging; I think this one statement very much conveys it all.
Do you have any plans for the future of the
blog?
We actually have lots of future plans for the blog.
This April, we turn into a company and then try to
expand our services. The Cyber Blog India will thus
be one of many projects under the company
name.
Is there is any piece of advice you would like to
give our readers (especially Indian ones)?
When generally asked this question, I can go on
chanting everyday security tips everyone should
abide by but for now I will keep it short and sweet.
The Internet is a pretty thrilling environment to be
part of. Its like this drug you get addicted to and
with time it takes a toll on you. Its way more complicated than it seems so dont just learn to use the
Internet, learn to use it safely. You can refer to our
website: www.cyberblogindia. We are also present
on various social media platforms where you can
follow us. Till then, stay safe!
155
About Rachiyta:
AWARDS AND HONORS
Awarded Cyber Blogger of the Year at International Conference on Cyber Crime Control by Mumbai Police, IIT Bombay, Asian School of
Cyber laws and Maharashtra Government (2015)
Appointed Cyber Cell Ambassador of Saharanpur by Senior Superintendent of Police Saharanpur, Mr. Nitin Tiwari (2015)
Awarded Mahila Shiksha Suraksha Award (Womens Education and Safety Award) at district and state level by UP Government and Hindustan, a national newspaper for professional achievements in cyber safety (2015)
Winner, Social Media for Empowerment Awards in Online Safety category across South Asia. (2016)EDUCATION
WWW
156
19
HEXIGENT
FORENSICS
Jason Green
Co-founder
Published: April 22nd 2016
DONT HIDE BEHIND

THE MYSTERY
Hello Jason! Thank you for doing this interview
of his career dealing with technology crime and
with us! Could you introduce yourself to our
fraud. Its a great synergy and one which brings our
readers?
clients some unique perspectives. We focus on
Hi, and thanks for the opportunity to talk forensics

with you today. Im a partner here at Hexigent Consulting and so am involved in all aspects of our
business. I have a 25 year background in digital investigations and information security, and have
built and managed digital security and incident response teams for a variety of organizations here in
digital forensic and investigative matters across all

industries and, while our backgrounds lend themselves to broader topics in the cyber security landscape, we consciously elected to focus on digital
investigations. Were both immensely passionate
about what we do and feel that the demand for
true investigative specialists is ever increasing.
Canada, and in the UK. Finally, Im a hands-on fo-
The first thing anyone sees on your website is a
rensic examiner so am actively involved in most
motto: Digital Forensics. Demystified. Can
cases that we deal with.
you explain that? What exactly needed demysti-
What is Hexigent Consulting? What does the

company do?
First and foremost, were a digital forensic company that primarily services the Greater Toronto
Area. My partner Ryan Duquette - and I come
from very different backgrounds, but joined together when we found that our views on how
things should be done were identical. While I was
focused on corporate and civil matters, Ryan
comes from law enforcement where he spent most
fying?
A great question. Everyday a new cyber security
incident or challenge is being reported in the media, and the solutions being brought to market to
address those are also cropping up at nearly the
same frequency. Security companies are diversifying their service portfolios to meet their client demands and its becoming a real challenge for clients to know who to call, for what, and when.
When conversations do occur, it can be tough to
158
identify those who are truly able to help vs those
In your opinion, what will it take to get to a
who think they can, or are motivated by the oppor-
point when security professionals are comfort-
tunity of a sale. We talk to our clients a lot and
able with the level of cybersecurity awareness
asked them how they felt about it, and one com-
around them? Is that at all possible?
mon theme kept cropping up they told us it

could be confusing and that they werent always
confident in the advice they were getting. With
that in mind, we set out to take the challenge out
of the forensic, investigative, and response components of security by taking a completely transparent and truly collaborative approach. Every time
we speak to a client we put ourselves in their
shoes. We challenge ourselves to speak their language, truly understand their situation and provide
relevant options and suggestions. Were completely open in all of our practices and dont hide
behind the perceived mystery of digital investigative work. Our contracts are in plain language,
I think there are two views here. Firstly, true cybersecurity professionals acknowledge and accept
that the security and threat landscape is changing.
Every. Single. Day. It is a herculean task to try and
stay abreast of trends, solutions, technologies,
threats and risks. While the foundation of how we,
as an industry, deal with security is fundamentally
the same (we have something we want to protectlets put something relevant in place to keep
it safe), the top layer (how we actually do that)
evolves continually. That evolution forces a continual adaptation in awareness. Its a never ending cycle, and one that is moving at breakneck speed.
weve built a straightforward cost model and we
Secondly, we need to consider the awareness as-
never, ever spring any surprises. We dont sell any
pects for the clients we serve. This is one of the
products and are completely vendor neutral. Also,
most challenging things in security right now. Cy-
if a client finds they need some additional security
ber threats have become incredibly advanced and
services we will recommend people weve worked
they no longer rely purely on digital surfaces to get
with before (and trust) and connect our client di-
access to systems or data. The interconnected na-
rectly with them. We dont resell any services and
ture of our personal and professional lives has re-
we only do what were really good at. This ap-
sulted in the weakest link usually being people.
proach has worked really well for our clients and
While social engineering has been around for a
more than one of them said we had demystified
long time, the lengths to which threat actors go to
the whole process. That word really resonated with
are immense. Open source intelligence (OSINT)
us, and so it ended up front and center on our web
hunting is being used in combination with the
site.
more traditional, and likely illegal, methods to

grab as much data as possible about businesses
159
and their staff and then scrutinized to determine who would likely be the best target, or what chain of people would be needed to be involved in transferring a
payment. This is done by cross referencing data from private and professional
sources including social media, personal phone records, business aspects, bank
records and whatever can be found out on a system level. Ideally, all companies
and individuals need to be continually updated on how best to manage their digital lives and what they need to be on the lookout for, but this obviously takes time
and effort and as quickly as they are informed of the current challenges, the bad
guys come up with a new approach.
Hexigent is a Canadian company. Are there any differences in the cybersecurity field between Canada and the United States that you see?
Much like other sciences, the methods and approaches taken in the digital forensic space are universally accepted and, for the most part, everyone is using similar
tools and looking at data or digital artifacts which exist on the same platforms and
are manipulated using the same applications. That being said, the way in which
Photos: Ryan and Jason
the forensic community work with the private and public sector varies country to
160
country. For example, in the UK its not uncommon
men to move cleanly through the process, ulti-
for law enforcement agencies to outsource aspects
mately being able to stand in court and confi-
of digital forensic work to suitably qualified civilian
dently give evidence.
organizations. Here in Canada, thats not really accepted at a cultural level yet. Policing agencies
here have massive (and ever growing) technology
crime backlogs, and their typical solution is just to
hire and train more sworn officers to focus on digital forensics, something which takes a lot of time
and resources. The US space is very similar to ours,
however, the public way in which the FBI v Apple
matter was played out has gone some way to raising public awareness around protecting data. US
citizens are now placing more focus on securing
their information in light of potential privacy con-
Secondly, we look for fresh minds who want to

grow. We seek some fundamental capability in the
technology field, but more importantly a passion
and drive for exploration and creativity, and a
strong attention to detail. We want to work with
people who feel as passionately about doing the
right thing for our clients as we do. We can teach
the technical aspects, but that underlying drive
and enthusiasm is whats vital to us as it builds examiners and investigators who approach problems
in unique ways.
cerns. Id speculate that digital forensic investiga-
With such polar opposite requirements, we havent
tors are likely to have a more challenging time go-
had any challenges at this time. Were a small, fo-
ing forward as data and device level encryption
cused company and so dont need to hire many
starts to be used more widely. While this will likely
people or do it very frequently.
have similar effects around the globe, its most noticeable stateside, given that both parties involved
were US based entities and media coverage was
immense.
Was Hexigent hit by the talent pool shortage
that plagues the digital forensics field?
When you consider recruitment, what is more

important: experience or education? Is it the
same when doing the work comes into play?
A combination of both experience and education
makes someone a good candidate for a job in
both the digital forensic and cyber security fields.
Thankfully, not yet. We have two distinct types of
That being said, there is a shortage of qualified
hire. First, we look for the experienced profes-
candidates in this industry who have both educa-
sional someone who can deal with every aspect
tion and experience. At Hexigent, we not only of-
of a case. Someone who understands how to work
fer training and skill development for candidates
collaboratively with clients, manage their and our
with limited education in this field, but also pair up
- risks, and have the technical and business acu-
junior staff members with more senior members for

161
mentoring and skill enhancement. Ultimately, the
of forensic science, including the analytic and struc-
individual who performed any investigative work
tured thinking aspects together with the common
may have to stand in a court and give evidence, at
methods used to generate, validate or negate hy-
which point both their overall experience and their
pothesis, (b) the technical components to ensure
formal qualifications may be challenged.
that file systems and data architecture are well un-
Do you think that certifications will continue to

play a huge role in digital forensics education?
I do, however, as careers in cyber forensics and security continue to be in demand, there are an increasing amount of organizations offering certifications. Many of the certifications offered in this industry are excellent, teach people the required
skills and are well recognized in the industry (e.g,
CISSP, CFCE). The addition of more certifications,
which basically are the same as others, dilutes the
value of all certifications.
What is the role of formal education in building
a career in digital forensics?
derstood, and (c) the methods and challenges that

are present in digital forensics today. Having these
types of principles in place will likely allow a candidate to truly explore all areas of digital forensics.
Digital forensic experts often times have to be
knowledgeable in many different areas of cybersecurity - they have to be analysts, penetration
testers, investigators, and many other things, all
at once. Do you think that makes digital forensics a bad place to start a career?
I dont see it as a bad place to start, rather something you have to be very passionate about if you
want to succeed. You need to be willing to put in a
lot of time and effort, and continually update your-
Formal education is an excellent way to enhance
self on the latest methods and techniques. That re-
skills, however, it shouldnt be confused with expe-
quires discipline and, if youre just starting out, you
rience. I see a lot of fresh graduates (at both the
may not be in a position to keep up with all of
undergraduate level and higher) finish their de-
these elements.
grees and expect a high paying role because of

their educational experience. Similar to certifications, students should choose the programs and
schools that have courses that can provide them
You and your business partner Ryan Duquette

come from very different backgrounds. Can you
tell our readers more about that?
with the broadest experience. From a digital foren-
Ryan spent about 15 years with a local Law Enforce-
sic perspective the focus should be on the funda-
ment agency, and during his time there worked in
mentals. Ideally, formal education should give stu-
many areas including Frauds, Internal Affairs, Foren-
dents experience in areas such as (a) the principles
sic Identification and the majority of his career

162
working in the Technological Crimes Unit. During
Between both Ryan and I, we cover all ends of the
this time in TCU, he worked on hundreds of digital
cybersecurity spectrum. Our common skills are in-
forensic cases from homicides, to fraud investiga-
vestigation and digital forensic examination and
tions to Child Pornography cases. It was during
were both very passionate about what we do.
those years in TCU that he realized that he was pas-
Hexigent exists so that we can provide these serv-
sionate about digital forensic investigations. After
ices as efficiently as possible and, as the security
leaving the service, he worked as a digital forensic
landscape evolves, clients can turn to us to for ad-
consultant, and also worked as the senior manager
vice and services that will help them make the
of forensics for Magnet Forensics - a well-known
most informed decisions.
Canadian software company who make one of the

most commonly used forensic tools.
Ive been involved in investigations and cyber security for 25 years. Like most security professionals
with that level of experience in the industry, I fell
into the space. Starting as an investigator with a
technology education, I became someone who
was frequently asked how digital activities could
be reviewed. While the digital forensic tools
werent commonly available then, I had to truly understand file systems and improvise where necessary. I then moved into more formal IT security and
information security roles and found that blending
technology with investigations was really interest-
What do you think is the biggest difference between digital forensics in private sector and public sector?
Many members of law enforcement do not deal
with clients per se and often have more time to
conduct investigation than those in the private industry. The term leave no stone unturned can
often not be achieved during civil cases as the
scope of the investigations are often very focused.
Most law enforcement investigations are worked
on until it is determined there is enough evidence
to proceed to trial. For the most part, there are not
strict time limits attached to criminal cases.
ing. As my career progressed, I gravitated towards
The other main difference is the result of the inves-
understanding more about how people and tech-
tigation. Obviously, most LEA investigations are to
nology work together, and what footprints are avail-
prove a criminal charge, while private cases often
able at a granular level. The last 10 have been in
find evidence for civil litigation, reducing the risks
the big 4 type cyber security consulting space
for an organization and other mitigating factors.
where Ive held several varied roles; strategic and

tactical security consulting, leading incident response and forensic teams, and performing digital
forensic investigations.
What do you think would be more challenging switching from law enforcement to a private
company or the other way round?
163
I asked my partner, Ryan, about thoughts on this
I think the same one which has been building for
as he came from a law enforcement background.
the last few years, that being education. By that I
He mentioned that there are two main challenges
mean that forensic examiners have traditionally
when moving from working in law enforcement to
had to identify what was performed on a system,
a private company. The first being that within law
when the action was taken and ideally by whom.
enforcement, the agencies main goal is obviously
While its accepted that examiners will always state
to reduce crime, but also to assist in gathering evi-
fact and not broadly opine, its now expected that
dence to prosecute offenders. Most digital forensic
they will fully contextualize findings. This is nothing
practitioners in LE do not deal with external cli-
new in itself, however, the knowledge required to
ents as they are tasked with assisting other investi-
be able to contextualize technical data from, e.g. a
gators within their respective service. One of the
complex breach analysis, and then articulate that
main aspects of being a forensic practitioner (of
in a meaningful way that can be interpreted by the
any kind) is to remain unbiased in ones work and
technical and business teams, is getting harder. Its
present the evidence regardless of the outcome of
expected that examiners will have hybrid skills in-
the matter. This is often challenging within the
cluding penetration testing, application develop-
realm of law enforcement as there is pressure (from
ment, risk management and fraud capabilities.
other investigators, prosecutors, upper manage-
While people who have been in the industry for a
ment) to solve a crime or put someone behind
significant period do pick up a number of those
bars.
skills, its obvious that those now entering the field
The second challenge when moving from working

in law enforcement to the private realm is not having judicial authorization to conduct certain investigations. For example, many law enforcement
investigations can request (by a production or
other judicial order) the subscriber information, or
information from a third-party (Google for example) without significant challenges. This is much
harder to do within private investigations.
wont have them, and I believe they might have a

more challenging time. They will either end up focusing on one type of forensic area (incident response, litigation support, eDiscovery) and not be
able to grow past it, or will become a jack of all
trades but a master of none. Ultimately, finding the
time to stay up to speed with the many diverse areas that are now becoming required reading is
going to get harder as advancements in digital
services and activities generally keep moving for-
What is, in your opinion, the biggest challenge
ward at an aggressive pace. These advancements
digital forensic professionals will have to face
will lead to greater complexity in applications, sys-
this year?
tems and data structures which, in turn, will ensure
164
examiners and investigators need a broader knowl-
every day, are resulting in greater impacts to organi-
edge base.
zations and individuals on a more frequent basis. Try-
Follow-up: More than halfway into the year, do

you stand by your prediction? Has anything
changed?
ing to stay abreast of these and rapidly implement

preventative measures is incredibly difficult. The
good news is that its starting to move thinking from
compliance based the traditional model for secu-
I believe what we discussed earlier in the year still
rity - to risk based and forcing people to figure out
holds true. Looking at the industry as a whole,
the best way to protect their data based on its value,
though, there seems to be a broad shift towards cy-
and not just take a blanket approach.
ber forensics which, by definition, really emphasizes

the need to have a diverse skill set. Additionally,
when we reflect upon the last 12 months overall, we
see a marked increase in the amount and complexity
cyber security attacks. This is leading to organizations refining their security solutions and tools, which
in turn is resulting in forensic professionals needing
to become familiar with the way in which these all
work together and, more importantly, being able to
rapidly determine what information they capture, in
what format, and how best to analyze and interpret
the data sets they create. No longer is dead box
forensic the norm. The live analysis of smart security
systems in combination with real-time activity on operational systems is becoming commonplace.
From an industry side, its as mentioned in the previous question. The diversification of skills required to
be a true cybersecurity professional is slowing down
the growth of resources. Its resulting in some highly
capable veterans, but also meaning that folks entering the field typically have to focus on one area to
start with. The demand is also driving salaries up dramatically and so being able to build a truly competent team in a business, or hire a consulting firm, can
be a massive investment for businesses.
Follow-up: How has your perspective changed?
Im broadly going to stick with the same previous answers as we continue to believe these are still the
greatest fundamental threats. Additionally, were see-
What is the biggest threat that cybersecurity has
ing more complex attacks against industrial control
to deal with right now?
systems. Utility providers continue to be prime tar-
From a technical perspective, its the growth of APTs

(Advanced Persistent Threats) in combination with a
diversification of the types of threat actors involved.
The complexity of attacks and broadening of the attack surfaces, which are becoming less obvious
gets as the threat actors recognize that power disruption, for example, can have both immediate and
long term effects. On a more positive note, though,
our industry recognizes this, which is resulting in businesses and government organizations developing
165
operational and investment strategies to counter the
and business life (something that will take some
threat.
time) wed speculate that the threat actors will take a
How will the threat landscape evolve?

Hard to predict precisely, but its safe to say that the
innovation and evolution in the technology space
will lead to threat vectors expanding. For example,
greater interest in disrupting them.

How do you think the field will look a year from
now? Will it be much different?
I dont foresee drastic changes. I think more compa-
the internet of things, autonomous vehicles, aug-
nies like Hexigent will appear ones who specialize
mented and virtual reality are all demonstrations of
in doing one aspect of cybersecurity exceptionally
what can be done with todays technology. They will
well. Were also likely to see significant investments
make our lives easier somehow and, if welcomed by
from large consulting firms who want to provide all
society in general, will be adopted into corporate
encompassing security services. The threat land-
environments somehow. That adoption will lead to
scape will diversify and the impacts will be more dra-
exploration of their potential misuse by motivated
matic. Over the last 12 months or so weve seen car
threat actors. Ultimately, that will lead to the surface
hacking, power grid disruption and continual sensi-
attack areas and threat targets expanding.
tive data leaks be reported in the common media.
Follow-up: Seeing that answer, are your predictions coming true in any way?
Threat actors are likely looking at these and considering whats possible. For example, they may to start
to focus more on greater impact activities such as
Were seeing rapid growth and explosive invest-
financial destabilization through bank service disrup-
ments in VR and AR at the moment, together with a
tion, or perhaps the use of subtle techniques to
varied array of companies announcing innovative
adapt election results to shift the political landscape
smart devices/tools/vehicles that all share common
of a country. All of this will result in forensic practitio-
protocols and are all talking in one digital ecosys-
ners and digital investigators having to be highly
tem. Of course, we recognize that innovation is usu-
adaptive in their approach, well informed on threat
ally based on a unique function, or set of functions,
vectors and impacts, and really prepared for any-
being brought to the market, and were huge sup-
thing. Itll be a challenging and interesting time for
porters of pushing boundaries, however, we also
anyone in digital investigations.
know that when function is the primary driver, security is usually a distant second. We havent seen ram-
pant attacks in those spaces as of yet, however as

these things become more commonplace in social
166

Were steadily growing. At the request of some of our enterprise clients, weve
started to provide security assessment services that can measure the overall security posture of the business, or just certain aspects of it (technology, risk, governance etc..). This came about as a natural extension to our common review of the
SPECIAL EDITION
FOLLOW-UP
response capability of clients post incident. Were really lucky to have some
great clients who were pushing us to help them in this space, and so were in the
process of formalizing the offering as a service to everyone. Basically, were evolving to meet client needs.
Its broadly the same, however, experienced resources are becoming hard to
find. Were hearing this from everyone. Corporate clients are seeing the value of
the type of services our industry provides, and are heavily investing in building
internal capability to deal with the cyber issue. Of course, as a shortage of qualified staff appears, the value of those in the market goes up. This is driving salary
levels up rapidly, which in turn may result in the cost of providing services to increase. Hexigent was designed with efficiency front of mind, and so we have no
plans to increase our rates, however, we know others in our industry that already
have. In the long term, this may result in a knock-on effect whereby clients having to increase the cost of their own products and services. When we consider
the overall increase in cyber security investment, it may well transpire that the security efforts of some private organizations may be a major contributing factor in
the determination of pricing for their own products and services. Thats not
something weve really seen before as security and digital forensics have traditionally been back room services overseen by IT/technology teams.
How has your point of view on forensics changed?
Outside of my earlier comments, Ive been looking closely at the delivery side of
our business. Where we (and others Im sure) mainly used a handful of commercial tools as our primary go to products for most of our work, were now spend-
167
ing considerable time with open source tools and technologies that will allow
us to build specific solutions to address our clients needs. Were seeing great
value for our clients as were creating efficient workflows for specific types of
forensic examinations. Its not something that was really focused in the past,
but the growth of storage media sizes, and the ever complex cyber security
challenges have resulted in a different approach being needed. Were very excited about the research and development were doing, and the feedback from
our clients has been great! Were seeing great benefits of open source and
commercial solution, working in unison, to be the way forward for all aspects of
what we do as an industry.
About Jason:
Jason Green is a Partner at Hexigent Consulting, a digital investigation and forensic services company based out of the Greater Toronto Area, He
is an experienced security professional with a proven record in the delivery of strategic security services and has operated internationally in the
information/cyber security field for over 25 yearrs. He works with clients to assist with tackle digital investigative matters, develop and execute
strategic plans, identify and address security and technology issues, and respond to incidents, with a view to reducing risks and optimizing efficiencies. His experience includes digital forensics and investigation, governance, risk and compliance, operational security, penetration testing,
physical security, social engineering, and controls design and review.
WWW
168
20
IRONSCALES
Eyal Benishti
CEO
Published: May 21st 2016
ALWAYS STAY ON TOP OF

THE RECENT THREATS. BE
VIGILANT. STAY SAFE!
Hello Eyal, how have you been doing? Can you
vative, out-of-the-box solutions to fight targeted
introduce yourself to our readers?
cyber-attacks, doing more of the same which is
Sure, my name is Eyal Benishti, Im the founder

and CEO of IronScales, and I have been a passionate cyber security researcher from a young age,
breaking things for fun out of curiosity.
Can you tell us something about IronScales?
IronScales is first and foremost a team of out-ofthe-box thinkers and excellent executors on a mission to help organizations fight phishing attacks.
As you probably know, phishing is the no.1 vehicle
to drive malware inside a company, so we are eager to make this channel significantly less attractive to the bad guys.
Sounds great! How important is out of the box
thinking or creativity and innovation in the cyber security world? Do you think professionals
from the industry are innovative? Are they missing any skills?
what traditional solutions are offering is simply

not enough. Companies are spending millions of
dollars on cyber solutions and still get hacked.
CEOs are losing their jobs for not being well prepared for this battle.
Innovation is the only way to fight back and disrupt
this market.
Why have you decided to focus on phishing
while establishing your company? Or is your solution fighting with other types of attacks as
well?
During my last years of research, prior to IronScales, I noticed that the vast majority of malware
brought to my desk for research was delivered using email. At that time, I saw research by Trend Micro showing that 91% of all attacks on enterprise
networks are the result of successful spear phishing. As a malware analyst and reverse engineer,
We are currently talking to many CISOs of large
and knowing how malware works inside out and
and small companies all over the world. As profes-
how easy it bypasses traditional solutions like an-
sionals who deeply understand the need for inno170
tivirus, I decided to focus on solving this particular

big problem.
Currently, we closely study other social engineering techniques, like Smishing, used by cyber
criminals as were working on the next generation
of our solution.
We are going to unveil some of it at the upcoming
Info security conference in London next month.
Smishing? Sounds interesting! Can you disclose
a tiny part of this project to our readers or is it
still top secret?
tacks. They can automatically trigger mitigation action by using our proprietary report as a phishing
As mobile devices are becoming a standard work
button. Creating champions is a proven way to in-
tool, we see more and more attacks exploiting
crease employee engagement, turning employees
these devices with social engineering scams
into an active layer of cyber defense.
through SMS messages.
Once malware has found its way to a mailbox, time
We have both short- and long-term plans to help
is of the essence, because these guys pivot and
organizations fight this emerging threat. Soon we
hide quite fast. On an average day, the standard
will be launching our very own Smishing simulator
company security team is receiving many more
to help organizations assess their employee aware-
events than they can handle, so we have come to
ness about such attacks. As for the next step after
conclude that mitigating cyber threats in general,
that, thats still a secret.
and phishing in particular, must be automated, giv-
I found out about you through the newsletter

with your IronScales Mitigation Report. What is
the report about?
The report is based on data we have collected
over the past year showing our unique approach of
leveraging what we call champions, the most
vigilant employees who spot ongoing phishing at-
ing security analysts more time to analyze suspicious emails at peace, knowing that our system is
making sure these emails are quarantined for future deletion or release. This is exactly where
crowd wisdom works best.
We have heard a lot about intelligent solutions
or self-learning platforms. Is it something like
171
Ironscales team:
Back right: Yaniv Elbaz
Back left: Ortal Raz
Front, right to left:
Eyal Benishti
Itay Blogorodsky
Amit Bar-On
Sharon Tourjeman
that? Is the program able to learn all of the threats on time since new
ones are appearing every second?
Yes, we are working on extended self-learning capabilities to fight these
ever-emerging threats and be able to respond automatically and extremely
fast. The combination of self-learning and human intelligence was recently
proven to be the most efficient way to fight cyber threats.
You are another cyber security company from Israel. How do you feel
about it? Isnt it getting to crowded up there?
Definitely quite a lot of cyber solutions are coming from Israel. The invaluable knowledge and expertise coming from elite cyber security units, like
8200, is creating the right eco-system for innovation in this particular field.
Cyber security is a big problem with many angles, which requires many creative solutions.
You started as a software developer. What pushed you towards cyber security?
172
Cyber security and hacking is something I have
We see it happen every day. Company employees
been doing since I was young, but there wasnt a
across verticals like banking, finance, or even ship-
mainstream for white hat hackers at that time. I
ping are reporting suspicious emails, triggering im-
found that being a software developer, or forward
mediate mitigation of the attacks, most times while
engineer, as I like to call it, is an essential part for
the security team is handling a different event for
reverse engineers and cyber specialists. In general,
the company. Employee accountability for the com-
knowing how cyber-criminals think, act, and code
pany security is increasing dramatically once man-
is an essential tool for those who are building de-
agement communicates it correctly.
fense solutions.
Sun Tzu, the author of The Art of War, which I am a
big fan of, once said
Why have you decided to patent your solution?

What is your other patent?
For us, the patent was first the opportunity to write
To know your Enemy, you must become your En-
down and convince ourselves that what we are do-
emy.
ing is innovative, which is the first condition to
Is there is any philosophy behind your company?

At IronScales, we believe that the company employees are a huge asset and not liabilities, as
some security professionals consider when it
comes to cyber defense. We believe employees
should take an active part in protecting the company from cyber-attacks. Its up to the company to
have your patent granted. Its a unique opportunity

to articulate what is so special and ground breaking about our technology. Patents help us make
sure we are not becoming a me, too company.
On the more technical side, its our way to protect
our IP and make sure we can freely operate in that
field, avoiding patent trolling and some other issues that might come.
give them the necessary skills, training, and eventu-
Are there any challenges your company is facing
ally the incentive.
at the moment?
Thats true. But do you think it happens in com-
Challenges are there every day. Cyber criminals are
panies not related to cyber security at all? Is
moving fast, re-inventing themselves all the time,
there is an awareness between people working
and looking for new ways to monetize, steal infor-
in different industries? Are they being trained
mation or cause any other kind of harm. These
and do they actually care about creating a not
guys are super smart and are, in some cases,
secure environment in company they work for?
backed by governments. This poses a huge chal-
173
lenge for us and many other cyber defense compa-
is the best of the real intelligence out there their
nies.
brains!
The cyber security domain is very noisy, and we
Make sure you utilize this invaluable asset, for your
are working hard to make sure our solutions are ris-
own good.
ing above this noise bar.

Any plans for the future?
Be vigilant. Stay safe!

We have many plans and ideas on how to tackle current and trending threats. Some of them are already
under development, and some are still on the future
roadmap. If we have learned one thing about being
a cyber defense company, its that you cant plan too
far. You must be super agile and be able to pivot all
the time and execute quickly to stay ahead and
come to market with relevant solutions.
Great that you have mentioned current and trending threats. What, according to you, is the biggest
current threat? What can we expect in the nearest
future?
Ransomware is definitely here to stay. The amounts
asked for will rise for sure. This is, and will stay, the
first choice for many cyber criminals looking to
monetize.
Do you have any piece of advice for our readers?
Always stay on top of the recent threats. Make sure
you cover as much as you can and have plans in
place for disaster recovery.
Make sure your employees are aware of the limits of
the technology in place and that non-AI technology
174
About Eyal:
Eyal Benishti CEO/Founder
Eyal has more than 10 years experience in software R&D for both enterprise and startup companies. Prior to establishing IronScales, he served
as Security Researcher & Malware Analyst at Radware, where he filed two patents in the information security domain. He also served as Technical
Lead at Imperva, working on the Web Application Firewall product and other security solutions. A passionate cyber researcher from a young age,
he holds a degree in Computer Science and Mathematics from Bar-Ilan University in Israel.
WWW
175

Eforensics BestInerviews OPEN PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Eforensics BestInerviews OPEN PDF

Uploaded by

Copyright:

Available Formats

THE TEAM

Enjoy your reading,

Cyber Blog India

inspect the responses of the servers they are attack-

gence. Can you explain how the system differen-

ing. Because our intelligence does not happen on

tiates between normal and malicious activity? Is

the customers servers but on our side we also get

it just statistical similarity to other events, or is

access to much larger computing powers and ulti-

there something else to it?

mately a holistic view of an actors behaviour over

We use various techniques for judging and ranking

her whole lifespan.

The second part is a comparison with known signa-

It is quite funny to see the divergence of opinions

tures. Whilst we dont believe signatures to be effi-

it has with us about what might constitute abnor-

cient in the modern world of security they do serve

mal behaviour. Even though we are influencing its

a purpose for us which is helping the machine

learning and inflicting bias (not unlike a parent),

learn about known malicious behaviour.

most times the engine discovers very small behav-

We also randomly select sequences of interactions

ioural changes that we dont catch and in a sense

the whole behavioural lifecycle of an actor and

An interesting fact is that many of our learning

models are based off of the insurance industry with

For instance, if ten attackers are distributed around

survival and risk modeling. Some other models are

plenty of really clever learning techniques in vari-

based on statistical analysis and fit of the data to

ous fields that can be used.

What was a bigger challenge: finding models

A better fit means a stronger belief.

Do you think artificial intelligence and machine

Every predictive model used in a single decision is

curity functions and the operations function of the

assigned an importance-value (similar to human

organisation. The processing power is there, meth-

biases). This is the engines belief system. If two,

ods can be borrowed from other fields, and we

three or five models disagree, their importance-

now understand that design is primordial to prod-

value decides which model has more klout than

ucts. It shouldnt be about outrunning hackers

the others. The weights are dynamically assigned

creativity but more about developing systems that

ings to the users in a meaningful and non-

at the moment and its all up to us to make the

Do you think that this divide demands a major

Barricades philosophy states that security is a

reorganizational effort to fix, or will changing

strong differentiator between companies. Can

our attitudes suffice?

you elaborate on that point?

This is a question that I ask myself quite often and

The answer is twofold.

always come up with the same answer.

The first is that by investing and developing a

The problem is not the organisations attitudes.

security-aware culture it shows your customers that