Innova veness and Competence
Most
Influential
Strengthening the Security of Businesses
Business
Leaders in
Paving the Way
The Liberty in security
CYBER
Security 2 22 CEO
Vigilant Asia
Victor Cheah
Building Trust to Protect YOU from Cyberthreats VOL-04 | ISSUE-17 | 2022
www.insightssuccess.com
Editor’s Desk I
magine using a social media site for fun. You share your private pictures, videos, and other personal things with your friends and family. You may believe it is safe to do so because it is solely between you and your pal. Spoiler alert: you're wrong!
Cyberattacks: Just the Tip of the Iceberg
Someone could be accessing your private data, possibly on the other side of the world, watching the photographs that only your friend is supposed to see, and you have no idea. Spine-chilling, isn't it? If your data is stored anywhere online, even in a private chat room, it is prone to be abused by cybercriminals. This reminds me of the famous data breach with the social media platform Facebook. In 2019, Facebook suffered a massive security breach, exposing the personal information of over 500 million members. The database was rumored to have been publicly available on the Dark Web for nearly two weeks. Such occurrences highlight the necessity of Cyber Security since our every move is now captured and stored someplace, making it critical to protect our sensitive data. Cybercriminals are becoming more and more inventive in the types of cyber-attacks they perform against businesses each year. Businesses must invest in and focus more on their Cyber Security frameworks, as a lack of attention to it can be harmful to your company's assets in various ways. Economic and regulatory expenses are two of them. Theft of intellectual property, company information, and the cost of fixing damaged systems are all factors to consider. Regardless of size, all businesses must guarantee that their employees are aware of cybersecurity hazards and know how to mitigate them. Training regularly and a structure to work with should be part of this to reduce the chances of data leaks or breaches.
The cyberattacks we are seeing today, in my opinion, are only the tip of the iceberg, and there will be more to come. We, as humans, have no idea how severe cybercrimes can be or how they can alter our daily lives. Governments, businesses, educational institutions, non-profits, and other organizations require a Cyber Security framework to protect their information. As the number of cyberattacks is surging, so does the appeal of the Cyber Security specialty. To combat cybercriminals, the world needs more Cyber Security technologies and updated solutions, as it is hard to predict their next move. Featured on the cover of this edition, “10 Most Influential Business Leaders in Cyber Security, 2022,” is Victor Cheah, the CEO of Vigilant Asia, a leader who is delivering world-class Cyber Security solutions to combat the threats of cybercriminals. Learn about the contributions of such personalities in the Cyber Security world by exploring more similar and exciting stories. Read our editorial staff's writings and the CxO perspectives of some of the industry's top executives to gain insight into the field. Delve in!
Sonali Dhiwar
Sonali Dhiwar
sonali.dhiwar@insightssuccess.com
Contents Cover Story
08
Victor Cheah Building Trust to Protect YOU from Cyberthreats
ARTICLES
30
Innovativeness and Competence
36
Paving the Way
Strengthening the Security of Businesses
The Liberty in security
Ari Jacoby
14
Democratizing Cybersecurity
A Profound Leader Ensuring the Security of Your Critical Resources
18 Elena Elkina
Debra Baker
A Trailblazer Focused on Securing Your Privacy and Data
22
Bringing a Sustainable Approach to Data Privacy
26 Kavya Pearlman
A Cyber Guardian for Extended Reality
A Fearless Veteran Educating Future Cybersecurity Experts
40 Mathieu Gorge
48
32
Lori Sussman
A Passionate Leader in Data Security, Compliance, and Risk Management
Safeguarding SEAS from Cyberthreats
Nitesh Sinha
Greg Taylor
44 Nir Ayalon
A Rising Phoenix Safeguarding YOU Digitally
52
Editor-in-Chief Pooja M Bansal Managing Editor Anish Miller
Executive Editor Sonali Dhiwar
Assistant Editors Jenny Fernandes
Visualizer
Art & Design Director
Associate Designer
David King
Shyam Sonawane
Sonia Raizada
Senior Sales Manager
Business Development Manager
Kshitij S
Peter Collins
Marketing Manager
Sales Executives
John Matthew
David, Martin
Technical Head
Business Development Executives
Jacob Smile
Steve, Joe, Saurabh
Technical Specialist Aditya
Digital Marketing Manager Marry D'Souza
SME-SMO Executive Atul Dhoran
Research Analyst Frank Adams
Circulation Manager Robert Brown
Database Management Stella Andrew
Technology Consultant David Stokes
sales@insightssuccess.com April, 2022
Follow us on :
www.facebook.com/insightssuccess/
www.twitter.com/insightssuccess
We are also available on : Copyright © 2022 Insights Success, All rights reserved. The content and images used in this magazine should not be reproduced or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission from Insights Success. Reprint rights remain solely with Insights Success.
Most
Influential
Business Leaders in
CYBER
Security 2 22 Featured Person
Company Name
Brief
Ari Jacoby Founder and CEO
Deduce deduce.com
Deduce is focused on democratizing cybersecurity, risk and fraud technologies.
Debra Baker Director of Information Security
RedSeal, Inc redseal.net
RedSeal through its cloud security solution and professional services helps government agencies and Global 2000 companies.
Elena Elkina Partner & Co-founder
Aleada Consulting aleada.co
Aleada is women and minority owned privacy and information security consulting firm.
Greg Taylor CEO
Sertainty sertainty.com
Sertainty Corporation is a Nashville based technology company.
Kavya Pearlman Founder & CEO
XR Safety Initiative xrsi.org
XR Safety Initiative is a worldwide not-for-profit charitable organization focused on promoting privacy, security, ethics in XR domain.
Lori Sussman Assistant Professor
University of Southern Maine usm.maine.edu
University of Southern Maine is a public university with 8,000 undergraduate and graduate students taking courses online and at campuses in Portland, Gorham and Lewiston-Auburn
Mathieu Gorge Founder and CEO
VigiTrust vigitrust.com
VigiOne enable organisations to achieve and maintain compliance with legal, industrial and security standards and frameworks.
Nir Ayalon CEO
Cydome cydome.io
Cydome provides award-winning cybersecurity and protection to the maritime industry.
Nitesh Sinha Founder and CEO
Sacumen sacumen.com
Sacumen specializes in working with Security Product Companies.
Victor Cheah CEO
Vigilant Asia vigilantasia.com.my
Vigilant Asia is a Managed Security Service Provider offering a full range of cybersecurity solutions and services.
COVER STORY
Victor Cheah CEO
10 Most Influential Business Leaders in Cyber Security, 2022
Victor Cheah Building Trust to Protect YOU from Cyberthreats
Protect YOUR organization against the threats of today and tomorrow.
A
professional journey that began in 1992 that shone over the decades achieving several milestones; serving every business with one essential aspect: trust, Victor Cheah has made his mark on the business world. Today as the CEO of Vigilant Asia, Victor is keen on delivering world-class security services tailored to protect your organization against the threats of today and tomorrow. Insights Success caught up with Victor to find the most influential business leaders in the cybersecurity niche. We interviewed him to know about his remarkable journey that has now curved towards securing people's future from cyber threats. Unveil his three decades climb up the ladder! Oncoming Strides Victor dabbled in several industries going through various challenges to found Efficient E- Solutions, which initially was a mail insertion business. However, when the opportunity struck during the Asian financial crisis, the company tapped into document management. After the financial crisis, the regulators in Malaysia started to allow financial institutions to outsource their non-core activities, non-decision-making activities, managing sensitive documents (printing), which gave Victor a leading start. He states, "The sensitivity part about it is that the data confidentiality becomes paramount in all things. So, the bank has to trust you, right, for them to pass on - while it's a non-decision-making, but I think it was a critical enough mission within their system that they needed to make sure that the partner they choose." Victor's path to success spanned over the next 20 years, expanding one customer at a time until 2016, when he decided to sell the business that grew, covering 80% of the market share in the financial services sector in Malaysia.
client 24/7/365, operating at the highest level keeping its team on their toenails to deliver streamlined solutions. Victor's farsighted vision of a digital world and its potential problem and solution birthed Vigilant Asia. When the pandemic hit the world, it accelerated the demise of paperless, giving rise to remote work culture and several security threats. Vigilant Asia could have tapped into an array of stuff. However, the technology changes rapidly; thus, with his team, decided their next step to prevent these threats with innovative solutions that identified and resonated with the company's DNA of trust. Victor notes, "We're not here for the overnight success; we're here for the long haul." He wants to build a strong practice, simultaneously making a name for Vigilant Asia. He found that 95% of the market talking about digital transformation lacked one crucial ingredient; they did not understand security enough. He intends to be a cybersecurity partner inside a large organization. They offer visibility compared to substantial vendors, service providers,or the MDR space, having expensive setups lacking visibility towards micro-enterprises requiring resilience. Victor aims to achieve this goal, ensuring to educate the space enough to move forward to creating service packages that are best at a reasonable price. Making the Mark Despite being a relatively young company in the space of cybersecurity as compared to other peers in the niche, Vigilant Asia has imprinted its name and volume by building the stack around best practices, reaching out to global certification bodies like CREST, going beyond the standard requirements of traditional cybersecurity practitioners. Since its inception, the Vigilant Asia team realized that much bigger branded CIOs research people's reports. So, it started engaging with Gartner, receiving feedback from the analysts following the global guidelines, focusing on the deals creating more vital branding.
The Next Chapter Victor believes that success comes to the people committed to the cause. This value was carried with his team, supporting Victor in his cybersecurity drive with Vigilant Asia. He maintains the consistency and integrity with everything that Vigilant Asia offers, resembling its slogan "Name you can trust," becoming one of the critical success factors for its success. Vigilant Asia is committed to its
Vigilant Asia has associated with Microsoft in Malaysia as managed partners, constantly improving to deliver unique solutions focused on security stack., increasing its capability to get essential deals with Microsoft. Additionally, Vigilant Asia is partnering with large organizations and has onboarded two telcos in Malaysia to push its mobile-security solution.
We are an award-winning Managed Security Service Provider and the only CREST accredited and exter nally validated SOC in Malaysia.
provider worldwide, aspiring to be on the upward trajectory keeping up with the latest trends and expanding its brick-and-mortar as a homegrown cybersecurity company that will reach out beyond the shores. Focused Approach Victor advises aspiring entrepreneurs to stay focused on the objective. He says, "It's not only in cybersecurity but also across any other industry. People try to be focusing on too many things. But every time we do that, we need to remember to pull ourselves back to the center. It's always easier to see things from the center than to be too left or right. It's always good from the center."
He notes, "We believe in the Partner Channel's relationship because a lot of these partners, they have their relationship with their customers, in which we may need time to build. I think working through partners is always going to be important your net can be cast a lot wider." Planning Ahead Vigilant Asia is the only company in Malaysia that provides mobile threat defense support, covering the whole spectrum of the digital journey, moving from blue teaming to red teaming solutions as a service. It strives to be a top service
Victor continues, "You get a better overall view of where you are today. And staying focused is one of those key aspects of success for any business. It's evident in the space in the West, as far as cybersecurity companies are concerned, all the recent big guys who have gone listing, they have stayed focused on one area. Obviously, no one cybersecurity company in the world can tell you they have solutions for every problem." "That's where we come in and say, No, you don't need to have the product, you can buy the services, and someone like us will be able to put it together and provide you with the whole nine yards," concludes Victor.
Ari Jacoby Founder & CEO
10 Most Influential Business Leaders in Cyber Security, 2022
Ari Jacoby Democratizing Cybersecurity
I
n our endeavor to find “Most Influential Business Leaders in Cyber Security, 2022”, we crossed our paths with Ari Jacoby, the Founder and CEO of Deduce. We got into conversation with Ari to learn more about how he and his team at Deduce are protecting businesses and their consumers from identity fraud threats while simultaneously creating more secure, frictionless experiences. Below are the highlights of the interview: How do ATO attacks work? Account takeover (ATO) attacks take place when fraudsters gain access to a victim's account and leverage that access in order to steal funds, information, rewards/perks, make purchases, or leverage application functionality for other forms of intended gain. It is an unfortunate condition that a plethora of static identity data has already been breached due to massive historical attacks, and the availability of such data on the dark web continues to flourish. This static identity data extends beyond credentials, often linking static credentials with digital fingerprints. These readily available attributes enable an adversary to extend techniques beyond credential validation attacks, leveraging fracture points such as account recovery processes or access to an individual’s email account to successfully complete their attacks. As more complete data attributes about an individual become available and linked over time, this results in decreased complexity and cost required to successfully execute ATO and makes this form of fraud more attractive to bad actors.
www.insightssuccess.com
Modern techniques by attackers undermine the intended goals of friction. If identity and authentication controls predominantly rely on static data to prevent ATO, an organization is at a longer-term disadvantage. How does the Deduce solution address this ATO risk? Deduce has created the Deduce Identity Network, a consortium of over 150,000+ participating websites and apps with the objective of sourcing the maximum amount of real-time activity data for a given user as they traverse the internet. Its intent is to specifically rival the visibility and scale only previously seen at internet giants and to commercialize an offering for risk teams.
“We build developerfriendly tools that empower businesses to do their part to keep their users and communities safe.”
April 2022 | 15
Email, etc.), trust signals (Familiar Network, Familiar Device, Familiar City, Familiar Activity, etc.), or scores for simple ingestion into a risk engine. The Deduce Identity Insights solution is intended to be used as a high fidelity approach to identifying suspicious activity while decreasing unnecessary friction. Deployed as an API, Insights is consumable in any risk engine, CIAM, or application stack. Deduce is typically consumed at registration, authentication, checkout, and risk moments such as change of primary contact (email, phone). 2. Customer Alerts — Deduce sends an Alert — typically a first-party branded email, asynchronously, on behalf of the Deduce customer — to their end-users on suspicious logins to enable a proactive stance against ATO. Customers are prompted to confirm or deny the activity. A negative selection will cause all active sessions to be terminated and proactively enable a user to reset their credentials. How does your team keep track of aggregate historical data to support your solution? Deduce’s system is designed to correlate event-level telemetry data, augmentative data sources, and first-party feedback data, to create hundreds of data features on a datadriven platform. We derive these insights by deploying code directly to user touchpoints across the web while aggregating information in a secure, encrypted, and privacy-compliant environment.
With over 450M unique identity profiles and collectively generating in excess of 1.4B daily interactions, Deduce sees the majority of the U.S. population transact in real-time, several times a week — based on four principal threat vectors: device, network, geography, and activity. Built on top of the Deduce Identity Network, Deduce offers two solutions to combat ATO fraud: 1. Identity Insights — Risk & Trust signal data to empower risk teams with a dev-ops friendly approach to managing identity/authentication risk. The data includes telemetry from real-time activity information packaged into risk signals (Impossible Travel, Device Downgrade, Unfamiliar Device, Previously Unseen
16 | April 2022
Historical features used in our model provide predictive analytics on user behavior based on access patterns — devices users leverage, geographies they sign in from, networks they frequent, security preferences (privacyconscious individuals typically leveraging VPN, for instance), and activity across the web. This visibility facilitates dynamic, real-time responses to human behavior while stopping fraudsters and bad actors in their tracks. For instance: Ø
If a user is seen successfully authenticating at dozens of websites from a new city in the last day, it can be inferred that the user is traveling. Deduce’s system reference against successful ATO (from its first-party Alerts and from network behavior) before providing this insight to the enterprise.
www.insightssuccess.com
Ø
If a given IP that has been shown (and confirmed by third-party sources) to be a benign residential IP node suddenly sees a spike in high-authentication failure rate paired with many new attempted usernames, it can be inferred that there is malicious activity (typically indicative of compromised node).
Deduce recognizes that risk data is continuously evolving and maintains a rich solution that provides user metadata, trust and risk signals, and scoring, providing never-seen-before data and explainability to security/fraud forensics teams. Powering a long list of use cases, Deduce’s customers use this technology to solve an array of cybersecurity problems, such as: verifying that the user behind the screen is really who they claim to be, optimizing user experiences by removing authentication friction, or stopping fraudsters at authentication. Tell us more about how intelligence is used to power your processing algorithms? Deduce’s greatest strength is the ability to correlate device, network and geographical information against a particular account to build predictive telemetry about the expected behavior of an individual. Using a combination of statistical, unsupervised, and supervised machine learning models, this allows us to understand the specific characteristics of specific actors and imposters over hundreds of data features in the digital world. For example: Ø
Ø
Ø
Statistical data features establish baseline behaviors across the dimensions of activity, network, geography, and device, in the context of individual activity. This creates a basic understanding of a particular user’s behavior. Unsupervised machine learning models observe user activity in real-time, continuously determining trust and risk factors to facilitate immediate cybersecurity responses to quickly evolving threats. Supervised machine learning models augment Deduce’s understanding of particular fraud profiles, blending fraud feedback data with observances across the network, to surface specific threat actors.
www.insightssuccess.com
Using a fully horizontally and vertically scalable deployment model, Deduce is able to process billions of transactions daily while maintaining blazing-fast response times across its cloud infrastructure. Do you have any predictions about emerging cyber threats to business infrastructure? Identity fraud doubled from 2019 to 2020, with the number of data breaches reaching an all-time high in 2021 – and those numbers are just going to get worse in 2022 as more people browse, transact, and share information online than ever before. As fraudsters have become increasingly sophisticated and strategic, outdated approaches and implementations requiring months of planning and implementation no longer work – increasingly, the most effective anti-fraud tools are those that support agile deployment in hours and that can be adapted quickly to address the constantly changing threat landscape. It is imperative that we all band together to form a collective defense against online adversaries, and leverage systems designed with knowledge-share in mind to defeat attackers as they evolve. Deduce believes that real-time, dynamically networked data, with the largest possible activity consortium, will provide more robust, longer-lived defenses against bad actors.
April 2022 | 17
Debra Baker
Sr. Technical Program Manager RedSeal, Inc.
18 | April 2022
www.insightssuccess.com
10 Most Influential Business Leaders in Cyber Security, 2022
Debra Baker A Profound Leader Ensuring the Security of Your Critical Resources
T
he web of cybersecurity has become widespread globally, but it still has its flaws, making it vulnerable to numerous threats. However, cybersecurity professionals are consistently upping the game and innovating new ways to eliminate these threats while also providing transparency across the services. One such professional we, at Insights Success, came across is Debra Baker, Sr. Technical Program Manager at RedSeal. Playing a Significant Role In her role, Debra helps her clients use and adopt RedSeal products and services to improve their cybersecurity posture by providing cyber visibility, compliance, and risk management. In addition, she also manages product-related governance such as FIPS 140 and Common Criteria by coordinating with third-party vendors and engineering. She also is responsible for managing the SOC2 and FedRAMP certifications for RedSeal's Cloud Security Posture Management (CSPM) product Stratus. RedSeal Stratus enables organizations to understand and secure their cloud and hybrid cloud environments. One of Debra's roles is to manage large-scale enterprisewide RedSeal deployments providing infrastructure visibility, awareness, and security of hybrid networks, including on-premises, cloud, and hybrid cloud. She is also
“
Those who run the world, Run RedSeal
“
www.insightssuccess.com
the creator and leads a Cyber Protection Team at RedSeal that reviews the latest threats and vulnerabilities and writes threat solution briefs guiding how to use RedSeal to defend from the latest threats. Tackling the Problems One of the biggest challenges Debra faces is getting crossdepartment collaboration at customer sites, where she has to work with customer teams on integrating RedSeal into the customer's business processes. She states that to truly have a successful Risk Management program, the networking (on-premises and cloud), security, vulnerability management, and compliance teams must work together. One needs to have collaboration between technical teams and leadership to be cyber resilient. Impactful Influence Debra says, "Leaders need to be prepared to hear the good and the bad. Having a manager that says you can be yourself, with both the positive ideas you have and the complaints you have, is empowering. Giving this freedom of thought and inclusivity leads to innovation. Now you feel confident in sharing ideas that you may not have in a stifling environment." That said, she mentions that leaders named Ramesh Kaza at RedSeal, Ashit Vora at Cisco, and Kristina Rogers at Entrust have always supported, challenged, and allowed her to express her ideas. Besides, the book series Primal Leadership by Daniel Goleman has opened Debra's eyes to the extent a manager–whether good or bad–can have on a person's career and even home life. In her opinion, this book is a handbook for what makes a manager good and bad. Primal Leadership makes it clear that "Leaders who spread bad moods are simply bad for business—and those who pass along good moods help drive a business's success.” According to Debra, the book Find Your Why by Simon Sinek brings together work and passions relating to one's April 2022 | 19
job. Her "WHY" is that everyone deserves to have privacy while online. Knowing that she works in cybersecurity and helps companies secure their networks and data through good cyber hygiene, segmentation, and strong encryption keeps Debra passionate about her job. Debra says, "It's great to work in a field where I am helping businesses secure their networks. Through the Crypto Done Right non-profit I founded in collaboration with Cisco and Johns Hopkins, I provide cryptographic guidance in easyto-understand language of what encryption algorithms and ciphers are recommended for non-cryptographers.” She adds, "Never let a bad manager bring you down. Learning how not to let detractors negatively affect you is paramount as you navigate your career. There is always something better just around the corner. Take those situations and learn from them and move on."
Debra thinks that employees should be able to openly express their ideas even when they go against the status quo. There should not be a fear of retaliation. It's the "yes" culture that leads to conformity and stops innovation and new ideas. Management has to be open to hearing the good and the bad and not taking it personally, but instead taking that information and learning from it. Offering to the Community When Debra was asked to co-found the League of Women in Cybersecurity, she jumped at the chance to train women in Cybersecurity. It was great for her being able to give back and train other women from what she has learned in cybersecurity. One woman who was inspired by Debra, got her Master’s in Cybersecurity and got a job at AWS. It makes Debra happy when someone she helped along the way is so successful. League of Women also helped women navigate how to move into the cybersecurity field.
Impact of Positive Work Culture Debra is totally in for a positive work environment. In her opinion, everyone has to be authentic but with a positive slant. She is a glass-half-full kind of a person who tries to see the positive in every situation even when she gets bogged down. She ensures that each person has a chance to express themselves without retaliation and in a respectful way.
20 | April 2022
At RedSeal, the CEO, Bryan Barney, is all about promoting equal rights for all and respecting people of different backgrounds. One of his first initiatives was to set up a Diversity and Inclusion Council to ensure everyone at RedSeal is heard no matter what position, gender, race, or sexual orientation.
www.insightssuccess.com
What Comes Next?
Bequeathing Aspiring Entrepreneurs
Debra's vision for RedSeal is to push forward the company to become cloud-centric. RedSeal Stratus is a Cloud Security Posture Management SaaS platform launched in August 2021. Many companies are moving their data centers to the cloud. In addition, RedSeal's advanced cybersecurity analysis capabilities and name recognition is known in the commercial space as well as it is in the Federal space. RedSeal is the best-kept secret securing well-known companies, as well as military and federal agencies.
Debra believes that every woman-owned business can apply for government contracts since women are minorities. She says, "There are great women-based networking opportunities at the Grace Hopper Conference, which is the largest women's conference in the world. Every company that you can think of is represented there.”
Debra recently created a Common Criteria for Developers Learning Path for Infosec Institute. If you are responsible for an upcoming Common Criteria Evaluation, are a developer having to make software updates to ensure your product is Common Criteria compliant, or are a new employee at an evaluation lab, then this learning path is for you.
"For women moving into information technology, Cybersecurity, and programming, Grace Hopper is a great place to find a job. Also, the Women in Cybersecurity annual conference is not only a great place to find women to hire, but also network and advance in the cybersecurity field," concludes Debra.
She is also writing a book titled a CISO’s Guide to Cyber Resilience. It’s a handbook for a CISO to know what steps to take to secure their company’s network and to recover from an attack.
www.insightssuccess.com
April 2022 | 21
www.insightssuccess.com
10 Most Influential Business Leaders in Cyber Security, 2022
A Trailblazer Focused on Securing Your Privacy and Data
www.insightssuccess.com
April 2022 | 23
Influencing Expertise Elena states that compliance is complicated. New regulations seem to pop up like mushrooms. Mismanagement could result in fines, ruined reputations, and worse. Another obstacle: Compliance requirements can get in the way of business progress. Also, what works for one client won't work for another client. Elena adds that every client has a set of strengths and weaknesses and the only real way to create a solid data privacy program is to do a deep dive into their business. Who are their customers? What sort of systems are they using? Where are the threats coming from? Can their needs
24 | April 2022
“
Privacy and security at the speed of business.
“
Aleada's work assesses client compliance requirements, and it helps them align their compliance strategy with business goals. There's a lot of planning involved to build solid personalized privacy program and a significant amount of training that keeps it engaged with clients. Elena truly understands a client's business and can adapt company programs to meet their changing needs fast.
www.insightssuccess.com
be addressed with new technology, new personnel, new procedures, or a combination of all three? Aleada's biggest impact comes from what some might think is the smallest of things – it listens to its client's concerns. It audits their systems, processes, and teams before building a custom privacy and information security program that's perfect for their business. Elena is convinced it is the company's personal approach and her team's experience that wins new business. Its reputation is outstanding and gets new business from client referrals. Elena says, "You cannot help a client build a strong privacy and security team without showing them you have one too, and Aleada does.” Securing Client's Data Through Technology Elena states that Aleada helps its clients with its core services by building privacy and information security into their products, services, overall compliance program, and company culture. It has been focusing on creating global privacy and data protection programs, including developing and implementing regulatory frameworks, risk/gap assessments, maturity models, long-term roadmaps, and data protection policies; designing and employing deidentification and Privacy by Design data handling processes. It also works with development and business teams to build cloud, web, and mobile consumer and business products across the globe. Elena noticed that when faced with the need to set up something complex quickly or face liability risk, it is common for companies to turn to law firms to pick up the slack. A reasonable reaction often results in a patterned/checklist-driven approach in dealing with risk management instead of building and implementing its privacy and information security program; legal and compliance should come hand in hand. As a result, a growing premium is placed on privacy and information security operational and strategic expertise. This is what Aleada does. It has become a necessary asset for any company, no matter the industry sector, its maturity, or target market, specifically for disruptive technologies in the future. Elena expresses that Aleada must focus on the intersection of technology, data stewardship, and compliance, as a privacy and information security firm to stay ahead of the industry and support business growth.
www.insightssuccess.com
The Long Run As long as Elena sees herself on a beach in the Maldives enjoying her waterfront home in her future, she wants to create fundamental changes by bringing more diversity to the ever-growing privacy and information security industry as a long goal. Elena hopes to grow Aleada to help an increasing number of clients without losing the notion that listening is more important than speaking. The company's personalized approach to developing custom privacy and information security programs for its customers creates the most value for its clients and company, which gives Elena joy in everything she does. Valuable Guidance Elena advises budding women entrepreneurs to speak up, partner up, and know their value. She says, "Demand value be placed on the job at hand and not your gender. Be bold and ethical. Show competence and leadership. And this isn't just about the privacy and security sector; it's about life," concludes Elena. April 2022 | 25
10 Most Influential Business Leaders in Cyber Security, 2022
Greg Taylor: Bringing a Sustainable Approach to Data Privacy
A
quote by Stephane Nappo, "It takes 20 years to build a reputation and few minutes of cyberincident to ruin it," accurately emphasizes the significance of data security in the technological era.
An organization cannot defend itself against data breach operations without a cybersecurity program, making it an easy target for cybercriminals. These criminals’ strategies are becoming more advanced than traditional cyber defenses, so business leaders can no longer rely only on out-of-the-box cybersecurity solutions like antivirus software and firewalls. Understanding the importance of data privacy drove Greg Taylor to start Sertainty Corporation, a company that builds privacy intelligence directly into data to make data privacy guaranteed, demonstrable, and managed. Sertainty Corporation offers advanced technology that embeds a data file with the necessary safeguards and management modules to defend against unwanted access. A Man with a Mission Early in his entrepreneurial career, Greg founded Taylor Associates, a professional search and recruiting company that revolutionized data processing. This company inspired him to start Dataman Services, a data processing systems analysis, software development, and consulting services organization geared towards the very early stages of
26 | April 2022
www.insightssuccess.com
Greg Taylor CEO
Sertainty Corporation
www.insightssuccess.com
April 2022 | 27
customizable solution in the US, Japan, and Korea and building valuable partnerships that further validated their approach. Having dealt with incredulity and doubt, Greg now advises young entrepreneurs to have faith in themselves. After working in investment banking for over 14 years, Greg has observed that everyone underestimates the value of financial, family, and community support. To be a successful entrepreneur, you must be willing to take risks. Greg shares, "You must have a special kind of grit to survive, much less succeed. You will get told no 300 times, but it takes one yes to begin down a path that could change your life."
Guiding Principles, Shaping Work Culture Every business has its own set of values that influence how it operates. The mission at Sertainty revolves around the Zero-Trust Principle; never trust and always verify. This principle means no device or user will ever be trusted, and a verification process is always required.
cybersecurity and data protection through proper software development and implementation of the appropriate standards and procedures company-wide. Upon founding SertaintyOne Corporation, the pivot of Sertainty Corporation, he brought together the founding team that now ensures exceptional development and commercialization of self-governing data. Early on, Greg and his team were confronted with doubt about their ability to deliver on their promises. He remembers comments like, "Technology is not that far advanced." The challenge then became to convince these organizations to conduct the proper due diligence and invest the time and resources to see that Sertainty technology could truly protect their information by building privacy intelligence directly into the data. While this skepticism led to resourcing constraints and challenges at Sertainty for a period, they overcame these hurdles by patenting their
28 | April 2022
As deep-tech cyber-innovators, the Sertainty team’s mission is to offer breakthrough self-protecting-data technology. Its cutting-edge DevSecOps teams can deploy a proactive and self-mitigating data-centric strategy that assures the safety and sustainability of the converging OT and IT environments. At Sertainty, they package and distribute their main product in a Software Development Kit (SDK). Their SDK includes all the Application Programming Interfaces (APIs) needed to build a secure Self-Protected Data file. In short, this SDK will help customers build highly secure applications for protecting data. Leaving a Mark in the Information Security Niche With Sertainty, clients and partners can create a competitive differentiator with customers and regulators who want more than data privacy promises. Establishing and retaining customer trust and taking a sustainable approach to data privacy regulations are of the utmost importance for businesses worldwide.
www.insightssuccess.com
Verified by industry leader Veracode, Sertainty has discovered and patented a way to embed its programming language and executable code so that "ones and zeros” are indistinguishable by the best hackers. When tested, the Sertainty patented Data Privacy Platform received the highest score possible: VL5, 100% in Static Application Security Testing (SAST) and Manual Penetration Testing (MPT). Developing Versatile Solutions Technology is critical to the growth of practically every industry, progressively playing a more significant part in our society, from cybersecurity to agriculture and farming. Sertainty recently received patents for its intelligent cipher transfer object (ICTO) in Japan, Korea, and the United States. One of its data privacy platform partners is Texas State University's CIEDAR program. The program develops smart cities integrated with solar farms, autonomous vehicles, and smart homes. While progressing toward human advancement, Sertainty ensures their data and processes are safe with self-governing data on the backend. A Change for the Better Technology is ever-changing, and one must keep up with it to stay relevant in the tech industry. Many businesses in data assurance aren't beholden to an industry-standard instead of focusing on marketing to gain new customers. There needs to be a better-structured standard of operation for data assurance. When there is a breach, these businesses face no repercussions and give no clear roadmap to clients on how to ensure that a data breach won't happen again. Sertainty believes the best way to protect valuable data is to have its platforms tested and graded by industry experts like Veracode and keep its B2B clients up to date on the latest in data advancements and practices. Educating your clients enables them to make informed decisions regarding their valuable data. Greg adds, "When they know your business has been judged according to an industry-standard, it increases their confidence in your ability. It's time for businesses to stop keeping their clients in the dark and work together to shine
www.insightssuccess.com
a light on how they can make better, actionable decisions around data protection." Going Above and Beyond At Sertainty, when they look into the future, they are looking six months to three years from now. In the cybersecurity world, three years is a long time. The company is working towards a public offering and evaluating future partnerships with renowned Wall Street firms that could represent Sertainty in a prospective M&A transaction. Also, Greg predicts, "Over the next 18 to 24 months, we will have tremendous pressure on us to sell the company. I say this because of the increased interest we have already seen in Sertainty, and I believe that will only grow. We are getting traction in these areas, and the company is becoming more valuable." Concerning its internal growth, the company will continue to advance the capabilities of self-governing and selfprotecting data. Many organizations are looking to adopt the Zero-Trust model to solve data security needs. However, they forget that it isn't a cookie-cutter security model. Instead, it's a methodology that needs to evolve consistently. The ability to accommodate those fast adaptations makes Sertainty stand out in the Zero-Trust cybersecurity industry. To Budding Entrepreneurs – Get a Foothold "The advice I would give to any entrepreneur is this; if you've got a vision and you believe that you are called to that vision — and I do mean called, something that's burning inside of you and you cannot say no — and you're willing to risk everything you've got, then go for it!" Finally, Greg also adds that one should never burn a bridge as you never know when that relationship will come back and be beneficial to you and your company. The team is critical. You can have the best technology on the planet and millions of dollars invested in it, but if you do not have a 100% committed team that shares your vision and passion, you will fail.
April 2022 | 29
Innovativeness and Competence
Strengthening the
Security of Businesses W
hat sets great leaders different from the rest is their sheer ability to thrive even amidst great challenges. They are not afraid of challenges. In fact, they like to be part of solutions to the challenges. Great leaders are different from ordinary people. They don’t think like ordinary people. They have out-of-the-box thinking. They think innovatively and plan strategically to execute their ideas and work passionately to deliver glorious business results. They figure out the problems, and their aim is to deliver the best solutions and ensure their clients' problems are resolved. Great leaders become great because of their great attitude. Their exceptional attitude helps them be as clever as they can for delivering solutions that are of high quality and are more appreciated by the clients. That makes them the most eminent leaders in the industry. They earn credibility in the industry by their exceptional ability to deliver solutions to the challenges in a more profound way that meets the expectations of their clients in the industry. They lead with the glorious reputation they have earned, and they try their level best or beyond that to sustain their reputation. The cybersecurity industry has witnessed such contributions from various ingenious minds. And among those leaders, women leaders are playing the most profound role by delivering the best solutions to the businesses and the clients for ensuring the safety and utmost protection of their data. They strengthen the privacy and security of the most valuable data of their businesses and clients. They make sure that their solutions play an important role in preserving the safety of data. Data is the new buzzword today. The data used appropriately for delivering streamlined and organized solutions is beneficial to the clients and businesses. But ensuring the protection of this valuable asset called data is challenging for many businesses. The eminent women leaders in security make a point to deliver the
30 | April 2022
technologically advanced solutions that play an essential role in ensuring the businesses' cyber security. They don’t make any excuses in leaving any room for the theft or exploitation of the valuable data of the businesses. They don’t leave any chance for hackers, stealers, and cybercriminals to access the data by delivering highly evolved security solutions to the important information of the organizations. Innovativeness is the most intrinsic quality of eminent women leaders in security. Innovativeness is literally in their genes, and they nurture that innovativeness much by constantly being creative and thinking beyond normal thinking. They know that to sustain their competency in the market, there is no other option for them other than being innovative and delivering something of value and credibility to the industry. Their approach is clear, and they come up with innovative ideas and implement them to improve the quality of the solutions to the ever increasing challenges in the security industry. Competence and presence of mind are the hallmarks of eminent women leaders in security. They are competent to deliver innovative solutions to address security challenges in the industry. Eminent leaders' competitive approach helps them avail edge over others in delivering the most accurate and timely solutions to the existing problems. Moreover, the presence of mind is essential to be successful in any field or any industry. The eminent leaders possess this quality of presence of mind in abundance, and this quality helps them come up with the most pragmatic solutions to the unforeseen challenges even at the spur of the moment. This is one of the best qualities of eminent leaders in the security industry. They adopt best practices to strengthen the security of the businesses. Innovativeness, Competence, and Presence of mind are vital attributes that help women leaders in security to be more eminent in the industry.
www.insightssuccess.com
www.insightssuccess.com
April 2022 | 31
10 Most Influential Business Leaders in Cyber Security, 2022
www.insightssuccess.com
April 2022 | 33
.
www.insightssuccess.com
www.insightssuccess.com
April 2022 | 35
Paving the Way
www.insightssuccess.com
The Liberty in
Security oday, there are huge opportunities in the cybersecurity industry but a massive shortage of cybersecurity professionals. And diversity in the workforce can fill this space.
T
and of course to keep the clients and the company away from any compliance. They understand that it is not an easy task, as they have to be ready with the options for any such challenges.
The problem really is not the industry being occupied by more number of men; not having enough women is the real problem.
You cannot just raise your voice when things go wild; only better communication and understanding of the situation will get the job done. This is what women leaders exemplify. Sharing knowledge, attending seminars, interacting with industry experts clears their understanding of the complex and challenging fields like cybersecurity.
If we look at the figures, indeed, the number of women has grown from the past years, but there are still many opportunities to be seized in cybersecurity careers. Women have always proved their mettle in almost every industry. They have displayed what they can bring to the table. Be it building ground-breaking solutions or guiding budding women to make a career in the industry, women have contributed in every possible way to the development of the industry. The Real Deal Building a career in a field like cybersecurity needs not just knowledge but experience, and the constant focus to improve helps businesswomen go the distance. Adapting to new technologies is good, but it also means you are more prone to cyber-attacks. Today’s businesswomen realize the impact of technology and understand the extent of risks that technology brings along. They evaluate risks and provide solutions accordingly in a timely and cost-effective manner. Beyond that, the journey is full of challenges, like – promoting ethics, diversity, and integrity in the organization
www.insightssuccess.com
The Perfect Fit Women in cybersecurity have changed the dogma of the industry, be it cybersecurity, IT, healthcare, or any other field for that matter. Their proactive leadership and building secure applications keep them stay ahead of the emerging competitive market. The key to their success is the promotion of inclusivity and diversity in their team, making the cybersecurity field maledominated-free. Yes, it will be a reality soon; there will be no longer a need for the term ‘male-dominated’ if only everyone is given equal opportunity to lead, of course. The End Thought Businesswomen have remained true in their mission, helped other women entrepreneurs, gathered and shared everything they have. Ultimately, the quality which stands out in them is never giving up; they always think of alternatives for every problem. Building a global workforce of women not just in cybersecurity but in every industry should be our goal as a society. That is the only way we can shape the future of women in the industries, including cybersecurity.
April 2022 | 37
Lori Sussman
Assistant Professor University of Southern Maine
40 | April 2022
www.insightssuccess.com
10 Most Influential Business Leaders in Cyber Security, 2022
Lori Sussman
A Fearless Veteran Educating Future Cybersecurity Experts
C
ybersecurity is one of the most critical issues that several organizations deal with today on a global scale. With the ever-growing expansion of digitalization of data, it becomes challenging to protect essential information. Numerous instances of data breaches, ransomware attacks are becoming dangerous threats and heading further into the future, and it will become more critical to build secure cyberspace. However, leaders in Cybersecurity are consistently improving existing technologies, and it is necessary to educate the upcoming generation to utilize their unique take on Cybersecurity. Lori Sussman, Assistant Professor in the Department of Technology at Cybersecurity at the University of Southern Maine, is one such leader who uses her years of expertise to educate and train future cybersecurity experts. Lori is a veteran who dedicated over two decades of life to the US Army. She now helps organizations build the leadership, technology, and security capability needed for this increasingly global and connected future. In 2015, Lori was named one of the CRN 2015 Women of the Channel Power 50 Solution Provider by The Channel Company's CRN Magazine for her exemplary record of success accelerating her clients' needs through technology solutions. A Unique Journey In a non-traditional path to academia, Lori's career started at West Point as part of the fourth class to allow women into its ranks. Even when dealing with some animosity about
www.insightssuccess.com
women being part of the Corps of Cadets, she learned to "cooperate and graduate." She proudly graduated as a second lieutenant in the Signal Corps, the Information Technology branch within the US Army. Lori served over 24 years of US Army service with distinction and retired at the rank of Colonel. It was her honor and good fortune to assume various leadership positions culminating in brigade command. She benefitted greatly from the mentorship and the sponsorship of enlightened senior officers and officials. During her service, Lori pursued and completed four master's degrees, which proved to be an essential factor as she moved from the public to the private sector after her retirement. She explored large corporations, small businesses and also ventured into entrepreneurship. As a result, she got to work for elite high technology companies such as Cisco, Hewlett Packard, and a local South Carolina Fortune 5000 company. Lori managed highly complex, diverse, and active organizations engaged in developing, acquiring, integrating, deploying, and sustaining state-ofthe-art business, technology, and security systems for clients in these roles. Lori felt her calling when she read about the need to move from success to significance in the book "Half Time." So she enrolled in the University of New England (UNE) doctoral program in transformative educational leadership. In 2018, the University of Southern Maine hired Lori as part-time faculty, and she became full-time faculty in 2019.
April 2022 | 41
“
Preparing students today for the world of tomorrow.
“
In three short years, she helped create a new program for a Master's in Cybersecurity, started a community service Cybersecurity Ambassador program, and started USM's Cyber Defense team called the Husky Hackers. Lori states that it has been an exceptional experience watching students thrive and grow. The Mission and Vision of USM The University of Southern Maine (USM) is a unique institution with a mission to provide students with a highquality, accessible, affordable education. It has comprehensive undergraduate, graduate, and professional programs designed to educate future leaders in the liberal arts and sciences, engineering and technology, health and social services, education, business, law, and public service. The faculty is committed to fostering a spirit of critical inquiry and civic participation. Both students and faculty enjoy a culture of academic freedom in an environment that advocates diversity in all aspects of campus life and academic work. USM supports sustainable development,
42 | April 2022
environmental stewardship, and community involvement, thus providing resources for the state, the nation, and the world. Leveraging Technology to Teach Consistent with the USM mission to be a center for discovery, scholarship, and creativity, Lori emphasizes projects, writing, problem-solving, active student learning, application of theory to practice, and measurable outcomebased learning when teaching technology or cybersecurity courses. She evaluates students using critical thinking papers, written case studies, class presentations, small group work, and applied projects in the university and community. Lori utilizes engaged learning techniques to ensure that all of her students can bring theory to practice by applying their knowledge, skills, and abilities in contexts beyond the traditional classroom and providing application opportunities in the community, the laboratory, and other venues. This engaged learning challenges students because www.insightssuccess.com
it requires sustained and focused application, reflection, and collaboration. In addition, she uses real-world examples to focus on technology and cybersecurity activities to understand the issues better. Putting her students first, Lori creates programs that graduate students with skills, knowledge, and capabilities for the workforce. She strives to immerse students in the technology but with enough creative space to evolve, learn, and grow. When meeting with a student, Lori examines their values, personality, culture, likes/dislikes, strengths/challenges, skills, attitudes, and beliefs. These attributes inform how one can collaboratively navigate their academic career to land that technology job for which they aspire. She spends a great deal of time making sure that her students achieve the objectives of their college experience. They should have a purpose for their present and lifelong learning. Finally, Lori wants to help her students to appreciate the larger view of themselves, their university, and their community. Students must see a connection between their experiences at USM and the real world. Heading Into the Future Lori focuses on creating programs that increase diversity in the technology and cybersecurity workforce. She recently founded the USM Cybersecurity Awareness, Research, and Education Support (CARES) Center, intending to take advantage of being in the state's fastest-growing region. USM is a multi-campus university with nearly 20,000 students, making it one of the largest institutions in the University System of Maine. The CARES Center's goals are to create various educational pathways that provide access to underrepresented populations.
www.insightssuccess.com
The university is starting to shape programs that include opportunities related to experiential learning, internships, scholarships, curriculum and workshop development, outreach programs, and applied research. It has a collective goal of increasing the cyber talent and workforce capacity to meet Maine's and private industry cyber needs. A Note to Younger Ones In her advice to emerging women leaders in the security space, Lori says, "Be fearless. Believe in your intuition, and don't take no for an answer."
April 2022 | 43
Mathieu Gorge: A Passionate Leader in Data Security, Compliance, and Risk Management
O
nline data protection has become more critical than ever in the digital world. Being complacent in protecting online information can be a significant threat, and cybercriminals exploit that. Addressing the evolving threats to the data with evolving and innovative solutions becomes the most critical need of all businesses.
"No one in compliance can afford to stay still," believing in this statement, Mathieu Gorge thinks that innovation must ensure that security solutions address current threats, vulnerabilities, and regulations & standards. As the Founder and CEO of VigiTrust, Mathieu utilizes his knowledge and experience to resolve the cybersecurity industry issues innovatively. Apart from that, Mathieu has also written a book entitled The Cyber Elephant in the Boardroom published by Forbe Books (November 2020), aimed at Board members, C-Suites, and critical decisionmakers facing cyber accountability challenges.
international security and compliance conferences such as RSA, ENISA & ISACA. Mathieu was the President of the French Irish Chamber of Commerce in Dublin from 2017-to 2019 - He remained on the Executive council and as chair of the ICT working group. He has also served as the Chairman of InfoSecurity Ireland and was an Official Reviewer for ANSI (US). He is the founder of the PCI DSS European Roadshow, running since 2011. Mathieu is an established authority and speaker on Cybersecurity, Risk Management & Compliance with more than 20 years of international experience. He is also the Chairman of the VigiTrust Global Advisory Board, an international security and compliance think tank. In 2021, he was awarded the rank of Knight of the National Order of Merit by the French Government (Chevalier de l'Ordre National du Mérite)
Establishing Authority in Cybersecurity Mathieu studied languages, marketing, and law but never once learned IT or compliance. However, he was lucky enough to work for companies where leaders were passionate about security; he caught the bug and found his passion in data security, a subset of the security market, growing to risk management and compliance. Mathieu's areas of expertise include PCI DSS, GDPR, CCPA, HIPAA, VRM, and ISO 27001. He has been involved in payment security for more than 20 years and has worked with many security working groups and associations in the US and EU. Thanks to his international work hand, building on the success of VigiTrust's 5 Pillars of Security Framework™, he is a regular speaker at
44 | April 2022
The Security is a Journey, not a destination Mathieu Gorge, Founder and CEO (VigiTrust)
www.insightssuccess.com
10 Most Influential Business Leaders in Cyber Security, 2022
Mathieu Gorge Founder and CEO (VigiTrust)
120 countries. VigiOne, VigiTrust's flagship solution, enables organizations to achieve and maintain compliance with legal, industrial, and security standards and frameworks, including data protection, data transfer and retention, Protected Health Information (PHI), and Payment Card Industry Data Security Standard (PCI DSS), ISO 27001 compliance programs, and corporate governance. VigiTrust helps global Fortune 500 customers comply with US Federal regulations, State regulations, and European directives. VigiTrust has clients in the retail, hospitality, banking, PSP, and assessors' industries (to name but a few) in 120+ countries. Thanks to the VigiTrust Global Advisory Board, a non-commercial thinktank bringing together a group of experts, researchers, security and compliance professionals, regulators, law enforcement, and other industry and domain experts, VigiTrust is always at the forefront of cyber-security innovation.
Mathieu developed a passion for a domain he did not study, cyber security, learning technical skills rapidly surrounded by the right people who shared their knowledge with him. Having no sales or management training, he learned to build, grow and maintain a company, its team, finances, and operations. Without any management training, it was an uphill battle; however, he surrounded himself with competent people who had more experience than him, and they have guided him throughout the process. Being at the Forefront VigiTrust is award-winning Integrated Risk management (IRM) solution provider (PCI, GDPR, CCPA, HIPAA, VRM) founded in 2003. It is based in Dublin, Ireland, and has support offices in New York and Paris. It is present in
46 | April 2022
The VigiTrust Advisory Board allows members and guests to discuss and explore new trends, research and innovation, and the latest threat vectors in terms of cybersecurity and regulatory compliance. These events, now gone virtual, are organized in a confidential, noncommercial, and non-profit setting under Chatham House Rules. They feature international speakers renowned for their knowledge in a specific field regarding security & compliance. Security is a Journey If you look at the roots of the business, you'll see that data protection was always the center stone of all things VigiTrust. It still is, so GDPR is right up the pouring alley. Providing a solution like VigiOne allows clients and partners to prepare for, validate, and maintain compliance with GDPR and link that to over 100 interrelated data protection standards and laws makes total sense.
www.insightssuccess.com
In Mathieu's view, GDPR sets the right tone for data protection minimum levels, enforcement, and continuous security. Mathieu always says that security is a journey and not a destination. GDPR is well aligned with this because you must continually update your data ecosystem and perform privacy impact assessments when a new data flow comes into play.
of 700+ members to help it drive innovation in the right direction! Addressing Ever-Evolving Issues VigiTrust will continue to innovate and address the everevolving legal and industry standards landscape regarding data protection and compliance.
Simplifying Implementation of Security Solutions VigiTrust has eighteen years of experience in the information security services sector into one single SaaS solution, enabling complex and disparate organizations to simplify implementing and managing security and privacy regulations. Its solution, VigiOne, utilizes VigiTrust's 5 Pillars of Security Framework™ and it enables to achieve and maintain compliance with legal, industrial, and security standards and frameworks. VigiTrust continually innovates and creates new features. It has a roadmap that it follows with precision to ensure that VigiOne is always adapted to any organization like QSAs, ASVs, hotels, acquiring banks, large retail companies, and other end-users worldwide!
The Advisory Board will continue to monitor the security and compliance environment. VigiOne has a very busy roadmap for this new year and is now venturing into Machine learning and AI innovation, so watch this space in 2022 for some major announcements! Prioritizing Right Association Mathieu advises aspiring entrepreneurs in the compliance sector, "Just do it! It's a fascinating, ever-evolving domain! Surround yourself with the right people who know more than you in their respective domains, build a great company culture for your team, work super hard, and make fun!"
VigiTrust continues to innovate and relies on topics discussed at the Global Advisory Board and its community
www.insightssuccess.com
April 2022 | 47
10 Most Influential Business Leaders in Cyber Security, 2022
“
D
igitalization's widespread has disrupted several industries bringing waves of transformative shifts elevating and streamlining the workflow. However, it also comes with several challenges in the forms of cyberattacks and threats. Since the past two years, cyberthreats have targeted vulnerable targets compromising compliance, data, and privacy concerns. The leaders in the cybersecurity niche are working fingers to the bone to tackle this solution to protect and safeguard businesses worldwide. In the chaos of cyber threats, Nir Ayalon took it upon himself to protect the maritime industry from cyber-attacks, working with professionals with deep knowledge and experience. Today, Nir leads as CEO and Co-Founder of Cydome, an award-winning maritime cybersecurity firm. He also serves as an ISO committee member for Marine & Ship technology and Cybersecurity. The Rise Nir's professional life began developing and researching data protection and disaster recovery solutions for enterprises, developing into several technical and commercial roles at IBM. He has been involved with several successful start-ups developing technology for the business sector. While developing advanced R&D initiatives focused on cyber defense and protection, he saw the value and opportunity to create a highly specialized business in the maritime industry. Thus, Nir Co-founded Cydome, a maritime cybersecurity company with an excellent team having extensive experience in maritime ecosystem and Cybersecurity. Nir states that he faced unique challenges that had a huge impact. The global shipping industry is the backbone or foundation layer of the world's supply chain and historically has several security weaknesses. He understands that the cybersecurity threat in the maritime sector is relatively new - and it is the result of increasing digitalization and an improvement of satellite communication technology. The Secure Approach Since Cydome's initiation, Nir knew he had to develop a different approach to Cybersecurity. He expresses that the maritime cybersecurity sector suffers from the major legacy providers putting a "maritime" label on their product and thinking their product development job is done. The reality is that the IT and OT infrastructures within a ship present a significantly more complex set of vulnerabilities both to and from the ship. Cydome started with a clean design sheet.
48 | April 2022
Safety, Visibility, Compliance. Complete Cyber Security solution for the maritime ecosystem.
“
Cydome's mission is to protect the entire supply chain by protecting the maritime industry. This industry is the backbone of the world's supply chain and economy; therefore, cyber leaders need to act as a global protector for shipping. Nir states that cyber defense must always be on and defending, and it must protect all points of accessing all of the time. Cydome has approached the problems with innovative solutions and then constantly reviewed, evaluated, and improved. It committed a significant percentage of its income back into its R&D development, resulting in award-winning solutions. Cydome envisions innovating and being a step ahead of the industry's problems to help the entire supply chain. It has already implemented steps by partnering with one of the leading maritime universities to create a central database for cyber-attacks, with the vision of leading transparency and innovation in the sector. Cydome has made a dent in the universe with its solutions. Nir says, "Where there is an industry with big problems, there is an opportunity to build a big business providing the solutions." The global shipping industry is massive and at-risk; figures for 2019 show that 11 billion tons of cargo worth $11
www.insightssuccess.com
Nir Ayalon Safeguarding SEAS from Cyberthreats
Nir Ayalon
CEO Cydome
trillion were moved by 98,000 ships. Such big numbers attract unwanted attention, and Cydome detects and prevents thousands of attacks each day on clients' vessels. Unique Approach Cydome's strategy has always been to invest in research and development to create original, innovative, and proactive solutions. Nir mentions that the early days of cyber defense were limited to detection and reporting; proactive defense and protection, combined with an always-on approach to monitoring, is the way forward. Cydome is developing and implementing several methods to support the challenges of the maritime industry, such as Machine Learning (ML), which uses Big Data to provide effective detection and defense against attacks. It focuses on developing automated tools to bring a new level of ease-ofuse in the event of cyber incidents that happen in real-time. Nir asserts, "As automation is the future, we have also brought it into our compliance tool, which is specifically aimed at regulations for maritime cybersecurity, including IMO 2021.” Prepared Mindset The cybersecurity world is dynamic and changes constantly. Attackers exploit vulnerabilities, and defenders detect and protect the protected assets. Technology, in general, is also advancing very rapidly - creating opportunities for more zero-day exploits. Machine learning is a powerful tool that will take this catmouse scenario to an entirely new level when attackers use ML to launch new complex, difficult-to-detect types of attacks. Cydome is already developing and using AI to monitor and search for signs of anomalies that suggest a complex attack.
proposition for the benefit of the entire supply chain and economy. Words of Experience Nir advises budding entrepreneurs aspiring to venture into the cybersecurity niche to research extensively. He says, "Understand and validate the problem and know your users. And the most important thing - build a diverse and creative team that will complete each other. Plan to build a solution to a real and significant problem and develop a strategy to be the best provider of that service."
What Comes Next? Currently, Nir is focused on building Cydome into the leading cybersecurity provider in the maritime sector. To do so, the approach of the company will continue to focus on the security of the entire supply chain, which involves protecting fleets, ports and offshore facilities. Without these parts having proper, ongoing defence against cybercriminals the entire maritime ecosystem is at risk. Cydome will continue championing this integral
50 | April 2022
www.insightssuccess.com
Nitesh Sinha Founder, and CEO Sacumen
10 Most Influential Business Leaders in Cyber Security, 2022
Nitesh Sinha A Rising Phoenix Safeguarding YOU Digitally
As the CEO, Nitesh is passionately transforming the perspective of the security industry by becoming the trusted enabler and differentiator. He works with Security Product Companies to assist them in facing ever-evolving security challenges, competitive market, and ever-changing business dynamics. Sacumen aims to be the leading Global Security Product Engineering and Services company by helping its client stay ahead of the curve because of the ever-evolving security challenges by providing innovative security solutions, generating more excellent value for its customers. Sowing Start Following a traditional professional journey, Nitesh went through the struggles that most people do, but his humble yet constant rise through the ranks makes his entrepreneurial journey distinctive. However, he wanted to do something more to contribute his expertise in the cybersecurity space. When the stars aligned, he came across Clarion Venture Partners, who reached out to Nitesh to build a company specializing in security services; thus, Sacumen came into existence. Nitesh has always been a risk-taker, and by the Sacumen was born, he had garnered enriching experience of running business learning from his previous jobs. Coming from a developer background, he developed security products and solutions. Though, his technical expertise came in handy to shape Sacumen to be the company that can pivot faster, with a diverse skillset.
www.insightssuccess.com
“
“
T
he Cyber security space is transforming the ways business operates, spreading its roots deep enough to increase accessibility and detect and protect data from potential threats. The leaders in the niche are mapping a framework that can help businesses develop innovative security products. Providing a trusted array of services to help companies stay ahead of the curve, Nitesh Sinha founded Sacumen.
We're here to put a dent in the Cybersecurity Universe. Otherwise, why else even be here.
Sprouting Roots in the Desert The COVID-19 Pandemic came with waves of unprecedented disruption that wiped out much business. Although, it also was a blessing in disguise for many companies, and Sacumen was one of them. The entire business culture shifted to working remotely, becoming a boon for Nitesh. It was precisely the set of the things Sacumen offered solutions for validating their business offerings. Sacumen has worked with cyber security companies to become specialists in building connectors, pairing with integrations of security product companies and non-security product companies from day one.
Sacumen's offerings became the differentiator in the cyber security niche that helped it survive the Pandemic and continue to rise with 100% year-on-year growth. Nitesh asserts, "I think the key thing is to be much focused there and be that master in terms of doing what we are offering to our customer. Be that specialist where customers can trust us blindly to the things, we are building it for them, it needs focus and commitment, and we have all of it exhibited at Sacumen.” Today, Nitesh's leadership has positioned Sacumen in its field with strengthened roots becoming a true differentiator in its offering for cybersecurity product companies. A Trustful Impact In the pursuit of being the best of best, Sacumen is leaving a dent in the universe with connectors, third-party integration, and developing products for security companies to understand their use cases. Sacumen has an extensive partner system, where it can figure out partnerships, access
April 2022 | 53
the acquired product, and license to deliver a robust delivery process in terms of how it operates. Under Nitesh's leadership, Sacumen has cemented itself to provide fastpaced solutions with high-quality and reduced costs. Nitesh is dedicated to completing the project with unmatched efforts and moving on to the next one to be on a continuous learning curve. He has implemented a culture where everyone takes complete ownership of their work at a threshold level to the top one. Nitesh believes taking ownership challenges every employee to keep innovating and move forward. Nitesh values fairness very immensely apart from teamwork and delighting customers. However, he is very particular about the commitment and sticks to being transparent to take the business to newer feats. Automation: The Next Significant Change The world is moving towards automation, and Sacumen will play an essential role in connecting various systems with its security products and services. The ability to sort of have a real-time detection of the security threat or attack and bring able to respond with minimal manual integration will create a massive wave of transformation to this ecosystem. Nitesh states that Sacumen is headed to that potential future to be the company that provides all the digital security solutions under one roof.
to continue doing so. Nitesh asserts, "We are very clear that we would want to be so far the powerhouse of connectors for our customers. Once the trust is built up, you start to do more on the other set of product engineering work, exciting things on machine learning. It just a matter of continued focus to achieve that more year-on-year growth to be the player where any time you talk about security, Sacumen will be a synonym to security when people talk about it.” A Learner's Advice Nitesh advises upcoming entrepreneurs aspiring to venture into the cybersecurity space to be prepared for changes as it is the industry's norm. In his concluding thoughts, Nitesh says, "If you want to be a successful entrepreneur, your ability to say no is much more important than the ability to say yes to things. Because there'll be many opportunities where it will just distract from your focus to what you are trying to solve, so as long as you are clear with your vision of it and what problem you are trying to solve with it, you would be successful."
Over the Horizon In the long haul, Nitesh envisions Sacumen as 50% services-based and 50% product-based. Sacumens solves a specific problem of integrations for its customers and aims
54 | April 2022
www.insightssuccess.com
Empowering Youth to Greatness Through Education, Mentoring, and Networking
