We Go Phishing with Tom Gorup, Vice President, Security and Support Operations, Alert Logic, who tells us about life inside and outside the office.
What would you describe as your most memorable achievement in the cybersecurity industry?
A forensic security investigation for a very large restaurant chain. The customer had been compromised through a social engineering attack during which the attacker called to inform the restaurant manager that he had become sick after eating at one of the restaurants and required a document to be signed for his work and insurance.
This document contained a macro which resulted in the entire network being compromised, up to and including the primary DC along with domain admin privileges.
After hours of reviewing logs and reversing malware we cut off the attacker’s access. We knew this because shortly after other stores had begun reporting similar social engineering attempts. It was exciting how real-time all the events occurred. We were then able to get the customers back while they recovered through monitoring activities.
What first made you think of a career in cybersecurity?
I have always had a passion for networking and communication. Since I was a kid in the early days of the Internet, I thought it was fascinating the speed at which one could communicate to the other side of the world. After leaving the army I realised the tactics I used to build a battle position in Afghanistan and Iraq could be used to protect a computer network. Only I would be using network sensors and anti-virus. I just had to learn the tools as well as I understood my weapons.
What style of management philosophy do you employ with your current position?
Ownership and compassion. As leaders, we have a responsibility to support our team members. We must enable them to become the best version of themselves through accountability and compassion. Pointing fingers does not solve problems. Walking a mile goes a long way in understanding perspective which ultimately helps in driving behaviour. The best friend you can have in life tells you how it is and helps you through it. I would recommend extreme ownership to all leaders and below.
What do you think is the current hot cybersecurity talking point?
Unified solution. Of course, everyone is interested in talking about AI, Machine Learning or the next hot point solution; however, none of those are solving the security problems of today. Today, companies are presented with too wide of a selection of point solutions. These solutions are great, don’t get me wrong, but they don’t help a typical business achieve the security outcomes they so desperately need. Piecemealing point solutions causes undesirable overhead and most are really feeling that pain today. We have been seeing consolidation occur and we will begin to see more of a unified solution.
How do you deal with stress and unwind outside the office?
My kids, spending time with my kids really helps me gain perspective of it all. It’s a privilege every time they invite me into their world. They do an amazing job of grounding me and helping me understand what really matters in life.
If you could go back and change one career decision what would it be?
None. I can’t say I’ve made all the right decisions but I can say that those decisions have led me to where and who I am today. That may have an undertone of arrogance and I see it more as satisfaction with where and who I am today. I have a long way to go and understanding that is part of the journey.
What do you currently identify as the major areas of investment in the cybersecurity industry?
Companies are tired of failing security programs. They’re tired of investing millions into sub-par outcomes. The board and c-suite are paying more attention than they ever have. So much so that CISOs are beginning to report to the board. As this trend continues, companies will begin asking, ‘who can solve the majority of my security operations problem while I focus on risk and governance?’
This is why we’re seeing more Security Operations Management Platforms (SOMP) spring up. We have too many point solutions that don’t integrate well and SIEMs have constantly failed us. Unfortunately, SOMPs have an expectation that you have the manpower to monitor it along with deploying, configuring, monitoring and tuning the point solutions feeding into it. This comes full circle to finding a solution that can not only take on this management overhead, but also has the expertise to make sense of it all from a security perspective.
Are there any differences in the way cybersecurity challenges need to be tackled in the different regions? Middle East, Africa, Europe, Americas.)
The challenge is mostly the same, with varying degrees of resource constraints. That’s what’s fascinating about the Internet; we are all in this together and a clear majority of our challenges are policy related. From an attacker perspective, money is money and vulnerabilities equal money. We may see campaigns that are mostly prominent in certain regions or industries but they often propagate throughout the rest of the world quickly.
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months?
I believe the technical aptitude requirements for executives in the security industry is growing. The need for compassion and realistic understanding of what challenges tools are able to solve is a must-have. Coupling this with the ability to understand the big picture, communicate and inspire others to follow. To be fair, the security industry is still young and hasn’t had the time to develop many leaders from the ground floor to the executive suite.
What advice would you offer somebody aspiring to obtain c-level position in the security industry?
Stay steady and focused, inspire others through your actions and drive towards outcomes. You can have all the ideas in the world but if you can’t execute to them or inspire others to execute to them, they’re doomed to remain just ideas.