Ryerse is responsible for driving cybersecurity initiatives throughout the organisation and the MSP market, as well as providing education around managing cyber-risk for ConnectWise partners and their clients. We Go Phish with Jay Ryerse, CISSP, Vice President of Cybersecurity Initiatives at ConnectWise.
What would you describe as your most memorable achievement in the cybersecurity industry?
My most memorable achievement was when a local government office nearby was hit by a ransomware attack. Although we were not responsible for protecting them, my team was asked to help during the investigation phase. We worked under the microscope of having the Secret Service watch over our shoulder and discovered that some servers that had been taken out of production – but hadn’t been disposed of – still contained readable data on them. We worked with Oracle which provided some initial guidance and computing power, and through a series of processes we managed to decrypt the data and therefore the local government office didn’t have to pay the ransom. It is incredibly rare for that to have happened – an unlikely case of reversing the encrypted data and one I definitely won’t forget!
What first made you think of a career in cybersecurity?
Similar to a lot of our partners, I previously owned a Managed Service Provider (MSP). After I sold it, I found that a lot of my friends in the industry were being hit by cyberattacks. Having a background in cybersecurity, I decided to dive in to help the industry defend against cyberattacks. It’s my personal mission now to help every MSP avoid cyberattacks.
What style of management philosophy do you employ with your current position?
I have the management philosophy of trust but verify. There are so many tools and ideas out there, it’s easy to get lost. I endeavour to trust in what is being recommended to me from well-known people, but then I need to verify them for myself. Checking that something works and reviewing it is absolutely vital.
What do you think is the current hot cybersecurity talking point?
The hottest conversation around cybersecurity currently is about the end client’s risk. Specifically, we’re seeing more SMBs fall victim to ransomware and business email compromise (BEC) attacks. These have a major financial impact on small businesses. If people wire money out fraudulently or if a company gets hit by ransomware, they will have no access to their files, so it has a massive impact. These are two areas we really need to pay more attention to.
How do you deal with stress and unwind outside the office?
Since moving to Florida, I’ve started walking a lot more. I’ve made it my personal mission to do one million steps in one hundred days, that’s 10,000 steps a day! Getting outside in the fresh air gives me time to think and focus on things other than work. Saying that, I really enjoy my work and I don’t consider it stressful.
If you could go back and change one career decision what would it be?
I’m not sure I would change anything because every action I’ve taken has led me to where I am today. But knowing what I know now, maybe I would have moved into cybersecurity sooner. Waiting until later hasn’t been bad for my career, but who knows where I’d be if I had made the jump sooner.
Also, right before I went to college, I had the opportunity to join the US Airforce. I sometimes wish I’d have taken that opportunity because I think the structure would have benefitted me. And for those of you that know me, a little structure would go a long way.
What do you currently identify as the major areas of investment in the cybersecurity industry?
I think that both the defenders and attackers are investing heavily in continuous learning at the moment with AI and advanced behavioural techniques. This is creating new opportunities for the attackers to find new ways to detect threats and providing the ability for defenders to detect them quicker than they have been able to in the past.
Are there any differences in the way cybersecurity challenges need to be tackled in the different regions?
No, the only differences are the privacy and breach reporting rules. Challenges can be found in differing local guidance such as GDPR and CCPA, but the process to handle a cyberattack is typically the same, regardless of location.
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months?
The biggest changes to my job role was due to the acquisition of Continuum by ConnectWise. I went from working in a good-sized company, to a much larger combined company. It’s created an opportunity that has allowed me to drive important cybersecurity initiatives for our industry. For example, working on the MSP+ Cybersecurity framework and the MSP+ Playbook which helps teach the industry what good security looks like.
What advice would you offer somebody aspiring to obtain a C-level position in the security industry?
You need hands-on experience to understand technology. It is difficult to make strategic decisions and provide guidance without a grasp of how things happen. You don’t need to be technical, but you do need to know what good cybersecurity looks like, so you can plan, manage and enforce it from an executive perspective.Click below to share this article