Please tell us about your journey in technology and how you started at The Crypsis Group.
I began my career in the Air Force as a computer programmer and quickly got interested in computer security. In fact, I can remember our shop being one of the first in the Air Force to install a network firewall. I was exposed to the investigative side of security while working on the first court martial of an active duty Air Force member for hacking-related activities.
Shortly after, I was recruited by the Air Force Office of Special Investigations and became a Special Agent running a variety of criminal and counterintelligence cases. One case involved an active duty Air Force member who was being investigated for espionage—Brian Regan. After two years working the computer evidence and analysis for the matter and testifying in federal court, Brian Regan was convicted and sentenced to life in prison. Eventually, I made the decision to leave federal service and joined a small professional services startup, Mandiant. A couple of years later I joined Stroz Friedberg and continued similar work. In late 2016, I was asked to join another professional service startup, The Crypsis Group, as employee 10, this time to lead the company.
At the time, I was looking for my next step in my career, but was leaning toward a much more established company. When I met with the company leadership, it wasn’t long before I was sold. They had already established a name for themselves as being incredibly efficient and hyper-focused on providing value to our clients. I saw this as a great platform that could scale.
Tell us more about the team at Crypsis that you work with? What kind of skills and abilities does one need to be part of your technical team?
Identifying and attracting technically proficient cybersecurity professionals is a continual challenge in the industry. What makes this challenge significantly more difficult is that we could not scale the company and keep our culture intact without an emphasis on hiring only smart and kind people. We hire for attitude and aptitude first, technical knowledge second. If they have the right attitude and aptitude, they can learn what they don’t know at Crypsis.
Our employees need to be open minded and creative in how they solve our clients’ problems.
GDPR was launched in 2018. CCPA came into effect from 1 January 2020. China also introduced the first-ever Password Law. How do you see these developments in the context of modern cyber-threat intelligence?
GDPR, CCPA, and China’s Password Law are all just the beginning of government legislative attempts to regulate cybersecurity. I see these as a bit of a blunt instrument; however, laws have significant repercussions for victims of cybercrime if they do not follow the specific requirements. These sorts of regulations have raised the level of awareness and investment in cybersecurity programs and have resulted in a more educated and secure user base. Cyber-threat intelligence plays a critical role in a mature cybersecurity program: Proper intelligence is needed to evaluate cyber risk.
First, you need to know where your data is, how it is protected, and what specific technologies are supporting this protection. Cyber-threat intelligence can then be used to match up to these technologies and help a company make informed decisions about its risk and mitigation solutions.
I am not sure the industry fully grasps how the collection, aggregation, and analysis of threat intelligence data could present regulatory challenges.
As more and more business groups join the digital transformation revolution, data breach incidents are only going to increase. Which businesses are more likely to fall victim to such risks in the modern digital era?
Our experience at Crypsis is that cyber criminals typically are indiscriminate about whom they attack. As long as attackers feel there is a good chance of profiting from their efforts, any company is fair game.
Large enterprises are often victims because of the large stores of PII and intellectual property they hold; SMBs are victims because their data is monetizable as well, and their defenses are viewed as less robust. Healthcare data can earn high dollar on the black market, and retail data contains payments card information—also highly valuable. There are few types of organizations—private or public-sector—that are immune from the threat of a cyberattack today.
The landscape is ever evolving; for example, recent global political tensions, such as those with Iran, bring a heightened focus on financial and industrial services and critical infrastructure; but differing actors have different aims.
How can such businesses prepare against cyber risks and data breach?
This is a question we get from a lot of our clients. Organizations are becoming more IT complex and struggling to secure more assets. They should work to reduce the attack surface and deploy security best practices and a few “above and beyond” security tools as well. Some well-advised best practices include conducting employee security training, auditing and limiting the use of privileged accounts, integrating multi-factor authentication as a company policy, using strong password policies across administrator accounts, and regularly taking and testing backups, storing off system. Companies should also consider endpoint detection and response technologies so they can detect, stop, and remediate attacks faster.
Is AI and Cybersecurity a safe and controllable confluence to deal with? How can the smaller businesses jump into this whole gig economy of AI+ Cybersecurity?
Many technologies can be both safe and controllable, while also having the potential to be harmful. Specifically with AI, our challenge will be in deciding how much control to give away to automation.
For example, we can gain efficiencies in having AI help us identify cybersecurity threats, however we have to be careful which decisions we allow the algorithms to make based on this data. I could imagine that an AI could decide to shut out users or shut down services that are misidentified as threats or are threats in ways we did not intend. We use AI here to improve efficiency in our analysis process and have yet to see a clash with our ability to leverage the cybersecurity gig economy.
What is your opinion on “Weaponization of AI and Robotic Technologies”? How do you promote your ethical AI ideas in the modern digital economy?
I think it is inevitable that emerging technologies will be weaponized. Many nations have strict governance on the development, distribution, and application of weapon systems.
From an ethical perspective, I do believe that it is important that companies are responsible and take reasonable precautions to prevent their products that leverage AI and robotic technologies from being misused.
Thank you Bret, for chatting with us today!
Bret Padres has more than 25 years of experience in information security, digital forensics, law enforcement, electronic discovery, and counterintelligence. He has worked on some of history’s most notorious retail and state-sponsored data breaches. As a Special Agent in the U.S. Air Force Office of Special Investigations, he was the lead agent on numerous national and international computer intrusion investigations.
Crypsis was built based on a shared vision of creating a more secure digital world by providing the highest quality incident response, risk management, and digital forensic services. Our daily mission is to fight cybercrime. We help and protect our clients by defending against and responding to severe cybersecurity threats. Staying ahead of the rapidly evolving threat landscape requires elite cybersecurity expertise, global response capability, and constant innovation. These competencies comprise our core values. Out of this vision, Crypsis has grown into a national force with offices across the U.S. in Washington D.C., New York, Chicago, Austin, and Los Angeles, and from which our expanding corps of elite cybersecurity experts help and protect organizations worldwide.