Staying to the Left of the Boom

View This Article in BOSS Magazine

Presidio is building the digital future—and that means keeping enterprises secure and ahead of cybersecurity threats.

“The days of protecting against script-kiddies and dark hoods are behind us. Today hacking is a profitable business complete with robust capabilities and fully organized departments. It’s not if you’ll be hacked, but when. Evaluating your risk posture ahead of an attack can be the difference between your business being open or closed.” As a Cybersecurity Practice Lead for Presidio, Dave Trader knows whereof he speaks.

In his role for the New York-based IT solutions provider, Trader is on the front lines, bringing Presidio’s deep knowledge bench to bear on their clientele’s most challenging security issues. Nearly 7,000 middle market, enterprise, and government customers trust Presidio to lead them through digital transformations with a range of infrastructure, business analytics, cloud, security, and emerging technologies such as edge and endpoint computing, AI, IoT, and blockchain solutions.

Dave Trader

With over 60 offices across the US and a staff of 2,800 IT professionals, Presidio offers a full life cycle model of professional, managed, and support services that includes strategy, consulting, implementation, and design. We recently spoke with Trader about the critical components of Presidio’s cybersecurity practice, what clients are looking for, and what’s on the cybersecurity horizon.

For cybersecurity, Presidio’s five pillars are strategy, architecture, implementation, operations, and assessment. “Each pillar has different services and products that we can bring forward,” he explained. “Under strategy, we can adapt to any particular framework around NIST or ISO or governance risk and compliance, and we can go into organizations and help them identify what framework they should have. I like to meet the customer wherever they are on their journey.”

When it comes to architecture, the second pillar, Presidio examines the client’s security architecture from a best practice perspective. “Here we'll take a look at whatever they're using for identity access management or public key infrastructure security, making sure their certificates are all well balanced, in place and firing properly; to segmentation, firewall analysis, and device hardening all under the architecture assessment.”

The third pillar is implementation. “We can help secure networks. We provide resources from a professional services standpoint to help harden those networks or work on network segmentation and secure configurations. We focus on every aspect inside the enterprise, from data center to cloud, and a lot of the security controls we’re looking for revolve around identity access management and privileged account management just to name a few. The overall security operations center is baked into that third pillar.”

On the operations side, Presidio makes sure systems are up and running properly, and if not, they apply solutions to rectify the situation. “One of the things that we do is based on threat modeling. We believe in a continuous improvement model and that falls under operations. Another valuable operations service we provide is event triage or critical incident response. We specialize in critical incident response and I'm part of our national critical incident response team,” he noted.

“The last pillar that we have is assessment services. This is where you'll find some baseline security assessments, such as penetration testing, and more advanced assessments such as red-team assessments.” Using build-attack-defend methodologies, Presidio uses real-world threat scenarios to help clients understand where attacks may come from, and what preventative measures are needed.

Being left of ‘boom’ is always best

Trader, a former Marine and graduate of the FBI’s prestigious CISO Academy, joined Presidio in 2018 to help build their cybersec practice. “I wanted to join a company where I could make the most impact without assigning homework to the customer. I wanted to have options to offer the customer for subject matter expertise no matter the appliance, technology, or methodology. A cyber only boutique company doesn’t have the ability to get into the entire stack, so they have to assign homework to follow up on later. I knew joining Presidio meant I could help at every step both left and right of boom.”

According to Accenture, cyber basics are improving and direct attacks are down, but indirect attacks on weak links in supply chains make up 40% of security breaches. Furthermore, 69% of executives they surveyed bemoaned the unsustainable costs of staying ahead of hackers. “One of the things that I see from customers is underestimating what they have in their environment that would be attractive to hackers,” Trader explained.

“I see hesitation quite a bit in organizations because they say, ‘We're not big enough for hackers to care about. We don't have anything hackers would want.’ They underestimate what they have in the environment from a personally identifiable information perspective. That can be as simple as your employees’ personnel data. For some customers, just because of their sheer size, hackers are going to want to see what’s being done around security. In addition, most hacking organizations will seize the opportunity to compromise your environment if they can escalate into an additional environment you support in any way.

The lightning bolt of “we didn’t think this would happen to us” strikes too frequently for Trader’s taste. “It’s concerning, and we deal with that every day,” he mused. The boom—the nexus of a cyber attack—has two sides: the left, which is where developing strategies to prevent cyber attacks takes place, and the right, the aftermath where recovery efforts are made. “I pull that directly from how the FBI tracks large scale investigations. Coming from the FBI CISO Academy, I evaluate everything left of boom and I enjoy having conversations on the preventative side and being proactive. But more often than not I’m on the opposite side of boom and I’m reactive and trying to recover things that are lost.

“More and more organizations are coming to the unfortunate realization that when we say information can be lost, it’s really gone. This can have a significant impact on the business. I’ve seen it, but we have solutions we can bring forward to mitigate the impact. What I try to evangelize is an ounce of prevention will cost you so much less compared to the reactive measures associated with a breach. For most that’s a tricky balancing act, but it’s what I see day-in and day-out.”

In cybersecurity, it is an uncomfortable truth that an organization can do everything according to best practice and still fall victim to incursions. “I don’t know any CISO that would say they cannot be hacked. There are controls you can put in place to stop 99% of attacks,” Trader said. “The frustration comes in because we can’t give anybody a 100% guarantee. We can implement the best solutions and methodologies available for cyber today, we can bring all the top performing tools, partners, and services to bear and we still can't give a guarantee that says this cannot be compromised. That's frustrating the entire industry right now.”

Since his turn at the FBI CISO Academy, Trader has kept close ties to the agency. Because roughly 80% of this country’s critical infrastructure is privately held, the agency’s cyber investigators can’t simply identify a vulnerability and show up on a corporation’s doorstep to fix it. Instead, Trader said, the agency partners with cyber professionals across the country. They said, “Cybersecurity executives and professionals are an integral part of our fight to protect American business. The cyber problem is so large that we need all the help we can get; including the private sector. We have to have your partnership, or we can't be successful protecting our country.” Trader said, “I’m a Marine. Point me to the fight and I’m in.”

Connecting customers with local agents before the unthinkable occurs is the goal. “Hopefully, I've had conversations leading up to boom and I’ve made those introductions ahead of time. Trying to facilitate introductions in the wake of a breach can be stressful. Obviously there's a priority and order of operations the FBI has to maintain, but if you build those relationships into your Security Operations playbook, you don’t have to pick up the phone and dial 911. You say, ‘I know that I’m going to work with this agent, and if we have to report a crime, here’s how I do that.’ I am encouraging those relationships ahead of time,” he said.

Taking a full stack, whole of business approach to cyber

Presidio’s roster of key partners is an enviable collection of A-listers, from Palo Alto, Cisco, AWS, and Microsoft, to Fortinet, Critical Start, and Cybereason Technologies. When it comes to selecting tech providers, Trader looks for scalability and superior product support. “On the backside of a selection, a lot of people are now getting into the managed service space along with the product. Professional services typically accompany a solution, but because of the massive scale that we're seeing, everyone needs the ability to leverage managed services along with a high performance product.” Apart from making a great product, support, responsiveness, and white glove service will separate a potential partner from the pack.

When it comes to firewall security for edge computing, Palo Alto and Cisco are two of Presidio’s go-tos. “The edge is vitally important, but most attacks we see today are not coming through the perimeter. That is why endpoint is front and center these days.” Endpoint refers to desktops, laptops, and mobile devices that make for convenient entry points for cyberattacks. “We're going to see the endpoint shift into the driver's seat in terms of the way we are managing and mitigating some key threats, but we can’t lose focus at the edge because hacking organizations advance and adapt their techniques. We need a wholistic and comprehensive approach across technology platforms,” he noted.

“There are companies out there that only specialize in cyber or just focus specifically on security that can make solid recommendations, but they can't bring in their own resources or technical expertise for data center, cloud, for network in addition to security to maintain a wholistic approach.

“When you have the ability to go into every single aspect of technology, everywhere that a CISO needs to go—everywhere the CIO needs you to go—there's a strategic expertise and a trusted advisor role that comes along with that because you're basically helping to shoulder the responsibility of the CIO or CISO. You're leaning in and saying, ‘Let me help you lift this and let me help you deliver this because we know you have overarching concerns for every single area of the business.’ We want to be a force multiplier for you and introduce our cross-platform subject matter expertise for you to have at your disposal.

“We also provide virtual CISO services for organizations that don't have a CISO or would like a partnered approach. Some organizations that do have a CISO would like an extra set of eyes. There are some organizations who have been breached or had an issue and they have a gap, and we will bring a vCISO forward and have them assist in that environment in getting them where they would like to be. That's the type of partner that you want to have. It's not a single solution, but a whole of business approach, and that speaks to transformation; which is what Presidio is all about.”