Cybersecurity Leaders – Shimri Vachter
Mr. Shimri Vachter is the Global Business Development Lead of the Dell Technologies Cyber Solutions Group, a global group within the Dell Technologies family of businesses, developing advanced cyber solutions for corporate and governmental customers. In his academic capacity, Mr. Vachter holds a Management Master of Science, with a Thesis focused on Strategic People Management, and the way to raise their self-efficacy as a Situational Executive manager.
An expert on cyber defense in large organizations, as well as at the national level, Mr. Vachter has previously had more than 12 years’ experience within several leading technology Conglomerates. Mr. Vachter has vast experience with Executive Sales Management, WW Channel Management, Go-To-Market Strategic Planning, and National & Enterprise Cyber Architecture planning, design and execution. In Addition, He holds a BA in Psychology from the Ben-Gurion University, and an MSc. from Tel Aviv University.
What is your overall approach to information security?
I believe the most important asset a company has today is its information regarding its employees, affiliates and customers. As such, each company, governmental agency, and NGO’s needs to monitor proactively it is being used appropriately by local and international lows, and defend it as if it was the most precious Gem. More than that, raise its employees and affiliates awareness regarding cyber vulnerabilities and the way to lower the exposure to such events happening. Last, but not least, create a chain of trust by leveraging the combination of agile cyber processes, methodologies and the right use of combined internal and external cyber resources.
How can security executives get that ‘buy-in’ from the top?
As a person who gets involved at a strategic, decision level discussions on a daily basis, I would recommend security executives approach the board and senior management with a BRT approach – meaning, Business Resiliency & Trust approach. Security executives should leverage their knowledge and experience, and move the discussion into the area of focusing on a long term strategy which proactively involves cyber resilient business processes, and thus create loyal affiliates and customers that TRUST us no matter what happens, even in the face of Zero day attacks. Since they will know our business constantly and strategically, build our cyber long-term resilience approach. It is an approach that should be stated and stressed by the CEO and the Board members continuously at events, media and the company’s vision.
What soft skills can help security executives collaborate better?
An extremely important trait today for CISOs and CIOs would be their inter-personal communication skills. Since much of the Cyber attacking surface landscape is based on social engineering, many of the tools an attacker uses are based on the weaker soft spot of the human function. Senior security executives should create more than just awareness programs. They should create an open atmosphere within their organizations, for the ordinary employee, management, and contractors, to consult, be educated, and learn as much as possible about the threats.
Just a week ago I got a phone call from one of our marketing team employees, who consulted with me regarding an alert she has gotten on her business laptop for a suspicious site which she has created and hosted on an outside service, and for the same site on a different browser on her personal laptop it was considered an OK site. I immediately advised her not to enter the site, prior to a deeper inspection of the rules, tools, and procedure for her and for the hosting site she is using, to make sure it is fine.
In order to create such an open atmosphere of trust with the CIO and CISO’s team, one needs to make sure of great inter-personal skills of oneself and one’s team, in order to make sure that most uncertainties employees encounter will be taken care of prior to being hit by the malware.
Security and IT professionals are bombarded with news about cybersecurity issues. How can they filter out the noise and determine what issues really matter to them?
There is no actual way that one or even 20 security professionals will be able to digest the enormous amount of daily changes within the cyber threat landscape. A Clark school study at the University of Maryland is one of the first to quantify near-constant rate of hacker attacks of computers with internet access – every 39 Seconds on average!
In order to reduce the noise and filter the truly urgent issues, CIOs need to prepare their yearly budget into a combination of hiring top-notch experienced cyber managers, and moving their organizations into SASE ( i.e. Secure Access Service Edge ), with most of the budget being allocated to highly professional cloud cyber services. The reason for that is that a worldwide cyber services provider will always get the possibility to gather, deal with and mitigate far more variety of events, than your local cyber team.
Another important reason is that with the movement towards the G5 communication generation, the huge amount of data created and connected at the edge needs to be correlated with a real-time cyber security service at the edge.
This in turn, will allow a near-real-time cyber proactive response, and an enormous hardware and software cost reduction, with a much higher capability to provide qualitative BRT (Business Resilience and Trust) to your board.
How can CISOs balance security and innovation?
These days, and the foreseeable future we need to be faster, more innovative, and release products and services to the market as soon as possible, in order not to stay behind our competitors and changes in our markets. Due to this, software developers during the last few years are more and more using containers environment, which allows them to publish the code quickly and more efficiently. That itself creates a new cyber threat to our organizations, thus exposing us much more to vulnerabilities already from the code development phase, which allows the attackers to get a much deeper level of breach whenever one occurs.
In order to mitigate these issues, the cyber proactive defense vendors, has added a focus on containers embedded security tools, that allows the organization to remain agile with the products development life cycle, alongside adding the needed security level. That makes CISOs BRT enablers! The CISO needs to be a vital part of the product development phase, and be the one which assists the creation of an innovative development environment, and thus enables business resiliency and trust to the board, by being the one allowing the business to grow with innovative cyber solutions.
How might we address the perception of cybersecurity holding back the business?
We as Cyber leaders need to focus on business processes as the enablers of it. We need to connect with the business line senior managers on a constant basis, making sure they have our trust, and that way allow them to make us and our teams a part of the business process. That way the organization will be secured by design and aligned to the security needs of its products.
It is important to stress that a key issue within this area is the capability to take responsibility and manage your Risks accordingly as a CISO and a CIO, and deliver that concept to the board regarding the risks, the capabilities of mitigating them, and the exposure level when not doing as needed, in a way that is speaking the board’s language, and creating their trust of the security executives as business enablers.