Noam’s Professional Expertise:
Cyber Domain: Strategic and operational issues, doctrine development.
Specialization in Content Management of the following:
- Expertise in cyber defense.
- Management, command, direction and training of diverse work staff.
- Direction of technological disciplines in select organizations.
- Initiation and execution of multidisciplinary projects at the cutting edge of cyber technology.
- Experience in issues of: planning, budgeting, prioritization, marketing and management control.
Noam’s Work Experience:
- 2018 – Present: IAI/ELTA – Cyber Division Chief Strategy officer (CSO)
- 2016 – 2018: Head of Intelligence and assessment Division in Strategy and Policy Division in National Cyber Directorate in Prime Minister’s Office
- 2013 – 2016: Head of Intelligence branch in National Cyber Directorate in Prime Minister’s Office
- 2004-2012: Leading and participating in various Cyber-Focused Projects
If I gave you an extra dollar, how would you spend it on cybersecurity?
In my opinion, the cyber security mission or as I prefer to call it, cyber defense, is not a question of an extra dollar or of a magic/fancy box.
From the question it is possible to get the wrong impression that the dilemma and the challenges of cyber threats can be solved by the investment of money.
As I see it, dealing with cyber threats in an efficient way requires a combined effort, and needless to say, a Sisyphean and continuous one.
This effort should involve different critical pillars like:
- Base-line security.
- Awareness and education.
- Information sharing.
- Threat analysis.
- Control and decision making.
Each one of these pillars is critical for the existence of a robust and resilient eco-system (at the organization level and above).
And still, if I need to identify the most critical pillar, I should say it is the human resource and therefore I would invest at least some of my “first dollars” in education, training and awareness.
How important is it to have the CEO thinking that security matters?
From my own experience, and also from a lot of meetings and conversations with customers and colleagues about the challenges, and their specific needs (technology, financial, operational, human resources etc.) it is obvious to me that the most important person in the organization from the cyber security and defense aspects is the CEO.
The older approach that cyber security is only the responsibility of the IT team or the security officer is not relevant any more, and in my personal opinion never was.
The only way, in my opinion, to achieve the required level of cyber security and defense is by a combined and continuous all-organization effort.
Therefore, the CEO is the “focal point” of the organization. On one hand the CEO is the entity which is responsible (according to different laws and regulations), together with the board, for the cyber security of the company or organization (with the help of the CISO of course), and on the other hand he or she is the person who is responsible for the cooperation of all levels of the organization with the different requirements set by the cyber security and defense team, led by the CISO, and accepted by the board.
In an information technology environment where personnel are taking on increasingly complex responsibilities, what do you think is the role of cybersecurity awareness training?
As I have mentioned earlier, one of the most problematic factors in the organization from the cyber security angle is, of course, the human factor.
A simple check of the major cyber incidents in the last few years proves it without any doubt. Most of the events occurred because of problematic behavior and lack of awareness on the part of a worker within the organization.
Therefore, we in IAI/Elta recognize awareness training and education as one of the most important pillars of the cyber security and defense solutions that we offer.
Another very important characteristic of the required awareness training is the need for it to be constant, daily, dynamic and suitable for the needs and the abilities of the different levels of workers in the organization, in order to keep up to date and relevant with the evolving demands and threats that the organization faces.
What are the biggest challenges you face in the year ahead?
- In a dynamic and evolving domain like Cyber, the idea of giving a forecast about the coming challenges is, in my opinion, a little problematic.
- And still, by analyzing the major cyber events over the last few years together with the major technological trends and developments, in my opinion we can recognize a few major cyber trends:
1) The cyber domain becomes a war domain, and maybe even a war zone, alongside the “traditional” domains. We can identify consistent efforts by most of the players, and especially by the major ones, for militarization and weaponizing of the domain.
2) At the strategic level we can identify a few major trends:
- Increase in state and super power level threats.
- Increase in the number and level of cyber threats for the financial establishment and sector.
- Increase in the number and level of cyber threats against MCS and OT systems and especially critical information systems.
- Increase in the number and level of CNI (Computer Network Influence) type attacks against political, economic and social (soft) targets.
3) In the technological and operational aspects, in my opinion, the main challenges are going to be an increase in the use and adaptation of new technology and operational capabilities by the aggressors. Such as:
- The use of the connectivity abilities built-in to IOT systems for gaining accessibility.
- A new, much more lethal, generation of ransomware technology and tools.
- An increase in the efficiency, accessibility and lethality of “attach as a service”.
Balance between innovation and cybersecurity – How can CISOs balance security and innovation?
In my opinion, this is one of the most interesting challenges that CISOs need to deal with.
There is a built-in tension in the definition of the task of the CISO between the “secure and defend” mission on the one hand and the need not to harm or damage the work and the productivity and the efficiency of the organization on the other.
According to my experience, the best tool to coordinate the work of the CISO and to balance between the different needs of the organization, like the tension between security and innovation, is an advanced organizational strategy that refers to such incidents and tries in advance to solve such tensions and problems.
How important is information sharing among financial institutions to keep them abreast of new threats and cybersecurity best practices?
From our experience in different projects, information sharing is one of the main pillars of advanced cyber security and defense.
This pillar is actually critical for the establishment of an operational cyber defense eco system.
I would like to emphasize that information sharing is needed not only for the financial sector, but also for all the other sectors and even at the national level.
But still, the financial sector provides us with a large number of examples for the importance of information sharing. One of them is the attacks by the “Lazarus group” against banks all over the world. This group tend to use the same or very similar tools for its attacks, and a simple check discovers that in the events in which information was shared the banks that used the available information succeeded in protecting themselves, while in the events in which no information was shared and more frequently, some of the banks failed to use the available information, the aggressors managed to do real damage and to steal a lot of money.
We have to remember that the importance of information sharing is not only with the “outside environment” of the organization, but also within the different divisions and units of the organization itself.
We also need to bear in mind the unique characteristics of information sharing, for example the need to keep the anonymity of the users in some events, in order not to jeopardize their reputation and therefore their willingness to share and support the eco system.
The cyber age and domain are a combination of opportunities and challenges. In order to utilize and to enjoy the opportunities it is necessary to develop efficient and advanced cyber security and defense abilities in the organizations, sectors and national level institutions.
Without the proper tools, abilities and defense solutions the cyber threat is a real risk to the interests, stability, economy and reputation of an organization or a state.
An effective and advanced cyber solution requires a collaborative approach and cooperation between the different stake holders, together with a resilience focused capacity building effort (combination of technology and human resources) and tailor-made solutions.
The key player in this effort to create an efficient and safe cyber eco-system is the CISO, who is the professional element in the organization, the advisor and the “right hand” of the CEO in the journey towards a cyber safe and secure organization.