Please tell us a bit about yourself, your background, and your journey of becoming the CISO of UST and CEO of CyberProof
I grew up in Atlanta, Georgia. It’s in the Southeastern U.S., which is an area famous for its warmth and Southern hospitality. In my childhood and early adulthood, it had a distinct culture. The values of the South at that time were about being warm and welcoming, with an emphasis on treating each person fairly. These things are deeply engrained in my personality.
I studied aerospace engineering at the Georgia Institute of Technology. Early in my career, I worked for Boeing and Rolls-Royce, Inc., focusing on conceptual design and optimized propulsion systems for next-generation aircraft.
I moved out to California in 1987 and I got an MBA from the University of California, Irvine. After completing my MBA, I co-founded and was the CTO at huddle247.com, rated by PC Magazine as one of the top virtual workspace solutions in 2000.
In 2000 I joined UST, and I’ve never looked back.
What is the story around CyberProof becoming a UST company and how is this special unit serving UST’s global customers?
I held the position of Chief Information Officer for several years. At the time, at UST we were highly focused on helping customers become more digital organizations. UST was supporting large enterprises undergoing the process of digital transformation. The key question suddenly became: How can we best help our clients with this transitional process?
As part of our strategy, we realized cybersecurity was going to be an important aspect of digital transformation for our customers, and we wanted to assist them with that process. We decided to spin off cybersecurity capabilities, and thus – CyberProof was born. The decision to create a separate cybersecurity company developed because cybersecurity is somewhat independent of other IT services. Moreover, enterprises were looking for a startup – for an organization that was disruptive. From our perspective, we were interested in impacting how people look at cybersecurity and we felt that to do that, we should be independent.
What are the top 3 cyber risks that your customers face nowadays?
Now that everything is connected and organizations are migrating large quantities of data to the cloud, new and increasingly sophisticated attacks – from ransomware to malware, phishing emails, denial-of-service attacks, and more – are threatening businesses every day. The potential attack surface is much greater. As the number of connected devices continues to grow exponentially, businesses are increasingly vulnerable.
The targets are potentially more deadly with the possibility of attacks on pipelines and physical infrastructures. In the future, there are likely going to be attacks on self-driving vehicles. These are completely new situations. They involve new vulnerabilities, new ways of attacking countries, for example – and completely different attack scenarios. There is real cause for concern because these types of attacks have the potential to hurt people.
Human error is the cause of many large-scale breaches. Hackers commonly use social engineering, leveraging psychological manipulation to trick people into making security mistakes or giving away sensitive information. Establishing an employee training program that provides ongoing training for the team is a good way to reduce this type of risk.
What do you love about your team?
I enjoy watching people make fundamental shifts in how they think about a problem. This happens all the time at CyberProof. Our team of bright, clear-thinking professionals continuously think out of the box to come up with innovative approaches. In the fast-changing field of cybersecurity, this is essential.
On a more personal note, if you weren’t a CISO, what would you be doing?
I spent much of my career as an aerospace engineer. It’s a field that’s always been appealing to me because it’s so focused on critical thinking and problem solving. In certain ways, the skills you need working with next-generation aircraft are many of the same skills you need to take cybersecurity to the next level.
