Season 2, Episode 10: Transcript

 In Transcript

Season 2, Episode 10 Transcript: Today’s Cyber Security Landscape

Opening

Veanne Smith:      Hello and welcome to Atlanta Business Impact Radio. We’re your hosts, Veanne Smith and Sarah Lodato. We’re excited to have you join us for today’s episode of season two where our theme is growing careers and building businesses.

Sarah Lodato:       Today, we’re going to take a look at IT security which has become a popular topic of discussion.

Veanne:               We’re all aware that some major corporate breaches have occurred over the past few years which has led to heightened IT security.

Sarah:                  It’s a subdivision of the IT industry that’s growing rapidly here in Atlanta, and a subject many companies are taking very seriously. We’re really excited to welcome two IT security experts, Justin [phonetic][00:42] Orca and [phonetic][00:43] Keyaan Williams as our guests today to talk through this industry. So Justin Orca is a strategic account manager for the NCC Group which is an industry leader in risk management.

For the past several years, Justin has worked with Fortune 500 companies to help design, implement and validate IT security systems. He’s helped numerous investment advisors, brokers and dealers navigate the new SCC guidance on cyber security. With these firms, he’s helped apply risk management process to drive process improvements and greater security. Justin’s an advisor to the Gwinnett Tech CIS program, too.

Veanne:               His colleague, Keyaan Williams has dedicated two decades to the information security profession as a leader, educator and mentor. He has experienced developing programs and strategies for critical infrastructure, high security systems, large enterprises and small businesses. Before joining the team at NCC Group, he directed and managed security for two large divisions of the Centers for Disease Control and Prevention. He also trained and certified hundreds of global security leaders and remains active in the security community as a member of several advisory boards.

Sarah:                  Hi, Justin and Keyaan. Welcome to Atlanta Business Impact Radio.

Justin Orca:          Thank you. It’s great to be here.

Keyaan Williams:   It is my pleasure to be here.

Diving Into The Roles in Cyber Security

Veanne:               Well, guys, it’s great to have you here in the studio today. So let’s start out. This is a really high-tech topic. Some of our listeners may not be familiar with the roles within the cyber security industry. So at a high level, I think it’d be great as a starting point if you could describe the different types of positions in your world, and even ranging from entry level to executive. Who wants to start?

Justin:                  So I guess I’ll start this question. Cyber security is such a big space, right? So there’s a lot of different positions that people could pursue, anything from security engineers to developers, programmers. The title of the position doesn’t have to start with cyber security in order for it to have cyber security aspects and responsibilities as part of the role. So for people that are just starting out, looking to get more involved, I would suggest starting at what companies you would like to work for, maybe profile, some of the positions where you fit the qualifications. Certainly, security engineers, security analysts are in high demand right now around Atlanta.

Veanne:               Awesome. Thanks, Justin. Keyaan, anything to add to that?

Keyaan:               Well, I think the best parallel to the information security industry is medicine. So when you look at a hospital or healthcare practitioner, you have people to do all kinds of things. They contribute to the practice. So you have your entry level people, even in triage, that are just coming in and taking vitals, all the way up to the brain surgeon and the cardiothoracic surgeon who are doing the really sexy surgeries.

The fun thing is the security is very similar. You have entry level analyst, you have data processors, you have business executives, you have leaders, you have people to do incident response. So the sky’s the limit in terms of information security and what you can do. The trick as Justin said is just finding where do you fit within that organization, and how can you contribute best according to the scales that you have.

Veanne:               Very good, very good.

Sarah:                  That makes sense.

Veanne:               I appreciate that.

Sarah:                  So it’s a little bit more like just a topic based on your – something you might be interested in as a topic.

Justin:                  I feel like the word cyber security has been a little bit overplayed. Certainly, every marketing person out there is trying to tie their products back to cyber security. So anytime I hear that somebody’s involved in cyber security, I always prod to go a little bit deeper. What is it that you’re doing within cyber security? Are you running certain tools for a business? Are you developing the strategy for the corporation or the enterprise, or are you managing different types of assessments? Security assessments, risk assessments, it all depends and it all varies.

Sarah:                  That makes sense.

Keyaan:               The only thing that I’d add is that security at the deepest level is about protecting the organization’s assets. Everybody in the organization has a responsibility to protect those assets. So whether you’re in human resources or information technology or engineering or legal, everybody has some role that they play for information security or for cyber security as they’re terming it these days, but it’s how you contribute to that role that’s going to define, “Is this part of your career, or is it part of your day-to-day duties?”

Veanne:               I think many large companies today are even tackling this. How do they educate all the employees at all levels within the organization with their role in this important topic of security, right?

The Skills and Education of a Cyber Security Expert

Justin:                  Yeah. I was just going to mention, I bet you if you were to take a poll of anybody working in the field right now, they would say in the last 12 months they probably went through some sort of security awareness training. It’s almost a requirement for all employees nowadays to know what’s out there and how a company could have losses due to things like fishing or social engineering or tailgating in the company’s location.

Sarah:                  I hope that training includes watching hackers –

[laughter]

Sarah:                  …because that’s what I think of when I think cyber security. Cool. So I want to know a little bit more about your backgrounds and how you got into the field. So you’ve talked a little bit about how others might fit in to that mold. How did you guys get there? What advice would you give other folks that are looking to transition into information security, cyber security, whatever you want to call it?

Justin:                  Sure. So I was coming out of graduate school and I was looking for opportunities where I could influence an impact strategy of different companies. I was lucky enough to come across a consulting company where they were advising their clients on issues of security and compliance. It seemed to be a natural fit. The person that was recruiting me at the time just had mentioned how big this cyber security space is.

My graduate degree is in business. Cyber security wasn’t a focus of my business degree, but as this recruiter was explaining what the role was and the impact it has on companies, it was very – it intrigued me a lot. I wanted to get involved in the space. I worked at that company for several years before moving on.

The great thing about cyber security is it’s so cutting edge. It’s changing every day. Every day you’re learning something. Every day you’re creating something new and you’re getting to experience so much in such a small amount of time. There’s a high turnover. I always tell people that what I’ve seen in a year is probably what other people will see in ten years just because there’s so much going on around you.

Sarah:                  That’s awesome.

Justin:                  A lot of firefighting.

[chuckle]

Keyaan:               My story is similar to Justin’s academically from the perspective that my academic background is in business. So as an MBA student, I was working in information technology. I did a regular SWAT analysis and evaluated the landscape and realized that there was one security person for every 100 IT people. So to limit my competition, I developed a strategy – [laughter]

Veanne:               That’s smart.

Keyaan:               …to transition from information technology to information security. As the field has grown, the name has changed. So I started out with information insurance, and then it was information security. Now, it has become cyber security, but everything has always been about how do you protect information and protect the SS of an organization. That transition has been slow, but the benefit of having the IT background and understanding technology that contributed to the information protection was beneficial. Then just having the experience and having good mentorship and growing from the entry level to an executive level over time was a good path to go through.

Justin:                  We even see cyber security transitioning even more. The title of chief information security officer’s a popular one, but now we’re seeing them drop the information part and you’re just a chief security officer because there’s also the physical aspect, not just the cyber aspect.

Justin and Keyaan’s Journey

Sarah:                  Information I guess is an assumption, that all that is going to be encompassed from all areas.

Keyaan:               That’s right. Well, information is everywhere.

Justin:                  That is –

Keyaan:               So it’s not just within the organization, but now it’s in the Cloud. Vendors and business associates have your information.

Veanne:               Devices everywhere.

Sarah:                  Wait, what?

[laughter]

Keyaan:               So the best perspective is to have a comprehensive perspective. If you’re limited to just the information that’s inside the organization, it is limiting. Whereas, where Justin mentioned that you’re dropping the information and just have chief security officers, the chief security officer can evaluate the risks from all perspectives and from all locations.

Veanne:               I like your stories. It’s interesting to hear that you all didn’t come out of college with a security PhD or anything.

Justin:                  That’s right.

Veanne:               You came really more from business. So I’d love to hear what you think are the skill – I talked to young people a lot that are contemplating in the – getting into a security role. They ask me, “Well, how to I break in?” So I love that you’re all here today because sometimes I don’t know that I have the best answers. You’re the experts. What skills do you think specifically have allowed you or would allow others to be successful in the field of security? Is there anything special that you think allows you to be more successful than others? What does it take?

Justin:                  Your reputation and credibility is a lot in this market. I think one of the things that candidates could do to set themselves apart is go out and pursue certain industry certifications. So there’s a lot of good industry groups out there. There’s [phonetic][10:02] ISACA. There’s IIA. There’s ISSA. There’s OWASP. The list goes on and on and on. Going out and pursuing one of those certifications, the benefit is any employer would then know you have a certain base line. A lot of people that are doing hiring within the security space right now, a degree might necessarily not demonstrate your competency or mastery of a certain topic, but some of these certifications are the standard and they are what you need in order to pursue a career in the space.

Keyaan:               I’ll add to what Justin said. I advise people that they focus on the industry that they want to work in because every industry has a different set of standards that define that industry. So if I want to work in healthcare, there are healthcare specific standards and those standards also define some of the certifications and the knowledge, the skills and the capabilities that are expected of information security people.

Choosing the Industry

Veanne:               So would that hold true if I wanted to work in the financial services industry? The certifications there are different than if I’m in the healthcare industry [crosstalk][11:07] when it comes to security?

Keyaan:               Absolutely.

Veanne:               Okay.

Keyaan:               The term certification can apply internally to credentials that you have that certify your ability to perform a certain function or to have a certain level of knowledge. There are also certifications for the organization. So if I’m in financial services, the FFIEC define standards for financial services.

If I want to go into financial services and I know that in advance, it would behoove me to evaluate what defines a financial services industry, so that as a security person working in that industry, I’m competent in what is driving the business and what is defining what they’re doing, and what is influencing their decisions and their approach to things. That is going to be different as you compare manufacturing to financial services to healthcare to e-commerce, and the list goes on and on and on for every industry vertical.

Veanne:               Very helpful, very helpful. So curious. I’m going to guess I know the answer, but are you seeing higher demand in healthcare, financial services, e-commerce, manufacturing, or is it demand all across the board right now?

Keyaan:               Well, the demand varies based on the maturity of the industry.

Veanne:               Good, okay.

Keyaan:               The financial services industry is probably one of the most secure potentially because we’re dealing with billions, trillions of dollars and people don’t want to lose that money. So then they invest significantly in information insurance and cyber security to make sure there are controls in place. The worst case scenario is the case of Bangladesh where the Bangladesh bank hack was facilitated by a $5 router and nobody put any strategy into how are we going to protect our organization.

That weakness in the design and the security strategy facilitated almost a billion dollars’ worth of theft. Whereas other financial services organizations, when you look at what would somebody else in a similar position do that is reasonable, and that’s usually within the context of due care. The Bangladesh bank did not follow any of those principles. A security person should be able to contribute to that by understanding what is the level of due care for the financial services industry. That would be different.

If we look at transportation, people are always talking about the threats to critical infrastructure. So there is a growth opportunity for security people entering into their careers if they want to focus on critical infrastructure because it incorporates the internet of things. People often think about the internet of things from a commercial perspective or a home automation perspective, but it is critical for trains, planes, [crosstalk][13:32] automobiles –

Sarah:                  Planes.Automobiles.

[chuckle]

Keyaan:               …fuel, nuclear power plants, [crosstalk][13:38] all of those.

Sarah:                  That makes sense.

Keyaan:               Telemetry and monitoring systems depend on the internet of things and somebody who has capability and knowledge of information security and cyber security can really write their own ticket and achieve significant success.

Justin:                  When you talk about critical infrastructure, InfraGard is a great group to get involved with here in Atlanta, phenomenal group of people where they’re working to protect all aspects of critical infrastructure which include our healthcare system. Healthcare, certainly there’s a huge demand right now for security professionals because they are re-strategizing how they’re approaching this problem. They’re re-aligning with some of the frameworks that are coming out from regulatory bodies. So I would say healthcare security jobs are definitely peaking right now.

Veanne:               That’s one that gets updated fairly frequently as legislation changes [crosstalk][14:32] and things like that.

Justin:                  That’s right. That’s right. Patient care is extremely important. I would say healthcare and our energy and transportation, those are three areas where cyber security could easily affect loss of life which is everybody’s worst fear.

Keyaan:               Large security events also cause growth in an industry. So Ransomware has been a big deal for the healthcare industry in 2016. There is a correlation between the rise of Ransomware and the number of security people that are working in healthcare. So there’s always a catalyst that causes growth in one industry vertical compared to another.

Financial services has been extremely stable. Healthcare is not very stable and because of Ransomware, it’s causing health service providers in hospitals and other organizations in that industry to consider what are our weaknesses and what do we have to do. I’m not really good at forecasting into the future. I don’t have a [crosstalk][15:25] crystal ball.

Veanne:               You don’t have a crystal ball either?

Keyaan:               No.

[chuckle]

Keyaan:               I’m not a swan. I don’t look good [laughter] in that attire. However –

Veanne:               You look good in that suit though.

Keyaan:               We looked into the future and said hypothetically if a collection of law firms were hit by something significant from a security perspective. Then you will see growth in cyber security for law firms where people are investing heavily now. Every organization has some level of security maturity. I imagine that the maturity and the focus on security in legal organizations would increase if they had a data breach, similar to the increased focus for commercial organizations after Target and Home Depot in 2015, similar to the focus on healthcare after Ransomware in 2016.

Veanne:               We all are every day opening the paper or going to the internet and seeing news about breaches. So in preparation for you all coming, I did some Googling and all that. It was amazing. Then I feel like I hear most of them, but when I did some research, it’s like almost every large retailer, every large – everybody’s been reporting on having a breach. I mean, it’s like nobody’s –

Justin:                  Unfortunately, consumers are starting to get, not tolerant of it, but they’re just a little more hardened and more accepting that nothing is private anymore.

Keyaan:               I think desensitized is the best term –

Veanne:               That’s right.

Keyaan:               …because it’s not as fantastic or – it doesn’t spark all of your senses and cause panic because, “Oh well, there was a breach yesterday.”

Veanne:               There’s another one.

Keyaan:               There will be another one tomorrow.

IT Security: A Rapidly Growing Field

Sarah:                  All right, cool. So I wanted to talk a bit about – we talked a bit about that ratio you mentioned, Keyaan, one security person to every, I think you said 100 IT folks or something I thought. So number of IT positions are clearly growing in Atlanta and all of those verticals I’d say and continues to do so. So does that include cyber security or do you see those types of positions growing with the pace or is that something that typically comes as a standard and then it doesn’t necessarily change? Does that make sense?

Keyaan:               Well, there are two things that influence the answer to the question.

Sarah:                  Sure.

Keyaan:               The first aspect is the concept of a managed system security provider.

Sarah:                  Okay.

Keyaan:               MSSP Use, which is the acronym for that, they are often the third party that provides security services for an organization. So as organizations are reducing their staff, these MSSPs are growing exponentially. So then you have people like Dell SecureWorks who is based in Atlanta where we are. It has a very enormous I think is the simplest way to describe it. They have an enormous staff of people who are working 24 hours a day around the clock, but these are highly technical, highly analytical positions.

So if you were a technical or analytical person, there’s a great opportunity for you to join an MSSP, contribute, learn, grow, and the value of these types of companies is that it offers economy scale for customers. As the employee, it offers perspective and exposure to tens or hundreds or thousands of companies in the different environments. Then it makes you a more comprehensive and more competent security professional.

Sarah:                  That makes sense.

Keyaan:               The other concern is that there’s a concept known as operationalizing security. From a security leadership perspective, it is advantageous for me as a chief information security officer to give to the chief information officer all of the resources including staff, budget, salaries to the CIO so that they can focus on things that are technology-specific and then it allows security people to focus on those things that are uniquely security-oriented like incident response or malware analysis or other things.

So there’s beginning to be a shift where technology is the foundation, but then technology people go either in a purely security direction or purely technology direction. Then the technology direction, what historically was a security job where you managed a firewall is now becoming an IT job because it is just another device in the network.

So from a strategic perspective, people should consider, “What do I want to do when I grow up?” If what I really want to do is security then some of the best advice is to move away from purely technology things because in the future, the purely technology things are going to be handled by IT people, and the purely security things are going to be handled by security people.

Sarah:                  That makes sense.

Justin:                  I don’t think the markets plateaued yet. I think there’s still going to be an increase in the amount of cyber security jobs that are out there. I think we’re going to continue to see more and more people going out and getting specialized educations to go and join the cyber security workforce. Their statistics out there, how many people the federal government needs and what they project up until 2020, and there’s a huge shortage of people right now. So anybody looking to get involved in something new and different, cyber security, IT security is a great place to focus in on.

Sarah:                  It sounds like it could be a really great passion piece, right?

Justin:                  Yeah.

Sarah:                  You can focus on that industry, but move within your career to different verticals or whatever it might be.

What Makes Protecting Digital Data Exciting?

 

Veanne:               So we’ve talked about passion. We’ve talked about what makes it exciting. It’s a growing industry. There are a lot of different industries that you can work in. It helps save lives. Again, for listeners out there who are thinking about getting into it – tell us, coming from you, so what really makes it so exciting for you? What is it that gets you charged up about working in this space beside some of the things you’ve mentioned?

Justin:                  I’d mentioned at the very beginning that it’s like firefighting. I truly mean that. Every day, there’s some unique circumstances that are going on, something different, some sort of new vulnerability that’s out there that has to be fixed. You’re always developing various different strategies or processes or procedures in order to better combat what’s going on out there.

The constant education of this market, there’s no way to possibly stay up to date with everything, but you could try and stay up to date with as much as possible by networking, by being part of the community, by joining some of those associations I mentioned, continuing your education. So I think for me, the thing that really gets me excited when I think about this particular industry is just the amount of change that’s going on. I constantly need change in my life, so it’s perfect for me.

[chuckle]

Sarah:                  I think sometimes some people think about specializing. It’s like, “Okay. This is what I’m doing forever,” but that’s not at all what this means. It’s like you have a passion topic but you can kind of grow within that which I think is awesome.

Veanne:               Every day is a new day, so it’s hard to get bored.

Keyaan:               Actually, I think the passion topic is the best way to describe it because I love security and I love the work, but my contribution and how I deliver that work is completely different from day to day and from month to month. You talked about the number of data breaches that you see in the news. Every day the breach has a different nuance and it’s not the same data breach over and over again, but daily there is a different approach that people have taken to break into an organization where there is a different weakness that facilitated the breach or the attack. So there’s constantly something interesting going on and it’s very difficult to get bored. If you go back to business school –

Justin:                  You’re never bored.

Keyaan:               Well, even going back to business school where Justin and I have our roots, accounting has been the same since the dawn of time [crosstalk][22:46] whether you would –

Veanne:               Uh-oh. I hope there are no accountants listening.

[laughter]

Sarah:                  You just made some enemies.

Keyaan:               Well, there’s nothing bad about accounting, but from an abacus to a calculator, [crosstalk][22:54] you are still counting and you are still auditing and still –

Sarah:                  No, you’re right. Absolutely.

Keyaan:               Specific defined structure, but for security, the technology that we’re using today is completely different than it was not even [crosstalk][23:05] two years ago.

Sarah:                  A year? Yeah, a year ago. It’s those people, literally their life to make it different every single time they [crosstalk][23:12] try to commit an attack or something like that. So you would –

Keyaan:               That’s right. Well, the advancements in technology are great for business, but then they are always causing a change in the nature of security. If we go from mainframe to client server to the Cloud as you transition from environment to environment, the data might be the same and the business function that you’re supporting is the same, but the process and the way the people can compromise that is changing drastically from one environment to the next. That’s what keeps it interesting.

Sarah:                  It’s great.

Ways to Protect Yourself From Data Breaches

Veanne:               All right. I know my next question is not going to be a real simple one and I know we have enough time to answer this in completeness, but for folks out there, everybody’s vulnerable to getting breached, right? So what advice would you have on steps or just what are the five things you would suggest people do to help protect themselves? Maybe it’s higher consulting. I don’t know, but do you have like, “Hey, here are the top things I would share with anybody out there not knowing what to do to protect themselves.”

Keyaan:               Well, since Justin and I work for a consulting firm, I think higher consulting [laughter] is the best answer.

Veanne:               Good, good.

Keyaan:               The consultant is not going to replace your internal resources. The consultant is there to provide outside perspective. I think everybody needs an outside perspective whether it is health and fitness. If I’m in the gym lifting weights, I’m not doing it by myself, just thinking about whatever people think about when they’re lifting weights. What I’m doing is I’m leveraging the perspective of an expert to say, “Hey, you’re doing this wrong, or if you make an adjustment, it’s going to improve the outcome.”

The same concept works for consultants in cyber security. I think that makes it better for everybody because then you’re not limiting your capabilities to just a few people and their perspective. You’re broadening the horizon and bringing more ideas to the table.

Justin:                  On the personal level, the consumer level – I have a lot of friends and family that come to me and say, “Well, what should I be worried about? What can I do differently? How does this impact me personally? Somebody wants to go steal from a bank and steal millions of dollars, but how is that affecting me?” Well, I always tell people hackers are interested in you as the individual. I know plenty of hackers where they’ve committed their research to “How do I hack Bluetooth?”

So think about everything around us right now. You’re most likely streaming plenty of Bluetooth whether it’s from your phone, whether you have locks at home that automatically lock and unlock as you get close to them. I know my car uses Bluetooth to unlock it. So don’t stream your Bluetooth, step one. Step two, don’t sign up for coupons just because it’s five percent off at some point in time.

That database will probably be hacked which means your password, your mother’s maiden name, all that information that you gave them in order to reset your password will be public. If you have a webcam on your computer or on your phone or anything like that, make sure you cover it. People could easily hack [crosstalk][26:05] into your webcam.

Veanne:               Is that real?

Justin:                  It is real.

[chuckle]

Justin:                  It’s out there –

Veanne:               Have at it, people. If you want to see me getting ready for – I’m just kidding.

[laughter]

Justin:                  There is an unbelievable case study out there of electronics reseller, very big name, Box Store, where one of their engineers that would fix machines as companies or customers brought them in, he actually installed some malware that allowed him to watch some of the customer’s webcam feeds remotely. So it’s real. It’s scary. You don’t want it to happen to you.

Veanne:               Now, that is terrifying. I’m just [crosstalk][26:41] joking –

Keyaan:               The thing to take away from this segment and the question that was asked is the answer really lies in two areas. One is cyber hygiene, and so you should be neat and tidy with what you do. Then you should just consider how much you’re exposing yourself. If you don’t need your Bluetooth to be on, turn it off. When I get up in the morning and I am listening to music, I’ll turn Bluetooth on so that I can use the Bluetooth speaker that’s in my house, but when I’m finished I turn it off so that I’m not exposing myself to Bluetooth attacks as I’m moving around in the city.

Veanne:               That’s a really good advice because I’m guessing that most people don’t do that.

Sarah:                  I just turned my Bluetooth off.

Justin:                  There you go. [laughter] See?

Veanne:               That’s [crosstalk][27:20] a great advice.

Justin:                  We have an impact.

Veanne:               I mean, that’s really [crosstalk][27:21] great. I would not have thought about it.

Sarah:                  It really is. We need [crosstalk][27:23] this.

Veanne:               The [crosstalk][27:23] hygiene.

Keyaan:               Then cyber hygiene applies to consumers and to businesses. The responsibility for hygiene is greater for business, but every consumer, every person – I have children and I have been teaching them since they have been touching tablets that cyber hygiene is important and [crosstalk][27:37] you don’t –

Veanne:               Since they were in the stroller. I’ve seen them in mall.

Keyaan:               Well, [crosstalk][27:40] my children are too old to have them in a stroller.

Sarah:                  I know those kids.

[laughter]

Keyaan:               Just the idea that you don’t have to click on every link and you don’t really have to see what’s behind every curtain and consider what curtains are important to you and where you really want to invest your time instead of trying to expose yourself to everything is going to limit the number of things that you expose yourself to form a malicious compromising perspective.

Predicting The Changes in Security Space

Veanne:               Thank you for that. That’s great. So I know you mentioned before you don’t have a crystal ball and I’m disappointed by that. I always like to talk about the future. What changes do you see happening in this security space here in the next five, ten years? Any predictions? Any insight you want to share based on what you’re tackling and firefighting on every day?

Justin:                  I think Keyaan mentioned it earlier, I think one industry vertical that is going to see increased activity is most likely law firms. So my word of advice to any legal professionals is make sure that you talk to your IT teams about what they’re doing to secure information. I think that’s definitely very important. I think over the next five or ten years, we’re going to see the US and other countries start to take a much more aggressive approach to how they handle cyber and cyber espionage and cyber warfare.

I’ve run into a lot of companies where they tell me about their foreign operations and they are amazed at how much espionage is going on from other nation’s states into their businesses and the impact that that’s having on them economically. We see President Obama slowly making some changes, making some mandates, executive orders and such, but I think we’re going to see something on a larger scale in terms of two countries having some sort of cyber conflict.

Keyaan:               I think it’s really going to be about global regulations and how they affect the United States. If you look at the general data protection regulation out of the EU, one of the requirements is that if you are managing EU data improperly, then the EU can fine you four percent of your global revenue.

Veanne:               Wow.

Justin:                  That’s a lot.

Keyaan:               So if I’m a US business and I’m operating in Germany, and I lose data on a German citizen, then Germany is going to send their cyber army to me and say, “Hey, I want –”

Veanne:               Give me my four percent?

Keyaan:               I want my four percent of your global revenue.

Veanne:               Wow.

Keyaan:               It’s gross revenue, not net revenue.

Veanne:               Wow.

Keyaan:               So that could be significant. I think that is going to influence the nature of business and the way that people invest in security and protections, and how they segregate their data. Potentially, it’s going to cause a growth because the way that people are interpreting some of these global regulations is that you have to geo-locate your data in the country where the resident exists.

So if I’m a multinational business that has operations in 180 countries, that means I’m going to have 180 data centers which means I’m going to need people to run those data centers and protect those data centers everywhere we have a presence. Not everybody has 180 offices around the world. You could think about your average multinational company has at least five offices globally.

So if we just look at the United States, a few countries in Europe and maybe Australia, then I have to have a data center in all of those places and all of those places are going to need security people. As a great growth opportunity again, there’s cyber security because the number of people is going to be vast in response to the regulations that are being written and implemented and put into force.

Sarah:                  I didn’t think that I would be as engaged in this conversation.

[laughter]

Sarah:                  I’m a little terrified going home today. No, seriously, I think it’s one of those topics that even as a business, it’s something you hear about. You Googled is this morning via – hugely important to the success of our company as in in our economy, honestly. So, [crosstalk][31:30] thank you.

Veanne:               Lots of takeaway nuggets. You guys are great.

Sarah:                  You guys, seriously.

Veanne:               So I really think you offered some great advice. I know you wove an advice for hygiene for the consumer, so really well done. So we appreciate that.

Sarah:                  So just so I can sleep at night, real quick, I’m going to change the subject. This is like after you watch a scary movie, you watch something funny for a second. I want to know what you guys do outside of work. Are you actually fighting crime when you leave work?

[laughter]

Sarah:                  What’s your favorite restaurant in Atlanta? What do you guys like to eat?

Justin:                  I’m a big advocate of outside the perimeters. So me personally, I love Smokejack up in Alpharetta.

Sarah:                  All right. Cool.

Justin:                  Wonderful, [crosstalk][35:05] wonderful barbecue.

Veanne:               Are they too? Very nice, nice shout-out. One of our favorites.

Justin:                  GC up in, I want to say there Milton or Roswell, although I think they have a location down here in Atlanta as well.

Sarah:                  Nice.

Justin:                  It’s all about the southern barbecue. I actually –

Sarah:                  I love barbecue.

Justin:                  …moved a year ago from New York down to Atlanta. So I’m still in that honeymoon phase with Atlanta food and it’s wonderful.

Sarah:                  Atlanta has awesome food.

Veanne:               We’re trying to keep up in New York.

Justin:                  There you go.

Veanne:               We don’t get too bad.

Justin:                  I love Ponce Market. Ponce is unbelievable over there.

Keyaan:               I was born in Italy, so I have an affinity for pizza.

[chuckle]

Sarah:                  Nice.

Keyaan:               I live 30 minutes south of the airport. I will still drive into the city just to go to Cameli’s.

Veanne:               Cameli’s.

Keyaan:               It is [crosstalk][32:42] great, great pizza.

Sarah:                  Cameli’s a monster slice, man. You got to –

[chuckle]

Sarah:                  That’s awesome.

Keyaan:               My youngest daughter loves the baby monster slice.

Sarah:                  Nice.

Keyaan:               It is the coolest thing and it is worth a drive into Atlanta for some great pizza at Cameli’s. Then I love sushi.

Sarah:                  Okay.

Keyaan:               There are some great sushi restaurants all over the city.

Sarah:                  There are.

Veanne:               Awesome, cool. Awesome.

Contact Justin and Keyaan

Sarah:                  Thank you for sharing that. So if our listeners would like to reach out to you, where can they go to get more information or what you’re doing professionally?

Justin:                  I think both Keyaan and I were open networkers, so the first destination I would say is both of our LinkedIn pages. Feel free to connect with either one of us. If there’s anywhere where we could lend some of our expertise, just reach out. I think we have our email addresses out there. Keyaan goes all over the place, speaks.

Me personally, I’m getting more and more involved with the community down here in Atlanta like I was up in New York. So just reach out via social medium. If you want more information on some of the work that we’re doing out there in the field, we work for a company called the NCC Group. You could go to our website at nccgroup.trust and learn more about our business and what we do and how we’re impacting cyber space today.

Keyaan:               The only thing I’ll add to that is personally, I do a lot of education. So we talked about food, but outside of working with clients directly, I do a lot of community service. So for the –

Sarah:                  Awesome.

Keyaan:               …Information System Security Association. I go to all the colleges in the area and talk to students. So I had a great privilege of talking to the incoming graduate students at Georgia State for their MBA program.

Sarah:                  Cool.

Keyaan:               I’d do it for universities, for high schools, for elementary schools. Everybody can learn about security and I’m happy to share that message.

Sarah:                  Very cool.

 

Closing

Veanne:               Very nice, guys. Thanks both for coming and investing two people’s time to come and meet with us today. I really think it was awesome material, very helpful. We’re going to have a lot of positive feedback from this. So thanks for coming in and joining us today here on Atlanta Business Impact Radio.

Justin:                  Thank you.

Sarah:                  The Atlanta Business Impact Radio is a project developed by SOLTECH, a software consultancy located in Atlanta, Georgia. Our host, Veanne Smith, co-founded the firm 18 years ago with her husband Tim Smith. Together, they strive to bring education to the community about technology leaders to improve the path to innovation for all.

For more information about the podcast and to learn about the work we do at SOLTECH, visit Soltech.net or find episodes of the podcast on iTunes. Also, if you’re interested in joining us as a guest for an upcoming show, send us an email at info@soltech.net. Thanks for listening. Stay tuned for more insight into the tech community on our next episode.

Recent Posts