For our latest specialist interview in our series speaking to technology leaders from around the world, we’ve welcomed Charles Denyer. Charles is an Austin-based cybersecurity and national security expert who has worked with hundreds of US and international organizations.
He is a founding member and senior partner in two consulting and compliance firms. He consults regularly with top political and business leaders throughout the world, including former vice presidents of the United States, White House chiefs of staff, secretaries of state, ambassadors, high-ranking intelligence officials and CEOs.
He is also an established author, with forthcoming biographies of three former US vice presidents: Dick Cheney, Al Gore, and Dan Quayle. In early 2022, Denyer will publish “Blindsided,” an in-depth examination of today’s growing challenges and cyberattacks, data breaches and terrorism.
Tell us about the business you represent, what is their vision & goals?
I'm a founding partner of two globally recognized professional services firms focusing on national security, cybersecurity, data privacy, and regulatory compliance. The vision and goals of my companies are quite simple and straightforward - Help organizations charter the complex waters of today's emerging security threats by offering world-class services and resources to our clients across the globe.
What inspires and energizes you within your work?
Great question. I want to do all I can to protect organizations from emerging threats - primarily in cybersecurity - and that means working tirelessly each and every day, doing all I can to ensure this goal is met. Protecting organizations from hackers, ransomware, insider threats - you name it - that's what inspires me because it means I'm making a true difference.
Can you share a little bit about yourself and how you got into cybersecurity?
I was just outside the grounds of the Pentagon when the September 11, 2001, attacks unfolded. Seeing a commercial airliner hit America’s nerve centre in terms of our military apparatus really shook me. I wanted to help ensure this never happened again. How did we fail on intelligence? How could we have done a better job in detecting such attacks? This led me down the road to a career in national security, with a significant focus on cybersecurity. Fast-forward two decades later, and I've worked on countless projects deemed vital to America's national security - and cybersecurity - interests.
When we were first struck by the pandemic, we saw reports of an increase in cybercriminals phishing through Covid-19-themed scams and attachments. Are these pandemic-themed cybercrimes still happening?
Unfortunately, yes, they are still happening. If a criminal has a will, there is a way, in the world of cyber. Interestingly, many of these scams and hacking activities are being done - and are highly successful - for one big reason - people are working from home, which is creating huge security issues that organizations are failing to address. From insecure connections being used for accessing corporate data to weak or completely missing guidelines on remote working, the vulnerabilities are huge, and hackers and online scammers know this.
__As there has been such a surge in working from home, this has created concerns for cybersecurity professionals, exposing businesses to many threats. What preventive measures would you recommend a business takes to fill those gaps? __
Three essential practices must be always employed when it comes to remote working. Number one, two-factor authentication must be invoked when connecting to the corporate network. It's a simple process that most I.T. personnel can quickly implement, so there's no excuse for not having it. Second, organizations need to have well-written, enforceable, and comprehensive telecommuting and remote access rights policies and procedures.
Employees need to know what is considered acceptable and unacceptable behaviour regarding remote work and accessing sensitive data while online. Third, because of the security issues with remote work and telecommuting, employees need to stay abreast of emerging security threats, and that means regularly scheduled security awareness training needs to be undertaken. These top three items should not be optional, not up for debate - every organization should employ them and do it immediately.
__What advice would you give to someone wishing to start their career in cybersecurity? __
Get on-the-job training and worry about certification later. Take any type of job you can at first that exposes you to cybersecurity, and you'll have a career path second to none. There are millions of I.T. and cyber jobs that are going unfilled because of a lack of candidates, so now's the time to build an exciting career with a trajectory that is only going up.
__What are some misconceptions that you believe businesses have about cybersecurity? __
That implementing cybersecurity best practices is expensive, time-consuming, and will "break the bank" of the organization. These are false misconceptions, and only adding fuel to the fire for the hackers who want to continue to attack companies as they know that weak cyber controls are in place.
Look, many of the basic blocking and tackling of cybersecurity is really quite inexpensive and easy to do. Build sound policies, undertake security awareness training, use two-factor authentication, have an incident response plan in place – these are all measures that are relatively straightforward to implement.
__Does your organization use log and metrics data to improve and secure your systems? How do you find managing logs assists your day-to-day work? __
Yes, implementing and reviewing such metrics is a critical element of keeping our consulting practices - and our client's systems - safe and secure. The process can be time-consuming, to say the least, so it's important to find that balance, which is one of the key factors we discuss when working with clients.
You must take a risk-based approach to cybersecurity, measuring what's important, what's not, and then monitoring accordingly.
__Are there any books, blogs, or other resources that you highly recommend? __
Yes! my book, "Blindsided" will debut in Q2 of 2022. It covers a wide range of national security and cybersecurity issues.
Would you like to share any cybersecurity forecasts or predictions of your own with our readers?
While the hackers will continue to see success, the good news is that next-generation security tools are fast coming to market, giving organizations an arsenal of defence mechanisms to protect their systems.
But more important than anything, and something I mentioned earlier, basic cyber hygiene and best practices don’t have to "break the bank", and organizations, now more than ever, need to find that viable path regarding cybersecurity.
If you enjoyed this article then why not check out our post on the best free and open source SIEM tools?