CIO Influence Interview with Jeremy Ventura, Director, Security Strategy, Field CISO at ThreatX

“API monitoring platforms enable companies to gain visibility into the APIs and applications, while using the insights to protect and secure their data against common attacks.”

Hi, Jeremy. Welcome to our Interview Series. Please tell us a little bit about your journey in the cyber security industry and what inspired you to start at ThreatX.

For the past decade working in cybersecurity, I’ve worked at various security companies such as IBM as a Security Consultant, Tenable and Mimecast as a Security Sales Engineer and Gong as a Senior Security Strategist. I received my master’s degree in cybersecurity from Salve Regina University in 2014. I currently work for ThreatX, the leader in API and Application protection. What brought me to ThreatX essentially came down to the people. I’ve had extremely positive mentors throughout my career, one of them being ThreatX’s CEO Gene Fay, who brought me over to ThreatX. I am thrilled to be working for a company with great people that I trust to attack the same goals that I have. In my role as Director of Security Strategy and Field CISO, I am responsible for the development and execution of security thought leadership and strategy to continuously build our global brand. 

The last two years have accelerated digital transformation for businesses of all sizes and stature. Security risks have multiplied at an equally ruthless pace. What has been the biggest lesson for you when you look at the cybersecurity and threat detection domains today? Would you like to share your pandemic experience on how you managed to continue your business development work during these uncertain times?   

As technologists and security leaders, we typically look at technology being the core root of our challenges. However, technology is only as good as the people that utilize and create it. The real core challenge in our industry comes down to people. Organization’s security teams are understaffed and typically overworked causing stress and burnout. In addition, we have major challenges when it comes to hiring and retaining employees.  

Cyberattacks are advancing and evolving at a faster rate, further outpacing the way security teams can respond. Today, there are countless endpoints, assets, and devices that companies need to pay attention to, or else they face the risk of losing touch with visibility – meaning they can’t accurately confirm who has access to servers and data, who owns what, and what user behavior is going on. The pandemic caused a lot of uncertainty from a cybersecurity point-of-view because it promoted an ever-expanding attack surface with remote and hybrid work. It is now very common for employees to be logging into corporate networks and accessing corporate data from multiple locations within a week. For example, just this past week I’ve personally worked from a coffee shop, restaurant, my home office and an airport. It is critical organizations are providing the right security controls around authorization and authentication especially when it comes to the challenges with visibility.  

Read More: CIO Influence Interview with Graeme Thompson, Chief Information Officer at Informatica

Ransomware-as-a-service is a big threat to data companies with large-scale IT networks spanning remote locations. How do these threat actors actually operate?   

First, we need to acknowledge that Ransomware as a Service (RaaS) is a full-blown business model for bad actors. Criminals want to m*********, and so RaaS has given many an extremely accessible and secure way to do that. The entire process has become a sales transaction where there is a provider (the person or group who creates code, malware etc.) and an affiliate (the clientele who purchases said code or malware to execute ransomware against victims). To break this down further, when provider issues exploited code or malware, the affiliate can then go to dark web forums and either pay a monthly fee, one-time fee, or subscription-based fee to use the assets.  

What’s more, when hackers leverage RaaS often times there are many different hacking groups involved in one attack, which means it can be challenging to pinpoint, prevent or track what is doing what from where. Ultimately these groups come together and outsource different steps of the attack kill chain to different entities. For example, one group may have created the malware, while another sends the phishing email to an organization, and a third group conducts the negotiating. In this scenario, everyone makes money off of the attack.

What approach should CIOs and CISOs take to prevent data breaches and ransomware events in their organization?

First, CIOs and CISOs need to understand that incidents and breaches are inevitable, and they must operate with the assumption that they will be attacked. From there, leaders must breakdown their solutions into three parts: the people, the process, and the technology.

When looking at the people, security leaders need to ensure their employees are constantly trained to look for threats and if threats were to arise, know the proper protocols to mitigate and report the threat. This can be accomplished through frequent security awareness training.

When addressing processes, organizations must ensure they have flexible and defined policies and processes implemented, including understanding all parties that may be involved if an incident happens. Alerting both internal parties, such as legal, PR, finance, and the board as well as external teams such as government/legal authorities, third-party supply chain and providers and customers are crucial to the process. Regularly testing response processes or playbooks can defend against potential threats.   

Finally, organizations need to ensure they avoid buying new tools for the sake of buying them. When choosing the technology that supports security plans, be sure to only invest in tools that work for your team and company, not just the newest item.

How does a company like ThreatX fit into a modern CIO’s risk management/ disaster prevention technology stack?

According to Gartner, API abuses are expected to become the number one attack vectors that hackers will look to exploit. Every organization that operates a website or online server has APIs that are vulnerable to attacks, so companies must adopt more robust tools for monitoring, blocking and protecting. ThreatX’s API monitoring platform enables companies to gain visibility into these APIs and applications, while using those insights to protect and secure their data against common attacks like botnets and distributed denial-of-service (DDoS). If an incident occurs, it can have drastic impacts on all areas of the business which makes real-time monitoring tools critical. As part of their technology stack, companies should take inventory of all APIs, monitoring the traffic that hits them, and blocking any suspicious activity.

Read More: CIO Influence Interview with Neil Kole, Chief Information Officer at Boomi

Please tell us a little bit about your core offerings from ThreatX? Which set of customers / business titles are you targeting to expand the reach of your products?   

ThreatX is an API and application protection platform that protects APIs and applications from all threats, including DDoS attempts, BOT attacks, API abuse, exploitations of known vulnerabilities, and zero-day attacks. We offer multi-layered detection capabilities which accurately identifies malicious actors and dynamically initiates defensive action to protect known, rogue and zombie APIs. Additionally, our managed services combine threat hunting with access to experts 24×7, significantly reducing the direct operational costs and maintenance for enterprises. We are targeting all levels of business titles, including CISOs, CIOs, VPs, and Directors of InfoSec all the way to security analysts and app security engineers to expand our reach.

Your take on the new buzzwords in AI-driven application development and coding workflows for security management: how do you see these trends impacting the enterprise security governance and data protection:   

I’m optimistic that technology and security teams will continue to improve their AI capabilities to orchestrate and automate certain tasks. We tend to throw out a lot of buzzwords without knowing the proper understanding of what technology does or can do. To defeat this problem, we need to educate ourselves on what these solutions are and how they can be beneficial to our companies.  We do have a long way to go as an industry, but in order to improve we need to evolve, and I suspect AI will play a positive role in this evolution over time.

What is the future of low-code-based IT risk monitoring with automation solutions? How does a CIO’s decision help in upgrading the next generation of digitized intelligent automation tools?   

The future of low-code based IT risk monitoring will continue to increase in development as organizations continue to adopt digital automation. This solution allows for greater scalability and velocity for users to generate code, which results in the amount of time it takes to create products decreasing at the same time that an organization is increasing the company’s revenue. Ultimately using these tools helps an understaffed industry deliver new products faster while promoting better cost optimization for higher ROI. The CIO’s decision helps the next generation of digitized intelligent automation tools because their role ultimately ensures that these tools are aligned with the business goals of the organization. As CIOs, there is a responsibility to spread power through the teams while ensuring they are developing not just faster but also more securely.

Read More: CIO Influence Interview with Francois Ajenstat, Chief Product Officer at Tableau Software

Thank you, Jeremy! That was fun and we hope to see you back on cioinfluence.com soon.