“If an organization has trouble protecting and baselining human non-privileged and privileged users, it is safe to assume they will have the same if not greater challenge protecting an AI super-user.“
Hi Philip, welcome to the CIO Influence Interview Series. Please share more information about your journey and how you arrived at Merlin Cyber.Â
It was August of 2022, when I joined Merlin Cyber as an Executive Technical Strategist, to align partner technologies with evolving customer priorities. As well as formulating business scenarios and use cases for emerging cybersecurity technologies.
Before this role at Merlin Cyber, I had the pleasure of serving as a deputy CTO for a large systems integrator and federal director of cyber operations for the nuclear security enterprise. Whether as a federal or contractor employee, my primary focus has been to help organizations adopt effective cyber practices without sacrificing mission capabilities or outcomes. Â
How does Merlin Cyber define and approach ‘Cyber Recovery and Protection’ products? What distinguishes these solutions in the cybersecurity landscape?
Merlin Cyber focuses on providing comprehensive integrated cyber solutions that adhere to defense-in-depth best practices and provides a comprehensive viewpoint of cyber posture and risk exposure. The goal of this is to inform all levels of a cyber program from the threat hunter to the CISO and help our customers go beyond compliance-based security to active threat management. Merlin Labs, in particular, works with various technology providers to identify their strengths and better together deployment scenarios, as no one product can provide complete security or coverage for all customers.
Recommended AI ML:
How Security Culture Will Define Success in the Era of AI
What key initiatives or developments can we expect from Merlin Cyber regarding cybersecurity solutions and strategies for 2024?
Merlin will continue to bring market-leading, innovative, and emerging technologies to the federal, state, and local governments by way of our Merlin Cyber technology partnerships and our Merlin Ventures team, who continually seeks out cyber products that close capability gaps or find novel ways to improve trade-craft across the defensive cyber arena. We will continue to ensure these solutions are fully vetted to meet each customer’s unique mission requirements.
The Merlin Labs technical team will continue to design and architect solutions that align with cybersecurity frameworks and best practices such as Zero Trust Architecture.
With the government doubling down on cloud modernization, migration, and cloud-first efforts, Merlin has developed a FedRAMP-authorized cloud platform to accelerate our technology partners’ journey towards government-compliant cloud offerings, while at the same time offering our customers cloud-based solution alternatives.
The recent data shows that cyber attackers are majorly targeting financial services organizations. What specific cybersecurity infrastructure or strategies would you recommend to CIOs and CISOs in these organizations?
For the financial sector or any other member of our critical infrastructure across the homeland, CIOs and CISOs both need to revisit service level agreements with service providers to ensure adequate and timely access to authentication and access control logs.
Furthermore, request a meeting with their respective service provider to discuss how current monitoring efforts account for potential privileged account or service abuse. With the ever-growing adoption of cloud and managed services, adversaries, in turn, are leveraging “living off the land” tactics by using native/authorized tools and compromised credentials/tokens to advance their targeting goals.Â
As such service providers and cyber continuous monitoring teams must go above and beyond traditional monitoring activities of traditional usernames and p******** to include privileged crypto assets to establish a more comprehensive picture around usage.
What specific cybersecurity infrastructure or strategies would you advise CIOs and CISOs in financial services organizations to implement against cyber attackers?
Follow the path of the data and ensure the appropriate tools are in place for continuous monitoring regardless of the mechanism controlling movement. Whether via web, database, or direct API, know your coverage gaps and plan to address them sooner rather than later. Adversaries tend to take the path of least resistance after successful reconnaissance of a target, making it essential to raise the cost of successful operations broadly.
What factors contribute to the persistence of cyberattacks despite rapid AI adoption, and how is Merlin Cyber improving its strategies in response to this evolving landscape?
Often AI adoption requires access to multiple data sources, which can create opportunities for threat actors to gain unauthorized access. However, there is another attack vector of concern which is the creation of a potentially naïve super-user in that of the AI itself.
If an organization has trouble protecting and baselining human non-privileged and privileged users, it is safe to assume they will have the same if not greater challenge protecting an AI super-user.
Except the AI will be a much higher value target considering the level of access and understanding it enjoys within a given boundary. As such Merlin is focusing on identifying ways to enhance the net defender’s ability to determine malicious from benign activities across the internal ecosystem.
To provide threat hunters and cyber analysts with a better ability to detect adversaries who may be leveraging approved processes and authenticators for malicious purposes.
How do you perceive AI’s role in enhancing overall cyber recovery infrastructure, especially in managing corporate databases and unstructured data lakes?
As both industry and government move to define responsible AI development and usage guidelines, Merlin sees AI being used as a means to scale with the growing amount of log and correlation activities being hoisted upon security teams.
The cybersecurity workforce is already struggling to keep up with resourcing needs and the growing demand for ML/AI coupled with broad data-lake access could prove to be too much to cover. As a result, security organizations will need to find ways to leverage ML/AI as a means of workforce augmentation. This will ensure that security does not get out of step with the speed of innovation, but can now keep pace and protect what could potentially become boundaryless multi-cloud ecosystem data and super AI users.
More from CIO Influence Insights Gallery:
Are You Ready with Your Post-Quantum Cryptography Readiness Journey?
How does Merlin Cyber foresee the integration of emerging technologies like quantum computing or blockchain in shaping the future of cybersecurity strategies and solutions?
Merlin is working with various emerging technology providers, but taking a more narrow approach in how to respond to emerging tech and threats as a whole. As both a boon and a potential bane, quantum computing could redefine many aspects of large-scale computing.
Developments across the Quantum Information Sciences arena could remake secure communications, cryptographic operations, and overall security as we know it. It could also render current protected information less relevant/valuable. One thing is for sure, it will push the cyber security discipline to evolve yet again and become the bulwark against those who seek to abuse the potential that comes with quantum computing.
Lighter note:
Reflecting on your career, what’s the most memorable experience you’ve had as a leader in IT and cybersecurity?Â
I would consider my tenure with the NNSA and Office of Intelligence as the most memorable. Sometimes the best-kept assets are hidden in plain sight and this phrase rings true for the NNSA/DOE enterprise. I had the privilege of working with truly remarkable talent across the plants and labs as well as field/intelligence offices and matters of utmost national security and research.
Amidst your busy schedule, what’s the one daily routine or habit that keeps you centered and focused?
Routine-wise, gathering around the dinner table (no phone zone) with my wife and two daughters as a family to unpack the day.
What’s the go-to app you find most useful in your day-to-day activities?
During my days as a SOC lead, I was trained to use OneNote extensively by various senior community response leads, and has continued to be an important organizational tool for me today.
Personally, YouVersion has proven to be pivotal in helping me manage the challenges each day presents as well.
Read More: CIO Influence Interview with Charles Fan, Co-Founder at MemVerge
Thank you, Philip! That was fun and we hope to see you back on CIO Influence soon.
[To participate in our interview series, please write to us at sghosh@martechseries.com]
Philip George is Executive Technical Strategist at Merlin Cyber. He has led federal initiatives in mitigating the post-quantum cryptographic (PQC) threat for national security systems, as well as supporting software code assessments and the establishment of verifiable software bill of materials artifacts.
Philip continues this effort with Merlin Cyber to ensure other government agencies understand the need for cryptographic visualization and vulnerability management. He actively works with government PQC POCs, the NIST NCCOE, and their partners to promote the establishment of enforceable cryptographic policies that incorporate agility into zero trust modernization efforts.
Merlin Cyber is the go-to-market arm of Merlin Group, a network of companies that invests in, enables, and scales technology companies with disruptive cyber solutions.
Through Merlin Cyber, federal civilian, defense, state, local, and education customers access innovative, public sector-ready cybersecurity solutions that meet government requirements and mission priorities. Merlin does this by selectively partnering with best-in-class cybersecurity brands, investing in visionary emerging technologies, accelerating partner growth, and enabling the U.S. Government to successfully keep ahead of today’s critical threats, accelerate modernization initiatives, and defend our nation.
