On this week’s episode of CyberSound, Jason sits down with Bob Meindl, CEO of Binary Defense, and Michael Grande, CEO of Vancord, to have a productive conversation on the importance of people and relationships in this industry, key business drivers in the market, and address the ongoing cybersecurity talent gap.
Vancord and Binary Defense: Two Business Partners in The Industry
Listen to this episode on
This is CyberSound, your simplified and fundamentals-focused source for all things cybersecurity, with your host, Jason Pufahl.Jason Pufahl 00:11
Welcome to CyberSound. I’m your host, Jason Pufahl, joined today by Michael Grande, the CEO of Vancord and Bob Meindl, the CEO of Binary Defense. Bob is a 30 year IT and Security professional, who most recently, he led the North American Cybersecurity business at Capgemini. Binary Defense is one of really the most important partners that we have here at Vancord. Bob, I’m thrilled to have you join us. Thanks for that.Bob Meindl 00:40
Thank you, excited to be here.
Jason Pufahl 00:42
So today we’re going to try to keep this really kind of a high level information security discussion, right? Talk a little bit about what the kind of top business drivers are in the industry, have a little bit of a conversation around, you know, security controls and security tools, budgeting and just sort of implementation. And then talk about what the kind of primary drivers in this information security space moving forward, are likely to be. So, you know, Bob, I think looking at the the top business drivers, certainly a couple of things that we run into very regularly, I’d say are sort of compliance-related drivers and then insurance-related drivers. So there’s been a tremendous change in the market as it relates to cyber liability insurance, where many of them nowadays requiring, you know, sort of the Next Gen AV, the MDR type tools. Certainly that’s been a big change for us. And then clearly a lot of conversations that we have, especially as we do a fair amount of work with the Department of Defense, for example, are endpoint protection, data analytics, forensics, those are discussions I feel like we have every day. I’m wondering on your side, if there’s anything in particular that you see as sort of common and top business drivers.
Bob Meindl 02:06
So the most common business driver that we see is risk management, right, we’re on the defensive side of the business, so helping organizations protect and defend their enterprise. So ultimately, we need to have a trusted relationship with them to enable them to minimize their risk exposure in the marketplace.
Jason Pufahl 02:31
How about from, say brand perception? You know, I know there’s a lot of concern nowadays with how a company might represent themselves to their partners or to potentially their clients. What are your thoughts there?
Bob Meindl 02:48
Yeah, so there’s a large brand risk going on in the marketplace, right? When we look at how the threat landscape has continued to evolve and increase, especially with the current geopolitical scenarios going on in the world, brand is a major issue, whether it’s ransomware, or people’s personal information being exposed and distributed out to the dark web, people are concerned on who they’re doing business with. And how is that brand being portrayed in the market? Are they a trusted brand? Have they had repetitive breaches before? Have they most recently had a large breach? That becomes very public. So cyber insurance is all well and good, but that’s after the fact, right, so how can you prevent this brand, hey, happening in the first place? That’s something we talk to our customers about.
Michael Grande 03:51
So, you said a key word for sure which is sort of evolution, right, and I feel like in this industry, specific to cybersecurity, right, things are changing, if not hourly, daily, weekly, you know, the transition from more global sort of foreign actors to more independent groups. With ransomware, we’re seeing that on incidents that we respond to. One of the other changes I’ve seen over the past 12 plus years, has really been the escalation or elevation of cybersecurity as, you know, a key component of management responsibility, rather than being solely focused at the maybe IT Director or IT Managers level, you know, it’s become a board issue and I think your comments about risk management are so important and correct, because, you know, every size organization from, you know, small business owner up through large enterprise, you know, it’s become a key talking point and one of the primary areas where focus has been light.
Bob Meindl 04:53
Well, Michael, absolutely true. You know, we’ve seen the evolution over the past 8/10 years of going from being an IT discussion, an IT problem, to a business problem, to a board level issue. And even, you know, you’re seeing it more and more in the news now, you’re seeing it in the government of the visibility being raised across the entire government and every level of government. But if we’re talking to businesses today, and they’re not aware of the cyber risks that they’re facing, usually there’s something else going on there, right, because it’s just so front and center today, from a business and IP and risk perspective that it has to be front and center.
Jason Pufahl 05:41
One of the things, Bob, that you actually said a second ago, which resonated with me was, you can’t have multiple incidents. And the reason I thought that was important is, there is a certain understanding now that, you know, even really well defended companies can experience the cyber attack, right, can have that issue. I think what clients and partners can’t tolerate is, you know, multiple offenses or an event that, when reported, you know, the response is, well, this happened 180 days ago, and it took us that long to discover it. I think there has to be a shortening of the time to detection and that time to response. And I think that’s a lot of what breeds some of that confidence is being able to demonstrate that you had the right things in place, but then when something happened, you responded quickly, and you had, you know, the programmatic maturity to actually deal with it effectively.
Bob Meindl 06:31
Well, that’s exactly it, right. There’s legislation now being proposed, and we’ll see if it gets passed, but to try to make a mandate that you’re recording has to be within a short amount of time, right, so we’ll see where that goes. There’s also legislation being proposed for public companies that they have to have cyber professionals on their board of directors. But even with that occurring, the enterprise itself needs to believe that if there is activity on their network, that they have the right cyber partner, that can help really stop that activity before it becomes a breach. And then if there is a breach, how is it dealt with, right? And what is it reported on? And how is it responded to or remediated? And the remediation is critical, because you need to make sure that adversary is no longer on your network. And some of these breaches that have occurred a few times, there’s times where the adversary really never leaves. So, that causes that repetitive breach.
Jason Pufahl 07:39
Michael Grande 07:41
You know, one of the points, I think this brings us to, you know, post-breach action, right, and then preventative or more proactive, protective measures taken ahead of time and sort of that business discussion around client engagement, you know, positioning security as a key area, that maybe, if you could share your thoughts on how those conversations generally go, in your experience, even smaller up to the large enterprise and sort of positioning the proactive efforts so that, you know, in the event of a breach, there’s more risk mitigation in place.
Jason Pufahl 08:23
And actually, can I just add to that quickly, I think, how do you differentiate, right, because the reality is there’s a lot of tools out there, there’s a lot of vendors out there, what is it that differentiates one vendor from another or sort of proves that value out over over time?
Bob Meindl 08:42
Yeah, so that’s a great question, right, and, you know, candidly, a lot of people in the industry, they’re very focused just on the technology, right, and the technology stack, to help protect and defend. It’s really where the people process and technologies come together in a coordinated fashion with the right runbooks, the right playbooks, experience level one, two and three analysts, right, understanding through threat hunting, threat intelligence and threat information gathering, really understanding the activity of the adversaries, right. So this should, in theory, enable an organization to try to understand or know more about where the answer is going before they go there themselves. So these three things have to come together, and we at Binary Defense, we have very experienced analysts and threat hunting and threat intelligence capabilities that enable us to really differentiate and then also some secret sauce that’s in the Manage Detection Response capability in itself that differentiates as well such as decoys and the lights. So really understanding behavioral analytics of the adversary can help differentiate ourselves. But if an enterprise and/or vendor does not have coordinated people process and technologies in place that are mature, then the technology stack isn’t really going to matter.
Michael Grande 10:16
And, you know, not to throw out a shameless plug for Binary Defense, but one of the areas that we’ve been so pleased with that, in our experience, and I defer to Jason to elaborate as much as he’s comfortable, but is the quality of the information, I think that we’re able to get. And, really, it’s become a force multiplier for ourselves, I think we’ve talked so much about this distributed ecosystem of technology, you know, these hybrid environments, remote environments, it’s, you know, there’s so many things to talk about, about our sort of risk area expanding. But having a partner like binary defenses, has helped a team, you know, of size, really function in a much larger capacity as we have and grown. So, you know, I appreciate that partnership that we’ve had.
Jason Pufahl 11:08
Yeah, to add on to that, then my thought would be, there’s just no substitute for good people and having those relationships in place. You know, everybody wants a product that has some amount of AI, right, that’s clearly a really popular term now, it does make things more efficient, right? If you can use technology to actually weed through some of the some of the noise. But ultimately, this is relationship business, and people need to trust who we are, people need to trust the partners that we bring to the table, and frankly, we need the trust within ourselves to know that, you know, when I call Binary Defense, you know, I’ve got a human being on the other end, who can help resolve a problem, but also understand sort of the business impact that our clients might have. And there’s, there’s just no substitute for that. And so it really does come down to people, it does come down to relationships, and I think that is what has made that the Vancord and Binary Defense partnership so strong.
Bob Meindl 12:05
Well, thank you, really appreciate that. And, you know, to build on the word that you said, there has to be that circle of trust, right, that trust has to be there between us as partners, and the trust is being demonstrated to our customers in the marketplace. Because the enterprises, whether it’s government, small businesses, especially for small business, because they don’t have the resources to, you know, really build that large team. So they’re more and more dependent upon partners like ourselves, and Vancord for those, all of the solutions, really, and they have to trust us collectively. And we have an obligation to the marketplace to deliver upon that trust. So I appreciate this relationship very much.
Jason Pufahl 12:53
So we spoke a little bit about, you know, some of the business drivers. I think, to a degree, right, how do you differentiate or distinguish yourselves in this technology space? You know, let’s look forward a little bit if we could, with the couple of minutes that we have remaining, the last couple of years have certainly seen a pretty significant transformation, right? We went largely from an in-office workforce to fully remote now, I think hybrid, that’s not going to change, and certainly some of the conversations that we regularly have are, how do I protect my workforce, now that they’re distributed, you know, now that they’re just not coming back to the office, but I still need to ensure that they’re productive, that they’re secure, etc. I guess my first question is, do you envision that changing at all? And second is, what’s the best way to do to address that?
Bob Meindl 13:47
So first and foremost, I don’t envision the hybrid work environment changing, I think that some organizations are going to be remote forever and you know, some are going to be hybrid. So, as the remote and hybrid workforce has become the standard or the norm, excuse me, the perimeter now is somewhat limitless, because you don’t know where your employee is working on a daily, weekly or monthly basis, they could be at a coffee shop, they could be at you know a summer house or you know rent some place in another country, even you know, we see that often. So, because of that, your perimeter becomes limitless and therefore, the digital transformations that companies have had to undertake and are undertaking has been expedited, right, so with that becomes more cyber risk. So how do you how do you make sure that that is secure? And through organizations like Vancord and ourselves and others in the entire security ecosystem, that’s happening, right. So from a business driver, and where the markets going. I think that purely demonstrates why the space of Manage Detection Response grew 49% year over year last year, and the predictions are that it’s just going to continue to grow even more going forward because this is not going to change, it’s not going to get rolled back. In very select industries, like the largest banks in the world, there’s jobs that they’d have to go to the office every day. And look, they have the resources to, to staff those, and that’s fine. But even them, their perimeter has become limitless as well, even though they have you know, somewhat of a workforce that comes to work every day, they still have to be prepared for that hybrid work environment.
Michael Grande 15:47
You know, the one maybe add on and it’s a sub driver, but I think it’s still gonna be a motivator, especially in that mid market class and small business that we’ve been focused on for so long is that sort of a dearth of tech talent available in the marketplace. And with more distributed networks, and with more advanced technology, more things to manage, there seemingly is less and less and less resources to do that management. And we’ve certainly seen that with our client base and in conversations we’ve had in really a variety of industries, it’s not hyperfocused to just one area, there’s so many more things to manage. So I think, you know, going back to that sort of talent, resource pool, making sure that we may be 10-15 years behind where we need to be with the number of cybersecurity professionals in the marketplace.
Bob Meindl 16:45
That talent gap is just getting bigger, right? At the moment, anyway, it was significant, I think there was about a million unfilled jobs prior to the pandemic, now, it’s about 3 million unfilled jobs, with the adversary becoming more active with the digital transformation becoming, you know, expedited and exacerbated, these shortage of roles and, you know, qualified people to put into these positions just becomes exponentially higher, that’s creating a much more significant need for suppliers to be able to build and fill those gaps. And, you know, there’s a great role for Vancord to play there and in partnership with organizations like ourselves. But the companies, you know, between the great resignation and organizations not being able to afford the talent and the shortage of talent itself, just, you know, really creates a price point that becomes really hard to pay for from an employee perspective. And so they have to turn to partners and partners have to be able to fill these gaps.
Jason Pufahl 16:48
It’s further evidence why we’re not going to ever return back to a fully in-person workforce, right? So if you want to compete and you want to, you want the best talent, you can, you may have to recruit, you know, nationally or globally. So we’re gonna be hybrid for, you know, for a long time, if not forever at this point. And and companies that haven’t addressed that adequately, right, I certainly people transitioned to remote, that doesn’t mean they did it securely. So companies that aren’t thinking about that right now, really should put some some serious thought into how to address that gap.
Bob Meindl 18:33
Agree, agree. I mean, an example of that is Binary Defense in itself. You know, they started out as a company in Ohio, focused on the regional part of Ohio, and they expanded from there, and then, you know, the pandemic hit, and they showed us an opportunity to leverage skills across the US. And it’s it really enabled them to hire more high qualified people. So it’s just a microcosm of an example of what’s going on out there.
Jason Pufahl 19:05
So I think we’re just about out of time. Bob, Michael, anything that you want to add in parting before we sort of look to wrap up here?
Michael Grande 19:17
I would just say, you know, a few words of appreciation for Bob joining us today and for the relationship we’ve been able to maintain with Binary Defense and hopefully continue to grow and, and partner and deliver that value to our clients and new clients as they come on board. So, we’re happy and excited about the success that you’ve found and that Binary Defense has grown and hopefully we can mirror some of that on that regional sort of northeast area that we try every day.
Bob Meindl 19:49
Well, I appreciate that, Michael. It’s a great relationship, a great partnership. I look forward to really expanding that and driving that forward. We’re happy about the customers that we’re able to successfully support today together. And I look forward to doing more that together in the future. So thank you for your time. Really appreciate you having me on today. And look forward to hearing where CyberSound goes from here, so thank you.
Jason Pufahl 20:16
You’re welcome, Bob. It’s our pleasure, of course, and we appreciate you joining. I think there might be some opportunities for podcasts in the future. But, we’ll chat, I’m sure. So with that, you know, as always, if anybody wants to continue the conversation at all, feel free to reach out to us at Vancord on LinkedIn, we’re happy to answer any questions about the relationship between Binary Defense and Vancord, or, frankly, anything relative to the state of the industry, or where we’re headed. Bob, Michael, thanks very much for joining today. And we hope everybody got value out of this podcast.
Michael Grande 20:49
Bob Meindl 20:50
We’d love to hear your feedback. Feel free to get in touch at Vancord on LinkedIn or on Twitter at Vancordsecurity. And remember, stay vigilant, stay resilient. This has been CyberSound.