By @SimonCocking. Great interview with Eric Vanderburg  Director, Cybersecurity at JURINNOV | Vice Chairman of the Board at Technology Ministry Network | Author | Private Investigator | Expert Witness

What is your background briefly?  How did you end up doing what you do now?

I have always been interested in technology.  At an early age I would read through Commodore 64 and Apple II manuals or anything I could find in the library on computers. I learned some basics of programming and enjoyed being able to make computers do interesting things.  I was also the person everyone knew who could fix their computer.  I turned my passion into a career in the nineties when I entered IT.  By the late nineties, I was consulting with companies and local government on both IT and information security.  I worked with companies, large and small, to implement security controls, raise awareness, and respond to incidents with greater agility.  I have to say that the information security field was much simpler back then.  Many companies did not even have a firewall and the company network was the castle where data was protected.  Of course, since then, attacks have gotten more complex and the technological landscape has morphed into one with much less rigidity.

The IT and security space changes rapidly so I have always needed to keep my skills honed.  Over the years I have picked up over 40 IT and security certifications and several degrees including an MBA and started working on a doctorate in information assurance.  I am a voracious reader of online blogs and articles.  I believe it is good to lead by example and I encourage my team to pursue certifications but, overall, to keep learning new things every day.  It is with this knowledge and the experience gained from working with so many companies that allows me and those on my teams to provide clients with valuable insight and advice on today’s security challenges.

It was not enough for just my clients to be protected.  Cybersecurity is a global challenge and the challenge is too big for one company to solve on its own.  I wanted to raise awareness for the global community and foster greater sharing of information to make us all better equipped to combat cyber threats.  I began writing for magazines in 2003 and then started teaching at a local college while still consulting.  I have since written articles for many major publications and published a book on storage networking with McGraw Hill.  I regularly present at conferences and seminars and at local events on information technology and security.  I felt specially honored to be able to deliver two commencement speeches for local colleges.  As social networking took off, I realized that this was an excellent medium for sharing knowledge so I began posting information security tips and news.  Over the years this grew and now I interact with thousands of people online on information technology and security.  Somewhere along the way I picked up the pseudo-title “Sheriff of the Internet.”  I am not sure who said it first but the name persisted and it does evoke that picture of the somewhat lawless Internet and the sheriff standing up to those who would try to take advantage of others.  Instead of the wild wild west, we have the world wide web to protect.

1 min pitch for what you do / what’s a typical day like?

The fun thing about my job is that there is always something new to do.  However, I still do like to have a bit of a routine.  Each morning, after working out, I read articles from a variety of RSS feeds and social channels.  Some of this content is queued for social networks.  I then go into work.  I meet with my team and identify priorities for the day.  We use project and task management tools but it is helpful to have a face-to-face each day when we can talk through it all and know that everyone is on the same page.  I follow up with clients to provide status updates on projects that we are working on and the rest of the day is used for addressing items that require my attention such as making a decision on how to proceed on a project or discussing items with clients that may come up.  When I return home, I spend time with my family.  Most nights, once the kids are in bed, I read more articles and then write blogs, articles or other content.

Data security

Congrats on being ranked #12 on the Onalytica Data Security global leaders top 100 list – where did it all go right?

That’s an interesting question.  The social community I am a part of is one that has grown over quite a few years.  I struggled for a while to gain a critical mass of people who interacted with me but once that was built, it has grown on its own.  People find what I share interesting and valuable.  I enjoy being there for them and knowing that I am making the world a more secure place.  That’s, I guess, what makes me an influencer.  This isn’t the first time I have been listed on Onalytica.  In addition to the most recent M2M list, they have listed me as an influencer for data security, digital transformation, cybersecurity and infosec, cloud just in 2016.  I wouldn’t necessarily call these milestones because they are just byproducts of the overall goal of my desire to equip, inform, and educate.

What trends are you excited / concerned about in relation to the work you do at the moment?

I am excited about the continuing use of the cloud to provide enhanced security for companies.  The cloud was initially seen as providing less security since companies were relinquishing some level of control and giving it to a third party.  However, many of these concerns have been addressed and, in the meantime, security solutions have evolved that leverage the cloud’s resources to improve organizational security.  Some cloud solutions absorb Distributed Denial of Service (DDoS) data intended for corporate sites and pass the legitimate data through.  Other cloud security systems analyze and correlate organizational log files and events to provide intrusion detection and Data Loss Prevention (DLP).  There are a host of cloud solutions that do what used to be done within the enterprise datacenter but now are performed outside the datacenter, offering more flexibility for the modern distributed workforce.

I am definitely excited about the Internet of Things (IoT).  IoT is a huge growth area and I am encouraged that security was one of the first things discussed about IoT.  IoT will allow us to better understand the things around us and the world in general.  I am also excited about virtual reality and augmented reality.  These technologies offer new ways to interact with one another and to interact with computers in a more natural way.

What advice would you give to companies and individuals in terms of managing their data securely?

Securing data is such a broad topic.  (ISC)2 breaks security into ten domains; (1) Access control; (2) Application development security; (3) Business continuity and disaster recovery planning; (4) Cryptography; (5) Information security governance and risk management; (6) Legal regulations, investigations and compliance; (7) Operations security; (8) Physical and environmental security; (9) Security architecture and design; and (10) Telecommunications and network security.

This gives you an idea on how expansive the role is of security data and it is difficult to distill this down to a few key points so I would encourage companies to ask themselves what they are doing in each of these areas to protect their data.  Do they have controls and are they spending time in each area?  It is also important to understand the distinction between compliance and security.  Compliance requirements mandate a specific set of security controls such as technical systems, configurations, policies, procedures and training.  However, being compliant does not necessarily mean that you are secure because the same standard may not completely address the risks that face an individual company.  Security puts controls in place as well but they are ones that a company determines are the best fit for its individual needs, risk posture, and budget.

Why is Cleveland a great place for Tech?

I would say that Cleveland is a good place for technology.  We are not Silicon Valley, nor are we Boston, but we have a good IT and security talent pool, great connectivity, and a growing services industry.  The Northeast Ohio region has twenty-three four-year colleges and universities and a host of community colleges and technical schools. This creates a good pool of local talent.  Also, a number of these schools offer advanced degrees and perform research in fields like information assurance and computer forensics.

Cleveland is on the fiber lines that go between New York and Chicago so there are plenty of datacenters around Cleveland and good connectivity.  The city was formerly a large manufacturing city but that declined a lot over the last few decades and the city has struggled to turn more into a services economy.  However, Cleveland has rounded the curve and is growing and innovating.

Who do you follow for your inspiration and insights?

The first two that jump out at me would be Bruce Schneier and Kevin Mitnick.  I look to Bruce for information on cryptography and Kevin on social engineering.  However, there are numerous people I look to each day and whom I correspond with that inspire me.  It is often through casual conversations that I uncover some new idea or a new way of looking at things.  I rely on those I work with and communicate with as much as they rely on me.

We can be online 24/7, how do you manage your work life balance?

Maintaining a good work/life balance is always a struggle.  I think the most important thing to do is to set aside times that are dedicated for certain things and then protect those times.  As you can see from my daily routine, I spend a lot of time working.  However, I cherish the time I have with my kids and I guard against my work intruding on that time unless it is an emergency.  When I get home from work, my family receives all my attention, not some of it.  Once my kids are in bed I may work again or spend quality time with my wife.  My wife has many things that she likes to do in the evening so we both make time that we can dedicate to each other and then time that we spend working on individual tasks.  I also save the weekends for family activities.  The only hiccup in this system is when I travel.  I do not travel all the time but occasionally I need to leave the city for a conference or to meet with a client directly.  In these cases, I FaceTime with the family from my location and then double up on my time with them when I return.  This can be especially difficult because there are often work things that have to be done when I return home but I put my family first.  The work will always be there.

If you would like to have your company featured in the Irish Tech News Business Showcase, get in contact with us at [email protected] or on Twitter: @SimonCocking

Pin It on Pinterest

Share This

Share this post with your friends!