22 Jan Threat Intelligence Expert, “The Industry Needs to Start Here”
Herjavec Group VP & Former US Marine, Jerry Nguyen, Speaks To C-Suite and Boardroom Executives
– Georgia Reid
Northport, N.Y. – Jan. 23, 2019
Jerry Nguyen recently came aboard as Herjavec Group‘s newest Vice President, where he spearheads the Threat Management practice and provides the strategic vision for incident response, threat hunting, and threat intelligence. Nguyen brings with him over seventeen years of experience in information security. He has extensive experience in incident response, computer forensic investigations, and information security training.
After serving in the U.S. Marine Corps infantry, Nguyen went on to work in cybersecurity at Quantico, at the Marine Corps’ Network Operation Center, where he also joined the Computer Emergency Response Team. With his extensive background and training, Nguyen recently joined Herjavec Group as VP of Threat Management in order to drive innovative and collaborative content development between their Professional Services and Managed Services teams.
Watch the full interview below to learn why Nguyen believes that first and foremost, the industry needs to start with Threat Intelligence:
I asked Nguyen how he goes about supporting customers at Herjavec Group with all of the knowledge that he is bringing in from his experience at the DOE. He responded that threat intelligence and threat management is a big passion of his and he believes “that as an industry, we need to start there.” He explains that Herjavec Group aims to bring threat intelligence to every single aspect of all the business lines, including incident response, threat hunting, threat intelligence, penetration testing, red teaming, and vulnerability scanning.
Here is an excerpt from the interview:
GR: Where does the red team come in when you’re managing your employees here? How does that come into play for your customers, and how are you going about hiring more red team people?
JN: Let’s start with how a red team assessment benefits a customer. When we do a red team assessment, it’s basically a no rules assessment. We ask the customer, what’s your most prized possession? Name your top five things, if you were to lose …
GR: The crown jewels.
JN: Right. Name the crown jewels. If you were to lose them, would that be a grave danger to your company? We establish that and then we develop specific rules around that data — for example, a financial institution. One of their priorities might be fraudulent wires. So, we would say, OK, red team, here’s what we’re going to do here. Their main concern is if somebody could break in and transfer money out. So, let’s simulate that. For example, here’s the customer’s website. That’s what we start with. The red team goes in, and they do whatever they can to break in, and their number one goal is to either simulate or actually transfer an amount of money out.
GR: Is threat hunting on the rise across your enterprise customer base?
JN: Absolutely. It goes back to threat intelligence again. Threat hunting is kind of a buzzword out there right now. The actual act of hunting is still relatively new. Many people know what they want. When it comes down to what it actually is, it’s defined by each one of our customers.
Go back to addressing the crown jewels. Instead of calling the red team to break in to try to steal the crown jewels, now we have to come up with a theory of have the crown jewels been accessed yet? And if they have, how would somebody have done that?
GR: And who are they?
JN: Yep, and who are they. Then we start creating profiles of these types of methodologies of accessing the crown jewels, and then we go and hunt the enterprise for those artifacts. Lots of customers nowadays understand the threat. It’s out there. I think a few years ago, somebody said we need to operate as if we are compromised. Many companies are still under that. With the news and the breach disclosures these days, I would say it’s a smart move. Always assume somebody is going to attack you.
GR: I want to talk about something that you’re doing, which is developing these strategic roadmaps for customers. It sounds like you were touching on that when you were saying who might be doing this, who might be breaking in, what will they want to steal, and let’s plan this for the long term. Talk about the road-mapping that you do with your team in threat management.
JN: That’s a great question too. Whenever I’ve spoken to clients in my consultant roles for the last ten years or so, every time we’d get to a customer, it’s one of the worst days in their careers, more than likely. When major breaches happen, we do our best to recover from that breach. Once we clear the mud out of the water, we always help the customers speak strategically. We know about budget restraints, resource restraints, so a strategic timeline is still beneficial immediately after one of these events, or even before so you can prepare for it.
The future for Herjavec Group, according to Nguyen, and one of the main reasons he came to the company, is their Managed Security Services. Nguyen explains that the visibility and insight his team gains through HG SOC operations and cross-client data correlation is essential, “This exposes my team and me to a lot of data. We’re not only helping one customer; we’re actually helping all of our customers…That’s something that excites me every day.”
– Georgia Reid