Updated on: November 6, 2024
SafetyDetectives recently had the pleasure of interviewing Alpesh Shah, VP of Cybersecurity Solutions at Myriad360, to explore his insights on the current state of cybersecurity. With over two decades of experience in cybersecurity architecture, cloud security, and IoT security, Alpesh brings an impressive range of expertise to Myriad360. His role is integral in identifying security gaps, aligning them with business objectives, and delivering robust solutions to meet the diverse needs of Myriad360’s clients across industries.
As VP of Cybersecurity Solutions, Alpesh’s work extends beyond technical knowledge; he leads a team that bridges the gap between complex cybersecurity challenges and practical solutions tailored to each client. In our conversation, Alpesh shared his views on distinguishing Myriad360 in the competitive cybersecurity space, the latest threats organizations face, and best practices for securing cloud environments and hybrid infrastructures.
Can you tell us about your background and your role as VP of cybersecurity solutions at Myriad360?
I am an information security leader with a comprehensive background in cyber security architecture, cloud security, service delivery, physical and IoT security. With more than twenty years of experience and expertise in requirements gathering, development of complex cyber security solutions, testing, production support, project management, pre-sales engineering, process re-engineering and implementation over different industries, I have helped enable business objectives and reduce operational risk.
My unique strength of identifying gaps in security infrastructure and correlating those gaps with business objectives and developing necessary technical and administrative solutions. I work with companies in all industry verticals that have simple to very complex environments.
My role as VP of Cybersecurity Solutions at Myriad360 is to help build the strategy, go to market vision, and work with clients to understand their pain points, gaps, business use cases, and design and deliver solutions and services that best fit their needs.
The role includes evaluating the various technologies/vendors on behalf of Myriad360’s clients, provide pros/cons of these technologies, and provide valuable feedback for clients to make an informed decision. I lead the team of highly qualified cybersecurity presales engineers who help and support Myriad360’s clients.
What distinguishes Myriad360 from other global systems integrators in the cybersecurity space?
System integration is a competitive space, and we always need to be one step ahead to compete. Below are the few areas where Myriad360 distinguishes itself:
- Domain Knowledge & Expertise:
-
-
-
- Clients come to Myriad360 to get trusted advice on their security and business knowledge.
- Myriad360 has a team of experienced engineers with hands-on experience
- Providing consistent experience and thought leadership
-
-
- Innovative & Emerging Technology Focus
-
-
-
- Providing new and innovative solutions to solve complex challenges
- Identifying new vendors to design new solutions
- Early adoption of emerging technologies and deploying them in the internal lab
-
-
- Customer Support & Excellence
-
-
-
- Dedicated Account and Program Manager
- Service Agility & Prioritizing
- Strategic Relationships and Management
-
-
What are some of the latest cybersecurity threats that organizations should be aware of, and how can they proactively defend against them?
Below are some of the latest threats organizations should be aware of:
-
-
- AI and Machine Learning-Driven Attacks
- Threat actors will leverage AI and machine learning to automate attacks, identify vulnerabilities more efficiently, and create sophisticated social engineering techniques.
- Cybercriminal Ecosystem Becoming More Professionalized
- Cybercriminals will organize like businesses, with more specialized groups offering cyber services (e.g., ransomware-as-a-service, initial access brokers) and operational models mimicking legitimate corporations.
- Rise of Nation-State Actors and geo-political friction will drive more cyber threats
- Expansion of offensive cyber capabilities by smaller countries.
- Examples: US-China tech rivalry, Russia-Ukraine, Israel-Middle East
- Use of cyberattacks as tools of diplomacy, espionage, and economic disruption.
- Cybersecurity Supply Chain Vulnerabilities
- Supply chain attacks will increase in frequency and complexity, with a focus on exploiting the trust relationships between organizations and third-party vendors.
- AI and Machine Learning-Driven Attacks
-
Below are some of the recommendations to defend against them:
-
-
- Adopt Zero Trust Architecture (ZTA)
- Micro-segmentation
- Lease Privilege Access
- Continuous Authentication & Monitoring
- Invest in Security Automation and AI-Powered Tools
- SOAR (Security Orchestration, Automation and Response)
- AI in Threat Detection
- Embrace a Cybersecurity Culture and Continuous Training
- Employee Awareness Training
- Advanced Cybersecurity Certifications for IT Teams
- Simulated Cyber Attacks
- Build an Incident Response (IR) Plan with Regular Updates
- Develop a Comprehensive IR Plan
- Regular IR Drills
- Regular Risk Assessment, Pen Tesingt, Red Team Exercises
- Build Comprehensive Data Security Program
- Understand and identify where the sensitive data lives in the organization
- Have an Identity & Access Management (IAM) tools to understand who has access to this sensitive data
- Build AppSec and DevSecOps Program
- Invest in the security education of application developers
- Build an AppSec program
- Harden Supply Chain Security
- Adopt Zero Trust Architecture (ZTA)
-
Can you share some best practices for securing cloud environments and hybrid infrastructures in today’s digital landscape?
-
- Cloud services has become the backbone of today’s organization however it brings multitude of challenges including:
- Shared responsibility: confusion of security responsibilities
- API Vulnerabilities: Cloud services rely heavily on APIs
- Misconfigurations: One of the leading cause of data breaches
- Multi-tenancy risks: Cross-tenant attacks
- Best practices to secure cloud environments are:
- Use of Cloud Security Posture Management tools (CPSM)
- Perform regular audits and configuration checks
- Implement strong IAM
- Implement cloud security guardrails with cloud-native security tools and logging
- Implement API security gateway
- Cloud services has become the backbone of today’s organization however it brings multitude of challenges including:
How does Myriad360 approach the implementation of Zero Trust principles, and what are the key benefits for organizations?
Myriad360 has been implementing zero-trust principles for its clients for years. Myriad360 has developed a very comprehensive workshop that educates clients about need for Zero Trust and perform a gap analysis and provide a roadmap to implement the zero-trust architecture principles.
-
-
- Myriad360’s approach aligns with NIST Special Publication (SP) 800-207. The Myriad360’s ZTA workshop addresses the following:
- ZTA Core Principles
- ZTA Access Components (Device, Network, Identity & Context) and how they are aligned with existing security controls
- ZTA Trust Triangle
- Supplementary tools supporting ZTA
- Specific use cases and ZTA high-level reference architecture
- Myriad360’s Security Reference Model (SRM) and mapping against client’s existing security controls/tools
- Upon completion of the workshop, Myriad360 provides the ZTA maturity level of the client and provides a detailed roadmap to enhance the maturity
- Key benefits of ZTA for organizations:
- Gain visibility and understanding of your enterprise traffic
- Simplifies and standardizes your security stack
- Reduces organizational friction and confusion around security requirements
- Reduces time to breach detection
- Protects your critical assets
- Myriad360’s approach aligns with NIST Special Publication (SP) 800-207. The Myriad360’s ZTA workshop addresses the following:
-
In your experience, what are the most effective strategies for incident response and minimizing the impact of security breaches?
Below are some of the most effective strategies for IR:
-
-
- Develop a Comprehensive IR Plan: Ensure that your incident response plan covers all types of cyber incidents (ransomware, data breaches, DDoS attacks, etc.) and includes roles, responsibilities, and communication protocols. An effective incident response plan helps mitigate damage during an attack and reduces downtime, minimizing financial and reputational losses.
- Regular IR Drills: Test the IR plan through tabletop exercises, cyber range simulations, and red team activities. Make sure that every team member understands their role in the event of an attack.
- Incorporate External Partners: Have established relationships with third-party cybersecurity consultants, legal experts, and law enforcement agencies to assist in case of a large-scale breach.
-