Aviva Zacks of Safety Detective had the honor of sitting with Vlad Styran, Co-Founder and VP of Berezha Security, who was open and honest with his feelings about cybersecurity.
Safety Detective: Tell me about your cybersecurity journey and what you love about it.
Vlad Styran: I hate almost everything about it. I think it is a weird relationship. One day, I found myself in the epicenter of the still young Ukrainian cybersecurity industry. We needed a professional community for knowledge sharing, so I ended up in the early generation of the profession around here. I committed to things like professional conferences and meetups, dedicated a lot of time and effort. I still enjoy it as a profession, but nowadays, I am more involved in the business side of it, so no more hacking fun for me. As both a businessperson and a community leader, I do my best to open this opportunity to as many younger colleagues as possible.
SD: What motivated you to start your company with Andrey Loginov and Kostiantyn Korsun?
VS: It was an exciting time. Our “glorious leader” has just fled to Russia, and the country started to develop a more liberal and less corrupt economy. Until then, we had no desire to start something of our own. But when we faced this new, inspiring perspective, we decided that it was time to create something that will last. We wanted to start a company that would be, well, Ukrainian and would provide affordable, high-quality security services. We only partially succeeded, though. Today, we mostly focus on foreign markets, but we are still a Ukrainian company.
SD: You offer application security and pentesting and you also train people in development and pentesting.
VS: These are very intricately connected. We do application security services, and classic penetration testing and social engineering engagements. And we teach people how to prevent these attacks from being successful.
Our training courses break down into two bodies of knowledge: First, we teach developers about the basic security engineering concepts that, if implemented correctly, would make their software less vulnerable. And second, we bring top management and non-security experts up to date with what the security industry looks like from the inside. It is rare to see executives familiar with cybersecurity concepts and capable of mindfully governing a security-sensitive business function. Normal people don’t care much about security: they read some news, follow someone on Twitter, and think they have an idea about cybers. We show them how to think about cybersecurity based on the publicly available data and for many of them, it is an eye-opening experience. They learn how to think about security risks pragmatically and skeptically, and how to secure their businesses and their lives with optimal investments and effort.
SD: What do you think are the worst cyberthreats today and how is that evolving?
VS: The worst cyberthreats are financially motivated cybercrime groups that mostly do ransomware. These are dominating forces now, and they conduct devastating attacks. But they are themselves becoming increasingly vulnerable. When they focused on malware and targeting users, they were less financially effective and flew under the radar. But now they are joining into larger groups, and that requires them to sacrifice some personal operational security. It makes them individually more easily identifiable. It’s just not possible to go to these lengths for higher profit and not lose some OPSEC along the way. I believe that they are now harming the global economy at scale, but they are also becoming less capable of hiding themselves from law enforcement and from other hackers. I believe that we will see a lot of exciting indictments very soon.
SD: How do you think that the pandemic is going to change cybersecurity?
VS: It has already changed it. Aside from the depression caused by not being able to meet at conferences anymore, I think that now we will be facing much more challenging tasks.
As red teamers, we will be aiming at more hardened targets because successful penetration and lateral movement in this new remote reality have become much harder. Companies adopt innovative defense approaches; we hear clients talk BeyondCorp and zero-trust architecture much more often now. Dismantling the perimeter and rearranging the countermeasures will create new environments where many red team skills become obsolete. We got used to attacking networks, perimeters, and on the ground infrastructures, but those days are gone. The infrastructure of a typical client is more robust and mature now, and there is no going back. So, we will have to be more creative in finding new ways of assessing those clients’ security.
As blue teamers, we won’t be able to use those old school sensors and agents approach anymore. We will have to work directly with the assets, no layers: just subjects, objects, and full control of their relations. Everyone who has embraced the cloud prepared themselves and are thriving now. Everyone who was running SIEMS and endpoint protection gear is in crisis. The time has come to evolve, and this crisis is the disguised opportunity that we have been waiting for.