Published on: November 6, 2024
SafetyDetectives recently interviewed Carlos A. Lozano, Head of Technical Operations at Global Cybersec, where he oversees a range of cybersecurity initiatives from daily incident response to specialized network security assessments. Carlos brings a deep commitment to tailoring cybersecurity solutions that bridge accessibility and sophistication, especially crucial in the Mexican market where high costs often limit access to comprehensive protections. His team’s approach, grounded in Managed Security Services, combines cutting-edge tools with human oversight, ensuring clients receive adaptable and effective security support. Carlos shares insights into addressing emerging threats, optimizing AI’s role, and a remarkable intervention that helped a client recover from a major banking cyberattack.
Can you tell us about your role and responsibilities at Global Cybersec?
I’m in charge of the technical operations, which means that I supervise the day to day activities for detecting and incident response; but also coordinate the “one shot” projects like network and application security assessments, and advisory.
Also I’m very involved in the commercial efforts, since for us is very important to create strong technical offers to our customers and not just sell commercial solutions.
How does Global Cybersec tailor cybersecurity solutions for organizations of different sizes and industries?
This is a big challenge. It’s not a secret cybersecurity solutions are expensive, and when we’re talking about the Mexican market, are not just expensive, but extremely expensive.
To democratize the cybersecurity to all kind of customers, we based our operations in the Managed Security Services Provided (MSSP), it means that we provide the solutions as a service for the customers, including the solution but also the human resources to operate it.
The most common example is the Monitoring and Incident Response service. Provide a service like this, could include an end point solution, a Security Information and Event Manager (SIEM), maybe some Instruction Detection Systems (IDS), deception solutions, and a big etcetera. For all companies and investment to acquire all of these solutions is so big, and in many cases, restrictive. We has our own platforms or partnerships to provide the services as a service, reducing the costs and being more flexible with the licensing; but the most important point is that our engineers provide the operations for all the actions.
What are the most common operational challenges you encounter when implementing cybersecurity policies?
Reducing false positives by customizing settings. The problem with most part of the solutions, even the IA based solutions is that we need to provide information to create rules, policies, user cases, etc. this implies a lot of work and time; but the most important input is the customer’s feedback.
It’s the customer who needs to provide the information about it’s operation, full scope to their processes, reconfigure all their assets, in order to get the right information.
Usually the customer after hire a SOC service this that all the work is done from his side, and the cybersecurity company will to guess all the next information. But it’s wrong.
I think this is the biggest challenge.
How does your team address emerging threats such as ransomware and zero-day vulnerabilities?
We need to manage in two ways, the first one is to prepare all the tools, configurations, policies and rules; in the most restrictive configuration to detect any malicious file. But also to provide a security awareness to the people.
The other side is to have in mind that in any time the risk will zero, so we need to be prepared to act in case of an infection, doing BCP/DRP plans.
What cybersecurity trends do you think businesses should focus on over the next few years?
I think the answer is obvious, artificial intelligence. The main thing is that we need to use it in the correct way.
During the AI boom, most companies waited for manufacturers to design practically autonomous solutions. But this is not correct, currently the IA is looking to improve the human capabilities doing more efficient our daily task, but It is mathematically impossible for LLM-based AI to be autonomous today,
Can you share a success story where Global Cybersec’s intervention made a critical difference for a client?
Without a doubt, the most relevant success story we have had at Global Cybersec was the attention to a client in 2018 during an incident that affected several banking institutions, which were affected in the SPEI interbank transfer system, causing losses of several hundred million.
One of our clients was affected, and it began with a forensic analysis, believing that it would be a serious but manageable incident. It became a national crisis, where even relevant people within the regulators blocked the activities of the different companies in which we participate, hiding information and avoiding sharing it with the affected banks, because it could demonstrate the insecurity of Banxico.
Although it was officially mentioned that everything was part of a campaign by APT 32 of North Korea, the reality is that it could not have been just that actor acting alone. The way in which such large amounts of money were withdrawn, the choice of branches with cash for this, the evasion of anti-money laundering controls to handle so much cash; make it obvious that there was a local participation equal or more important than that of an APT, as well as the near monopoly that exists among companies that can make the connection between banks and the central bank, generate many more doubts about what happened.
Our client was able to recover part of the stolen amount, thanks to a prompt response; and demonstrate at all times the level of maturity of its controls, which prevented it from suffering penalties, as well as being able to demonstrate to its insurer its level of security.
It was a great experience, which unfortunately showed that insecurity is often a trend that comes from the regulators themselves.