From becoming a violin master to mastering his job as CISO of GlabalSign, Arvid Vermote is certainly an interesting character. Aviva Zacks of Safety Detective got the opportunity to sit down with him and ask about how authentication can happen, even in the case of IoT.
Safety Detective: Have you always liked cybersecurity and what drew you to it?
Arvid Vermote: I’ve always liked it. In my younger days, I was studying to be a musician as a violin player. I went through the formal master’s degrees for music and violin. But I always had two passions—one was IT and one was music. Soon after completing my education, I realized that I didn’t really want to play the violin or be in a creative art where I express art for a living. So, I decided to take a course in IT, another degree. One of the most interesting areas is cybersecurity because there you have the threats and the technicalities, but a lot depends on how humans think—the bad actors and the good actors and the victims—and how to work all of that together into a good cybersecurity program where you anticipate those actions by humans.
I started a job at Ernst & Young, where I started technical cybersecurity consulting and simulating bad actors with how they can break into companies. I worked there for a decade, building a team of over 100 people that specialized in both technical security and soft security. Based on that role, I eventually ended up at GlobalSign, taking care of GlobalSign’s security and compliance.
We are responsible for confirming the digital identity of people, entities, and machines—ensuring that these identities are watertight so we can help prevent against the current and future types of online identity fraud.
SD: Can you explain what GlobalSign does?
AV: GlobalSign is a global certificate authority. I like to call us an identity authority using certificates as the current technology. We are one of the parties digitally trusted by the operating system vendors and the browsers to confirm and issue identities to users whether it’s a machine, website, or a person who wants to sign a document or digitally sign a document to the equivalence of a physical signature. We establish all forms of online identity to a high degree of assurance.
SD: What kinds of companies would use GlobalSign services?
AV: I think we have one of the widest customer bases that you can imagine—from a big bank to a small bakery, to an individual person filing his tax report, in today’s world everyone needs to have a digital identity. Our customer base goes from Forbes 500 enterprises to very small, local businesses in any country around the world.
SD: Tell me what your company does with IoT.
AV: With IoT, there is a need for not only identifying humans and websites but also devices. If we’re talking about the Internet of Everything—with the rise of IoT, connected appliances, electric grid fully connected to the internet—all these devices need to be identified in a strong way and also requires strong authentication towards the firms that manage them or towards the electricity grids, for example. We play a critical infrastructure role in making sure the communication can happen in a way where the identity is guaranteed, but also, authentication is performed in a very secure way rather than based on passwords.
SD: What do you feel are some of the worst cyberthreats today?
AV: I would say everything related to identity fraud. There are also upcoming issues with deepfakes where the technology is advancing very quickly, and it’s close to impossible for a human to distinguish a deepfake from the real person. And as we are an identity authority that at its core has the responsibility to only issue an identity to the effective owner of the identity, this is one of the biggest threats for us. I think in the upcoming years, deepfakes will be one of the most major information security threats to watch.
SD: How do you think that the COVID-19 pandemic is changing cybersecurity?
AV: To some extent, it is an enabler in the sense that it is accelerating a lot of people and firms to work more digitally and also learning how to use strong digital authentication and signatures, which is all technology that we facilitate. Now it’s even more important because people can’t physically sign things anymore and can’t go to the notary. The current events might accelerate the adaptation of those types of technologies. On the other end, and a downside, of course, we are seeing a lot of criminal organizations piggybacking on the coronavirus and abusing it. Everyone who isn’t used to working digitally and remotely suddenly need to do it, and they’re not aware of the security implications, making them an easier victim.