Lou Rabon on Defending Against Nation-State Attacks and Advanced Persistent Threats

Hey Cloud Control Readers 👋

We're back after an exciting New York Tech Week! I'm thrilled to bring you a conversation with Lou Rabon, the Founder & CEO of Cyber Defense Group. Lou’s got over 25 years in cybersecurity, and his insights are invaluable, especially when it comes to defending against sophisticated threats like nation-state attacks and advanced persistent threats (APTs).

In our chat, Lou dives into how Cyber Defense Group stays ahead of the curve by focusing on foundational security practices, proactive threat intelligence, and breaking down silos within organizations. He shares some eye-opening stories from his incident response experiences and offers practical advice on building a resilient cybersecurity strategy.

One of my favorite parts was hearing Lou talk about the importance of Privacy Engineering and how it combines technical cybersecurity with legal requirements, creating a holistic approach to data protection.

We also touched on the unique challenges of cloud security and how emerging technologies like AI and quantum encryption are shaping the future of cybersecurity.

Don’t miss this chance to learn from one of the best in the field. Dive into the full interview below, and stay tuned for more insights from industry leaders.

Cheers,

Ian

P.S. Was this email forwarded to you? If so, sign up to receive Cloud Control interviews delivered to your email each week here.

Question 1 💭

Lou, it’s great to have you on! With cyber threats evolving so quickly, what key challenges are you focusing on at Cyber Defense Group to stay ahead of sophisticated threats like nation-state attacks?

Answer 1 🎯

Thanks for having me! Threats are evolving quickly, so we keep an eye on discovered Tactics, Techniques and Procedures (TTPs) in the environments we are monitoring, as well as consuming information from DHS/CISA/FBI and various Information Sharing and Analysis Centers (ISAC).  That being said, a majority of attack vectors relate to foundational security - basic hygiene such as access management and technical control configurations, which don’t require advanced threat knowledge.

Question 2 💭

You've handled some pretty intense incident response situations. Can you share a particularly challenging incident you managed and what key takeaways others can learn from?

Answer 2 🎯

Yes, IR can be “fun”, especially as the lead, but it’s also intense and all-consuming.  One of the most challenging IRs I worked on involved multiple business units of a large organization, each with their own CISO and tech teams.  They operated in silos, with different technology stacks and security tools.  One of the first things we did was to ensure we had full visibility into their environment by unifying their tool stack and dashboard(s).  This allowed us to gain situational awareness quickly and contain the threat so they could get back to business.

Some key takeaways: ensure you are regularly testing your IR plan across multiple domains (executive, technical, etc), ensure you have a unified view of your environment (to the extent possible) and break down silos when it comes to security as much as possible. 

Question 3 💭

You've got a lot of experience in both privacy and security. How do you see these fields intersecting more with increasing regulatory pressures?

Answer 3 🎯

Unfortunately, the regulatory environment for both cyber and privacy is a mess in the US right now. Cyber is under-regulated and privacy regulations have too many different rules (Global/Federal/State). Both are about data - knowing where your data is, how it’s being used and how it’s protected. So there’s a big convergence with cyber and privacy since they are interrelated. Privacy Engineering is new, and it combines the technical aspects of cyber and DevOps/IT with the legal requirements of privacy - bringing these three distinct areas together in an exciting, new way.

Question 4 💭

Cybersecurity-as-a-Service (CSaaS) is a unique offering by Cyber Defense Group. How does this model differ from traditional approaches, and what advantages does it offer to mid-market businesses?

Answer 4 🎯

We work with many companies that have existing security teams, so what might traditionally be called virtual Chief Information Security Officer or “vCISO”, did not fit for larger organizations that have an existing CISO. Our offering is unique in that it’s custom-tailored to the needs of the businesses we work with. For instance, we have one large retail client that just needed a Managed GRC function, so that’s what CSaaS is for them. Another client needs us to run their Vulnerability Management Program. Clients that need a full security team to implement and manage their full cybersecurity program are getting CSaaS as well, but the market would call this vCISO. Although cybersecurity is complex, we have distilled it into 13 domains, like vulnerability management and incident response, which we can offer as a comprehensive program, or individually, based on the needs of each client. The advantage of CSaaS is that it can be tailored to whatever aspect of a cybersecurity program is needed, and mid-market businesses can get a seasoned cybersecurity leader and team, without the overhead of full-time resources.

Question 5 💭

Dealing with Advanced Persistent Threats (APTs) is tough. What are the most critical components of a solid APT defense strategy in your experience?

Answer 5 🎯

Catching and containing the initial compromise early is the best way to prevent an APT.  Having a mature cybersecurity program with repeatable processes and conducting regular reviews is essential as well.  Finally, having proper visibility into your environment, and understanding anomalous behavior can ensure that anything that might get past your initial defenses will be detected before the attackers can gain a foothold and take action on their objectives.  

Attacks are getting more sophisticated and “hiding in plain sight” (i.e. using legitimate services and protocols)  so organizations that are likely to be targeted for APTs need to have a very in-depth understanding of their environment and use proactive defense techniques such as decoys and continuous threat hunting.

Read the Full Q&A on Gomboc.ai

What’s New at Gomboc

Gomboc’s Honored in Notable Capital’s Rising in Cyber List 🚀

We’re excited to announce that we’ve been named one of the 30 most promising cybersecurity companies in Notable Capital's Rising in Cyber 2024! Being selected from nearly 200 nominees by over 100 CISOs and security leaders is a tremendous honor, and we are deeply grateful for this recognition.

Proud to be listed with many amazing cybersecurity companies!

For more details, visit Rising in Cyber 2024.

Latest AWS and Azure Updates You Don’t Want to Miss

1. Seven Cybersecurity Tips To Strengthen Your Startup’s Security Posture

2. Zscaler CEO Talks Guidance, Breach Rumors, Cybersecurity

3. Snowflake Warns: Targeted Credential Theft Campaign Hits Cloud Customers

4. New AlgoSec Double-Layered Cloud Security Solution Minimizes Critical Cyber Security Blind Spots in Cloud Environments

5. Cloud Security Alliance Survey Finds 70% of Organizations Have Established Dedicated SaaS Security Teams

Top Articles and Resources of the Week

Articles

1. Microsoft rolls back ‘dumbest cybersecurity move in a decade’

2. 16 DevSecOps trends shaping the future of software and cybersecurity

3. A cloud-storage company is using AI to save employees weeks of cybersecurity-threat work

4. Fortinet grabs cloud security player Lacework

5. Microsoft revamps controversial AI-powered recall feature amid privacy concerns

Resources

1. Federal Cyber Defense Skilling Academy: CISA’s Cyber Defense Skilling Academy provides federal employees an opportunity to focus on professional growth through an intense, full-time, three-month accelerated training program.‍

2. The Workforce Framework for Cybersecurity (NICE Framework): Learn more about the NICE Framework Categories, Work Roles, Competencies, and Task, Knowledge, and Skill (TKS) statements as well as the relationships between those elements in this downloadable PDF.‍

3. Workforce Management Guidebook - Cybersecurity is Everyone's Job: A publication that talks about cybersecurity from every business function and aspect of an organization’s operation. It is written for a general audience who may not be knowledgeable about cybersecurity and can be read as a complete guide or by each business function as standalone guides.

4. 7 Popular Cloud Security Certifications for 2024: This article provides a comprehensive overview of the top cloud security certifications for 2024, essential for professionals seeking to enhance their skills and career prospects in the rapidly evolving cloud security landscape.

5. Cybrary.it: A platform for cybersecurity professionals at all levels, featuring free courses, certification training, and hands-on virtual labs designed to prepare users for the latest threats and vulnerabilities, making it a valuable resource for anyone looking to start or advance their cybersecurity career.