Interview With Armond Caglar – Cybeta

Note: This original interview was conducted by Safety Detectives.

With many thanks to Armond Caglar, Co-Founder and Director of Cybeta Overwatch and Principal Consultant, Aviva Zacks of Safety Detectives found out all about his company’s data science services.

Safety Detectives: What drew you to cybersecurity?

Armond Caglar: I took a somewhat circuitous path to information security. My interests growing up were primarily centered around journalism and foreign affairs and not, say, computer science or software development. As a first-generation Armenian-American, I think I’ve always carried with me a global perspective about things, probably the result of being exposed to a second language at home and trips to Istanbul we would take every summer to visit relatives. So, I always knew I wanted to pursue a career that exposed me to the world and to people. My first job out of college was working as a freelance reporter in Washington, D.C. focusing on issues important to the Iranian-American community. Later, I worked in federal service specializing in regional affairs around the world. Although I did not know it at the time, my experience in the government space created familiarity with concepts and practices that would later be relevant to a career in cyber, particularly things like information assurance, identity and access management, social engineering, and the adversary mindset.

SD: What do you love about your job?

AC: One of our three main service areas is something called Cybeta Overwatch, which is an amalgamation of passive ethical hacking, OSINT, and deep and dark web collection and analysis. For me personally, there is nothing better than providing a customer insight on areas of their vulnerable IP4 space in which they previously had zero awareness, but especially if it can be prioritized based on criticality to their business and the severity and likelihood of the threat materializing. Our findings have to be relevant and mapped to criticality otherwise they are useless. I am also very excited about our work in the cyber insurance space. We have worked very hard over the years to carve out trusted and strategic partnerships with both insurance brokers and underwriters to the point now where we can proudly offer Threat Beta, which is a cool predictive algorithm our data science team developed that better anticipates breach likelihood scenarios in a way that we think is industry-leading. We also have something called Threat Alpha, which is a financial impact modeling tool.

SD: What does your company do?

AC: First and foremost, we are a data science company. I sometimes say we are a data science company with a threat intelligence and dark web problem. But it is safe to say that our bread and butter is data science. We have three main services. First, we have Threat Beta, which as I mentioned is a methodology that is rooted in data science that can reliably and repeatably predict breach likelihood using hundreds of data inputs with an emphasis on publicly discoverable technologies. The technology is patent-pending and constantly evolving and improving. We have Threat Alpha which is our cyber loss quantification methodology that aims to provide better exactness to both cyber loss and ROI calculations of technology and security investments. And lastly, Cybeta Overwatch, which aims to protect customers by examining their digital attack surface from the perspective of the Internet that leverages both open and closed-source methods.

SD: What verticals use your services?

AC: We service clients across all categories. Our larger clients include Fortune 500 leaders in financial services, manufacturing, technology, automotive, pharmaceutical, professional sports franchises, SMBs, the maritime industry, as well as private equity.

SD: How do you stay ahead of the competition?

AC: Cyber is a crowded space but we think our differentiation has been obvious from the beginning. We pride ourselves on not being a scorecard company that automates its analysis. Our industry needs more than just a score – we always thought it needed a way to identify threats and companies that might be at an elevated risk of attack based on how successful cyber events are actually planned and executed. What has been missing, in our estimation, has been the lack of smarter analytics, including the lack of inclusion of global threat data specific to publicly discoverable technologies gleaned from outside the firewall by someone casing the network. This is one way we are attempting to derive better comparative attack likelihood. We think we are achieving that by using metrics that matter.

SD: What are the worst cyberthreats out there today?

AC: Clearly, the broad category of social engineering and its various manifestations, for instance, ransomware or business e-mail compromise, are leading causes of successful and high-profile data breach events that continue to steal the headlines and deservedly so. And it’s no surprise either. Anyone who spends just a modicum of time on the dark web can see how access to ransomware is being democratized now to all sorts of budding criminals through the sale of ransomware-as-a-service and other exploit kits on underground markets. So, anyone with an email address and regular computer access is a potential target. This highlights the importance of prevention and the litany of fairly straight forward controls enterprises can do that can markedly reduce their susceptibility to these types of attack conditions.

SD: How will COVID-19 change cybersecurity for the future?

AC: The most obvious thing off the bat is how the enterprise attack surface has changed. There has always been remote working but never before at the unprecedented scale in which this mass transition occurred in 2020. To the extent working from home is here to stay, it is incumbent for enterprises to figure out how they are going to secure the new perimeter which has now been extended to employee homes. We have seen instances where this is already proving difficult for some customers, highlighted by clientless VPN deployments or remote protocols either misconfigured or left exposed without proper security at the transport layer. However, even with COVID-19, it is still important to remember that victimhood is not a fait accompli and that substantial protection can still be achieved through things like proper configuration management and user awareness.