Safety Detective: Tell me about your cybersecurity journey and what you love about it.
Vlad Styran:I hate almost everything about it.
I think it is a weird relationship.
One day, I found myself in the epicenter of the still young Ukrainian cybersecurity industry.
I committed to things like professional conferences and meetups, dedicated a lot of time and effort.
SD: What motivated you to start your company with Andrey Loginov and Kostiantyn Korsun?
VS:It was an exciting time.
Until then, we had no desire to start something of our own.
We only partially succeeded, though.
Today, we mostly focus on foreign markets, but we are still a Ukrainian company.
SD: You offer utility security and pentesting and you also train people in development and pentesting.
VS:These are very intricately connected.
We doapplication security services, and classicpenetration testing and social engineeringengagements.
And we teach people how to prevent these attacks from being successful.
It is rare to see executives familiar with cybersecurity concepts and capable of mindfully governing a security-sensitive business function.
SD: What do you think are the worst cyberthreats today and how is that evolving?
VS:The worst cyberthreats are financially motivated cybercrime groups that mostly do ransomware.
These are dominating forces now, and they conduct devastating attacks.
But they are themselves becoming increasingly vulnerable.
When they focused on malware and targeting users, they were less financially effective and flew under the radar.
But now they are joining into larger groups, and that requires them to sacrifice some personal operational security.
It makes them individually more easily identifiable.
I believe that we will see a lot of exciting indictments very soon.
SD: How do you think that the pandemic is going to change cybersecurity?
VS:It has already changed it.
Companies adopt innovative defense approaches; we hear clients talk BeyondCorp and zero-trust architecture much more often now.
Dismantling the perimeter and rearranging the countermeasures will create new environments where many red team skills become obsolete.
The infrastructure of a typical client is more robust and mature now, and there is no going back.
So, we will have to be more creative in finding new ways of assessing those clients security.
As blue teamers, we wont be able to use those old school sensors and agents approach anymore.
Everyone who has embraced the cloud prepared themselves and are thriving now.
Everyone who was running SIEMS and endpoint protection gear is in crisis.
