Cyber Page for ACSM & AISA Cyber Cyber Security Security
....with Morey Haber Vice President of Technology, Office of the CTO
By Tony Campbell ACSM Editor
With more than 20 years of IT industry experience, Mr. Haber joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition and currently overseas strategy for both vulnerability and privileged identity management. In 2004, Mr. Haber joined eEye as the Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was a Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and key customer accounts. Mr. Haber began his career as a Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor’s of Science in Electrical Engineering from the State University of New York at Stony Brook.
4 | Australian Security Magazine
With more than 20 years of IT industry experience, Morey Haber joined BeyondTrust in 2012 as a part of their eEye Digital Security acquisition, working in overseas strategy for both vulnerability and privileged identity management. ACSM: Hi Morey, thanks for agreeing to speak with us today. Can you give our readers an idea of what brought you into cyber security and why cyber security? and what aspects of your career to date have helped you get where you are today? In all fairness, I stumbled into cyber security almost 20 years ago, while working in the network management space of operations. The security models for SNMP only included v1 and changing community strings was not possible on many devices. Simple discovery scans revealed that devices could have their MiBs modified and the runtime of the devices altered for malicious activity. This included changing email addresses on multifunction copiers to send copies of all copied/scanned material to an attacker. These basic attacks in the late 1990’s raised my interest in cyber security and so began my journey on my current career path. In the early 2000’s, a former executive of mine joined eEye Digital Security and recruited me to grow the business. At that time, we were a young start-up with only two dozen
employees and very limited venture capitalist funding. There were only two commercial vendors performing vulnerability assessments and the security community barely existed. Most organisations were in denial of the potential threats and the risks. Within a few years, I assumed responsibilities for product management and business development for our network scanner and endpoint protection platform. I will state candidly, that the learning curve was steep. There was very little training at the time, anti-virus was typically signature-based, and intrusion prevention solutions were just emerging on the market. Today, we take firewalls and basic threat protection for granted, before the wild west days of SQL Slammer and Code Red. In fact, many businesses at that time would not even put anti-virus on their server’s due to performance issues, let alone apply security patches, in fear of something breaking. In 2012, BeyondTrust acquired eEye Digital Security. The focus from vulnerability management to privileged access management was an easy pivot. Privileged attacks are just another method for a threat actor to breach an environment and conduct similar malicious activities as the defaults used in SNMP community strings. The only curve was learning the permutations of privileged attacks and applying them to data exfiltration and lateral movement, both of which vulnerabilities and exploits have been doing for almost 20 years. Privileged access was not much different than the threat landscape I learned in the past. Therefore, after all this time, my duration of being in the security community and watching threats and technology evolve, have been my greatest asset in bringing my career to prosper to date. New professionals to the security community should not only learn about modern threats, but also study past attacks and history. After all, history is what has brought us to the problems we face today and we can learn how similar problems have been mitigated in the past, and what has been proven to be most effective. ACSM: What advice would you give to Australian businesses and governments regarding both the national and international cyber threat landscape? There are several key recommendations all organisations should adhere to regardless of government, commercial, and even home use, to mitigate risks, regardless of the geography. These are critically important because they represent the lowest hanging fruit, threat actors are leveraging to attack our IT resources: 1. Education, Training, and Measurement The average user may not be able to tell the difference between a regular email, phishing, or spear phishing attack. They do, however, understand that if you click on the wrong thing, you may lose all your work, infect your computer, and cause massive damage to the organisation. If you can translate the threat from an attack into terms the average user can remember, then the human element of social engineering