ITSPmagazine recently caught up with STEALTHbits CEO, Steve Cochran. Cochran shares a story spanning 16 years; one of focus, clarity, and syncrhonicity.
ITSPmagazine: How and why did you enter the field of InfoSec?
Cochran: STEALTHbits originally started out in operations by automating IT tasks. But that didn’t last long. Almost immediately, customers were applying this technology to verifying patch deployments, and our attention turned to security. So, we entered the field of InfoSec because our customers took us there.
Sixteen years later, we’re entirely focused on security. As the number of breach incidents began to rise, we zeroed in on the most logical places to secure – the credentials attackers use to breach organizations and the data they’re after. For STEALTHbits, that means securing Active Directory, where the vast majority of credentials are stored, and file systems, where the vast majority of data is stored. This is simple blocking and tackling, which is what gets the job done.
ITSPmagazine: How does your company approach and overcome difficult challenges in the market?
Cochran: We look around and see what needs to be done, and we just do it. We don’t worry about it being difficult. Our mission to protect credentials and data is so clear, that we just build a plan and take action.
ITSPmagazine: What’s the one thing your executive staff does that you feel is unique in the infosec space (how do you approach doing business and how do you lead your team)?
Cochran: My executive staff is very clear on our credentials and data mission. They each know what we do and why we do it. Everyone has an oar in the water and we’re all rowing in the same direction. As their CEO, I’m very hands on and I like to push people out of their comfort zone.
This doesn’t always make me popular, but we end up accomplishing much more than we originally set out to.
ITSPmagazine: Why do you do what you do? What inspires you to do your job each day?
Cochran: It’s my mission that everyone knows how critical Active Directory (AD) is and how core it is to the headlines we see every day. AD is the dirty little secret in and around IT. Because AD stores the vast majority of credentials, it’s the target of nearly every attacker in every breach.
And yet, almost no one has a handle on their Active Directory. Everywhere you look, AD is a mess. It’s vulnerable.
I’m going to make people aware of that, and give them the tools to secure it.
ITSPmagazine: With respect to security and privacy, what’s the biggest challenge we face as a society?
First, we have a huge shortage of trained security professionals, and this puts us all at risk. We need to rely on the technology solutions that are available today to prevent things like simple misconfigurations at the operating system level, or lack of visibility into what attackers are after, such as credentials and data. This lead to breaches.
Second, we also need everyone - every member of society - to incorporate security and privacy into their daily thinking. What’s the use of firewalls or antivirus software if we continue to open phishing emails or leave our laptops unlocked? Until we understand that we’re all responsible for security, we’ll remain vulnerable.
ITSPmagazine: If you had a magic wand, what would you do with it?
Cochran: From an IT, and cybersecurity perspective to make companies more secure I’d clean up Active Directory. I’ll bet we’d stop 75% of the cyberattacks out there if we just had clean Active Directories.