In a recent interview with SafetyDetectives, David Etue, CEO of Nisos, provided valuable insights into the ever-evolving landscape of cybersecurity. Nisos specializes in managed services for cyber intelligence, such as assessments, monitoring, and investigations, aiming to equip cybersecurity and corporate security teams with actionable intelligence to better respond to various threats. When discussing incident response, Etue emphasized the importance of rapid, clear communication within cross-functional teams and quality information from both internal and external sources for effective decision-making. Additionally, he touched on the challenges and opportunities presented by emerging technologies like AI and cloud computing, underscoring Nisos’s commitment to innovation in delivering immediately useful intelligence to clients.
Can you talk about your background and your role at Nisos?
I am CEO of Nisos, the Managed Intelligence Company®. I have over 20 years of experience in the field of cyber security, having worked with both early-stage and well-established companies. Prior to Nisos, I served as the Global Head of Managed Security Services at BlueVoyant. In my previous role as VP of Managed Services at Rapid7, I was the business leader responsible for driving the creation, execution, and strategic vision of their global managed services offerings.
In the past, I held the position of VP of Business Development for Gemalto’s identity and data protection business, leading worldwide partnerships and OEM sales. My association with Gemalto started through the SafeNet acquisition. During my tenure at the management consultancy PRTM, which was later acquired by PwC and became PwC’s PRTM Management Consulting, I led the cyber security practice, collaborating with industry practitioners and suppliers. At PRTM/PwC, I provided consultancy to practitioners and suppliers dedicated to improving cyber security, information security, and information assurance programs. This encompassed areas such as go-to-market strategy for cyber offerings, cyber supply chain integrity, and secure cloud strategies. Prior to PRTM, I served as the Vice President of Products and Markets at Fidelis Security Systems, a company that was later acquired by General Dynamics Advanced Information Systems. In my role at Fidelis, I offered strategic leadership for product management and product marketing. During my tenure, the company experienced substantial growth and expanded globally from a small direct sales force to an international sales and channel presence.
Early in my career, I had the privilege of leading General Electric’s global computer security program. During this time, I was a member of the GE Information Management Council and contributed as an original member of GE’s Global E-Commerce team, which played a pivotal role in developing the company’s e-business strategy. My journey at GE began through the Information Management Leadership Program, where I held various positions in technology strategy and operations.
I hold certifications as a Certified Information Privacy Professional and a Certified CISO. With a reputation as a top-rated public speaker, I have extensive experience covering security topics on a global scale. I successfully completed GE’s Six Sigma Black Belt Training and am trained in the Pragmatic Marketing Framework.
My academic background includes a Bachelor of Science degree in Business Administration and Finance from the University of Delaware. I am actively involved in the university’s Alfred Lerner College of Business & Economics Alumni Board and the Executive Mentor Program.
What are some of the top services offered by Nisos?
Our managed services for cyber intelligence include assessments, monitoring, and investigations – offered individually or as part of our Managed Intelligence Suite. Our Open Source Intelligence (OSINT) Monitoring & Analysis, Executive Shield, and Adversary Insights subscriptions are our most popular. These offerings provide finished intelligence including recommendations to enable our clients – typically cybersecurity, corporate security, and trust and safety teams teams – to better respond to cyberattacks, disinformation, and abuse of digital platforms.
In the event of a security breach or incident, what steps do organizations take to respond, investigate, and remediate the situation?
One of the biggest challenges in an incident is getting a reliable view of a situation in a timely manner to contain the incident and drive risk-based decision making. Depending on the type of incident, the technical tools you need may vary. However, in all cases I think there are two critical components.
First, you need to have the right people across the organization involved, who can communicate quickly and with clarity. Incident post-mortem reviews and table top exercises often reveal that critical information didn’t get communicated uniformly, or that key stakeholders weren’t engaged.
Second, you need to have quality information providing internal and external views of the incident to enable the cross-functional teams to make timely, adequate decisions. Technical tooling internally can be critical here. In cybersecurity incidents, rich telemetry data that can be correlated across the organization’s technical infrastructure can be game-changing. When dealing with fraud or abuse, technology infrastructure is still important, but business systems, business logic, and financial controls become required. Threats to people, assets, and facilities, require understanding where and how the employees of the organization work. In all scenarios, external intelligence is critical to complete the picture. It can provide critical information about the adversary and their capabilities; tactics, techniques and procedures (TTPs); and motivations. It can give a broader picture of the incident including areas not seen by internal tooling, providing an outside-in view to better understand how to mitigate risk, and it can provide critical information about the incident – from adversary chatter, additional threats, evidence of data leakage, and more.
Time is of the essence when dealing with an incident and containment is critical to minimizing the impact. And depending on the type of incident, timely reporting can be a regulatory requirement. As an example, the SEC requires publicly traded companies to publicize details of a cyber attack within four days of identifying that it has a material impact. Having the right cross-functional team that communicates well and is equipped with the right information from inside and outside of the organization is critical to effective response and remediation.
What is the significance of full threat visibility?
To start, threats are a who, not a what. It is easy to get caught up in the speeds and feeds, but behind every attack there is an attacker with capabilities, methods, and motivations. That is a key piece of the picture.
Intelligence brings external and outside-in views to that picture. From addressing an incident to risk management planning, external intelligence is critical to effective decision making. It is how your adversaries see you, and it also lets you connect the inside to the outside as you evaluate decisions and controls. It also provides evidence about the incident – from adversary chatter, additional threats, insight to data leakage, and more.
What are the main challenges organizations face when it comes to securing cloud-based systems and data?
I think the biggest challenge is that our attack surface is approaching infinity. Cloud services – from SaaS to PaaS to IaaS – change how we manage and consume IT, which requires new approaches to security, and created entirely new security offering categories. However, you still need to know what you have, how it’s configured, and how it changes. And now you have to do that in your internal environments and a list of cloud service providers. Cloud has made it hard to even define your attack surface, let alone manage it (and reducing cloud consumption isn’t a theme you hear much…)
Cloud has also driven identity as a key control. I think of intelligence as a critical outside-in control, and in the cloud, identity is a key inside-out control to link our administrators and users to cloud services in a reliable way.
What are some emerging trends and technologies in cybersecurity, such as artificial intelligence (AI) and machine learning (ML), and how do they contribute to improved threat detection and prevention?
AI has the potential to be a force multiplier when properly applied. What I think gets lost too often in the conversation is what changes for the client or customer when you apply AI. If you ask someone what they do, and they say, “we are an AI company,” that statement misses the value they provide. From machine learning to large language models, AI is very relevant to the problems we deal with in intelligence. At Nisos, we deal with large data sets, our platform enables our experts to focus on the things that require humans, and we have to communicate effectively to our clients about how they can manage risk and remediate incidents. We are applying AI in our platform to continue to drive our ability to quickly and affordably provide our clients immediately useful finished intelligence.
Beyond AI, a critical trend in cybersecurity and intelligence is managed services. If you look at trends in cybersecurity, managed detection and response (MDR) has taken the people, process, and technology and transformed how people think about running 24/7 security operations. MDR made it possible for early maturing organizations that previously couldn’t afford to do it if it was in-house, and mature teams can utilize their scarce resources more effectively by leveraging the scalable MDR capabilities with their teams to complement.
Nisos is driving that same capability for intelligence. Most of what is sold in the “threat intelligence” space isn’t actually intelligence. Data is raw facts, information is the aggregation of raw facts into logic, and intelligence is information curated to drive timely, actionable, and relevant decisions.
Overwhelmingly the market provides data, requiring the consumer to turn that into intelligence and apply it within their security program themselves. Doing that requires experienced analysts (people), intelligence tradecraft (process), and a platform that drives repeatability and efficiency (technology). There is little talent available in the market, and it can be difficult to retain. You need the right people to do the analysis and create and keep the tradecraft updated. Most technology platforms focus on how to get data into broader environments like SIEM and SOAR versus producing intelligence. If you are a CISO, head of trust and safety, or corporate security, doing all of that in-house requires a lot of investment and focus. Blazing the trail with managed intelligence provides a solution for enterprises of all sizes and maturities to benefit from threat intelligence.