Aviva Zacks of Safety Detectives had the privilege of interviewing Bryson Bort, Founder and CEO of SCYTHE. She asked him about his experience in the US military and what his company’s interesting name means.
Safety Detectives: What has your journey to cyber been like?
Bryson Bort: I don’t think anybody takes a straight road to cyber. Most of us got here by starting somewhere else in IT service management. So, whether it’s system administration, helpdesk, or working your way into being a tier-one analyst on a blue team, at that point you’re into cybersecurity.
I was a US Army officer and I worked on IT and communications. And then eventually I started working my way into cybersecurity and found my dream job on the offensive side of the house with building tools and conducting operations to test defenses.
SD: What does your company’s name mean?
BB: I founded a consultancy eight years ago called GRIMM. Grimm was my nickname back when I was in the military, in the national security community, so I thought that would be a fun name to have as a company as opposed to calling it Bryson’s Consultancy. A large client came to us with a consulting request, and I realized that they had effectively defined a product-market fit, so when we went to spin the company out, the name we chose was SCYTHE. So GRIMM is people and SCYTHE is a tool platform.
SD: Like the grim reaper?
BB: Yes. In tarot cards, the grim reaper stands for change, and in cybersecurity, we are all in desperate need of change to make things better.
SD: Tell me about your company’s services.
BB: GRIMM is a security research company, which includes all of the things that you would want from an advanced security research company. You name it, we’ve hacked it—applications, security research, hardware, planes, trains, automobiles, cryptocurrency, business consulting—from a large company to a medium-sized company that’s looking for help with products, people process, or technologies.
At SCYTHE, our focus is on the platform. SCYTHE allows you to recreate exactly what any bad actor would do—that specific code, that payload that can do certain things and talk certain ways. We allow you to programmatically build that from scratch without having to understand the complexities of what’s happening underneath. It’s a bunch of Lego pieces, which you put together and suddenly you’re that bad actor and you can safely deploy that on your own network and that allows you to see how your people and your technologies react to really understand your exposure and your defenses. Around that, we offer workshops for free on different aspects of risk assessment and detection engineering, but we also do consulting and training on what we call purple team engagements, which is a milestone-driven collaborative risk assessment.
Instead of hiring somebody to hack you for a couple of weeks and then they come back with this big report, we do it in a collaborative way with the client. We put out the steps (the threat’s logic and actions) we come up with together and then we go through them together to see exactly what happens. This way, we can improve as we’re going through the assessment as opposed to just showing up with a big thick report at the end.
SD: How does your company stay ahead of the competition?
BB: With SCYTHE, the technology is unique. We’re still the only ones that have actually built what we have. It’s completely modular with a Software Development Kit to allow customization. We launched a Marketplace for the many Partners we have to build and share their custom modules which helps keep enterprises on the cutting edge. So, from that perspective, it’s a unique capability.
On the GRIMM side, our focus has always been on hiring the best team of researchers. With both companies, we’re engaged with the community; we’re constantly out there giving talks, hosting our own conferences (GRIMMCon 0x4 is March 17th), giving back to the community, and training and education. I think that helps keep you fresh and on the edge of understanding what’s happening.
SD: What are the worst cyberthreats that are out there today?
BB: Ransomware. The year 2020 was definitely a year for ransomware. It increased exponentially across the board and it seems to have no sign of abating. I think ransomware is such a big threat both because of the sheer quantity and because it’s destructive. Ransomware takes your data and your computers away. What used to be a functioning computer suddenly becomes a useless paperweight overnight. For small and medium-sized businesses the ransomware could be indiscriminate in where it hits, which is an existential threat. That’s the kind of thing that takes your business down and you can’t recover from it, so I think that’s something that we need to be very concerned about and that the government should be doing more about.
SD: How do you see cybersecurity developing as we’re living through this pandemic?
BB: We have more people working from home and I don’t think that’s a trend that’s going to instantly reverse even this year or next year when things hopefully return to normal. I think the new normal is going to be that working home and remote will be a more commonly accepted option; a lot of businesses have, of course, moved to accommodating that through VPN access. There’s increased adoption of the cloud and that’s going to pivot, of course, because adopting the cloud and having encrypted comms from one location to another does not remove the risk. We will have transferred that risk, and so, I think that adversaries are going to follow the ball, so to speak, and that I don’t think that’s been taken into account yet.