Aviva Zacks of Safety Detectives recently sat down with self-described “math nerd” Derek Brink, Vice President and Research Fellow at Aberdeen. He told her about his company’s vendor-neutral reports to its customers.
Safety Detectives: What was your start in cybersecurity?
Derek Brink: I was and still am a math nerd. I studied applied mathematics in college, with the emphasis on the word “applied.” I like math, but I like it to be for something. Eventually, I got my MBA from Harvard.
SD: What do you love about it?
DB: For me, the blend of business and technologies is what’s fun about my work. I think that security is right in that space between technology and business. For me, the technical aspect of security is maturing in that it implements security, not for the sake of “being secure,” but to help protect and the business as it’s trying to achieve its objectives. Understanding that blend between the technical side and the business side is where I find the excitement. I think technology will always change, and that is exciting, but I also like how it helps businesses come to a more mature understanding of risk.
SD: Tell me about some of the services and products that your company offers?
DB: The research I do is about the technology buyers and the people who deploy them for their own companies. This is also the community that consumes the research, in the form of reports, webinars, and so on. We monetize the research by working with vendors, who like to use this kind of fact-based content in their marketing campaigns.
Aberdeen also lives within a bigger organization. About a year ago, we were acquired by Spiceworks Ziff Davis, so there’s a whole range of services there too.
SD: What types of industries use your company’s services?
DB: All industries. On the reader side, we do surveys and have the opportunity to talk with customers, so it’s literally all industries. We also talk to people directly at conferences.
On the vendor side, the interesting thing about the security space is there are more than 3,000 companies. And despite the mergers and acquisitions that happen all the time, it’s a testament to the importance of the problem that there are new, innovative companies coming out all the time to help address the ever-changing cybersecurity challenges.
SD: What makes your company unique?
DB: We try to describe what is best practice. What does “best-in-class” look like? What are companies doing? What kind of technologies are they using? Someone told me early in my career at Aberdeen that they don’t really care what I think—meaning that it’s not about my opinion, it’s about my analysis and the insights that come from the fact-based, primary research.
Aberdeen is vendor-neutral. We don’t recommend specific solutions. There’s no quadrant or wave, and we don’t recommend this technology over that. We report on the people, processes, and technologies that correlate most strongly with top performance, and readers can apply those insights to their own situation.
SD: What do you think are the worst cyberthreats out there today?
DB: The financially motivated threat actors are the ones we mostly think about these days. They evolve. They’re flexible. They’re dynamic. Today, for example, we all know about ransomware. It exploits vulnerabilities in all kinds of companies, gets access to data, and then refuses to give the data back until the ransom is paid.
Recently, we’ve all seen vulnerabilities in our supply chains. For example, with a major gasoline pipeline on the East Coast and a nationwide meat processor. That’s critical infrastructure, and we saw the size and speed of the disruptions that can cause. When it’s no longer just financially motivated attackers, but attackers whose motivations include doing harm to economies and societies, that to me is the more frightening cyberthreat.
SD: How is the pandemic changing the way companies are handling cybersecurity?
DB: First, there was a pretty dramatic and sudden shift to remote work, which accelerated trends that were going on anyway: more flexible working arrangements, work from home, and so on. But the initial lockdowns in the first and second quarters of 2020 meant a lot of changes had to be made. Now, we no longer had the same level of visibility and control over employee devices, identities, networks, data, and behaviors. We want to give people the flexibility to work wherever, so there were a lot of changes that companies had to make quickly, in order to get comfortable with not having those things under traditional controls, in their direct line of sight. Many companies are starting to return to the offices, but many are continuing the work from anywhere practice and reinventing key business processes and workflows. What started out as a necessity has in many cases created a number of new, positive opportunities.