Published on: September 12, 2022
Safety Detectives spoke with Jesse Dean, who is leading the development of integrated solutions in his role as Vice President of Solutions at TDI. Our discussion touched on the unique cybersecurity products offered by TDI, how TDI continues to innovate leading-edge technology, and some of the worst cyberthreats around today.
Hi Mr Dean, it’s nice to meet you.
It’s a pleasure to meet you as well – thank you for the opportunity to sit down with you today! I’m happy to be here!
Can you tell me about your journey to TDI and how that prepared you for your current role?
Absolutely! I’ve been fortunate enough to be exposed early in my career to several areas: IT engineering, security compliance, policy, IT operations, cloud, and software development.
All of these varying perspectives provided me a first-hand view of the disconcerting disconnect and ineffectiveness of how security is viewed and gets done (or should I say doesn’t get done).
Put simply, there is a ton of spend in cyber, one report has it growing 10% a year as we look ahead to 2027. Security and IT teams are busy with lots of activity. How do we measure and know if that effort is focused in the right areas and achieving the appropriate outcomes?
So, it was only natural when the opportunity came to work with TDI, a company that has been laser-focused on cybersecurity and has a heritage of innovation for over two decades. I didn’t hesitate.
We have a shared vision about how to genuinely improve cybersecurity.
This shared vision, the demonstrated excellence of TDI, and my background lend itself well in my role as VP of Solutions at TDI where I’m leading the development of integrated solutions to effectively manage the business of cybersecurity.
Can you please tell me about TDI and the type of cybersecurity service you offer?
Having been solely focused on cybersecurity for two decades, one might imagine we offer a wide array of cyber services to commercial and government customers – and that’s absolutely the case.
In simple terms, we have three core competencies under which our many services and offerings live.
The first and most recent – We are the creators and industry leaders of Cybersecurity Performance Management (CPM), this is TDI’s foundational core competency and the glue which binds together our other two core capabilities of Cyber Operations and Cyber Compliance.
Cyber Operations and Cyber Compliance should be familiar to most people as they’re well defined.
CPM is new, something we proudly created in 2017. Last year CPM was recognized by Gartner as an emerging area with tremendous adoption benefits. Briefly, CPM is a framework for effective cyber performance tied to an organization’s strategic cyber objectives, measuring meaningful performance metrics. It’s a game changer and an area we’re passionate about.
What is your company’s flagship product?
We developed an automation platform to support CPM. CnSight® is an innovative solution designed to provide previously unknown insights into risk through a continuous view into the effectiveness and consistency of an organization’s cybersecurity. I’ll note that CnSight® is the winner of the Cybersecurity Excellence Awards 2 years in a row.
CnSight is offered as a stand-alone product to those organizations that need just that.
For those organizations who need a bit more, we combined CnSight® with TDI’s decades of experience to offer Managed Cybersecurity Performance (MCP), a first of its kind managed offering providing organizations with a better way to manage their cybersecurity performance. TDI’s MCP offering mitigates risk, reduces ransomware, provides continuous compliance, improves cyber-ROI, and provides comprehensive and instantaneous visibility into how an organization is performing against known Cyber Performance Indicators.
What are some of the challenges in working in cybersecurity?
Ha, how much time do we have?
Joking aside, There’s the lack of qualified staff, third party risk, finite budgets, and sophisticated attacks. Those all need to be acknowledged as part of the reality in which we need to operate.
So how do we do that? Effectively manage risk in the real world.
That’s the key challenge, and a big part of that challenge is being able to quickly and accurately suss out the ground truth. And by that, I mean truly understanding the performance and effectiveness of people, processes, tools, and technologies you’ve employed to provide some agreed to level of protection. I’m talking about situational awareness.
Understanding all of this has been traditionally very time consuming in terms of manpower. It’s often deemed not worth the effort. There certainly is an argument to be made there.
Organizational structure, politics, and level of expertise within the organization are all factors. Traditionally teams self-report, send spreadsheets, which may then work their way to PowerPoint slides, with some of that information making it to a 15 minute presentation to the board a couple times a year along with the results of the latest point in time audit report.
That’s no way to manage and have the needed visibility and assurance into something as important as cybersecurity.
Organizations need to leverage automation and analytics, taking an agile and continuous approach to effectively manage the business of cybersecurity.
What are the worst cyberthreats out there today?
Phishing continues to be a problem… Ransomware, Nation States, critical infrastructure. It’s easy to get overwhelmed or distracted by the headline of the day.
I’m not one for fear mongering, that’s just not helpful.
It’s really about each business understanding their risks and tolerances, then taking the appropriate steps for them. Perfect protection cannot be bought, but organizations can definitely overspend on security, we talked a bit about that earlier. Understanding that, and striking a balance is key.
I’ll tell you, so much can be done just with basic cyber hygiene – know what you have. Patch. use MFA. Segment. Encrypt. back-up. etc. Rigor, accountability, and visibility are key to make this effective.
How does TDI stay competitive in a world filled with cybersecurity companies?
In a word, it’s innovation.
It’s part of our culture and one of our core values. From the very beginning, we started by providing the cyber community with open-source tools and serving as an industry thought leader through published pieces, seminars, lectures, and interviews.
Fast forward to today, we’re still developing and fostering leading-edge security solutions and technologies like the industry-leading CPM platform, CnSight®.
We’ve hopefully reached the end of the pandemic, but looking back on the past few years, how do you think the pandemic changed cybersecurity going forward- or did it have little to no impact?
Hopefully, the worst is behind us. I know it’s been a rough road for a number of families, especially those who lost loved ones.
Let’s hope the global community uses those hard learned lessons to better prepare for the next pandemic when it comes.
As far as the pandemic’s impact on cybersecurity, the shift to remote work significantly increased the attack surface. Think about how hard it was to buy a computer – In the 1st quarter of 2021, PC sales posted the fastest growth in 20 years. This influx of new systems helped drive the challenges around configuring and patching these devices, exposing poor processes and other gaps.
Specifically, this shift accelerated greater cloud and Zero Trust adoption across many companies. Generally speaking – These are good things. But only if they are effective in terms of cost and performance. This takes us back to the beginning of our conversation. Being able to have that visibility into the ROI if you will, has historically been a challenge and it’s TDI’s contention that this must improve if we want to shift the paradigm from that of activity to achievement.