Shmulik Yehezkel, Colonel (Res.) is a cybersecurity expert with a long list of security roles under his belt. We sat down with Shmulik to talk about his holistic approach to cybersecurity, where it comes from, and how intelligence-based security plays into giving customers the most value for their money.
What is your background in security?
I began my career as a fighter in an elite unit, and later served as a battalion commander in the infantry and eventually as a brigade commander in the Home Front Command. These roles allowed me to lead operational activities against adversaries and manage crises, both civil and related to pandemics.
Simultaneously, in my civilian career, I held the position of security director at the Israeli Embassy in Nigeria and was responsible for overseeing the physical and information security at all Israeli embassies in the US and Africa. This experience provided me with valuable insights into physical and information security. Additionally, I served as the deputy Chief Information Security Officer (CISO) for all Israeli embassies worldwide.
Meanwhile, I pursued my studies in software engineering with a specialization in cybersecurity. I worked in cyber roles at the prime minister’s office, engaging in development, defensive and offensive support, and even served as the acting director of security risks and cyber risks within the organization. In my final role within the Israeli security system, I served as the director of the operative cyber division at the DSDE, Ministry of Defense. This division guided security companies and organizations in Israel in assessing and addressing cyber threats, while I personally led the handling of cyber incidents for security bodies in Israel. As a senior member of the exclusive “Organ” forum, which includes representatives from all security organizations in Israel, I actively contributed to the assessments and response strategies employed by the State of Israel to counter cyber threats.
What are your responsibilities at CYE?
I hold three key positions at CYE. First, I am the company’s CISO and CIO, focusing on internal company activities. Additionally, I serve as the leader of the Critical Cyber Operations Group, which provides professional cyber services at the state level. Following the NIST model for handling cyber incidents, we have established a fully operational group that applies this model to our clients. The group consists of specialized professional departments, namely the Advanced Cyber Architecture Department (Arch), Cyber Intelligence Department (CTI), Department of Cyber Incidents and Forensics (DFIR), and Project and Operations Management Department. These departments work together in a coordinated and synchronized manner.
Our activities include assisting customers in constructing and evaluating their cyber architecture (IT and OT) and managing their cyber incidents and crises.
How is working at CYE different from the other roles you’ve held throughout your career?
After spending more than 25 years working in the civil service and state security and intelligence organizations, I transitioned to CYE. Joining a startup company has been a completely different experience for me. The working atmosphere is distinct, characterized by reduced bureaucracy and increased flexibility and creativity. Professionally, the main surprise for me has been the significant and dynamic challenges that require me to stay up-to-date with technology on a daily basis.
When I made the move to the civilian world, I was certain that I would not be dealing with state actors in cyberspace. However, to my surprise, that assumption was proven wrong. The computer infrastructures of companies worldwide have become the battleground for 21st-century cyber warfare. State-sponsored hacker groups, alongside criminal organizations, operate within the dependencies of these companies for various purposes. In fact, we often encounter situations that surpass my previous experiences in terms of magnitude and complexity.
What is intelligence-based security?
I believe that the effectiveness of security measures cannot be solely determined by the number of barriers or general security activities implemented. Each organization faces unique threats that may not necessarily align with conventional security practices.
Consider a scenario where your organization or your customers attract specific interest from China. Let’s say China is involved in your organization’s supply chain, selling critical services or components. Suppose your company takes cybersecurity seriously and invests significantly in it. From a cybersecurity standpoint, your organization may appear secure against Chinese threats. However, the challenge lies in the fact that the Chinese may not necessarily target your organization through cyber means. They may exploit their position in your supply chain to introduce threats into your organization. Consequently, your company should prioritize vendor assessment and supplier security over traditional cybersecurity measures.
This is where intelligence-based security becomes crucial. It allows you to focus on the actual threats you face and adapt your security strategy accordingly, rather than addressing hypothetical or irrelevant risks.
For instance, we collaborated with a company that heavily emphasized cybersecurity efforts. However, upon analyzing their situation, we determined that the likelihood of nation-state actors targeting them was low because the company lacked technology or data of interest to such attackers. Instead, the company’s significant financial resources made it a prime target for criminal groups seeking financial gain, often through ransomware attacks.
Following our analysis, we had to explain to the company that their cybersecurity investments needed to be tailored to address their specific threats. By gathering and analyzing intelligence, we were able to redirect their security efforts in the right direction, making a significant impact.
What are some of the challenges that you face?
At times, the extent to which my team can investigate an incident is limited by the level of access and resources granted by the customer. The customer’s priority may be to quickly and cost-effectively resolve a security incident, while my expertise and training emphasize the importance of thoroughly investigating the incident to prevent future attacks.
For instance, I recently conducted an incident response for a global corporation. Upon completion, I inquired whether they wanted CYE to conduct a detailed analysis to identify the threat actor behind the attack. In government scenarios, this step is mandatory as the government needs to know who is targeting them. However, when dealing with a commercial entity, they can choose to decline investing in identifying the attacker, and we have no choice but to respect their decision.
Personally, I prioritize long-term success over short-term gains. To effectively protect an organization from persistent attackers, it is crucial to identify and block the attacker’s identity. Without this information, the likelihood of future attacks remains high.
Want to learn more about how CYE’s critical cyber operations adds value to organizational cybersecurity? Contact us to learn more.