Podcast: 2022 Cybersecurity Trends CISO Anthony Leatherwood pt.1

In this first part of our interview with Anthony, CISO at Centre Technologies, we get to know more about his take on the cyber landscape of today and where it's headed. Anthony is new to the role at Centre but not new to the industry. Check out the wisdom we received from him in this insightful podcast episode. 

 
The following transcript was generated using an automated voice recognition tool. Some small discrepancies may exist between this written transcript and the original audio recording.
 
Taylor (00:06)
What's up guys! Welcome back to the Greenspoint Studio. We took a little small hiatus, James and I did. But, the podcast is back. Um, there really wasn't much breaking news you know over the Thanksgiving break except for the fact that I had 300 emails on Black Friday so.
 
[Music]
 
James (00:24)
So we're still keeping an eye on the tech news just, no bits hit the fan.
 
Taylor (00:31)
No bits hitting big fans, I guess. 
 
James (00:34)
The media outlets, right?
 
Taylor (00:35)
Yeah!
 
James (00:35)
Yeah, lots of little fan blades.
 
Taylor (00:38)
They're more concerned about what's happening on Black Friday than cyber news.
 
James (00:41)
300 emails though, that's pretty good!
 
Taylor (00:44)
Pretty overwhelming.
 
James (00:45)
Did you have trouble with that?
 
Taylor (00:47)
How does even one get catch up - caught up?
 
James (00:49)
That's a good question. Just delete them all and start over.
 
Taylor (00:51)
Start over, yeah.
 
James (00:53)
Yeah, I did read that there. They saw an uptick as expected in phishing attacks during that little stretch so it's interesting that the, the bad actors continue to go after low-hanging fruit. Everybody's out, pound them with some phishing attacks, and see who grasps.

 
Taylor (01:07)
You know we just got a email too, right as we broke for Thanksgiving break, from our CISO about watching out for attacks and it being just you know very prevalent. Um and just that all employees, we all matter at Centre, right? Keeping Centre protected um, but that's a great segway-


 
James (01:22)
Speaking of which!
 
 
Taylor (01:25)
Yeah! It's a great segway. We have our first special guest episode! Anthony Leatherwood is joining us - our CISO at Centre - for a full episode on just all things cyber security; what's up and coming, where he came from, his start, all of that. He's new to Centre, but I'm excited for this episode.

 
James (01:41)
Yeah, it's so fun to pick his brain on these topics he lives it - has for 16 years - lived this and seen it evolve quite a bit so we'd really just deep dive into what is it he sees happening in the future now. 
 
 
[Music] (01:54)
 
James (01:56)
Anthony, thank you so much for being here today!
 
Anthony (01:58)
Sure!
 
James (01:59)
This podcast is- it's been, it's been needing a guy like you for a long time. I think the audience is pretty tired of hearing from me so I'm hoping that you'll just take the mic and then sing for us.
 
Anthony (02:11)
You don't want me to sing uh... that would be...yeah.
 
James (02:15)
So, Anthony, you're new to Centre but you're not new to the security world. How did you get into IT security?
 
Anthony (02:21)
Well, I've been in I.T security for probably the last 16 to 17 years? Started off as a Unix Linux system administrator and this was at a Dell up in Round Rock so at the time my manager came to me. He was like 'Hey, I need a security guy. [The] security space is growing,' right? 'so I want you to be the team lead for security.' Right. So I, I didn't always start off in management, you know. Essentially, I worked my way from the technical aspects up to the management chain of the CISO.
 
James (02:53)
So I would, I would think that 16, 17 years ago - picture in the 2005, 2006 time frame - when someone came to me and said 'I need someone for security', I would have thought physical security like a bouncer. Is that what you were thinking or did you know what he meant?
 
Anthony (3:05)
I- I kind of know... I knew what he meant there.
 
James (03:09)
Fishing attacks and ransomware?
 
Anthony (03:12)
Uh, that, that wasn't the major play, you know? You know, about- you know, two decades ago, the major play two decades ago was identity, right? I didn't need access management, you know. Making sure, [those who had] access to the system [were] authorized to access it and if they wouldn't authorize the access, it was revoked.
 
James (03:32)
That's, that's so- that's a big topic we talked about throughout today but that's an enterprise-grade tool back then that most, I think the SMB of mid-marketspace don't even know it's readily accessible at their fingertips, even through their 365 tenant.

 
Anthony (03:45)
Oh yeah, oh yeah. You know, definitely. You look at Azure, you look at 365, you know they have their own solutions. When it comes to SMB's - I'll tell you what, Microsoft has
done a pretty good job on entry-level for SMB's into the IT space and the security space.
 
James (04:05)
Yeah, this is coming from a Linux guy. I don't think any Linux guy has ever complimented Microsoft, that's huge.
 
Anthony (04:09)
Well, the thing is Microsoft has, you know, they've adopted Linux right? You can roll Linux up and, these are cloud, and you can run it as a Linux instance within the cloud. You know, so I, I think Microsoft over time they embrace the open-source community, and actually, when you look at some of their systems now a lot of their documentation a lot of tech-net, a lot of information is kind of mirrored after the open-source community.
 
James (04:39)
Well for 12 years at least, maybe 15 years, I would have to imagine you've got to dig pretty hard to find the actual materials to educate yourself on that topic but it seems like the last two years we have just had every cyber security thing thrown our way and I'm sure it's going to continue to grow that way, right? Let's hit a couple of those terms. A lot of the people listening, they may not go read the- the white papers on- on what these different topics are but they've heard in the news just here recently stuff around crypto, around blockchain. We got critical industries defined during COVID so now we have critical infrastructures that are being attacked. Ransomware's now, ransomware is a service that's already evolved into Killwear. That's amazing! What- what- what sort of thing should we be expecting to hear about as this year ends and next year begins?
 
Anthony (05:26)
I think part of it, you know, when you think of SMB's and you think of the tactics and, you know, trying to keep the busiiness running- part of the focus should be, and enterprises have adopted this, at the enterprise level but, you know AI and machine learning, right. It's going to be huge, you know, for the future. I- I think it's becoming so economical now, that not only can enterprise afford this but you know you have SMB's that can afford it and you got consumer populations that can afford it and you have some individuals that, you know, they run their- their lawn sprinkler system, you know, using some form of AI. 
 
James (06:08)
Or, they have a nest in their house controlling their thermostat. 
 
Anthony (06:11)
Exactly. So, software-defined, you know. Before we used to get this big iron, you know. You go to the data center, you would see all these racks and big iron out there right? Now, you know with AI, ML, everything's becoming software-defined, right?
 
 
James (06:25)
It's really interesting that you bring it up that way too because it's- it's- it's every time a buzzword comes up. It's because enterprise seems to have adopted it, but most the SMB in mid-market space then gives it the Heisman. They put a stiff arm up and say 'not for us, too expensive' right? You said it's economical now, so now you can start reaching out the products that have AI embedded in them right? It's gotten to the point you don't have to buy an AI tool, you buy a tool that's powered by something with AI or machine learning.
 
Anthony (06:52)
Exactly. 
 
James (06:53)
All right so, you've used a term with us in here at Centre while doing some trainings around offensive security. Explain what that means in comparison to- to what we're used to.
 
Anthony (07:04)
Well, offensive security, you know, essentially; At the end of the day, you know, we protect systems, processes, and people against bad guys. That's what we do. So, offensive security essentially is- see a threat, you not only contain that threat - which we do today - but you can deploy some offensive measures or, we call countermeasures, to counter that threat. But the-the deal is, you have to be careful now, right? So, you know, there's certain laws out there you have to be careful you don't want to go into an offensive measure and you've got the wrong target, right? And also, London you know if you look at the-the laws of the United States, you know, you really can't do that today, right?
 
James (07:47)
Right, those wells are changing quick.
 
Anthony (07:49)
Oh yeah, yeah, yeah. They're changing quick. I mean, if you look at the United States- they're doing some offensive capabilities, you know? Okay, look at the three-letter agencies. CIA, the FBI, they're deploying countermeasures to countries that are violating the laws but, what you can do, you know - at least within SMB space, right? - you can work within your own perimeter, right? You know, we got this theory that things are becoming perimeter lists, right? So you have to be careful with that too but you can detect, deploy, prevent, and you can deploy countermeasures within your own organization.
 
James (08:22)
Our sales team has been pushing EDR for a while now.
 
Anthony (08:26)
Yeah, yeah EDR is huge man. That's you know almost circumventing AV solutions right? EDR is a huge solution and it's, it's helping save many organizations from ransomware.
 
James (08:38)
Yeah, we had- we had a great success story just recently where an oil and gas company was breached the week after we implemented EDR and we caught it, isolated it to a single system, okay and we snuffed it and that- that CIO was able to walk right into the executive room's board and say like 'Look what we just did here". That's a great way to look at it. You know, you mentioned economical- EDR is about the cheapest for the impact you get that I've ever seen in IT.
 
Anthony (09:05)
The value proposition you know, and IT- you always have to worry about performance right? Sure. But the value proposition is, these are low footprint, small footprint, you know, small resource consumption, and they sit on the endpoint of the server right? So they can protect it, not only detect, right? A lot of folks get kind of confused - detect and prevent-  but, SMB's can prevent you know, like you mentioned, the containment.
 
James  (09:30)
With tools like that, yeah. They jump on board with what Centre offers, they also get the program of the SOC, where you have eyes on the screen that you can't afford to bring in-house. Exactly. A lot of really cool programs out there, to make sure that that's available and economical to all businesses out there.

 
Anthony (09:46)
Exactly. It's a low, you know, entry into the market for 80 yards. It's perfect for SMB's today.
 
James (09:55)
You've mentioned another topic to me before, that I think it's a neat term that I'd love to share with the group. What is that acronym you used before- VRA's? That's a virtual RA?
 
Anthony (10:03)
No. 
 
James (10:05)
What is a VRA?
 
Anthony (10:07)
All right so, VRA is Vendor Risk Assessments, right? So ideally, um you always have someone trying to sell you something, right. You always have sales folks, right? Like-
 
James  (10:16)
Like me!
 
Anthony (10:17)
Right. Okay, all right, fair enough, right? That you don't really want to go out there and purchase the bright new shiny toy without vetting it out, right? So Vendor Risk Assessments- this can, you know, enterprises have been using it for years but SMB's, even local government use it as well. They assess and make sure the capabilities, the form, fit, or function of that toolset meets the needs of the organization rather than just go out and buy something. So that's really the goal with the VRA and then you could successfully manage risk within the organization and you can vet out the actual vendor toolset as well.
 

James (10:55)
So it was, it was a year ago, this time, everyone got the news on the Solarwinds breach. The- the term that was new to us at that time was 'supply chain attack'.  A little sidebar; I've got- I've got a bone to pick with the media, with the supply chain shortages we've had. It seems like they've merged supply chain attack for a virus and supply chain issues somehow together but the supply chain attack, if everyone recalls, is when you download the patch from a trusted source and it turns out, it's the gateway into the- the bad actor into your environment right? And when you say 'VRA' and you're looking at your vendors, every single vendor you open your environment up to is potentially a risk for that, right?
 
Anthony (11:38)
Right, exactly.
 
James (11:40)
That means then, if the more you have- the more risk there are that you have to- so maybe there's a consolidation that might occur?
 
Anthony (11:46)
Exactly. Okay, you know, what you want to do with the VRA- you want to look at your enterprise architecture right. SMB's, even though they're much smaller, they still have enterprise architecture to protect, right? They need to protect the business, keep the business right, so ideally what you would do in the VRA, you would make sure this new solution has the capabilities you're looking for, but it fits within your enterprise architecture- that's the key. Yeah, I think opening the eyes for the solar winds attack, I think it did a lot not just to the enterprise level but SMB level to vet out those vendors that's in your environment to make sure you can either say it's low-risk high-res risk medium risk, and you can apply the right risk treatment you know that's the industry term for it, you can mitigate it as well.
 
James (12:34)
So, Solarwinds is a trusted name in that- in that spot of the industry, right? They are the- they are the market leader when it comes to network monitoring and management. A lot of people, especially those that I imagine listen to the podcast- you know, the millions of people listening- yeah, I- I bet they don't know the name Solarwinds. In a lot of cases, are there any other giant names out there that aren't Cisco, Microsoft, VMWare, Dell that you might think of and say 'there's a giant that I'd be shocked if it happened to them' but like Solarwinds, that happened?
 
Anthony (13:05)
Happened yeah, I don't want to- want to predict, right? You know who- Right? Right. I'm pretty sure you have some names there, I- I- I believe this is- I believe the case is with the Solarwinds, I call it exfiltration because they did exfiltrate data. I think it opened up a lot of eyes. The monitoring solution out there you got from Cisco, you got from Dell, you got from HP, you got from all these organizations out there, to do hardware, hardwood software. You got Oracle, right. You got OCI, you got Google, all-all these enterprise solutions and vendors looking at their supply chain. I say 'supply chain' really, software-defined supply chain to validate that- that they don't have vulnerabilities or any kind of exploits in their environment. So I think part of it, what we need to do at least as a SMB, we need to just focus on making sure that the supply chain is solid.
 
James (14:00)
On the heels of that attack, we heard about the Kasaya attack. Yeah my goodness, that hit close to home. We talked about that on the podcast before that, right? I think it was in 2018 that homeland security announced that your MSP is your biggest threat because they are the keys to the kingdom of a number of people.

 
Anthony (14:16)
People- the MSPs have been targeted for a while. You know, I know India has been- that region, they have a lot of MSPs in India, right? But they've been targeted heavily. FBI posted a kind of inform out there to the public about it but I think MSP's globally are seeing that 'Hey, I need to better protect my environment because my risk is high if someone gets in here and get access' but I think with the right MSP you know, such as you have with Centre you know that takes security first and security by default and by design I- I think that's the right solution for us.
 
James (14:49)
Yeah, that's a great point too we have a- we have kind of a guiding light of the NIST program in front of us that we aspire to be- to be- as to meet and then we have the SOC 2 Type 2 audits that we go through those checks and balances much and much more than that of our investments into leadership like yourself, right. That separates us potentially from the-the chucks in the trucks and some of the other competitors that we have chasing our business.
 
Anthony (15:15)
I think you know we can build a wall very high, right. You know, there's always someone that's going to try to climb that wall but I think the key part of it, we just want to make sure that we stay ahead of us, threat actors, right. We stay ahead of the technology and we stay ahead of the software-defined error with this old AI, MI, ML right? I think if we do that, I think it'll better position us to protect the SMB's in the market.
 
James (15:43)
Because it's not that we're unbreachable, it's just that we have measures in place, yeah to limit something if it were to ever happen.
 
Anthony (15:50)
And we have capabilities contained, right? Right. So, correct, yeah. You know, for someone to- if someone believes that, that no event will happen, right. That's unreal, right? FBI- yeah, all these industries, they- you know whether it's public or private so, you know, you need to be prepared.
 
[Music] (16:13)
 
Taylor (16:16)
Guys, we're really excited to have Anthony Leatherwood with us, our CISO at Centre. I felt like it was great insight into that first part. Just a reminder that this is only part one of our two part series with Anthony, so stay tuned for the next one.
 
Originally published on December 10, 2021

Be a thought leader and share:

Subscribe to Our Blog

About the Author

Centre Technologies Centre Technologies

Centre Technologies is a full-service IT consulting and managed services provider headquartered in Texas, with a focus on mid-sized businesses. As a trusted IT partner for well over a decade, Centre is recognized for its local experience and enterprise-grade cloud and cybersecurity solutions. Centre is committed to helping organizations harness the power of technology to maximize their operational efficiency and exceed their business goals. Learn more about Centre Technologies »

Follow on LinkedIn »