Fighting against cybercrime is no easy feat. In fact, it’s an ongoing battle that organisations across the globe have been frantically trying to win for decades. Each year, cybercriminals come up with new-and-improved, innovative, and advanced ways to carry out attacks, making enterprise security and protection a constant, ever-growing uphill climb. Technologies such as Zero Trust, behaviour analytics, and encryption software are significantly helping businesses to combat and, in some cases, prevent threats, but security professionals are essentially the main line of defense.
In a bid to discover what it’s like to be on the business security frontline, we spoke with someone who has decades of experience: Danny Clayton. Danny has a 30-plus year career in building and delivering global security operations. His main area of expertise lies in government intelligence, in which he has a BA in Intelligence Management and has spent more than 20 years developing and managing intelligence and security operations programs for the U.S. National Security Agency (NSA) and the UK Government Communications Headquarters (GCHQ). Now the VP of Global Support and Services at Bitdefender, Danny is a cybersecurity leader at the top of his game.
Welcome Danny! Thank you for joining us today. Can you tell us what a typical day in the life of someone that fights global cybercrime is like?
I feel like it’s a lot more meetings than it used to be, but fundamentally, it’s a balancing act: it’s like riding a unicycle whilst juggling chainsaws. It’s about trying to make sure that your team(s) have the tools, technology, training, and awareness to be able to defend the business and their customers, whilst trying to keep half an eye on the happenings and current affairs within the cyber world. For example, are bad guys doing anything that we didn’t see coming? or do we need to change anything about the defensive programme we’ve put in place? With the other eye, I have to additionally look towards the future - e.g. what are bad guys going to do next?, what IT platforms are we going to incorporate into the business?, how are we going to defend them and how might bad guys exploit them? It’s that juggling act of being able to defend the enterprise today but also keep an eye on the future of cybersecurity as well.
Cybersecurity is a broad sector, as every company has a security team. What drew you to begin your professional life in government intelligence?
Languages were my doorway into intelligence. I did Greek, French, and Latin, at school and I spoke some Italian at the time as well because I had family connections to Italy. Unbeknownst to me, this came in handy when I decided to join the military after secondary education. They figured out very early on that I could learn languages quickly and easily, and this resulted in me being moved into intelligence services. The military put me into roles where I was able to use my language skills and then over the years, I developed data collection and analysis expertise as an Intelligence Analyst.
How has your degree in Intelligence Management helped you throughout your career in cybersecurity, but also in how you personally view and manage security on a day-to-day basis?
Much more than I thought it would. During my formal training in intelligence and intelligence management, I initially wondered what I was actually going to do with all this information when I got out and got my hands in the industry. However, it gave me the ability to bring order to chaos. The degree provided me with the framework and a set of critical questions to tackle any situation. As an example, the intelligence cycle. There’s a lot of different definitions out there, but in its simplest form, the intelligence cycle denotes a direct, collect, analyse, and report process. Now, it doesn’t matter if you’re in Afghanistan trying to provide national-level intelligence to the government, or if you’re running a small intelligence team that deals with an enterprise security operations centre and CISO - the questions remain the same. In the context of my mission: what questions do I need to answer in order for us to be successful? - that’s the direction. In order to answer those questions, where would I find the information? Then, when I know where I can find it, it’s about asking: can I collect it?, do I have the ability to extract the answers to the questions from all of the data, and can I put this into the bigger picture in order to provide it to a decision-maker in a report?
That thought process enables you to walk into some very difficult situations and organise your methodologies and teams accordingly.
You’ve worked extensively in both the UK and US cybersecurity markets. From your experience, how do they compare to one another in terms of their regulations and, in turn, their approaches/methods towards attacks?
The cyberspace is a battlefield without borders. I wouldn’t say that I’ve seen any difference in approaches towards attacks. Certainly, our adversaries are international; they have different coloured passports; they don’t care where in the world we live; they do what they do. The standard process is to try and identify who you’re being attacked by when you’re being attacked so you can consider what the attacker’s next moves are and come up with a solution for how to deal with it. I don’t really think it’s any different in the UK compared to the US or anywhere else in the world.
What I do think is a little bit different though is that when you’re building a security program, traditionally there’s been a lot more regulation in Europe than there has been in the US, and that can definitely drive what it is you’re trying to do when you pull together a security operation and deliver a security program. It’s to the extent that it can be detrimental to what it is you’re trying to do. In that, if you’re trying to meet compliance regulations, you end up taking your eye off the ball in terms of trying to be secure. There are a lot of companies that have shown up on the 6 o’clock news that are compliant but aren’t secure because they didn’t spend time thinking about threats and how to mitigate them.
However, the US is catching up. There are more regulations - both state/federal level - now, meaning an added layer of complexity that we security professionals have to be careful we don’t get too distracted by.
Global enterprise security operations is your specialty. Have you got any words of wisdom for organisations who are looking to achieve effective governance and operational efficiency?
We all live in worlds with limited resources and you can’t do everything. As for security professionals, you can’t defend against every type of attack out there. Hence, what I would urge organisations to do is get to know their own threat landscape and focus resources on combating them. Ultimately, that all starts with intelligence - i.e. understanding who you are, what your geographical and technology footprint is, what industry vertical you’re operating in, what bad actors are operating within your landscape, and how might they attack you. Following this, you can then consider ‘what capabilities do I need to combat those specific attacks?’. This will allow you to detect, respond, and, where possible, prevent threats.
All too often I see security teams frantically gathering a mountain of enterprise IT tools like security information management and endpoint protection in the event of attacks, and what they end up with is a massive amount of complexity, a huge amount of investment, and half the time they don’t even know what they’re defending against.
Finally, three decades is a long time to stay in one industry. What is it that has kept you working in cybersecurity all these years?
That’s a really good question! It’s a couple of things. At the beginning of my career in the military, I found myself doing activities that were making a clear contribution and difference to cybersecurity, such as keeping people safe and taking bad guys off the streets. That’s what initially gave me the motivation to get out of bed in the morning and go to work, especially since I joined government intelligence in the midst of 9/11 and the war against terrorism.
Essentially though, I really enjoy the cat and mouse nature. Anyone in IT today will know that we live in a time of unprecedented technical development. Technologies are constantly accelerating, and we’re all using these fantastic tools that didn’t exist, one, two, or three years ago. However, for everything that’s created to make our lives better and more convenient, there’s always a way for bad guys to use them against us. There’s a great line in Jurassic Park where Jeff Goldblum’s character says ‘Your scientists were so preoccupied with whether or not they could do something, that they never thought about whether or not they should’, and that’s that kind of risk-reward, cat and mouse situation that security teams are dealing with today. For every technological innovation that we incorporate into our business to deliver better outcomes for customers, there’s a new set of vulnerabilities and potential threats that open up. As security professionals, we somehow have to do everything we can to manage and protect businesses and customers.
Interested to see what other forms cybercrime is taking? Check out our podcast series The Next Phase of Cybersecurity on Spotify or Apple.to find out how cybercrime is changing everyday.