Thoughtful Thursdays: Cybersecurity with Darren Gallop
- Thoughtful Thursdays: Cybersecurity with Darren Gallop Michael D. Levitt 28:48
Darren is the Co-Founder and CEO of Carbide. This cyber Security firm provides businesses of all sizes with the tools they need to adopt a robust cybersecurity and privacy posture, enabling them to protect their data from cybercriminals, transform security from a potential liability to a competitive advantage, and accelerate their Growth.
A TechStars alum, Carbide has raised 7M+, and its clientele is quickly growing in highly regulated markets, including E-Commerce, FinTech, healthcare, and insurtech.
Darren has 15+ years of experience as the CEO and Chief Information Security Officer (CISO) of several businesses that handle sensitive data. This experience has given him a solid grasp of evaluating and managing risk according to organizational goals while fostering growth.
Before starting Carbide, he Co-Founded Marcato, an innovative event management platform that managed 300+ music and cultural events, including Burning Man and Coachella, in 27 countries worldwide. Darren ran the business as CEO and CISO for ten years until it was acquired by Patron Technology in 2018. At that point, he decided to go into the cybersecurity industry.
He is a Certified Information Privacy Manager (CIPM) and Certified Information Systems Security Professional (CISSP).
On the podcast, Darren would love to talk about:
- How to engage your team in cybersecurity to build a secure by-default company in a way that enables you to breeze through audits and assessments while, at the same time, being something your team enjoys.
- How to showcase your company’s cybersecurity posture in a way that helps you close deals faster and earn greater customer trust.
- How to make cybersecurity and data privacy a part of your service or product offering. This topic would interest startups and service companies that provide tools and services outside of IT and security and service companies like MSPs that can benefit from adding security products and services to their offerings.
- How fast-growing organizations achieve enterprise-class security and privacy.
To get a sense of Darren, here’s an episode he did on the Privacy Please Podcast, where he shared advice for founders on securing their startups.
Quick recap
Summary
Darren’s Cybersecurity Journey and Insights
Darren and Michael discussed Darren’s background and experience in cybersecurity and data privacy. Darren shared his unconventional entry into the field, having previously worked in various leadership roles before focusing on security. He emphasized the importance of security no longer being a “bolt-on” but an essential component of leadership and business operations. He also mentioned his current role as a board member for the International Information System Security Certification Consortium and his upcoming plans for the quarter. Michael showed interest in understanding more about Darren’s insights.
Turbine’s AI Integration and Business Model Shift
darrengallop, the CEO and co-founder of Turbine cyber security and data privacy company, discussed the company’s development and future plans in the meeting. He elaborated on how they have been using AI and machine learning (ML) as a component of their product, which was launched in December after about a year of development. Darren also shared that they have shifted their business model to encompass AI to enhance the human experience and better support their customers. He further discussed his passion for cyber security and data privacy, especially in healthcare and manufacturing industries. The conversation then moved to the fast-paced world we live in, with Michael jokingly relating his recent Stress test experience to the ever-accelerating speed of technology.
Cybersecurity Leadership and Prioritization
Michael emphasized the critical importance of cybersecurity and the need for it to be a top priority within organizations, arguing that it’s as crucial as accounting and customer service departments. He also touched on the significance of leadership in cybersecurity, stating that it’s a skill that can be learned and that he, as an accountant, had successfully transitioned into the tech space due to his curiosity and leadership ability. Darren agreed with Michael’s points, asserting that effective leadership is essential for the proper use and management of cybersecurity and data privacy within an organization.
Leadership Engagement in IT Security Challenges
darrengallop discussed the challenges IT security teams face in organizations where leadership is not engaged or committed to ensuring security. He noted that many organizations prioritize sales and fiscal responsibilities over security, leading to a reactive approach dubbed “security theater.” Darren emphasized the need for leadership to prioritize security and recognize the evolving threat landscape, including the increasing profitability of cybercrime. Michael concurred, pointing out the lower overheads and ease of recruitment in cybercrime, compared to traditional criminal activities like drug cartels.
Attracting Younger Generations to Computer Activities
Michael and Darren discussed the attraction of computer-based activities for younger generations, likening it to a game or a puzzle that they find engaging and challenging. Michael suggested that this behavior could lead to criminal activities like hacking, especially for those in difficult economic situations. However, he emphasized the possibility of separating the criminal aspect from these activities and using their skills for legitimate purposes, setting them up for future success. Darren agreed with Michael’s points.
Organized Crime and Human Trafficking Discussion
Michael and Darren discussed the prevalence of certain criminal activities within their borders and worldwide. Darren elaborated on the operations of organized criminal groups, mentioning cases in poor countries where people are exploited and demonized as targets. He also introduced the concept of human trafficking for hacking camps, where individuals are forced to conduct social engineering scams. Darren estimated that over 200,000 people are in captivity conducting these types of operations, making it difficult for law enforcement to have a meaningful impact on stopping and catching the perpetrators.
AI Fraud and Preventive Measures
Michael discussed the potential dangers of AI technology being used for fraudulent activities, such as scam phone calls using cloned voices. He suggested the use of code words and Education as preventive measures. darrengallop agreed, emphasizing the importance of educating individuals at all levels to identify and prevent such criminal activities. He also highlighted the potential futility of relying solely on law enforcement to combat this issue, given the vast scope and complexity of the problem.
Identity Theft and Financial Vulnerability Discussion
darrengallop and Michael discussed the potential risks of identity theft and financial loss in today’s world. Darren emphasized the importance of understanding the various factors contributing to vulnerability, such as owning property or having good credit, and noted how these factors could be used against individuals. Michael shared his experience managing his mother’s estate and highlighted the need to freeze credit applications for the deceased. Both acknowledged the growing use of AI and other tools to automate finding weaknesses and vulnerabilities and how criminals could exploit this. They also discussed the possibility of identity theft through obituaries and the physical theft of mail.
Data Theft, Hacking, and Customer Expectations
Michael and Darren discussed the creative and often criminal activities surrounding data theft and hacking. They highlighted the need for organizations to monitor their systems and data closely and emphasized the importance of protecting sensitive information. Darren noted customers’ increasing awareness and expectation regarding privacy and security, with many technology providers now implementing these concepts by default. However, he also pointed out the ongoing risks posed by social engineering and criminal activities, which have been refined over time. Both agreed on the need for these issues to be part of an organization’s DNA, not an add-on, to prevent future breaches.
Cybersecurity, Global Impact, and Resources
darrengallop and Michael discussed the changing global landscape and its impact on businesses, emphasizing the importance of cybersecurity and data protection. Darren introduced his website, carbidesecure.com, as a resource for companies seeking cybersecurity implementation and maintenance assistance.
