Evolving Solutions CISO Mike Burgard sat down to outline his vision for the new security practice that balances people, processes, and technologies to move clients from secure to safe.
Evolving Solutions (ESI): Welcome, Mike! What drew you to Evolving Solutions?
Mike Burgard (MB): First, Evolving Solutions’ reputation precedes itself. An organization that is known in the industry as a premier provider of IT technologies and solutions. I also think it is exciting to work for an organization that is defining a best-in-class modern operations approach while bringing together the core capabilities that are required to run a modern business.
Second is the culture, which I would ultimately attribute to the people. Evolving Solutions is loaded with top performers and the organization is driven by its core values. I feel that my values and ethics align well with the organization and its goals.
ESI: Tell us more about your background. You have worked in the technology and financial sectors in various roles. How does this background inform your approach to security?
MB: I cut my teeth in the financial industry, learning technology as well as security and data privacy—along with their impacts. I saw the evolution of technology in business and in our personal lives–and what has evolved as the world went digital. This has helped me better understand the security landscape, industry best practices, and how these factors should drive technology decisions inside organizations.
I have the foundation needed to advise organizations on the right solutions to help them meet their goals. I always look at situations by taking key questions into account:
- What does the clients’ organization want to achieve?
- Where is the technology industry going?
- What technology and solutions align to the clients’ goals and outcomes?
- How does security overlay all of this?
Being able to stitch these factors together is most impactful because I believe there is no one-size-fits-all solution that can make an organization security . Any approach to security must balance people, processes, and technologies to be effective.
ESI: You also have experience as a vendor and a client. How does that perspective help you better serve clients?
MB: Well, when I say to a client, I am their advocate, I am truly their advocate. Many IT professionals have spent most of their careers selling or consulting on products but have not had to buy and consume them. Having the client-side perspective provides an understanding of why return on investment and business value are so important.
When a client has to put credibility and reputation on the line to recommend a technology in an organization, you have to ensure you give them the best advice. I understand this is a different level of investment because I have been in their shoes. Even today, I am still a practicing CISO, so I have responsibilities to keep my own organization safe and secure.
ESI: What are some of the biggest security threats/trends you are seeing on the technology landscape?
MB: Technology is changing faster than ever, and the speed of this change is certainly a threat. Add to that: Automation and AI are coming into the fold, and they can do a lot of good as well as bad. So, the ability to apply these technologies in an effective, impactful way is important. It is an issue where we really need to bring organizations up to speed quickly because at its core, it will really impact people (employees).
From a cyber threat perspective, ransomware continues to be a prevalent threat for many organizations. One of the most used techniques now is data exfiltration, and the fact that threat actors may not encrypt the environment—just steal your data and control the release of that data—has very real consequences, including economic disruption and theft of intellectual property.
Finally, I think business email compromise does not get enough attention, but nine out of 10 incidents today involve bad actors gaining access to a mailbox and exfiltrating that data. Or using a valid mailbox that belongs to a real person to send emails to others that believe they are getting legitimate email from someone they know, not a malicious message from the threat actor now in control. The consequences can be devastating.
ESI: Security is essential to all parts of an organization and IT environment? What are your top priorities when it comes to talking to clients about security?
MB: I have a few key priorities:
- Understand what a client’s goals are and establish context
- Understand current pain points
- Understand why something is a pain point and why specific goals exist
Too often in technology, we want to hear an issue and automatically start prescribing, but that is generally not the most effective method. So, I focus on client experience and understanding the current challenge in a holistic sense to put the correct solution in place.
The other piece is that organizations have gotten good at compliance, but from a cyber-attack perspective, compliance does not equal security. I want to shift the conversation from security more toward safety, which is a shared responsibility throughout the organization. So, I like to make sure that the solutions we’re putting in front of our clients are actually making them safe and secure.
ESI: So, how do you expect security discussions to align with other Evolving Solutions practice areas?
MB: Ultimately, the Security Practice should enrich and make every other practice area at Evolving Solutions better. In many cases, effective cybersecurity involves block-and-tackle fundamentals and putting best practices in place. It is time to leverage emerging technologies, such as automation, to take those fundamentals off the table as best we can to advance our Security Practice. And that is where Evolving Solutions’ other practice areas come in to the picture—we have established credibility in the observability, automation, systems, and networking–which allows us to put holistic solutions in place and provide immediate value to our clients.
ESI: What is your vision for the Security Practice at Evolving Solutions, and what can clients expect now that you are here?
MB: At the end of the day, we want to stop breaches. We have far too many organizations that are compliant and living in a check-the-box security world, and frankly, that is not enough. Today’s security landscape requires a shift in mindset. Focus first on safety, then on security—are you able to defend yourself against a breach and are you compliant? From a high level, the ultimate value we bring comes from our focus on stopping the breach.
Let’s talk. Contact us to learn more our security practice.