Skip to main content

CISO Talk with Alex Tan

On a recent CyberHub Engage Podcast, James Azar brings on special guest, Alex Tan, the CISO of Rheem Manufacturing

They start off their discussion about the Marriott Hotels security breach as well as the challenges the company may have faced and why the hack might have happened. Alex brings his insight in about how nation state hacker groups often times see company mergers and acquisitions as great opportunities to breach a network as companies tend to be most vulnerable during this time. 

Alex Tan moves on to talk about his experience in the U.S. actively helping SMB’s to prevent data breaches. With personal pen testing experience, Alex has knowledge as to what ways hackers will look to breach a network and to take what they want. From his personal experience, he believes that an organization's security model should be build based on where hackers are going to attack and what they are after. 

Alex discusses how a successful security model should be built. Alex says that security is often an afterthought for most companies as many companies today are more focused on being compliant with laws and regulations. One of the key points in their discussion is that being compliant does not mean being in a secure state. Alex brings up a good point that once a company is breached, they are no longer compliant. He believes that organizations need to focus on taking the appropriate steps to secure their business from an internal standpoint before worrying about becoming compliant. There is no point to spend so much money on being compliant if you aren’t secure.

Lastly, another challenge that CISO’s often have is that they get fired in the event of a data breach. Alex believes that the CISO is the head general in the fight that the company is dealing with. Instead of giving the general the appropriate tools to fight and win the war with the least amount of collateral damage, the investors are outraged and want someones head on a pike. If given appropriate time and the resources, the CISO should be able to overcome a security breach.

For daily Cybersecurity news, discussions, insights, and Q&A, check out the CyberHub Engage YouTube Channel. For the full episode please watch the video below: