On the lighter side of things we ask Morey Haber, CTO and CISO at BeyondTrust about what makes him tick.
What would you describe as your most memorable achievement?
In 2017 I released my first of four books titled ‘Privileged Attack Vectors’. Seeing a year’s worth of research, writing and endless editing produced a 300-page manuscript that was akin to euphoria once I held it in my hands in print. For now, that memorable journey has lasted four years in total, and I’ve created four books, which is my most memorable achievement and contribution to cybersecurity. They have created a foundation for my company and are even being used as textbooks in higher education as coursework.
What first made you think of a career in technology?
When I was 13-years-old, I wanted a computer, and it became an obsession to get one. My eldest brother, against my parent’s wishes, took me shopping (multiple times) to find the best one. The time was the early 1980s and choices were sparse. A Radio Shack Model I or Color Computer, an Atari 400, or entry level junk like the Timex Sinclair. An IBM XT was available too but way over budget. For US$699 my family purchased a Radio Shack Color Computer with 16k of RAM of MS DOS in firmware. My parents thought it was a waste of money and would be a paper weight in a few weeks. I taught myself how to write code in basic and started making games. One afternoon at Radio Shack, I met a man who needed a piece of software written for a medical device he had invented and I got my first programming job for US$175. After that job, I knew I wanted a career in technology.
What style of management philosophy do you employ with your current position?
I have had a wide variety of managers and executive team superiors throughout my career, both good and bad, while some have been true mentors. They took me under their guidance, allowed me to make decisions and mistakes and helped guide me to proper decisions. The best advice I was ever given was from a former CEO: “You can make mistakes all day long, but never let them exceed six figures.” My management style is a hands-off philosophy, empowering my team to do their jobs and verifying their work through periodic one-on-one meetings and status reports. This includes setting clear goals and objectives and making sure stepping on the backs of others is never acceptable.
What do you think is the current hot technology talking point?
The current hot technology talking point is not about a new device, software or website. It is a concept that applies to everything and everyone regardless of technology and their favorite vendors. What I am referring to is personification. This simple concept empowers existing technology and new initiatives to tailor their output specifically for the users behind the screen and keyboard. Personification presents the data the way you want to see it. In fact, many individuals have already experienced personification in banner ads, social media feeds and even email advertisements for years. Now, extend that concept to the tools we use for business and enable applications to be smart about who you are and what you like. Personification will be the next wave supported in business applications.
How do you deal with stress and unwind outside the office?
The truth of the matter is that B.C. (before Coronavirus), I would have answered this question differently. Prior, I would have answered that I unwind by spending time with my family since I spent nearly 200 nights in hotels around the world in 2019. Now, like many others, I am home full-time. The stress is still present from work, but it is different. Now, in order to manage stress, I have taken up cycling again and been busy with home improvement projects. Between the two, I have been keeping myself busy and able to keep work separate even though I have been working from home. Of course, family and a new puppy helps too.
If you could go back and change one career decision what would it be?
Very early in my career I had a superior whose personality and verbal mannerisms were laden with prejudicial clichés and sexual innuendoes. I let many of his comments slide even though I knew better. It was my first leadership job and I was young and naïve on how to respond. With all the troubles in the world today regarding racism, prejudice and violence, I would go back in time and stand up for what I believe and make sure he understood that his comments and actions were inappropriate.
What do you currently identify as the major areas of investment in your industry?
The Privileged Access Management (PAM) industry has been growing at over 20% year-over-year for the last several years with minimal changes in future projections. While the market itself has become more crowded with vendors, there have been some major areas of investment to protect the way we authenticate to services, noting that traditional passwords and credentials are a liability. Therefore, the biggest investment in the industry is to mitigate credential attack vectors using a variety of technologies to layer on top of, or replace, the mechanisms for access and authentication all together, regardless of how they are being used.
What are the region-specific challenges when implementing new technologies in North America?
Service and support of solutions can be a universal problem. For example, many IoT devices are manufactured in Asia, and while these products may suit the technical and business needs, they can fall short on other needs such as security updates, quality and obtuse technical support hours. These issues can pose a severe challenge when these products are deployed and maintained in North America.
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months?
The biggest change in my job role has been the influence of secure computing on various teams within the organization. For the next 12 months I do see this evolving. It is one thing to help people change their mindsets but it is another way to become a part of its culture. With our recent achievement of ISO 27001:2013 certification, this journey has begun. The influence of the security and compliance teams is not just another process or roadblock for the organization but rather an enabler to ensure that the business we do is secure and predictable.
What advice would you offer somebody aspiring to obtain a C-level position in your industry?
For most professionals, I would recommend becoming a general practitioner in security. Learn and practice a broad range of security disciplines from threat hunting to vulnerability management. Attempt to absorb as much information as you can and, most importantly, learn how to communicate your knowledge to others. Security professionals that can communicate can excel in their positions and lead teams to accomplish business goals.