By Rob Starr, Big4.com Content Manager
Citing the desire to build a “ new and highly different type of cyber practice,” one of the industry leaders that spent a 28-year career keeping this country’s institutions and citizens safe from the ever-expanding storm of cyber threats has joined Accenture. Ira “Gus” Hunt , the former chief technology officer for the CIA, recently joined the Big Four auditing/ consulting firm as the lead in Accenture’s cybersecurity practice.
When we spoke with him recently, the man who set the CIA’s information technology direction, led the agency’s implementation of the Amazon cloud and accelerated adoption of new technology, placed an emphasis on retooling the way organizations look at cybersecurity in the 21st century.
“It’s a continuous battle and you need to think about how to shift the cost/benefit equation in the favour of the defenders as opposed to where it has been for a long time and that’s in the favour of the attackers,” he said.
After leaving the CIA, Hunt served as the chief architect for Bridgewater Associates, which is a hedge fund located in Westport, Connecticut. Prior to that, he was president and chief executive of Hunt Technology, LLC, a consulting firm focusing on areas like big data analytics, cloud computing and data-centric security.
One of the pillars of the Data-Centric Security model he champions rests on the notion that criminals in cyberspace are all generally after the same thing. Hunt explains:
“Although there are exceptions when it comes to nation states, by and large these people are out to steal your data. Typically in the past, most cybersecurity efforts centered around a perimeter that was defensible.”
The previous template involved putting up online barricades to protect the valuable information on the inside. However, building up more of these “deeper moats” to try and put in place better safeguards often failed leaving important data exposed.
“Whenever anyone breached through those things, which is what often happened, they got inside to the data in the middle that was called soft and chewy,” Hunt said adding that once through the defences, the attackers had free rein to get at what ever they wanted.
This alternate way of thinking about cybersecurity recalibrates the previous standards by turning the lenses around and looking at it from the inside/out. Hardening that soft middle meant assuming the perimeters would be breached and taking the necessary steps to minimize losses.
Remodeled cybersecurity goals
“There’s a famous saying about there only being two types of organizations: those that have been breached and those that don’t know they’ve been breached,” Hunt says pointing to some of the tools that work to accomplish these remodeled cybersecurity goals.
“ Looking at things through this new optic also brings to bear the cloud and some of the techniques from cloud technologies that could really enhance security postures,” he said. “Then of course there’s the machine-leaning AI and big data aspects that are also necessary.”
In a related development, Accenture will acquire Defense Point Security, LLC (DPS). See the details here.