Last Updated on February 23, 2023
Ron Gula, President and Co-Founder of Gula Tech Adventures, has a very specific goal: To invest in companies and nonprofits that defend our nation’s cyberspace. This means elevating awareness of cybersecurity risks, expanding the cybersecurity workforce and improving cybersecurity in critical industries.
Ron shared with us the mindset shift towards pervasive cybersecurity awareness and why this shift is vital for businesses of all sizes across verticals.
A secure organization starts with the right people
Thousands of products, systems, and organizations promise to strengthen your organization’s cyber security. But there are few to no resources dedicated to establishing the efficacy of each.
So how do you choose which ones are right for your organization?
“You’ve got to build a trusted ecosystem, which means getting the right people and products to appropriately protect the company.” — Ron Gula
Building a trusted ecosystem carefully constructed to fit your organization’s specific needs is critical in ensuring security. One product may be the popular choice for helping secure the world’s largest organizations, but it might not meet the needs of a small organization.
Because each organization will have a different set of concerns and risks, it’s vital to find the products, services, and people that will work best for your circumstances. Choosing randomly or simply based on reviews likely will not result in company cohesion and can ultimately put your organization’s security at risk.
Companies rely heavily on cybersecurity but exclude it from organization decisions
A growing reliance on digital technologies means that the daily functioning of most companies requires some knowledge of cyber and tech risks.
While the National Association of Corporate Directors (NACD) recommends that companies have tech and cyber security professionals on board, it is not yet a requirement. Further, there is little to no requirement for considering cyber risk during organizational decision-making. Fortunately, leaders can address this problem by improving their own cybersecurity knowledge or bringing more expertise into C-suites and boards.
“Ensuring the COO, or the CEO, or the owner of an organization knows enough to ask the right questions and talk about risk with the same impact criteria, that should solve some of the problem.” — Ron Gula
Many organizations in this country, especially smaller organizations, do not have a board. In this case, Ron argues that it’s vital that the company leaders have the knowledge and ability to ask the right questions.
Many business leaders think in terms of business and investment risk, while tech leaders tend to focus on risk posed by technology. If business and tech leaders can talk in terms of the same risk criteria, cyber security could be much more robust, and risks would be reduced.
Including cyber security in organizational decisions does not require adding a cyber expert to the board of directors. However, it requires that leaders are prepared with adequate know-how and the ability to ask questions to bring cybersecurity into the decision process.
Cyber security awareness is an investment, not an option
When discussing the investments pursued by Gula Tech Adventures, Ron expresses a need for a Cyber Fire Department.
The U.S. government provides frameworks, laws, and regulations that offer “indirect” cyber security. Some optional programs and systems are available to protect the average citizen or organization from malware. Likewise, some services and programs exist to protect small businesses across the country. But, according to Ron, there isn’t enough. Individually and collectively, we’re still largely on our own.
The lack of accessible cyber security is one reason why Gula invests in cyber security products and services that will protect the small organizations and individuals that collectively make up a majority of the country.
“Almost everything we invest in, we really have some conviction that it is solving a critical problem.” — Ron Gula
Creating cybersecurity vendors that don’t focus on the enterprise is vital to overall security. Unfortunately, while the government is excellent at putting forth a big-picture cybersecurity view and offering guidelines to large organizations, it is less successful at offering accessible protection to non-enterprise organizations.
Protecting the individuals and small businesses of America is absolutely critical to the cyber security of the country as a whole.
Investing in the right companies that are working to create a network of products and services to provide a Cyber Fire Department of sorts will be pivotal in the future of cyber security.
Fundamentals needed for this Cyber Fire Department
In conclusion, a few essentials will be needed to construct a cyber protection system to serve the majority of the country.
First, the right people must be invested in and included in discussions and decision-making. The federal government already employs these experts. But they are missing from local and state governments and most small businesses.
Second, business leaders and other individuals need to be knowledgeable about cybersecurity and able to ask the right questions. This can be done by including cybersecurity experts in decision-making processes or by adequately educating and training leaders.
Finally, cybersecurity preparedness and response should be considered a necessity rather than an option. Investments should be made to protect small businesses and individuals in ways that are affordable and demonstrably yield positive results.
To get every word of this provocative conversation with Ron Gula and John Verry, click here.
Successful vCISO = All Security Roles Filled
This document outlines the 3 critical roles and responsibilities of a Virtual Chief Information Security Officer: Architect, Builder, and Operator.
Download the free inforgaphic now!