Finding new solutions to old problems
Joshua has leveraged his experience as the Director of Enterprise Security Architecture at a thriving $35 billion-dollar financial institution to assist organizations of all sizes with cybersecurity needs.
“I started out as the Information Security Manager and made all the decisions related to business continuity and information security—from choosing the tools to training the talent. I was the one weaving the security fabric for the organization: the techniques we used to block bad buys, workflows, and what vendors we chose.”
As the bank grew, Joshua’s daily responsibilities shifted.
“I went from being the one who blocked threats and handled compromises, to talking with various business owners about response plans. Meeting with different departments and explaining why you need to bring a server offline or shut down a workstation can be very time-consuming distractions from incident response. I always looked at it as: I’m here to block and tackle conflicting perspectives so the rest of the team can focus on performing the technical work and go toe-to-toe with a compromise.”
Joshua compares the needs of a modern security program with those of an ancient blacksmith. There will always be constraints: availability of resources, effectiveness of tools, and skill of workers. Finding ways to best leverage the resources at your disposal to defend your organization is where the opportunity for innovation comes in. One step forward is looking beyond peer comparisons and prevention tools to build new strategies.
“When cybersecurity decision-makers build their security strategy, one of the first questions many of us ask is: What are my peers doing? It’s very similar to the way blacksmiths emulated their peers back in the Dark Ages.”
Joshua explains that, while peer comparisons are an important data point to consider, they should not be the most important thing—especially considering how much has changed since then.
“Back in the 1990s, antivirus and firewalls were our main focus in cybersecurity. These were the best tools we had. As organizations grew in maturity, they continued to ask about the security stack of their peers, creating a stale feedback loop. If you’re simply comparing brands of antivirus, you’re missing the mark. Antivirus and firewall are no longer the pillars of the security temple. We limit ourselves if we strive to meet that status quo.”
Sittadel: a new venture
It’s this quest for building new defense strategies that led Joshua to form Sittadel, an independent consulting group. The organization views itself as a cybersecurity servanthood that aims to beat the expectations on how valuable an IT firm can be.
“Business owners are used to cybersecurity folks that stand in the way of changes to business over time. At Sittadel, we try to avoid being in the approver or disapprover role, replacing ‘no’ with ‘In order to accomplish that…’ We want to empower business owners with a security strategy that’s as flexible as their business. If new business demands require a cybersecurity strategy that would exceed budget or scope, we’ll serve up that information as well. But we’re committed to helping organizations understand the different ways to solve their challenges so they can make an informed decision about what’s best for business.”
Flexible cybersecurity strategies proved to be critical during the global pandemic response to COVID-19. Organizations that previously enjoyed the protection of maintaining operations over the local area network (LAN) and retaining data on-premises were forced into cloud migrations, a critical move to assure continuity of operations.
“Among all the lessons COVID has taught us, we learned that we can’t rely on a central network appliance to inspect our traffic. We’re increasingly leveraging the cloud and business processes have already evolved beyond the scope of our traditional security perimeter. The modern village needs a modern strategy with modern tools.”
Joshua sees the shift from the “prevent breach” model toward the “assume breach” model as an important step forward. That includes moving beyond perimeter security and toward more modern approaches like endpoint detection and response (EDR) and managed detection and response (MDR).
“Perimeter security alone is antiquated. It’s an important cog in the machine, but reports show that it’s out the window when the employees you support routinely escort the attacker right into your ecosystem with phishing emails, drive-by downloads, or any other number of threat scenarios.
It’s up to us to reprioritize the security stack around today’s most effective tools. How would our programs be different if we designed our strategy around EDR and MDR? Where can we reallocate resources?”
In every generation, there are sparks of change. These sparks are created by people who break the mold and push to advance their craft, whether it’s with their hands, hearts, or minds. Yesterday, a blacksmith whose artistry startled his enemies so much they revered him. Today, a security architect who forges new paths where others see walls. Tomorrow? None of us can know.
But as Joshua Sitta works to empower businesses with new and innovative defense strategies, one thing is certain: Ulfbehrt would be proud.