Aric K Perminter Of Lynx Technology Partners On “What It Takes To Become A Cyber Executive, Today”
An Interview With David Leichner
Empathy — The most effective leaders demonstrate a keen ability to identify with or understand another’s situation or feelings. In doing so, they are better suited to provide various levels of support throughout their career.
Today, more than ever, new products and software are under attack by a host of malicious actors. This makes the role of a C-Level Cybersecurity officer or a Chief Product Security Officer one of the most important lines of defense against cyber threats. What do you need to know to be a successful cyber executive today? To address this, we are talking to C-Level cyber executives who can talk about “What It Takes To Become A Cyber Executive, Today.” As a part of this series, I had the pleasure of interviewing Aric Perminter, CEO of Lynx Technology Partners.
A visionary, leader, and gentleman. Aric K. Perminter, Chairman, Founder and CEO, has embodied all three roles while guiding Lynx Technology Partners through its evolution into a multi-million dollar Information Security and Risk Management company. As chairman of the Board of Directors, Mr. Perminter is responsible for formulating and executing long-term strategies and interacting with clients, employees, and other stakeholders. Mr. Perminter exemplifies Lynx’s commitment to helping its clients achieve high performance. He is a proven leader with deep expertise in developing strong customer relationships, a passion for building outstanding client teams, and a disciplined focus on operations and execution. In his 25-year career, Mr. Perminter has held a wide variety of leadership positions across key parts of Information Technology businesses. He founded Lynx in March 2009 and served as the CEO through August 2015. Prior to founding Lynx, he was Regional Sales Manager of Lumension Security’s northeastern region, which services clients’ endpoint security and risk management needs. Mr. Perminter represents a number of external venues. He is the second member and shareholder of THREAT STREAM, serves on the executive board of BCT Partners, is a member of the Employer Advisory Council for Per Scholas, an Advisory Board Member of CloudeAssurance, and investor in SecurityCurrent.
Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?
I grew up in Beaver Falls, Pa, often called Joe Namath territory, in Beaver County, PA. It’s a middle-class population of roughly 10,000 people blended perfectly with the none-trappings of under-represented communities. I played sports and accompanied The Ladies “Grandmother, Mom, and Aunt) to flea markets, antique shops, and many other family activities. When not doing those things, I ran the streets, weaving gracefully through the trappings. Fortunately, I had a loving family and a super-close circle of friends to lean on for guidance when times were rough. I work with some and stay in contact with most today! They made growing up fun and have been instrumental in enjoying life today.
Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.
I was an account manager for an early-stage IT Consulting startup when we were hired to “investigate an extra-marital affair.” We were explicitly asked to obtain copies of the target’s mobile phone records and record any meaningful/relevant interactions. Today, we call it “hacking.” I was glad to find there was no ‘there’ there. This project’s research and discovery elements inspired me to pursue a career in cybersecurity. My excitement grew as I learned about attack vectors, tech stacks, threats, honeypots, and so on.
Can you share the most interesting story that happened to you since you began this fascinating career?
Sure, I was hacked! It was a phishing scam to the tune of a few 100s!! Trust me; it does not get more interesting a story than when it happens to you. :-) I got tricked into filling out a fake order from a criminal posing as my customer. Fortunately, this nightmare quickly became one of the best real-time learning experiences, and I got to work with the FBI for the first time. We didn’t catch the criminals, but I got to work with the FBI in my early 20s!! It was so cool that I often forgot we were working on my case!! Lol
You are a successful leader. Which three character traits do you think were most instrumental to your success? Can you please share a story or example for each?
- Caring — Lynx helped one team member relocate to FL so they could be in a shorter wait list to receive a kidney transplant.
- Hard Working — I’m the first online, last offline and will never ask a team member to do anything that I’m not willing to do myself.
- Personable — I’ve never met a person with whom I could not engage in an enjoyable conversation.
Are you working on any exciting new projects now? How do you think that will help people?
I recently invested in Mercurio D4. Mercurio D4 built a proprietary platform tailored specifically to enable state and local government agencies to make better decisions and achieve better outcomes. The solution supports a level of data accountability and transparency that helps government agencies better understand social challenges, deliver targeted social programs, and chart the best course of action to achieve the desired results.
Community benefits include but are not limited to:
- Safer, Healthier, More Enjoyable Communities.
- Democratized Data.
- Reduced Prison Recidivism.
- Government Transparency & Accountability.
- Increased Trust.
- Integrated and Streamlined Services.
- Improved Management of Social Challenges including Homelessness, Substance Use and Crime.
- Reduced Risk in Child Placements.
- Effective Community, Family, and Economic Support.
Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry seems so exciting right now. What are the 3 things in particular that most excite you about the industry? .
- Potential of AI — Done correctly, AI-enabled threat detection systems can predict new attacks and notify admins of any data breach instantly. AI-enabled GRC platforms can automatically generate multi-panel dashboards to include predictive insights simply by selection of a data element — with no report authoring needed.
- Quantum Crypto — To have a truly usable system, you may need to combine quantum cryptography with elements that are not quantum. Those other elements could be vulnerable to attacks in ways that theorists have not envisioned.
- Role of GRC in ESG — ESG and GRC share a common element: the G, which stands for governance. So, GRC begins with certain rights and clearly defined objectives for the areas of governance, followed by managing uncertainty and risks. As a result, organizations that integrate GRC into ESG reports can be relied on. The GRC capability model, when put in context, comprises four things: to learn, align, perform, and review. The essence of all these four processes is to provide a clear pathway for companies to report ESG targets competently.
What are the 3 things that concern you about the Cybersecurity industry? Can you explain? What can be done to address those concerns?
- Cyber Security Breaches — As technology continues to evolve at a rapid pace, so too do the methods used by cyber attackers. It is therefore important that businesses and individuals stay up-to-date with the latest developments in cybersecurity so that they can protect their data from malicious actors. Organizations must adopt new technologies and processes to mitigate the risk of a data breach and maintain a strong security posture. Some approaches include adopting multi-factor authentication systems with strong passwords, implementing encryption measures on stored data, and deploying Endpoint Security Solutions that prevent access to malicious sites. Additionally, organizations should ensure their networks are regularly scanned for potential threats and vulnerabilities so they can address any issues quickly before they become larger problems.
- Immature Governance Models — Integrated Risk Management (IRM) is a strategic and collaborative approach for organizations to manage risk across their entire group. It is a holistic, organization-wide approach that welcomes input from various functions, such as security, compliance, and IT. IRM includes all risk management procedures followed by an organization to improve its risk visibility and decision-making. Organizations can use IRM solutions to address their specific needs and challenges related to digital transformation. Solutions like Lynx Risk Manager IRM provide strategy-first integrated GRC capabilities that help organizations identify risks, assess the impact of those risks, prioritize them according to the organization’s goals and objectives, and take action accordingly.
- ESG — GRC is critical in ESG (environmental, social, and governance) initiatives. Organizations increasingly set ESG goals and metrics for themselves as part of their long-term strategy. In addition, GRC helps organizations identify risks that could have a detrimental effect on their ESG initiatives, such as financial losses or reputational damage.
Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for? Can you explain?
Human Factor — Working from home created many new avenues of attack.
As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a layperson can see or look for that might indicate that something might be amiss?
The device battery drains fast, the computer fan runs loudly, or websites consistently load slower. We often self-diagnose and troubleshoot these signs with a reboot, yet the threat still exists.
What are the most common data security and cybersecurity mistakes you have seen companies make that make them vulnerable to ransomware attacks?
Poor patch management processes and immature data storage plan (no encryption and inconsistent backups).
In today’s environment, in addition to computer systems, hackers break into the software running many products, such as cars or robotics, for malicious purposes. Based on your experience, what should manufacturing companies do to uncover vulnerabilities in the development process to safeguard their products?
I tend to agree with the Microsoft model that recommends the following. #9 and #10 are at the top of my list:
- Define Security Requirements
- Define Metrics and Compliance Reporting
- Perform Threat Modeling
- Establish Design Requirements
- Define and Use Cryptography Standards
- Manage the Security Risk of Using Third-Party Components
- Use Approved Tools
Perform Static Analysis Security Testing (SAST)
Perform Dynamic Analysis Security Testing (DAST)
9. Perform Penetration Testing
10. Establish a Standard Incident Response Process
Ok, thank you. Here is the main question of our interview. What are the “5 Things You Need To Create A Successful Career As A Cybersecurity Officer Today” and why?
- Adequate Budget — No matter how great one’s talent might be, underfunded cybersecurity programs inevitably fail.
- Peer Network — Cybercriminals collaborate with any boundaries; we must leverage our peer networks the same way.
- Clear Communications –Clear and consistent communications enable more real-time and informed decision-making.
- Professionalism –I’ve always said, professionalism over power wins every time. Bullies become boring over time while Pros are invited to every dance!
- Empathy — The most effective leaders demonstrate a keen ability to identify with or understand another’s situation or feelings. In doing so, they are better suited to provide various levels of support throughout their career.
You are a person of great influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. :-)
I would create a nonprofit that trains former inmates to become risk analysts, providing low-cost risk assessments to state, local and educational institutions often underfunded to pay for these mission-critical services. We’re in the process of launching something called the Risk Analysis Professional (RAP) Council!
How can our readers further follow your work online?
Twitter is @aricperminter and LinkedIN: https://www.linkedin.com/in/aricperminter/
Thank you so much for joining us. This was very inspirational, and we wish you continued success in your important work.
About The Interviewer: David Leichner is a veteran of the Israeli high-tech industry with significant experience in the areas of cyber and security, enterprise software and communications. At Cybellum, a leading provider of Product Security Lifecycle Management, David is responsible for creating and executing the marketing strategy and managing the global marketing team that forms the foundation for Cybellum’s product and market penetration. Prior to Cybellum, David was CMO at SQream and VP Sales and Marketing at endpoint protection vendor, Cynet. David is a member of the Board of Trustees of the Jerusalem Technology College. He holds a BA in Information Systems Management and an MBA in International Business from the City University of New York.