Hector Collazo Of Sev1Tech On What We Must Do To Create Nationally Secure And Resilient Supply Chains

An Interview With David Leichner

More diversification in manufacturing is another essential step. We need to diversify more around the world, not just in the U.S. That was very clear with the pandemic — the supply chain must be able to absorb major catastrophes, and greater diversity can help build resilience.

The cascading logistical problems caused by the pandemic and the war in Eastern Europe, have made securing a reliable supply chain a national imperative. In addition, severe cyberattacks like the highly publicized Colonial pipeline attack, have brought supply chain cybersecurity into the limelight. So what must manufacturers and policymakers do to ensure that we have secure and resilient supply chains? In this interview series, we are talking to business leaders who can share insights from their experiences about how we can address these challenges. As a part of this series, I had the pleasure of interviewing Hector Collazo.

Hector Collazo is Chief Technology Officer for Sev1Tech. He leads Sev1Tech’s High Impact Technology, Science, and Engineering Team (HITSE), which develops the company’s long-term technology strategy and delivers innovative solutions to support the evolving needs of Sev1Tech’s customers. Hector has more than 20 years of experience implementing, engineering and managing innovative technologies to transform businesses and customer experiences. Hector holds a bachelor’s degree from the University of Puerto Rico and a Master of Business Administration from the University of Phoenix.

Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?

Sure! I grew up in a small town in Puerto Rico called Corozal. I played sports throughout my childhood, and I found my passion in table tennis. I traveled the world playing table tennis, which gave me the opportunity to see new cultures. I was able to visit places which, as a U.S. citizen, I normally wouldn’t have been able to visit, so I grew up playing and discovering at the same time.

When I went to college, I obtained my bachelor’s degree in electronic engineering at the University of Puerto Rico, and then I received a master’s in business administration, which I got at the University of Phoenix. I have worked with almost all the U.S. defense agencies in different capacities, and I’m very proud to have served side-by-side as a contractor with the Army during Operation Iraqi Freedom.

Can you share the most interesting story that happened to you since you began your career?

When I was working for the Navy in Puerto Rico at the Atlantic Fleet Weapons Training Facility the Navy left the island and I was given the opportunity to stay with the same company I was working for at the time, which led me on an adventure to Baghdad. .I had the honor to deploy with the III Armored Corps as a contractor. I was there for about a year in the war zone, living alongside the soldiers and helping them convert military satellite equipment to commercial equipment so they could more easily connect with their families.

This experience changed the way I thought about how the military operates. A lot of the things we take for granted stateside are very valuable in the context of a war zone, and those things mean a lot to the soldiers. To have just a functioning toilet, for example. It was fascinating to see how advanced the U.S. is and the contrast on the ground during a war.

All that camaraderie that the soldiers built is something I applied throughout my career. Learning from them helped me grow as a person and as a leader, and I found that I was more effective when I could build that connection with my team.

You are a successful leader. Which three character traits do you think were most instrumental to your success? Can you please share a story or example for each?

I’d start with humility. Being humble is important because it helps you connect with other people and helps them feel valued around you. You can be the smartest person in the room and still not be the person who brings the most value to the team — recognizing the contributions of others helps everyone learn together. As a leader, it’s important to give everyone on the team the opportunity to step up, even if you think you have all the answers. Teamwork is also critical. We can always get better results when we work together towards a common goal. It’s one team, one fight — that’s an idea I encountered working with the military. I love to work as a team, and I feel that is crucial to any organization. Finally, being helpful is essential. I always try to help other people as much as I can. Helping others is part of who I am, and that’s what has made me grow as a person.

Are you working on any exciting new projects now? How do you think that will help people?

I think of technology as an enabler for a lot of things. My team at Sev1Tech is currently working on a project to automate security controls using open-source software to ensure that the software is secure from the ground up, throughout all development stages. Automating the controls ensures that they are embedded as part of that process, which helps prevent cyber intrusions by reducing advanced persistent threat attack vectors, helping build cyber resilience across software used by both the private and public sector.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. In order to ensure that we are all on the same page let’s begin with some simple definitions. What does the term “supply chain” encompass?

The supply chain encompasses all the steps required to get a product or service from its origin to its destination. For example, it’s all the steps it takes for a toy to get into your child’s hands or software to get from the manufacturer to your laptop.

Can you help articulate what the weaknesses are in our current supply chain systems?

Right now, three shipping conglomerates encompass 80% of our shipping, and the United States’ busiest port is the Port of Long Beach in Los Angeles, with 40% of imports going through that one port. As a result, if a major port or shipping company encounters difficulties, it can impact the entire supply chain. Diversifying the shipping industry as a whole can help mitigate this challenge.

In addition, even with a 24/7 operation it takes ten days to offload a ship. Utilizing technology and automation can help make the process more efficient, alleviating the pressure on a workforce facing increasing levels of burnout. There are also some major choke points around the labor shortage. For example, you might have a 24/7 operation at the port, but there may be no drivers available, and the distribution isn’t working right because it’s impossible to adequately staff around the clock.

Finally, there’s a shortage of equipment like moving containers, as well as limited domestic manufacturing capabilities.

Can you help define what a nationally secure and resilient supply chain would look like?

From my perspective, a secure and resilient supply chain should have five pillars, backed up by a strategic and well-designed plan to adapt at the speed of relevance — meaning that all the policies and systems in place can adapt to new conditions as quickly as possible.

The first is visibility: you want to use technology to monitor the supply changes and patterns and proactively perform mitigations. If you can predict that there will be high demand for certain products, you can check on your warehousing and distribution before a shortage occurs.

Next is flexibility: the ability to adapt quickly to disruptions while keeping the cost near projections. The pandemic brought a lot of supply chain weaknesses to light because we weren’t ready to absorb a catastrophe as significant as COVID-19. That connects closely to agility: we can react and respond quickly to changes in customer demand.

Collaboration is also key. We must develop a supply chain that has cross-ship partners and strategic networks. If a particular company has a great track record of cybersecurity hygiene, they can lead the process of building trusted partnerships to help everyone be more secure.

Finally, control: establishing governance and implementing policies and procedures creates a higher level of consistency and cohesion across the supply chain.

My particular expertise is in cybersecurity so I’m particularly passionate about this topic. Can you share some examples of recent and notable cyberattacks against our supply chain? Why do you think these attacks were so significant?

The 2020 SolarWinds attack was one of the most significant incidents. That was a direct attack on our supply chain from a software exploitation perspective, impacting the Department of Defense, Fortune 500 companies and customers alike. The threat actors were extremely smart about it; they installed a backdoor designed to avoid detection by developers and security teams.

SolarWinds proved that attacks on the software supply chain represent a major threat to our national security. From a cybersecurity perspective, the attack highlighted how the lack of simple cyber hygiene can create unimaginable levels of exposure for a company. In this case, attackers leveraged an admin password that was ‘solarwinds123,’ and there was no multifactor authentication, demonstrating how vulnerable we are as a country if we don’t practice cyber hygiene.

After SolarWinds, the DoD doubled down on efforts to secure the software supply chain such as the evolving Cybersecurity Maturity Model Certification and guidelines from the National Institute of Standards and Technology. The reality is that vetting these companies to create an auditing trail makes a lot of sense, but it’s very costly and time intensive. We’re still trying to find a balance that strengthens our security posture across the board while keeping up with the threat.

What would you recommend for the government or for tech leaders to do to improve supply chain cybersecurity?

A major focus area for me is training. Oftentimes breaches result from human error. We’re human, we make mistakes, but training employees not to fall for common scams and traps and to implement strong password hygiene and enable multi-factor authentication is key to closing those gaps.

In addition, administrators must be conscientious in patching vulnerabilities as soon as possible. A lot of major weaknesses are the result of vulnerabilities that were never patched, even when a patch was released a while ago, and attackers will take advantage of any complacency.

I also think increasing diversity within the cybersecurity workforce is critical. The cybersecurity industry is unfortunately very male-dominated. In any industry, each person brings a different perspective and a different set of skills and experiences. If we combine more diverse perspectives, we will be better able to tackle problems and make progress.

Finally, building adaptable policies around agility and resiliency is essential. We need to evolve supply chain governance so we’re continuously improving to adapt to changes. For example, systems that worked before the pandemic may no longer apply in today’s hybrid work environment.

Ok, thank you. Here is the main question of our interview. What are the “5 Things We Must Do to Create Nationally Secure and Resilient Supply Chains” and why?

1. Leverage technology and automation to the greatest extent possible. By using technology and automation, we’re able to respond at the necessary speed to keep up with market changes and customer demand without impacting operational cost. For example, robotic processing automation can streamline the process of deploying secure software into production environments. That will help address customer needs more quickly because you don’t have to review the code over and over, which can push developers to the speed of relevance.
2. More diversification in manufacturing is another essential step. We need to diversify more around the world, not just in the U.S. That was very clear with the pandemic — the supply chain must be able to absorb major catastrophes, and greater diversity can help build resilience.
3. Implement zero trust as much as possible. The core principle of zero trust is not to trust any user or device until they are verified and validated to access only the information they need to perform their job. Zero trust architectures can help reduce the risk of cybersecurity breaches, and while there are technologies that can support zero trust, it starts with policies and with cultures, and there is no one size fits all approach. Zero trust requires different policies, devices, systems and administrators taking care of different things, so it’s a team effort. There is a misconception that zero trust is just about devices — it is not. It is a policy and a framework that will define how you operate as an enterprise.
4. Continue evolving supply chain governance. It is important to maintain and evolve our security posture across all the links and branches associated with a supply chain. Policies, procedures and rules need to keep up with security, society and market demands and the demands of robust lifecycle management. For example, devices become less secure over time as the equipment degrades and technology evolves. Legacy operating systems that don’t support new security updates but are still connected to corporate or government networks can become a massive source of exposure without a plan to manage risk throughout the device’s lifecycle. Securing legacy systems tends to be much easier across cloud-based technologies than on-premises devices, so accelerating migration to the cloud and preparing a lifecycle management strategy for on-premise components are key.
5. Inspire a vision for creating secure and resilient supply chains. Thankfully, the recent conflict between railroad workers and companies was resolved without a strike that would have seriously impacted supply chains across the U.S. However, solutions like the deal to avoid a strike or the mandate that major ports operate 24/7 to alleviate supply chain delays only address one small element of the broader problem. We need to approach supply chain challenges holistically and work together to inspire scalable, sustainable solutions.

Are there other ideas or considerations that should encourage us to reimagine our supply chain?

I encourage people to reimagine how technology is changing our supply chain. As technology evolves, we’ll see a major improvement in the way that we distribute goods, as well as retailer efficiencies around inventory management and general shopper experience. Using technology to deliver strong customer experience, analyze feedback and automate improvements can help increase efficiency as well as build security and resilience.

You are a person of great influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger.

In this day and age, there’s so much division between people and among global leaders that the movement for kindness has become really important to me. If we can continue to spread kindness one day at a time, we will be able to work together more positively and effectively to solve complex challenges and make this planet a better place.

How can our readers further follow your work online?

I’m on LinkedIn, and you can learn more about what my team is doing around supply chain security and resilience at www.sev1tech.com.

This was very inspiring and informative. Thank you so much for the time you spent with this interview!

About The Interviewer: David Leichner is a veteran of the Israeli high-tech industry with significant experience in the areas of cyber and security, enterprise software and communications. At Cybellum, a leading provider of Product Security Lifecycle Management, David is responsible for creating and executing the marketing strategy and managing the global marketing team that forms the foundation for Cybellum’s product and market penetration. Prior to Cybellum, David was CMO at SQream and VP Sales and Marketing at endpoint protection vendor, Cynet. David is a member of the Board of Trustees of the Jerusalem Technology College. He holds a BA in Information Systems Management and an MBA in International Business from the City University of New York.