Staying Ahead with Threat Intelligence: Christopher Prewitt Of Inversion6 On How to Stay Informed and Agile About New Cyber Security Threats

An Interview With David Leichner

Be prepared. Someday you will come face to face with a cyber security incident personally or professionally. Knowing what to do, who to call, and how to act will be important for the outcome and timeline of events.

In the ever-evolving landscape of cybersecurity, keeping abreast of the latest threats, vulnerabilities, and emerging trends is paramount. This becomes increasingly significant as malicious AI poses new challenges. How do Chief Product Security Officers (CPSOs) stay informed about these factors relevant to their organization’s products? More importantly, how do they integrate this vital threat intelligence into their security strategies? As a part of this series, I had the pleasure of interviewing Christopher Prewitt.

Christopher Prewitt, Chief Technology Officer (CTO), is responsible for helping develop security related products and services for customers. Christopher also helps support customers advance security strategy, to reduce and manage risk, in areas of security, privacy, compliance and disaster recovery. He has over 20 years of experience in IT Security working in a variety of industry verticals. Christopher has also held Chief Information Security Officer roles in Fortune 500/1000 space and is currently a Reservist in the Ohio Cyber Reserve.

Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?

I grew up in a single parent household in Cleveland, Ohio. I went to a parochial school for my early and middle school education, where I had my first interaction with a computer, an Apple LLC. I had always been drawn to computers and other technology and had been a tinkerer throughout my adolescence.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

There wasn’t a particular event, I would say more of an opportunity. I had been in IT around the time of the Y2K bug, which is when cyber security really started to become its own niche. With Y2k, there was a huge expansion and need of IT people, and I was given a great opportunity at a young age, and eventually moving from a network and systems role, into a career of cyber security. There were some early books and magazines on the hacking scene (Underground, 2600, Phrack, etc.) that were influential in my pursuit of cyber security as a career.

Can you share the most interesting story that happened to you since you began this fascinating career?

I have many interesting stories, many of which I can’t openly share. However, I spent 3 years doing Incident Response work, so I have been on the frontlines. Coming into IT in the early 2000’s afforded a lot of opportunity for stories. I’ve experienced very large organizations where IT and internet access was the Wild West. The addition of content and web filtering to enterprises, the proliferation of cell phones/laptops being deployed en masse.

You are a successful leader. Which three character traits do you think were most instrumental to your success? Can you please share a story or example for each?

Patient, curious, tenacity.

Often people in their personal or professional lives interact with an “IT person”. IT professionals don’t always communicate well, overuse acronyms, or generally don’t have the patience when working with “non-IT people”. It’s important to keep top of mind that not everyone speaks the language of IT. Broken IT things lead to frustration, and IT professionals should understand that and know their audience.

Cyber Security is often best performed by those who are infinitely curious. How does that work? How can I get it to do something it shouldn’t? Why does this work the way it does?

Being curious can take us down deep technical rabbit holes, but knowledge is at the other end of curiosity. There are new technologies and new things to learn every day. IT and IT Security professionals are engaged in a relentless effort of lifelong learning. It takes a bit of tenacity, always seeking information about new technologies, new attack methods, new laws and regulations, and everything else. IT is at the heart of almost all businesses and business transactions and cyber security knowledge encompasses things beyond the bits and bytes and firewalls.

Are you working on any exciting new projects now? How do you think that will help people?

I am working with a new and exciting partner that is doing Autonomous Penetration Testing, essentially technology acting as a threat actor. The technology is growing in capability and is showing a lot of promise.

How do emerging technologies like AI and machine learning influence the risk to the cybersecurity landscape?

AI technology will help transform and shape cyber security. AI can “act” as a senior resource, helping to support more junior resources. AI can help train and develop talent. AI will also be a force multiplier for staff shortages, which has been a problem in cyber security.

Could you highlight the types of cyber attacks that you find most concerning today, and why?

Social Engineering (sometimes called phishing) is still, unfortunately, the most common type of attack seen. People are generally trusting and are willing to click on links, open documents, or provide information (even gift cards when asked). Threat actors are taking advantage of the human spirit, the willingness to help others.

Can you share an example of a real-world incident or threat related to malicious AI that you’ve encountered, and how you responded to it? What lessons did you learn from that experience?

AI, itself, isn’t malicious. It’s a new tool, being used by threat actors and system administrators alike. However, hackers don’t have lawyers or other bureaucratic corporate mechanisms to slow them down or prevent them from using new technologies. Threat actors are becoming more efficient and more effective using AI.

What advice do you have for organizations that are in the early stages of developing a security strategy for AI systems? What are the key or guiding principles they should follow? Could you walk us through the recommended steps to take immediately after a cyber attack is detected?

Developing a security strategy is important. It helps organizations better prepare for new risks, future incidents, and better align the organization for how to take advantage of this new technology within the acceptable guidelines. The National Institute of Standards and Technology (NIST) has put together some great guidance on how to handle an incident. This guidance is the basis for almost all Incident Response plans.

Ok, thank you. Here is the main question of our interview. What are the “5 Things You Need To Stay Informed And Agile About New Cyber Security Threats” and why?

https://youtu.be/qGl2metH8mE

1. Stay Curious and Informed: Cyber security threats are always evolving, so it’s important to keep learning. Follow trusted online sources, blogs, and news outlets that provide easy-to-understand information about the latest online risks, scams, and protective measures.
2. You won’t know about all the threats and risks, but you can certainly have a heightened level of suspicion. If something seems too good to be true, it probably is. Remain suspicious. Subscribe to reliable sources for alerts and updates, like cyber security companies, government agencies, and consumer protection organizations.
3. Be prepared. Someday you will come face to face with a cyber security incident personally or professionally. Knowing what to do, who to call, and how to act will be important for the outcome and timeline of events.
4. Use Security Tools: Take advantage of user-friendly security tools and software that provide protection against common threats. Antivirus software, password managers, and browser extensions can help shield you from many online dangers.
5. With every new technology or app that creates value or convenience, there are usually new unforeseen risks. Ask yourself, “Hey, this is great but what am I giving up? What are the downsides?”

You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. :-)

Oof, this is a big question. The practical side of me says having everyone use a password manager tool. As a father, the theoretical and benevolent side of me says to restrict social media to those 18 or older.

How can our readers further follow your work online?

I can be seen on LinkedIn https://www.linkedin.com/in/cprewitt/ where I am currently making funny sales videos with a great friend of mine, Gianni Maiorano, a fun side project.

Thank you so much for joining us. This was very inspirational, and we wish you continued success in your important work.

About The Interviewer: David Leichner is a veteran of the Israeli high-tech industry with significant experience in the areas of cyber and security, enterprise software and communications. At Cybellum, a leading provider of Product Security Lifecycle Management, David is responsible for creating and executing the marketing strategy and managing the global marketing team that forms the foundation for Cybellum’s product and market penetration. Prior to Cybellum, David was CMO at SQream and VP Sales and Marketing at endpoint protection vendor, Cynet. David is a member of the Board of Trustees of the Jerusalem Technology College. He holds a BA in Information Systems Management and an MBA in International Business from the City University of New York.