DevOps Chat: Security Intelligence with Flashpoint’s Josh Lefkowitz

Flashpoint is a business risk intelligence provider that has been protecting government and private sector assets for a long time. In fact, to paraphrase Jack Nicholson in A Few Good Men, “We have been sleeping under the blanket of their security” for a while now.

I had a chance to catch up with Flashpoint co-founder and CEO Josh Lefkowitz and discuss Flashpoint’s risk intelligence offerings. The company recently upgraded its dashboards to give users more information tailored to their specific verticals and greater insight into risk intelligence.

As usual, the streaming audio is immediately below, followed by the transcript of our conversation.

Transcript

Alan Shimel: Hello, everyone, it’s Alan Shimel, DevOps.com, Security Boulevard, Container Journal, all MediaOps, and you’re listening to another DevOps Chat.

I’m really honored to have a new guest for this week’s chat, none other than Josh Lefkowitz, chief executive officer of Flashpoint. Josh, welcome to DevOps Chat.

Josh Lefkowitz: Alan, thanks so much for having me. Delighted to be speaking with you.

Shimel: Alright. It’s actually our pleasure to have you here, Josh. So, as we were talking a little bit offline, probably one of the best decisions you’ve ever made is having Jennifer Leggio as your CMO, but beyond that, fill our audience in a little bit about Flashpoint.

Lefkowitz: Absolutely. So, what Flashpoint does is provide conversion intelligence and risk solutions to organizations in the public and private sector across the globe. And really, what we’re doing is providing meaningful intelligence that helps them combat threats and adversaries within the enterprise environment that is helping organizations bolster cyber security, confront fraud, detect insider threats, enhance corporate and physical security, improve executive protection, address third party risks, support due diligence efforts.

So, it’s really a broad spectrum approach that we call business risk intelligence, with the primary goal of helping end users and customers make better decisions that mitigate risk and align to their business requirements.

Shimel: Yep. And all of that you know, people—that’s a mouthful, right, for people to digest, Josh. But you know, I also add, as someone who’s been in the security business for 20, 25 years now—you know, Flashpoint, you guys are a bit of the badasses, right, doing some of the real, you know, bleeding edge and cutting edge kinda threat intelligence and—I’m not thinking of the right word. Not just intelligence, but surveillance, if you will, and monitoring of what’s going on out there to try to change the equation around cybersecurity. So, congratulations. I mean, your reputation precedes you.

Lefkowitz: Well, appreciate that, and we’re fortunate to have an incredible team and an incredible customer community that really is focused on tackling hard problems and supporting the mission requirements and business requirements of our customers across the enterprise and public sector. This is such an incredibly dynamic and adaptive threat landscape that what we’ve found in our experience is that you have to have a combination of incredible people with a range of different domain and technical expertise as well as linguistic skills as well as technology that can facilitate automation, that can facilitate scale.

Because there are only so many hours in the day, and when you’re talking about such a vast threat landscape as well as customers who are inundated with too few resources and too many threats to navigate in a manual way, there’s gotta be that fusion of automation with smart people fusing that together.

Shimel: Absolutely. So, just before we jump into the news that I wanted to cover, I always like to ask our guests, Josh—if you could share with our audience a little bit about your own journey, you know, that brought you here as CEO of Flashpoint.

Lefkowitz: Absolutely. So, we founded Flashpoint in 2010. My co-founder, Evan Coleman and I, both had a background, really, that was primarily focused on how terrorists were exploiting the internet for a myriad array of purposes, from fundraising to propaganda to networking to facilitating foreign travel routes.

And Evan was one of the first private sector experts in the post-09/11 era to really understand the transformational impact that the internet was having on the way that violent extremists were doing business. And, as a result of that, became the go-to expert witness that the U.S. Department of Justice or the FBI and federal prosecutors began relying on for a broad array of different investigative support needs, particularly when it came to investigations and prosecutions that had an online component.

And as Evan built his consultancy throughout the 2000s, what we saw was an opportunity to take the methodologies that we’d been deploying when it came to tracking terrorists online, open the aperture, and began looking at a wider set of illicit activity, particularly around cybercrime, as we saw the requirements of the public sector had a lot of similarities to the emerging requirements of the Fortune 1000 and beyond.

And so, we took that approach that really centered around fusing subject matter expertise with technology and began layering that into building solutions and expertise that aligned to requirements coming out of the enterprise market.

Shimel: Excellent. Excellent, excellent, excellent. So, let’s jump into the news. You guys are kinda announcing a—not an expansion, per se, but really, an upgrade to your whole user interface, your whole interaction with new dashboard analytics and more focused. As you know, one of the problems with cyber security is, we’re oftentimes 10 miles wide and an inch or two deep, right? And especially when you look at any one vertical or any one threat case or what have you.

So, get us behind the announcement. What are we talking about here, Josh?

Lefkowitz: Yeah, absolutely. So, I’ll spend a few moments on the functionality and then spend a little bit more time on the “so what?” because that’s really what matters. How does this help customers, and how does this make their lives easier?

So, from a functionality perspective, we’re incredibly excited to launch new innovations enhancements around our Flashpoint intelligence platform that center around (1) new dashboards and analytics, and those dashboards include a look at vulnerabilities, CVEs. So, particularly, how illicit actors and threat actors are discussing those particular CVEs as well as credit card fraud oriented dashboard that helps better identify exposure as well as trends in that credit card fraud ecosystem. So, that’s one.

The second is around material expansion in our data collections. So, that includes everything from technical data to media and chat services that are being abused and exploited by illicit actors to credit card dumps as well as compromised account credentials.

And then thirdly, alerting, as we’ve recognized that customers are really looking for relevant intelligence, relevant data, relevant alerting. And while, of course, the holy grail of that is alerting that’s specific to an organization, what we’ve experienced is that organizations also have a deep interest in development and intelligence that pertain to their sector. So, a bank in the U.S. is going to be very attuned to developments that impact a bank in the Middle East or a bank in Europe.

And so, we’ve developed multi-language keyword patterns that are curated by our tactical monitoring team that are specific to particular industries. In this case, we’re rolling out new patterns around the technology vertical, the insurance vertical, the telecommunications vertical to complement existing industry patterns for financial services, retail, legal, and health care.

So, we’re extraordinarily excited about how all of these different enhancements to our platform will help our customers from a use case perspective. Because, at the end of the day, as I mentioned earlier, it really comes down to use cases. You can have all the data in the world, you can have all the bells and whistles in the world in your platform and technology, but if it doesn’t answer that “so what?” which is simply, how do I make our customers get their jobs done faster, easier, and better, it really doesn’t matter.

And so, we’ve very much taken that use case based approach to our product roadmap and strategy, particularly around different teams that are operating within the enterprise security environment. So, whether it’s a fraud team that needs that insight into the credit card fraud ecosystem that’s gonna be leveraging our credit card fraud dashboard and our compromised credit card data or a cyber threat intelligence team and a vulnerability management team that’s gonna be leveraging our CVE data, our dashboard that helps bubble up which CVEs are being exploited most prominently and most frequently by illicit actors.

Or, for example, insider threat teams that are looking at discussions in chat services like Telegram, individuals who have access to sensitive corporate networks and that are going into these chat services and attempting to exploit that access for financial or other gain in instances where they are posting screenshots of them in their work uniforms, posting screenshots of access that they have to sensitive systems, et cetera.

So, really, again, tying that back to the use cases and being laser-focused around how can we help our customers make better decisions, shave time off of tasks, and at the end of the day, make informed, risk-based decisions that impact the business.

Shimel: Got it. Excellent, excellent stuff. You know what I think our audience would enjoy is—so, in our cyber security following, we have a lot of practitioners, a lot of managers, too. They’re not vendors, those. These are people with real, you know, the dirt’s under their fingers and they fight the good fight every day, Josh, right? And you know this. You’ve been in security a long time yourself.

Sometimes it’s a thankless job, right? Because no one comes over and pats you on the back and says, “No one broke in today,” or, “We didn’t have a breach today,” right? They only get to know you when bad things happen, right?

How do you—I know this is driven a lot by community input, feedback, and stuff like that. But, you know, we could read the Gartners of the world and all that, but talk to us, how do you kinda—especially as a CEO—take in what the community, what your users are asking, and how does that then manifest itself in something like this?

Lefkowitz: Sure. So, there are a number of different elements that inform how we think about what our customer base wants and needs. So, first of all, we’re fortunate to have brought onto the Flashpoint team many of our former customers, including folks that played leadership roles in programs at some of the largest financial services firms in the world, places like Citibank and Bank of America and PNC. So, we bring that practitioner experience and those battle scars onto the Flashpoint team.

Secondly, we have a Customer Success team that is staffed with industry veterans that is having frequent touch points with our customers, reviewing potential roadmap ideas, doing that in tandem with our product team, and really being a set of open ears to better understand trends within our customer base and the broader market, and really taking that back into our feedback loop.

And then another component, and you talk about community—community is hugely important to Flashpoint. It has been since our earliest days. I think the vendor community often can look at the broader community simply as a vector for more buying, but at Flashpoint, we really look at the broader community as something that we wanna contribute to—no questions asked, with no expectations of a sales discussion.

And so, since our earliest days, we’ve been contributors to a broad array of different information sharing communities, including the ISACs. We’ve been huge believers in responsible disclosure and always looking at ways that we can contribute to those communities and also listen to those communities. And so, as a result of being active participants in the ISACs and many other communities, that’s helped inform our context and understanding around what the community is looking for and what the community needs.

Shimel: Excellent. And it shows. So, Josh, beyond the announcement and this expansion of new offering, what do you see as sort of the big challenges in cyber in the next year or so, do you think?

Lefkowitz: Yeah, I think that when it comes down to the fundamental challenge, you hit the nail on the head as far as security often being a thankless job.

And, you know, when you look at the expansiveness of the risk landscape, you look at the expansiveness of the attack surface, you look at the resource constraints that nearly every team is navigating, you look at the avalanche of alerts and false positives that they need to grapple with, you look at the fragmentation of the security market where there are so many disparate quote-unquote silver bullets that are your magic solution, but so many of them are operating in isolation, they’re not interoperable, and you are faced with a security community that is constantly in firefighting mode, that is often struggling to define ROI, and that often feels that you can’t win because all it takes is one bad actor to get through.

So, you know, all of those, I think, continued to be the fundamental challenge that the security community is grappling with. If you were to ask me to hone in on one trend, for example, that we’re seeing within the threat actor community, one that I would point to is the evolution of the ransomware landscape, where in version one, you saw a high volume of—you know, you could almost call them spray and prey actors who were last sophisticated, who were demanding lower dollar value—

Shimel: You know what, Josh? I equate that stage one to the kiddie script phase in security in general, right?

Lefkowitz: Yeah, absolutely. And I think what you’re seeing now is the far more sophisticated actor sets coming at the ransomware game or recognizing that, with the right type of ransomware and the right methodologies and the right reconnaissance of targets, they are able to command much larger ransom payments that they have the opportunity and ability to really devastate companies, and you’re seeing them shift from some of their other activities towards these very targeted, very strategic ransomware campaigns. And so, that’s definitely something that we’ve been observing within the threat actor community and within the broader landscape over the last few months.

Shimel: Absolutely. And you know, the more I read, the more scary it gets. I mean, you know, but this is why, Josh, I was reading a recent article, I think it was the heads of the six or seven largest banks and, you know, they asked them, what are the biggest sort of dark clouds on the horizon for the economy and the world economy in general, and it was consensus that cybersecurity was in the top three.

I mean, but to be fair, Josh, that hasn’t changed since I was in the security vendor game 20 years. You know, it was always a top three priority, it’s just, the arms never reached the pockets, [Laughter] you know, sometimes when it comes to budget. And now, we live in a world where, even if you have the budget, even if you could, you can’t, because we have the talent shortage and stuff like that, so it’s hard. It’s not an easy thing today.

Lefkowitz: For sure, and I think that evolution of the threat actor landscape will continue to push the defenders. There’s so many bright minds particularly coming out of government that are tackling this problem. And nobody’s solved for it with a panacea solution. You know, you implement defenses, you see adaptation on the illicit actor side. You know, you see this cat and mouse game.

We see it within the illicit actor communities we monitor closely and forums and marketplaces where the place that illicit actors were congregating for so long, many of them have expanded their aperture to now operate as well in chat services. You know, it facilitates that real time communication that has the perception of being a far more secure environment. It makes itself a fertile ground for sharing images, for sharing video that often is used as a validation of credibility and access, whether you’re posting receipts from fraudulent transactions, you’re posting videos of sensitive systems that you breach, you’re posting imagery of you in your work outfit, as I mentioned earlier.

You know, this is just another vignette of the constant chess match, the constant adaptation that’s taking place on the offense and defense side.

Shimel: And this is why we can’t have nice things. [Laughter]

Lefkowitz:  [Laughter]

Shimel: Anyway, Josh, we’ve got—I told you when we started, the time goes too quick with these, and we’re about out of time for this DevOps Chat. But I wanna thank you for being our guest. Love to have you back on in the near future and continue discussing this, you know, it’s too important for us not to be discussing. But thanks for being our guest here today.

Lefkowitz: Thanks so much for the hospitality. Really enjoyed our chat, and would welcome the opportunity to come back to speak again.

Shimel: Fantastic. Hey, Josh Lefkowitz, CEO and Co-founder and Flashpoint and our guest today on DevOps Chat. This is Alan Shimel—forgot my name there for a second [Laughter]—from MediaOps, Security Boulevard, DevOps.com, Container Journal. You’ve just listened to another DevOps Chat. Have a great day, everyone.

Alan Shimel

Avatar photo

Alan Shimel

Throughout his career spanning over 25 years in the IT industry, Alan Shimel has been at the forefront of leading technology change. From hosting and infrastructure, to security and now DevOps, Shimel is an industry leader whose opinions and views are widely sought after.

Alan’s entrepreneurial ventures have seen him found or co-found several technology related companies including TriStar Web, StillSecure, The CISO Group, MediaOps, Inc., DevOps.com and the DevOps Institute. He has also helped several companies grow from startup to public entities and beyond. He has held a variety of executive roles around Business and Corporate Development, Sales, Marketing, Product and Strategy.

Alan is also the founder of the Security Bloggers Network, the Security Bloggers Meetups and awards which run at various Security conferences and Security Boulevard.

Most recently Shimel saw the impact that DevOps and related technologies were going to have on the Software Development Lifecycle and the entire IT stack. He founded DevOps.com and then the DevOps Institute. DevOps.com is the leading destination for all things DevOps, as well as the producers of multiple DevOps events called DevOps Connect. DevOps Connect produces DevSecOps and Rugged DevOps tracks and events at leading security conferences such as RSA Conference, InfoSec Europe and InfoSec World. The DevOps Institute is the leading provider of DevOps education, training and certification.

Alan has a BA in Government and Politics from St Johns University, a JD from New York Law School and a lifetime of business experience. His legal education, long experience in the field, and New York street smarts combine to form a unique personality that is always in demand to appear at conferences and events.

alan has 81 posts and counting.See all posts by alan