Hello, CyberTech community. Welcome to our CyberTech Top Voice interview series.
In this engaging CyberTech Interview, we talk with Jose Seara, the Founder and CEO of DeNexus. As October is “Cybersecurity Awareness Month,” Jose shares his views on the importance of proactive threat detection and risk management in today’s fast-paced digital world. DeNexus is leading a new way in cybersecurity, providing smart solutions that help organizations stay resilient against evolving threats.
Join us as we discuss the future of cybersecurity and learn how DeNexus can help your organization stay ahead.
Hi Jose, welcome to the CyberTech Top Voice Interview Series. Please tell us a little bit about your journey as an IT and security professional. How did you start at DeNexus?
Jose: Actually, I do not come from a security background. In fact, I was on the other side of the table from where I sit now. As an entrepreneur building physical critical infrastructure companies across Europe and North America, I was exposed to cyber risk, especially in my OT environments, and I grew increasingly concerned about the financial impact of cyber risk: I couldn’t find any solution to measure my company’s cyber risk, ways to identify and measure when investing in cybersecurity was efficient, or any insurance to cost effectively cover it.
Why?
Because they did not exist.
The cybersecurity and the risk industries had not caught up with the proliferation of cyber attacks that cost businesses millions of dollars every year. This led to the creation of DeNexus. I assembled a team of cybersecurity, mathematicians, statisticians, data scientist, AI-ML and software engineering experts to deliver the first end-to-end cyber risk management solution dedicated to the industrial sector.
What is DeNexus and how does the company support industrial cybersecurity teams?
Jose: DeNexus is focused on helping industrial cybersecurity teams and their leaders, and provide them with a tool not only to be more effective at keeping their company secure, but to efficiently communicate with their business leaders. Most know they are the target of cybercriminals, but they always question whether they spend enough on cybersecurity and in the right places.
DeNexus provides answers by translating cybersecurity technical data into business and financial metrics that CISOs and cybersecurity leaders can present to their CFO, executives, risk committees, and board members to prioritize and justify cybersecurity investments in operational environments, and to procure insurance protection.
October is the Cybersecurity Awareness Month. Could you share your experience on promoting “cybersecurity awareness” as a cultural exercise in modern organizations?
Jose: Cybersecurity in industrial environments is challenging and costly.
For example, when patching a security vulnerability, you might need to shut down a production chain in manufacturing, a portion of the grid in energy, or operate a data center facility with degraded capacity.
Maintenance windows are always incredibly narrow and such activities require advanced planning and additional resources at remote sites. Patching or cybersecurity upgrades are always costly and not always even feasible, especially in OT networks. The bottom line is that doing nothing can easily become the default option, especially if executives are unaware of the company’s financial exposure.
Cyber awareness month is a great opportunity to challenge the status quo and invite security leaders to evaluate the top cyber risks faced by their businesses, understand drivers of risk, the probability of a severe cyber event, its potential financial impact, and, most importantly, what can be done to mitigate such an event and its consequences. DeNexus provides easy-to-understand cyber risk reports that executives can use to compare their level of cyber risk to other enterprise risks and make better investment decisions.
Recommended CyberTech Insights: DeNexus Secures $17.5 Million in Series A Funding to Revolutionize Cyber Risk Management
You recently partnered with Nozomi Networks to fortify industrial cyber risk management infrastructure. Could you tell us how this partnership impacts the existing cybersecurity postures in the industrial setups?
Jose: DeNexus has a unique approach to Cyber Risk Quantification and Management, combining both outside-in and inside-out data. From the outside we learn about threats, and threat actors and their capabilities. From the inside we learn about the network topology, devices, vulnerabilities and cybersecurity controls.
For the latter, DeNexus integrates with Intrusion Detection Systems like Nozomi through APIs, and this strategic technology partnership allows us to get continuous updates on the cybersecurity state of our client’s operational environments at monitored sites. This partnership enables us to provide unprecedented visibility into OT Cyber Risk for better decisions on patching and mitigation priorities.
What are your biggest IT and security concerns? What are your expectations from the current crop of threat intelligence solutions providers?
Jose: Significant investments are made in cybersecurity (more than $200 Billion, according to the Gartner Group). Yet, companies are still very vulnerable to cybercriminals. Detection and prevention are important. However, incident preparedness is equally needed, as it is now well understood that even the most advanced companies cannot prevent all incidents.
Corporations should invest in cyber risk management, understand their cyber strengths and weaknesses, and align their cybersecurity resources accordingly. In OT environments, we commonly see remote access provided to external parties with poor protection, or legacy devices prone to be compromised.
Another example is heavy investments made to high-revenue-producing facilities while smaller facilities fall behind with cybersecurity and become a vulnerable entry point for the entire corporation. These are just examples where, without explicit analysis, security leaders might have misguided focus.
DeNexus has raised $17.5 million funding. How would DeNexus be positioned to accelerate its growth and expand its innovative product offerings and markets?
Jose: This funding validates the need for better cyber risk solutions for industrial corporations and critical infrastructures with interconnected physical assets. DeNexus is the only company to focus on this market segment. We are the only one to systematically use internal telemetry from all cybersecurity leaders, to help security and risk leaders understand and measure their cyber risk in financial terms.
With DeNexus, they can answer whether they have invested enough and are in the right places. They can also justify investments to the executive team and the board.
We inform them where investments are most needed by analyzing and identifying sites with the most significant cyber risks. We enable our users to build what-if scenarios for risk mitigation projects, select one or more facilities to apply risk mitigation and evaluate the outcomes in risk reduction. These unique capabilities allow CISOs to develop a sound cyber risk management strategy, optimize the use of resources and budget, and showcase to the board and regulators a proactive, rational, and exhaustive approach to risk management and governance.
With this new funding, DeNexus is well-positioned to address the growing need for comprehensive cyber risk management in industrial environments, helping organizations navigate the complex landscape of cybersecurity threats and regulations.
Jose: Industrial cybersecurity has too often lagged IT cybersecurity. Safety, reliability, and uptime in OT environments take precedence over cybersecurity. However, with the industrial sector being hard hit by attacks, there is an increase in demand for OT cybersecurity. DeNexus brings a business overview of OT cybersecurity with financial metrics so that cybersecurity leaders can develop the most effective cyber risk management strategy.
We are already serving power generation, manufacturing, data centers and airports, and with the funding we will expand our capabilities to oil & gas, and even healthcare that requires a significant evolution of our technology.
What is the best way to ensure 100% cyber resilience for today’s digital workplaces?
Jose: The weakest cybersecurity link remains people. Misinformed or unaware employees can lead to errors, misconfigurations, and misinformation on the level of risk faced by industrial corporations. Companies need to build a culture of cybersecurity and demand employees follow cybersecurity awareness training regardless of their function. The most resilient organizations are the ones that are best prepared to respond to an attack and its consequences. Preparedness is key to reducing the severity of cyber events.
Cyber insurers align resources to recover and minimize the financial and operational impact of incidents.
Recommended CyberTech Insights: Nozomi Networks and DeNexus Join Forces for Cyber Risk Solutions
How should CISOs approach data resiliency and modernization goals for their cloud ecosystems?
Jose: Before developing a modernization strategy, CISOs should first evaluate and quantify their cyber risk. The greatest exposures can be hidden in unexpected sites or systems. Equally important is to document the journey through risk reduction, identify the most significant cyber risks, and prioritize the more effective risk mitigation projects. Several regulations such as the SEC S/K now demand this level of governance.
New-age AI platforms and labs have emerged as the biggest risk-centers in the cyber threat landscape. As a security leader, what would be your recommendations to AI organizations that are at risk?
Jose: Understanding the dependencies and interconnections between physical systems, cloud-based applications, and AI platforms is essential. Risks might not come from direct attacks on the OT environment but infiltrations through IT infrastructures and applications that propagate to the OT systems.
We hear a lot of discussion on cyber insurance and ransomware warranty. What kind of infrastructure and security framework should an organization adopt to successfully implement these security postures against risks?
Jose: Cyber insurance can make the difference between a company recovering quickly or going bankrupt after a cyber incident. Industrial corporations should follow recommendations from their insurers, deploy backups, MFA, incident readiness and more. If they don’t have coverage today, they should follow similar practices to become insurable.
DeNexus provides the data and analysis to them on which level of coverage and limit to seek, and how to balance risk avoidance and acceptance (financial reserve) with risk mitigation (cybersecurity) and risk transfer (insurance).
Young IT professionals are exploring new avenues in the cybersecurity technology markets. What kind of certifications and skills would you likely advocate among these professionals:
Jose: Cybersecurity is a broad field with various specialized areas such as threat intelligence, compliance, vulnerability management, risk management, incident response, cloud security, and mobile security, or based on industries and sectors. This is what makes the market so interesting for young professionals. The market is also one of the pioneering consumers of artificial intelligence technology.
Regarding training and certifications, the SANS Institute offers comprehensive basic to advanced training for cybersecurity professionals. The GIAC certification is especially useful for OT cybersecurity. The most important aspects of cybersecurity are staying current, embracing continuous education opportunities, and networking with experts who have hands-on experience with cyber attacks and dealing with their aftermath—this is where cybersecurity becomes real.
What are your predictions for the upcoming year— which cyber technology buzzword would rule in 2025?
Jose: Cybersecurity budgets are increasing, but not as rapidly as the propagation of cyber threats. We expect CISOs and cybersecurity leaders to be under increasing pressure to justify their budgets. A shift needs to happen so that the latest cool cybersecurity technology no longer dictates what to deploy. Instead, CISOs must get the data to measure cyber risks and prioritize projects. This is why 2025 will be the year of risk-based cybersecurity.
Thank you so much, Jose, for your delightful insights. We look forward to having you again at the CyberTech Top Voice engagements.
Recommended CyberTech Insights: The Cybersecurity Gap: Why Even the Best-Trained Teams Still Vulnerable to Attacks
To participate in our interviews, please write to our CyberTech Media Room at news@intentamplify.com
About Jose Seara