CyberTech Top Voice: Interview with Fortra’s John P. Grancarich

Hello, CyberTech community. Welcome to our CyberTech Top Voice interview series.

The latest CyberTech Interview with FOTRA’s John P. Grancarich is an interactive Q&A-styled conversation. John shared his insights on Artificial Intelligence (AI) in cybersecurity management. In this interview with FORTRA’s John, our reporters explored the various facets of cybersecurity frameworks as applied to modern digital transformation journeys. In today’s rapidly evolving threat landscape, security teams aren’t just looking for tools; they need solutions that deliver tangible business outcomes. Fortra’s comprehensive cybersecurity solutions protect organizations from emerging threats and help them build a future-ready SecOps architecture that adheres to industry regulations and standards.

Join us in shaping the future of cybersecurity. Learn more about how Fortra can help you achieve your goals.

Here’s what John had to say about the digital transformation journeys in 2024.

Hi John, welcome to the Cybersecurity Top Voice Interview Series. Please share your tech journey with us.

John P. Grancarich: I’ve been in tech for about 30 years now, first in hands-on tech roles and then, moving to various leadership positions. I was a web developer, database administrator & computer forensics examiner before moving on to supervisory and leadership roles. I’ve loved both types of roles for different reasons, and each of them has served as a building block to continue learning and contributing throughout my career.

How can companies utilize AI in cybersecurity?

John: I think it makes sense to start with a clearly articulated set of problems and use cases, and then figure out where AI can contribute to some measurable outcome.

One of the biggest opportunities I see is what I think of the augmented security analyst. Rather than trying to create what some are calling an autonomous SOC, I think it makes a lot more sense to amplify what a skilled analyst can do by an order of magnitude, think 10-20x what they’re capable of today. To do that, we need to look at what they’re doing now and look for the patterns.

For example, is the analyst repetitively reviewing the same types of content in search of threats?

If so, there are likely patterns there that an AI model could learn and proactively make decisions on under the analyst’s watchful eye. I’m excited by the idea of a security analyst essentially becoming the manager of a team of AI agents who work at the analyst’s direction to improve efficacy and reduce the noise.

Cybercrime will cost the world $10.5 trillion annually by 2025. There is a victim of cybercrime every 37 seconds or 97 victims per hour. What are your comments?

John: It’s big business that’s getting bigger.

Cybercriminals are smart – they’re going to go where the money is. Look at ransomware – it used to be targeted to individuals like you and me until the lightbulb went off.

Why not go after corporations who have deeper pockets than the average person?

And, who has more to lose, like global reputation, brand value and so on?

I think we’re going to see more massively costly incidents in the next few years with perhaps longer period of quiet in between.

In other words, I expect we’ll see criminals taking greater amounts of time to select a profitable target, then work through their process patiently in order to maximize their probability of success and financial return. Just like any other business would.

Could you please mention your top 5 key strategies to protect Digital Assets?

John: Here are my top strategies to protect digital assets.

1. Know your infrastructure & what data lives where
2. Know what data is most important & why
3. Understand the most common risks (tactics, techniques, procedures) to those valued assets
4. Prioritize where you will concentrate your security resources to protect what’s most valuable to your company
5. Implement the tools & processes – including continuous monitoring & adjustment – to protect those assets

One genuine problem in cybersecurity today is all the manual work that security operations teams face daily. Could you please share your view?

John: I’ve been in the tech field for a long time and I’ve never seen a more fragmented and confusing set of products than what’s in cybersecurity today. The number of vendors is mind-boggling, a number of the product categories don’t make any sense, and many of the others are really just marketing-generated derivatives to give a vendor a leg up and analysts something to talk about.

Who’s on the receiving end of this mess?

Security teams.

This is why we are working on a unification strategy ourselves, to eliminate all of this waste and give teams a better alternative.

Digital transformation has been a consistent drumbeat for the past few years and is a core of business strategies. What are the Top 5 challenges with Digital Transformation?

John: When you look at digital transformation through the lens of cybersecurity, the legacy tools you’re moving away from have been secured in a specific way, with specific people who have specific skill sets applying specific processes to secure data.

Then, you undertake a modernization project, and you have a whole series of new problems to think about. You have to think about how your modernized application is architected, how it stores and transmits information, what other systems and network technologies it interacts with, and so forth.

 

I think it’s important to think about modernization holistically so that the team has a clear understanding of how your risk profile has changed with this.

What are some of the biggest challenges you face when marketing your new idea and trying to better the overall customer experience for them?

John: The biggest challenge is that customers are busy. They’re generally pretty great about wanting to explore new ideas with us, test prototypes, give feedback and so forth, but they’re busy and things come up all the time. So we do what we can to keep their time investment with us efficient, and yet still give them a chance to test and refine ideas with us and be a design partner.

We don’t sell when we do this – we problem solve together, and it’s one of the most fun and exciting things we get to do. Watching a solution to some thorny problem start to come into view during this process is incredibly exciting.

Please tell us about some of the top cybersecurity/other B2B events that you’re planning to participate in in 2025 (as a speaker or guest!).

John: You are a step ahead of me and I haven’t figured out my 2025 agenda just yet, but I’ll typically visit some of the larger events like RSA where it’s great to meet new people, pitch new things we’re doing and catch up with clients and friends. I’m constantly listening & learning, so these events are a great way for me to study what’s new and sharpen my own thinking.

Thank you so much, John for your delightful insights. We look forward to having you again at the CyberTech Top Voice engagements.

Recommended CyberTech Interview: Fintech’s Digital Fortress Under Attack: Cybersecurity Challenges in 2025

To participate in our interviews, please write to our CyberTech Media Room at news@intentamplify.com