Former Department of Defense, Booz Allen & EY executive Wayne Loveless joins OnDefend as Managing Director of Strategic Services and Associate Program Director of the Independent Security Inspector program for TikTok USDS.
Wayne Loveless is a globally recognized cybersecurity engineer, strategist, and leader with more than 25 years of industry experience across the Government and Public Sector, Defense, Energy, Oil and Gas and Healthcare industries.
He has led and supported teams in the development of National Cybersecurity Strategies, development and implementation of large-scale enterprise cybersecurity programs, research and development, and cybersecurity engineering in government and private industry.
Interview with Wayne Loveless:
Q: What is your role at OnDefend?
” I get the exciting opportunity to support in the delivery of a key strategic project with the ISI team focusing on TikTok USDS security testing. This allows me to bring my global experience in delivering large scale cybersecurity programs in support of the overall objectives of the project, work in developing human capital, and drive high performing teams.
Additionally, I have another role in my capacity of Managing Director of Strategic Services, where I am working with the OnDefend Leadership to expand into new markets, industries, and geographies. Whether with core consulting services or new partnerships for OnDefend’s unique software and services, I get the opportunity to help supercharge the growth of services and clients on a global scale.”
Q: How did you get into cybersecurity?
” I started my career in cybersecurity as an active-duty U.S. Military member serving in both the United States Marines and the US Army. Following my nearly decade of service, I transitioned into supporting the US Department of Defense as a Cybersecurity Analyst with the DISA Field Security Office and the rest was history.”
Q: You have had quite an extensive career, tell me some highlight roles?
“As a consultant with leading companies such as Booz Allen Hamilton and Deloitte, I led strategic cybersecurity programs and security-oriented services with the DOD, US Navy, NSA, DOE, USMC, US Treasury Department, and the Department of Justice. Following my extensive government work, I moved to the Middle East where I led teams across the region in supporting cybersecurity programs in the Oil and Gas, Financial Services, and Government and Public sectors.
With Booz Allen Hamilton, I led the International Cybersecurity practice based out of Abu Dhabi, UAE and supported and led the development and implementation of National Cybersecurity Strategies, development of national cybersecurity agencies and capabilities, the development of national cybersecurity standards, and the design and implementation of cybersecurity detection and response capabilities at a national level. I joined EY MENA as a senior Partner leading the Government and Public Sector Cybersecurity Practice for the Africa, India, and Middle East region.”
In addition to working for major corporations and government agencies, I’ve had the opportunity to create numerous startups, functioned as a Global CISO and vCISO, and supported various entities as a Strategic Cybersecurity Executive Advisor. Which has led to some passion projects of mine, including being a contributor, published author, speaker, and sought out subject matter expert in the fields of cybersecurity and digital transformation.”
Q: Are there any projects you’ve worked on that stood out from the rest?
“One project I am most proud of was the development of a national cybersecurity strategy for a G20 country that established a new cybersecurity authority and regulatory scope across the public and private sector. Reporting directly to the head of state, the authority has grown to employ thousands of people in the cybersecurity field, creating new opportunities, particularly for women in the cybersecurity field as a very underrepresented group within the domain. The strategy and agency moved the country from the bottom of rankings for cybersecurity globally to one of the top 10 countries within three years, driving billions of dollars in investment and growth across the industry.”
Q: What are you most excited for in joining the OnDefend team?
” I have a passion for growth and taking on new challenges. Growing a small business and scaling new capabilities is a lifelong motivation. With OnDefend I have a unique opportunity to open new doors, expand service offerings, and bring new and exciting opportunities with a broad range of clients in international organizations and the Federal Government. This in turn helps grow not only the OnDefend portfolio of clients and cyber experts, but also the broader Jacksonville profile as an emerging cybersecurity hub in the southeast region.”
Explore OnDefend’s array of professional services, spanning from network penetration testing to tabletop exercises, and see firsthand how the OnDefend team can invigorate your security program.
AT&T Data Breach: What You Need to Know
OnDefend CEO Chris Freedman discusses the AT&T data breach with WJXT News4Jax.
You can watch the full interview here:
The Breach Details: The breach, which primarily involved data from 2022, impacted AT&T’s cellular customers, customers of mobile virtual network operators using AT&T’s wireless network, and landline customers who interacted with those cellular numbers. In total, approximately 109 million customer accounts were affected. AT&T has confirmed that the compromised data does not include the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information.
Nature of the Compromised Data: Although the data does not contain sensitive personal information or detailed usage specifics like call timestamps or customer names, there is a potential risk. AT&T acknowledged that publicly available online tools might be used to find names associated with specific telephone numbers.
Ransom Payment: In an unusual turn of events, AT&T reportedly paid a hacker over $370,000 to delete the stolen customer data. However, there is uncertainty about whether the payment went to the actual perpetrators of the breach.
OnDefend helps companies prepare for and defense against real-world threat. Click here to learn more about our Ransomware Defense Validation service which tests your defenses in depth against ransomware.
Story Originally aired on News4Jax: Data of nearly all AT&T customers downloaded from a third-party platform in security breach (news4jax.com)
TikTok U.S. Data Security Names Independent Security Inspectors as Part of Digital Integrity and Compliance Journey
Company announces new partnership with HaystackID and OnDefend to further security of the TikTok U.S. platform and app
CHICAGO and JACKSONVILLE, Fla. (June 26, 2024) – Today, TikTok U.S. Data Security Inc. (USDS) is further enhancing the security of TikTok users’ data and protection against cybersecurity threats by appointing HaystackID and OnDefend to serve as Independent Security Inspectors (ISIs) for USDS.
This new collaboration builds on TikTok USDS’ ongoing partnership with Oracle. In May 2022, TikTok created a new organization called TikTok U.S. Data Security (TikTok USDS) as part of its ongoing Project Texas Plan. This special purpose subsidiary is staffed by U.S.-based employees (with some exceptions in the U.K. and Australia to provide global coverage). USDS controls access to protected U.S. user data, content recommendation, and moderation systems in the secure Oracle Cloud. This structure brings heightened focus and governance to TikTok’s operations in the U.S. including data protection policies and content assurance protocols to keep U.S. users and their data safe and ensure users have an authentic experience on TikTok.
Expanding on this established focus, HaystackID and OnDefend with additional support from Mandiant Consulting will serve as the ISIs for USDS. This collaboration is designed to ensure the security and integrity of the TikTok app, its source code, user information, and the U.S. platform as a whole, highlighting TikTok USDS’s commitment to meeting stringent cybersecurity standards.
HaystackID is a specialized data services company solving business data challenges related to legal, compliance, regulatory, and cyber events. OnDefend is a trusted cybersecurity service provider helping organizations prepare for and defend against real-world threats. Mandiant Consulting is recognized by enterprises, governments, and law enforcement agencies worldwide as the market leader in threat intelligence and expertise gained on the frontlines of cybersecurity.
The ISIs will identify potential security risks to U.S. users through technical security testing and validation of the TikTok U.S. platform. This will be a continuous initiative, not a point in time assessment, as TikTok’s ability to deliver a seamless experience to its users is achieved through a sophisticated architecture involving hundreds of thousands of microservices.
“Through Project Texas, TikTok USDS is already well ahead of any peer companies in terms of how we secure users’ data and by providing unparalleled transparency by making our source code available to a third-party for review,” said Andy Bonillo, Head of TikTok-U.S. Data Security. “Keeping our users’ data safe involves constantly innovating and looking around corners for new threats. The partnership we’re announcing today will further our ability to anticipate and prevent emerging and sophisticated cybersecurity threats.”
“Supporting TikTok USDS in their critical mission to safeguard digital security marks a consequential affirmation of our efforts to enhance the cybersecurity standards and data protection efforts of our clients,” said Hal Brooks, CEO of HaystackID. “Our role as Independent Security Inspector is to provide comprehensive support in reinforcing TikTok USDS’s initiatives to maintain the highest levels of digital integrity. We are excited about the opportunity and look forward to contributing to this initiative with national security implications.”
Chris Freedman, CEO of OnDefend, discussed the proactive strategy implemented in this collaboration: “Our advanced security testing team, in conjunction with our proprietary Breach and Attack Simulation platform, BlindSPOT, will play a crucial role in identifying and addressing vulnerabilities within the TikTok application and network infrastructure. Moreover, our rigorous application and network penetration testing standards aim to ensure that the platform’s security strictly complies with national and global cybersecurity standards, identifying potential vulnerabilities while reinforcing trust and safety in the digital ecosystem.”
Price McDonald, Senior Manager, Mandiant Consulting added, “In this effort, our team is focused on providing security assessment services. Continuous penetration testing enables organizations to proactively manage their cyber risk in a rapidly changing threat landscape. This provides a number of benefits including early vulnerability detection, a reduced attack surface, and improved efficiency in responding to threats.”
Shawn Belovich, Senior Vice President of Digital Forensics and Cyber Incident Response at HaystackID and former Deputy Chief Information Security Officer at the White House, addressed the initiative’s alignment with national security priorities. “In my previous role at the White House, I had the opportunity to gain a comprehensive understanding of the intricacies of national security and data protection. I look forward to leveraging this experience. We are intensely focused on ensuring TikTok USDS’s infrastructure is not only secure but also in strict adherence to the heightened standards of cybersecurity and national security compliance directives.”
Read the release on the Tik Tok Newsroom
###
About HaystackID®
HaystackID solves complex data challenges related to legal, compliance, regulatory, and cyber events. Core offerings include Global Advisory, Data Discovery Intelligence, HaystackID Core® Platform, and AI-enhanced Global Managed Review powered by its proprietary platform, ReviewRight®. Repeatedly recognized as one of the world’s most trusted legal industry providers by prestigious publishers such as Chambers, Gartner, IDC, and Legaltech News, HaystackID implements innovative cyber discovery, enterprise solutions, and legal and compliance offerings to leading companies and legal practices around the world. HaystackID offers highly curated and customized offerings while prioritizing security, privacy, and integrity. For more information about how HaystackID can help solve unique legal enterprise needs, please visit HaystackID.com.
About OnDefend
OnDefend, established in 2016, stands at the forefront of preventative cybersecurity testing and advisory services, a reputation further enhanced by the introduction of its advanced Breach and Attack Simulation (BAS) Software as a Service (SaaS) platform, BlindSPOT. OnDefend is a trusted partner, empowering organizations globally to proactively combat real-world cyber threats. From ensuring compliance with industry standards to building out mature security programs, our mission is to ensure that the security resources our customers invest in are well-utilized, effective, and provide tangible results. For more information about their services and solutions, please visit http://www.ondefend.com/
—
OnDefend Media Contact:
Lauren Verno
904-299-3669
Haystack ID Media Contacts:
Carolyn Depko
908-565-3709
Rob Robinson
512-934-7531
There’s been no shortage of headlines involving ransomware over the last few months.
Let’s dive into your ransomware roundup with OnDefend.
Behind the Scenes with a CISO: James Case, Baptist Health.
It’s only May, and we may have already witnessed the fallout from the biggest ransomware attack of the year. Change Healthcare is still grappling with significant challenges post-February’s breach. How does this impact other security leaders? We sat down with a CISO to gain an insider’s perspective and insights on the ransomware landscape.
OnDefend in the News
In this article for Forbes, OnDefend CTO Ben Finke breaks down five steps every organization should implement to prepare for an attack. They’re not necessarily difficult, but they are imperative for success.
Read: How To Prepare For A Ransomware Attack
—
What does negotiating with a ransomware criminal look like? OnDefend COO, Billy Steeghs, sat down with WJXT News4Jax for an in-depth discussion about “Cracking the code on negotiating with a cyber extortionist.”
Watch: Cracking the code on negotiating with a cyber extortionist
Customer Success
BlindSPOT simulates ransomware on hospital system to validate security controls.
Learn how this enterprise hospital system utilizes Ransomware Defense Validation powered by BlindSPOT, a breach and attack simulation solution to prove security controls are working effectively so hospitals can focus on what matter most: patient care.
Read Here: BlindSPOT Customer Success: Ransomware & Healthcare
Ransomware Defense Validation
A solution designed to test your defenses in depth.
A cyber pandemic.
Can you remember the last time you didn’t see a ransomware attack in the news? There is no industry these cybercriminals won’t attack.
While there’s no way to get rid of all the bad guys, the goal is to know you’ve done everything you can to protect your organization. At OnDefend, we’ve made your mission our mission.
Ransomware Defense Validation.
BlindSPOT Updates
Make sure you’re staying up to date on all of the new features released with the BlindSPOT newsletter.
What you may have missed: BlindSPOT Newsletter: April 2024
- Alert Validation is live
- Updated campaigns page
- BDO Digital integrates BlindSPOT into security service
—
About OnDefend:
OnDefend, established in 2016, stands at the forefront of preventative cybersecurity testing and advisory services, a reputation further enhanced by the introduction of its advanced Breach and Attack Simulation (BAS) Software as a Service (SaaS) platform, BlindSPOT. OnDefend is a trusted partner, empowering organizations globally to proactively combat real-world cyber threats. From ensuring compliance with industry standards to building out mature security programs our mission is to ensure that the security resources our customers invest in are well-utilized, effective, and provide tangible results. For more information about their services and solutions, contact us.
Negotiating with a ransomware criminal.
The News4JAX I-TEAM is finding out what it’s like at the virtual negotiation table, going behind the curtain of the process with Billy Steeghs, Chief Operating Officer of OnDefend.
Originally Aired On: News4Jax
OnDefend enables companies to reduce risk against ransomware by testing and validating controls against the real-world strains. Discover how OnDefend empowered by BlindSPOT’s attack capabilities are supporting security programs through Ransomware Defense Validation.
Discover if your environment is prepared for a ransomware attack with OnDefend’s comprehensive Ransomware Defense Validation service. This multi-level assurance offering supports security leaders in reducing risk by simulating real-world ransomware threats to validate your security measures.
Learn More About Ransomware Defense Validation.
Ascension St. Vincent health system has temporarily halted some elective procedures, including tests and appointments, as they delve into a cybersecurity concern. Following the detection of unusual network activity yesterday, hospital officials are probing the incident and assessing the potential compromise of patient data.
Chris Freedman, CEO of OnDefend, sheds light on why hospitals remain a prime target for cybercriminals in an interview with Action News Jax.
You can watch the full interview here:
Story Originally aired on: Action News Jax. For more details, visit: https://www.actionnewsjax.com/news/local/ascension-cyberattack/3f21a506-bd2d-4cf2-8cd6-13443409e63e/
Welcome to our new series from OnDefend, where we delve into some of the most critical cybersecurity headlines.
We’re breaking down the Blackcat ransomware gang’s attack on Optum, the operator of the Change Healthcare platform.
OnDefend’s VP of Communications Lauren Verno sits down with James Case, CISO of Baptist Health Jacksonville, to get his insider perspective.
The Ransomware Attack:
The CEO of UnitedHealth Group, the parent company of Change Healthcare, Andrew Witty testified in front of a congressional committee on Wednesday, May 1st, 2024, about the details behind the February attack by the #BlackCat #ransomware gang. The hackers gained initial access through stolen credentials used on a Citrix portal that did not have multi-factor authentication enabled. It was revealed the threat actor used these compromised credentials to remotely access the company’s system for nine days before deploying the ransomware. During that time, the cybercriminals stole files containing sensitive patient information, including Protected Health Information (PHI) and Personally Identifiable Information (PII) of most Americans. Witty told Congress he took sole responsibility for the decision to pay the ransom, saying, ‘This was one of the hardest decisions I’ve ever had to make, and I wouldn’t wish it on anyone.’
Watch the Full Interview Here
Interview with James Case, Baptist Health Chief Information Security Officer (CISO):
Lauren: What goes through your head as a healthcare leader when you see an attack like this?
James Case: The entire healthcare industry is impacted. It’s a giant third party that affects thousands of companies and hospitals. There are backend processes that, if taken offline, prevent hospitals from accessing essential services like payment processing or authorizations. So, there’s a huge ongoing impact from that one company that was impacted, affecting the entire nation.
Lauren: Does that automatically spur a change in your own security program when something like this happens?
James Case: It’s a reminder—it’s third party risk—so maybe in our tabletops, it’s a reminder or feeds back into our feedback loop on scenarios to really tabletop. So, really tabletopping third party risk that we should all do more and more.
Lauren: Practice, practice, practice.
James Case: Practice and then find ways to improve, so it’s really both. And then education, right? It’s all the above.
Lauren: When you go into your security program and you talk to your people, what are you saying to them specifically about ransomware and what you guys should be doing without going into any specifics obviously.
James Case: Definitely prevention, but what we’ve learned over the last decade is that we also have to detect and respond, so we have to practice those. Practice finding things like tabletops, really practice responding, so we can move quicker, have muscle memory.
Lauren: Let’s talk about Ransomware and healthcare, they just go hand and hand at this point?
James Case: It’s the number one risk for most hospitals.
Lauren: It’s more impacting than people think, in what way?
James Case: The hospital itself, patients know their charts are gone so people are going back to paper and now that we’re in 2024, the whole phrase going back to paper is getting less and less real. Now we have more doctors and folks that have never used paper, so they’re going to paper for the first time, they’re going to downtime procedures. So, we can practice for it and drill for it but when you’re really doing patient care it’s different.
Lauren: What would you say is the number one concern when it comes to a ransomware threat?
James Case: Easy answer there, absolutely is the patient care.
Lauren: Why ransomware, why healthcare?
James Case: The answer is pretty easy there, it’s about the money. Healthcare is a pretty easy target and also healthcare is kind of behind. Like the financial sector is years ahead from a controls perspective and a regulatory perspective and way more financial resources. Going back to hospitals trying to break even or trying to make a 1% margin just to stay afloat, well then there’s not money to add to the budget and add more controls and add more technology to stop the attackers. So, it’s a tough balance.
Lauren: Overall, do you think we’ll ever beat out the bad guys?
James Case: There’s no answer to that, right? It’s always going to be cat and mouse. Just like there’s no way to eliminate all risk, there’s probably no way to eliminate all bad guys. All you can do is find risk and reduce it and hope that you’re not the next person.
Ransomware Defense Validation
Reduce risk by testing and validating controls against real-world ransomware threats, discover how OnDefend empowered by BlindSPOT’s attack capabilities are supporting security programs through Ransomware Defense Validation.
Discover if your environment is prepared for a ransomware attack with OnDefend’s comprehensive Ransomware Defense Validation service. This multi-level assurance offering supports security leaders in reducing risk by simulating real-world ransomware threats to validate your security measures.
OnDefend named the 37th fastest growing Gator business globally in 2024 by the University of Florida Alumni Association’s prestigious Gator100 program.
This recognition celebrates the achievements of alumni-led businesses worldwide and underscores the significant contributions of Gators in various industries.
Gator Leadership Driving Growth
Our remarkable journey of growth and innovation is in part due to OnDefend Co-Founder & CEO, Chris Freedman, a proud alumnus of the University of Florida with a BS degree from the class of 2001. Under Chris’s visionary leadership in partnership with co-founders Ben Finke & Billy Steeghs, OnDefend has surged forward in the highly competitive IT services industry, continuously expanding our reach and enhancing our offerings to meet the evolving needs of our clients.
About the Gator100
The Gator100 program annually acknowledges and honors the 100 fastest-growing Gator-owned or Gator-led businesses around the world. The selection criteria focus on sustained growth over a three-year period, making this recognition a testament to persistent excellence and performance.
Our Industry Impact
Operating from Jacksonville, FL, our focus has been on pioneering solutions that address complex challenges in cybersecurity. Our approach has not only fueled our growth but also positioned us as leaders within the tech community, propelling our company to the forefront of innovation.
A Word from Our CEO, Chris Freedman
“I am immensely proud of our team’s hard work and dedication. Being recognized as the 37th fastest growing Gator business is not just a reflection of our company’s success but also a testament to the robust foundation provided by the University of Florida. This honor reinforces our commitment to strive for excellence and to continue pushing the boundaries in securing our world against threats.”
This announcement is a proud moment for everyone associated with our company, and we look forward to building on this success with continued passion and perseverance.
CHICAGO, April 16, 2024 – BDO Digital, the technology advisory arm of BDO USA, P.C., today announced that it has adopted cybersecurity innovator OnDefend’s breach and attack simulation technology, BlindSPOT, to enhance its IT security service offering called Active Assure.
BlindSPOT simulates real-world attack scenarios from both established and emerging cyber adversaries to identify vulnerabilities, test controls, and improve incident response time to help mitigate cyber risks.
The technology integration is a significant extension to BDO Digital’s Active Assure service, which provides continual threat simulations, purple teaming, and resilience assessments to validate the strength of an organization’s managed extended detection and response (MXDR) solutions. It also works seamlessly with Microsoft security tools to help improve the overall customer experience. With the addition of BlindSPOT, BDO’s clients will be able to better anticipate and prepare for evolving threats, identify security gaps, and adapt defenses so they remain resilient in the face of changing attack landscapes.
“Our collaboration with OnDefend empowers BDO Digital to offer our clients real-time validation that enhances defenses against the dynamic and sophisticated nature of cyber threats,” said Ric Opal, BDO Digital Principal & National Leader of IT Solutions and Strategic Partnerships. “It also helps users navigate the complex interaction between artificial intelligence (AI) and risk management, furthering our dedication to offer the best-in-class, full-service cyber solutions to our clients. Together, we help our clients thrive through greater cyber awareness and resilience.”
As the 2023 Microsoft Security Partner of the Year, BDO Digital is dedicated to delivering top-tier, resilient, and adaptive defense strategies to its clients. The new strategic relationship with OnDefend reinforces this commitment to helping clients mitigate cyber risks and strengthens BDO Digital’s Perpetual Defense cyber threat management solution.
“We are proud to empower BDO Digital with our attack simulation tool BlindSPOT, providing organizations visibility into the effectiveness of their security controls and proving the value of these investments,” said Chris Freedman, Co-Founder of OnDefend. “It is no longer a question of if but when a company will face an attack. While organizations invest in technical security controls to prevent, protect, and prepare, we’ve found that security programs needed a way to validate those tools will work during those critical moments.”
To learn more about Active Assure and the other components of Perpetual Defense, please visit: BDO Digital: Active Assure
About BDO USA
Our purpose is helping people thrive, every day. Together, we are focused on delivering exceptional and sustainable outcomes and value for our people, our clients and our communities. BDO is proud to be an ESOP company, reflecting a culture that puts people first. BDO professionals provide assurance, tax and advisory services for a diverse range of clients across the U.S. and in over 160 countries through our global organization.
BDO is the brand name for the BDO network and for each of the BDO Member Firms. BDO USA, P.C., a Virginia professional corporation, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms. For more information, please visit: www.bdo.com.
About OnDefend
OnDefend, established in 2016, stands at the forefront of preventative cybersecurity testing and advisory services, a reputation further enhanced by the introduction of its advanced Breach and Attack Simulation (BAS) Software as a Service (SaaS) platform, BlindSPOT. OnDefend is a trusted partner, empowering organizations globally to proactively combat real-world cyber threats. From ensuring compliance with industry standards to building out mature security programs, our mission is to ensure that the security resources our customers invest in are well-utilized, effective, and provide tangible results. For more information about their services and solutions, please visit www.OnDefend.com.
Contact
BDO Digital: Ellen Evans
EEvans@TheBlissGrp.com
212‑840‑1661
—
OnDefend: Lauren Verno,
Media@ondefend.com
Lauren.verno@ondefend.com
904-299-3669
Customer Success: Ransomware & Healthcare
The Chief Information Security Officer of a major hospital system needed visibility into the effectiveness of their security controls. OnDefend’s breach and attack simulation solution, BlindSPOT was able to provide visibility, validation, and clear results.
Ready to leverage BlindSPOT to simulate ransomware in your environment? Check out Ransomware Defense Validation, where we safely simulate ransomware attacks using our proprietary BlindSPOT attack simulation tool to test and validate that your defense in depth is prepared for real-world threats. Get Started Here