Cybersecurity attacks have been a growing threat and recent world events have exacerbated those concerns. On this week’s episode of The Playbook, host Mark Collier, business consultant for the UGA Small Business Development Center, sits down with Renault Ross, Chief Servant Leader at RNSC Technologies, a strategic cybersecurity advisory and services firm. Renault is going to share his story and why his firm is a leader in the cybersecurity space.
Transcription:
Mark Collier:
Welcome into The Playbook, Renault.
Renault Ross:
Thank you.
Mark Collier:
All right. First of all, I want to say, I understand you’re a military veteran. Thank you for your service, sir. I have the utmost respect for our military veterans.
Renault Ross:
Thank you.
Mark Collier:
All right. So let’s start with your background, man. For those who don’t know as much about you as I do, talk about your background and how you ended up in cybersecurity.
Renault Ross:
Yeah. So how does one end up in cybersecurity? So let me just give you three data points, Mark.
Mark Collier:
Please.
Renault Ross:
And we’ll talk about the military, and I want to talk about Pearl Vision, and then last but not least, a software company. And so growing up in Texas, I didn’t really know what I wanted to do, so I decided to go into the military. And in the military you have process, you have structure, you have systems. So I took that back to Texas and then I started working with a defense contractor. And I was working in quality assurance, and also I was doing some blue-collar type work. And an opportunity came up to work in an operation center, a data center operation center rather.
Renault Ross:
And so while working there, there was a manual that no one would touch. That manual had 493 pages in it. And this was actually the manual for the big system. What is referred to as a mainframe. And so one day I was bored, Mark. So I actually started going through the manual and started reading this weird code, which now I know is called Cobalt. And so there was one command that allowed you to reboot and turn the system back on.
Renault Ross:
And so 20 years ago, maybe not as impressive, but all of the systems went down, the mainframe and all of the stores at Pearl Vision. And so playing around with that manual, reading that code, I was able to reboot all the systems, and I never forget this code and it stays with me today. It’s called IPL. So IPL initial program load. And so that was my journey. I was hooked. And so the engineer comes in the next day and he says, “Oh, we had a close one. All the stores went down, but all of a sudden, all of the systems came back up. And I said, “Mike-”
Mark Collier:
You said, “That was me.”
Renault Ross:
I said, “Mike, I typed in this command.” And he told me, “Whatever you do, don’t do it again.” And I’m glad I didn’t proceed because I had been reading a second page, how to delete files. And so that was my journey. I come to Atlanta. I get in with another organization, a larger, and I move from engineering to operations. And then a cybersecurity software company came on board and they brought me to be their engineer. And then I got into leadership and strategy, and from there, it’s just been a passion from there with cybersecurity.
Mark Collier:
All right. So let’s talk about your company now. RNSC Technologies. So talk a little bit about what that company does and the services you provide.
Renault Ross:
Okay. So RNSC Technologies. So what I want to do is I want to talk about what we do in a nutshell and more importantly, how we do it.
Mark Collier:
Very good.
Renault Ross:
And so when you … Basically, what we do is we keep bad things from coming into a client’s network, and we prevent good things from going out.
Mark Collier:
All right.
Renault Ross:
Right? That’s pretty simple. Right?
Mark Collier:
That’s very simple. Right.
Renault Ross:
So when you think about bad things, think about nefarious actors, malicious code. And when you think about good things going out, think about Social Security numbers and confidential information.
Mark Collier:
That’s right.
Renault Ross:
And your intellectual property.
Mark Collier:
Got it.
Renault Ross:
And so how we do it is we have these practices. These practices have services underneath them. One practice is our governance risk and compliance, and so IT risk and compliance. And basically what it is ensuring that all the external mandates and directives and regulations that a company has to follow right are in place. But the other thing is ensuring that the policies, the controls, when you think about controls, the technologies, and then attestation, ensuring that’s happening if that company worked to be audited. So that’s one area. And then the other areas are dealing with the endpoint mobility as well as the cloud. So regardless if it’s iOS, Android, Windows or Macs, but being able to quickly detect and respond to threats.
Mark Collier:
Got it. Got it. All right. Now, every company founder has a vision, got a vision, a mission. So share with me your vision for starting your company and why your title, chief servant leader, as opposed to traditional CEO.
Renault Ross:
Oh, Mark. I tell you here. I got here yesterday to hear what I was going to say today on your show. The vision behind it and just let me tell the story. So military, I told you about military process and structure. 20 years in corporate going up the ladder. I said to myself, one day I can do this. And so the vision was to build people. I’m a people builder, right? Love people. And build people doing something that I enjoy, cybersecurity, but also provide opportunities.
Mark Collier:
Got it.
Renault Ross:
And so that was the vision behind it. And so chief servant leader, if you think about leadership, leadership is steward, being a steward, stewardship.
Mark Collier:
Servant leader.
Renault Ross:
Servant leader. The option would be CEO, chief encouragement officer. So that was the reasoning behind it. Sorry to be long-winded.
Mark Collier:
No, no, no. I mean, I love to hear the story behind the people that I interview. So I appreciate you sharing that with me.
Renault Ross:
You bet.
Mark Collier:
All right. So differentiation is the Holy Grail of all business models. So what makes your company different from your competitors out there?
Renault Ross:
Yeah. First of all, it’s about making a difference. Right. And so when you think about RNSC, so we are a for-profit, but also RNSC, we have a nonprofit 501(c) on. And so with that, we’re able to give individuals an opportunity to get into IT and cybersecurity, or those that may have their foot on the ladder and hoping to go up the ladder and share with them additional skills and capabilities. And then last but not least, those that are on the ladder, but Mark, their ladder are against the wrong house.
Mark Collier:
I like that analogy, man. I like that.
Renault Ross:
Well, thank you. I’m a man of analogies.
Mark Collier:
All right. So no, that makes perfect sense, and I appreciate you sharing that. So let’s talk about the nuts and bolts of cybersecurity. It’s a hot topic nowadays. We’ve got a foreign conflict going on over in Ukraine right now as we tape today, and companies are opposed with threats. You hear the President and others saying you got to be wary of increasing threats to your cybersecurity. So what specific threats do you see out there are the greatest perceived threats to a company’s cybersecurity network?
Renault Ross:
Okay. Well, Mark, thanks for giving me the next 30 hours to talk about this. Right. And I can talk about buffer overflows, cross site scripting and SQL injections.
Mark Collier:
None of which means anything in my …
Renault Ross:
Exactly. So the threat is you. Not necessarily you, Mark, but the threat is between the chair and the keyboard.
Mark Collier:
Got it.
Renault Ross:
It’s the person. I can patch a system, but I can’t patch a person. For example, if I send you an email, and that email has a link with an attachment and you double click that, guess what? You were the virus. It’s that user awareness.
Mark Collier:
Got it, got it.
Renault Ross:
Right. And obviously capabilities and technologies come into play, but it’s the person and it’s the awareness and training of that individual.
Mark Collier:
No, that makes perfect sense. You’ve got to do cybersecurity training. We do it within my own organization, UGSBC. We’ve got an annual cybersecurity exercise that they take us through.
Renault Ross:
Don’t click that link.
Mark Collier:
Don’t click that link. That’s right. So let’s say someone is misfortune enough to click on that link. How much can a potential data breach cost a company?
Renault Ross:
Right. And so I’ll throw out-
Mark Collier:
Not just monetarily, but in terms of goodwill.
Renault Ross:
Right. And I’m glad you mentioned that because you got reputation that you have to look at as well, but I’ll throw out some numbers. So the national average, and this is based off of Ponemon, an IBM study is roughly about $4.2 million per incident nationally. Now, let’s double click that and look behind the bullet points, right? Let’s look at the different sectors. So if you look at healthcare, healthcare is roughly about $9 million per incident, and that’s 29% higher than in previous year. You look at public sector, the largest employer, right. 10 million employees. It rolls 78%, so to $2 million per incident. So the incidents continue to occur.
Mark Collier:
Those are large numbers, and any company is going to have to do their due diligence in terms of preventing those. I appreciate you sharing that. So cybersecurity protection is not just a one off event. When I do my cybersecurity training in my organization, I believe I’m done, but it’s not just a one off event. Talk to me about the ongoing operation that needs to happen in order for companies to protect their intellectual property and other valuable data.
Renault Ross:
You bet, you bet. Mark, I’m going to give you another analogy. Okay. So if you think about cybersecurity liking to take in a shower, right? You take a shower every day. No one really knows about you.
Mark Collier:
Correct.
Renault Ross:
It’s only when you go a few days without taking one, it’s when you become a risk. Okay? And some people tell me, it depends on the type of week, but … And it’s the same as cybersecurity. Cybersecurity is a program. There is no point in time that you develop a program and you stop checking on your program.
Mark Collier:
Sure. Absolutely.
Renault Ross:
So organizations have to continue to identify and monitor and detect and ensuring that it’s the people, technology, all working together in process.
Mark Collier:
All right. So I’m hearing more and more about consumer privacy concerns, and several large privacy settlements have also been in the news too. So how has privacy associated with cybersecurity? Walk me through that.
Renault Ross:
Gotcha. And you’re probably talking about the Facebook lawsuit in Illinois. I want to say they’re paying over a half a billion dollars because they didn’t get the right access from Facebook authorization, I should say rather. And so when you think about privacy, let me give you an example. If you’re going down a … You’re in a sketchy neighborhood, and you see a house that has burglar bars and drapes, think about burglar bars as being cybersecurity. I can lock it down. Right?
Mark Collier:
Got it.
Renault Ross:
But privacy is okay, how long should you have my information? What are you using my information for? And I have the right to correct any erroneous information that you may have on file, which is referred to as data subject access request. So it’s really the cousin to cybersecurity, and organizations have to build their cyber, their privacy programs. And if you look at California, which came out with the California Privacy Act, and then also you have Washington DC and others that are starting to come out with legislation, but privacy is a competitive advantage for organizations.
Mark Collier:
Very good. Very good. I mean, that makes perfect sense, man. It really does. All right. I’m a small business owner. I say, Renault, love everything I’m hearing. I’d like to become a client. So walk me through your typical engagement process with the client. Is an initial assessment done? And then walk me through the steps.
Renault Ross:
Yup. And area passion, for sure. I spent a lot of time on the software side and selling software. And it’s like going to the doctor. You go to the doctor. There’s the initial assessment. You get your blood work. Cholesterol is up. You need to take it down. It’s the same thing with RNSC. What we do is we provide, we call all a CBW and that’s a cybersecurity business workshop, and these are no-cost value adds. And essentially it’s understanding your business goals, your strategic initiatives, and where are you in that journey with respect to building your cybersecurity program. That way, we can give you the gap and now you know you’re zero to six, you’re six to 12, or you’re 12 to 18 and what you need to focus on.
Mark Collier:
There’s a scoring model that you implement and that can let people know what their risk assessment is.
Renault Ross:
A maturity. Yup, yup.
Mark Collier:
Got it, got it. All right. So with all the news of cybersecurity attacks in the news nowadays, is there one key technology that an organization should consider to protect themselves?
Renault Ross:
So Mark, if I had to tell you the control points. So if you think about the control points, we talked about email and not double clicking that link, and you look at web and you look at the cloud and you look at endpoint. Endpoint, no doubt, because that is the last line of defense.
Mark Collier:
That’s right.
Renault Ross:
Organizations have to be able to quickly identify and detect and respond. So ensuring that you have the capability there anchored with that IT risk management to ensure attestation and configuration management is important for all organizations.
Mark Collier:
Got it, got it. All right. Renault Ross, chief servant leader of our RNSC Technologies. I want to thank you for taking the time out of your busy day to come in and just detail why cybersecurity is so important, vitally important nowadays to protect the companies, not only their intellectual property but any of the physical assets that they’re being stakeholders of.
Renault Ross:
You bet, Mark, and don’t click that link I sent to you later on today. I test some of this knowledge. Thank you for having me. Really enjoyed it.
Mark Collier:
Absolutely.
Renault Ross:
You bet.
Don’t forget to subscribe to our email newsletter for all the latest business news know-how from ASBN.