October 27, 2017

A Cyber Defense Magazine Exclusive Interview with Founder & CEO Robert Herjavec

By Gary Miliefsky

I remember many years ago, Eric Lundquist, Editor and Chief of eWeek (formerly PC Week) gave me my first media break – an interview and coverage of my first startup, which was later sold to McAfee.  It was a moment I will never forget.  I nervously walked into his office…it was more than 25 years ago.  His admin sat me down and said “Eric’s running a little late but he’ll be here shortly.”  10 minutes go by.  15 minutes go by.  I’m getting even more nervous wondering what’s holding him up.  In walks Eric – he looked tired, had the 5 o’clock shadow.  He said ‘sorry for the delay, I just finished up my prior interviews to yours – I was just with Bill Gates in Redmond Washington and then with Marc Andreesen at NetScape headquarters in California.  I took the Red Eye and didn’t want to miss our interview.”

I went from feeling nervous to elated – wow – was this guy for real?  One of the top publishers of a personal computing and networking journal making sure he didn’t miss this interview (with me) after meeting these game-changing iconic figures in personal computing and networking?  He was for real.  He inspired me and I immediately thought “one day I will be like him” – now, many years later, here I am publishing Cyber Defense Magazine – we’re heading into our 6th year and have been one of the largest media sponsors of RSA Conference.  We look at more than a thousand cyber security companies each year and yet we only find a small percentage of them actually doing something proactive and thinking about how to get one step ahead of the next threat.  In the MSSP space, it’s definitely Herjavec Group.  So now it’s my turn to get under the hood of something great.  I get to play Eric Lundquist’s role and interview a game changing iconic figure like Bill Gates or Marc Andreesen.  A forward-thinking leader in the MSSP space.  Enter Robert Herjavec.

What a humble, grounded, focused amazing guy.  You must understand his beginnings to see how he got where he is today and where he’s headed with Herjavec Group.   He’s a pleasure to speak with and very sharp.  Not just about business but about the state of infosec and the latest threats.

Like most great salesmen he is an excellent listener.  As a result, he has as much InfoSec knowledge as his best customers CISOs.  Robert really knows what’s going on in the industry and what drives his customers to need his services – it’s about data protection, business continuity, regulatory compliance and risk reduction.

But let’s look back so then we can begin to look ahead.  Robert’s humble beginnings began in Varaždin, Croatia which is formerly Yugoslavia, and grew up in Zbjeg.  As the story goes, Robert’s dad, a free-market thinker, would drink a little too much after a hard day’s work and then speak out against Communism.  After being thrown into jail 22 times for being Anti-Communist and being warned there wouldn’t be a 23rd time, Robert’s dad packed a single suitcase and headed for freedom, landing in Halifax, Canada with only $20 in his pocket.

The family settled in Toronto with the help of friends.  They say all great stories start either in a basement or a garage.  In Robert’s case is was in this family friend’s basement in Toronto, where he and his family lived until they could get on their feet.  Robert said one of his most important influences came not only from these tough times but from his father’s advice to never complain, which sparked his sense of perseverance.

He has remained driven, since his humble beginnings and is an innovator.  He was the first to offer managed services for his firewall customers in Canada many years ago.  Robert founded Herjavec Group in 2003, a security solutions integrator, reseller and managed service provider and remains CEO.  It became one of Canada’s fastest-growing technology companies and the country’s largest MSSP.

With hundreds of millions in revenues, Robert took a leap and expanded the company into the US and UK markets. He personally moved to  Los Angeles, California and as he said to me “I’m not just going to stare at four empty walls from an LA office,” so he went out and began building on his vision of becoming a leader in the cybersecurity services market globally.

What I like the most about Robert is that he didn’t just hire a bunch of sales guys and said ‘go do this’ – he came here with nothing but a plan (and great success in Canada) and executed it himself, first.  He paved the way for Herjavec Group, personally.  Of course, the fame of being on an incredibly successful TV show – Shark Tank didn’t hurt (and later Dancing with the Stars where he met his soul mate, but that’s a story for another day).  Everyone in America has seen at least one episode of these shows.  “That helped a lot – most C level execs who would not return my phone calls in the past, give me a meeting almost immediately because of my notoriety,” said Robert, “ and this is a real boost for the company – I’m able to short-circuit getting to the top and giving the pitch on why Herjavec Group.  We still have to add tremendous value – and we do.  We still have to deliver a great risk reducing MSSP experience – it’s a partnership – and we do excel at our mission.”

Let’s Dig Into Robert’s Vision – Herjavec Group:  A Next Generation MSSP Experience

With 4 global SOCs – Toronto, Ottawa (CA), Los Angeles (US), Reading (UK), and recognizing that security is not purely a technology issue, Herjavec Group combines technical and human intelligence to enrich the information and alerts shared with customers.

Listening to the needs of their diverse group of customers, Herjavec Group offers the flexibility of co-management with the added benefits of threat visibility and data correlation.

If you are a CIO or CISO and worried about the latest threats, Herjavec Grou’s flexible model offers you the benefits of a pure play MSSP as well as a Co- Managed SIEM. With Hejravec Group you gain both threat visibility and data correlation. Plus, clients appreciate that they can be hands on, while still receiving analytical value from a Managed Security Services expert.

It’s the best of both worlds as can be seen on the following diagram:

What is your secret sauce?

While this flexibility works extremely well, I still wanted to hear from Robert – what’s the secret sauce?  “How come we never hear about your clients in the news?  What are you doing to help them avoid the next threat or quarantine the latest attack so the breach risks are so well mitigated,” I asked him.  Without hesitation, Robert enthusiastically told me about Herjavec Group Analytics aka “HG Analytics”.  This is his company’s own home-grown automation engine that runs on top of Splunk – between the customer SIEM and Herjavec Group’s MSSP team that allows them to take in massive amounts of alerts and add what most MSSP customers could not afford – valuable context, reputation filtering, threat feeds, data deduplication and other intelligent filtering capabilities to narrow it down to what’s most critical for a breach incident – who, what, when, where and why.

As the volume and complexity of network events increase, without a system like HG Analytics, your CISO is like a security guard responding to an alarm in a dark warehouse without lights and the batteries of his flashlight just ran out.  Having Herjavec Group help means you have not only a new set of batteries but acoustics to find the actual source of the breach.  You’ll hear the bad guy hiding behind the back-left corner of your data warehouse and you’ll be able to shine a bright spotlight on him, nearly instantly.  This rapid ability to understand and respond to threats tremendously reduces risk to Herjavec Group MSSP clients.

Helping such a diverse set of clients – from energy companies, mining companies, to legal, financial, insurance and other markets – a total of twelve major verticals and growing, Herjavec Group understands the INFOSEC needs in a diverse arena.  They respond to event alerts quickly and help customers remediate.  Robert feels that if you are not doing a great job at the foundation level, even the greatest machine learning/A.I. system like HG Analytics won’t stop you from being victimized.  That’s why he stresses the importance of doing all the basics – daily backups, strong encryption, corporate security policies, advanced endpoint protection, regular patching and vulnerability management.

In addition, Herjavec Group partners with best of breed technology vendors to deliver security solutions. Not only will they provide consultative services to help you improve your baseline security posture, they resell technology and offer complementary installation, architecture and management services. Robert’s team supports over 40 security platforms and growing including McAfee, PAN, Splunk, RSA, Crowdstrike, ForeScout, SailPoint, CyberArk, FireEye, IBM, Checkpoint & Symantec.

“You will get breached.  There’s nothing you can do to prevent it.
Smart money is on how quickly you can contain it.”
-Robert Herjavec, CEO, Herjavec Group

What Are Your Thoughts About Regulatory Compliance?

“We’re finally seeing regulations in various industries reaching the “C” level executives.  This forces the executive suite to begin having an open and honest dialog about the value of cyber security as part of the business discussion.   We’ve always taken compliance seriously, so Herjavec Group delivers SOC 2 Type 2 certified Managed Security Services supported by state-of-the-art, PCI compliant, Security Operations Centers, operated 24x7x365 by certified security professionals,” said Robert.   Each year we hear about another regulation – whether it’s international in nature, such as the EU’s GDPR or at a state level, such as New York State’s NYCR 500, the pressures are growing.  Having an MSSP partner like Herjavec Group can help prove due care and due diligence for these and many other regulations.

What About Executive Level Training?

Robert explained that “this year, we have also introduced an executive training practice, led by our VP of Incident Response, Matt Anthony. Our training initiatives support employee security awareness and also provide insight on how to build a security framework and incident response plan. These training sessions typically part of leverage our IR retainer hours or are orchestrated as a separate consulting engagement.”  As most breaches are a result of poor executive guidance, the regulatory pressures and the availability of this kind of “C” level training program could not be better timed.

Do You Ever Guarantee No Breaches To Your Clients?

“The adversary is always changing and if we don’t start from a strong foundation, we’re going to always be playing catch-up.  We explain this to our clients, they listen and when they implement our suggestions, it makes it easier for us, in partnership to detect and remediate some of the nastiest and most innovative attacks.  WannaCry, for example, can’t get past our system and we’ll keep working to stay ahead of these kinds of innovative threats.  This year, binding ransomware to a worm was a new idea, next year something else will be done that seems so innovative – we must be ready and that’s why a strong foundation and our ability to cross correlate threats across different markets with constant improvements to HG Analytics makes us an innovative player in the MSSP space.,” he said, “You will get breached.  There’s nothing you can do to prevent it.  Smart money is on how quickly you can contain it.”

It’s refreshing to hear from an expert in the industry who is also so honest about the situation.  Many start-ups, whom I meet with at various shows – RSA, BlackHat, etc. always tell me ‘my new technology will stop all the latest breaches’ When I ask them how they tell me ‘it’s proprietary’ – trust me, they tell me.  Yet breaches are exponential.  Just looking at PrivacyRights.org we see that there’s been more than one billion records breached (at the time of this writing it’s 1,073,490,127) in the US alone, from 7,730 DATA BREACHES made public since 2005.  As Robert Herjavec attested – they will keep happening, the question is – how fast will you react? How quickly will you contain them?  It’s about reducing the risk that the breach leaks out critical personally identifiable information (PII) records like the numbers we’re seeing at PrivacyRights.org (this doesn’t even account for the 1.5B Yahoo! Accounts).  It’s not if, it’s when.  The smart money is on partnering with Herjavec Group and leveraging a next generation MSSP led by a talented, passionate thought leader – Robert Herjavec.

Originally posted on cyberdefensemagazine.com