The Human Side of Cyber Security: An Interview with Doug Sampson of Soteritech
James Holland interviewed Doug Sampson who is the Founder and CEO of Soteritech based in Virginia, USA. Doug is a graduate of Cornell University and is passionate about Cyber Security. He cites the recent hack of over 500 million Yahoo user accounts and the potentially damaging effects on the individuals as a major motivator in his work.
Can I ask first of all how you came to get in touch with Company Connecting?
I connected with your boss Janice over LinkedIn, as I wanted to become more connected with people who were interested in security. My company works to prevent insider threats. I’m keen to develop a culture of security within the workplace as too often there is a culture of apathy when it comes to these matters. My work involves programs, tools and training to help companies develop a holistic approach to protecting their valuable assets. It is important for organizations to understand the value of their intellectual property, and why, not only hackers, but their own employees might want to steal it. Then they must understand the situations when employees might turn to commit such acts e.g. financial hardship, divorce, extreme stress or revenge. My goal is to increase “real world” security.
That’s quite an interesting bridge between the IT world and the real world? Can you give us any examples?
Certainly. One aspect of our training programs is teaching people to watch for certain behaviour patterns and behaviour changes. For instance, why is it that a colleague who has been coming in to work at 8.30 every day for the last decade suddenly starts coming into work at 6.30? Similarly, an employee suddenly makes a very expensive purchase that seems well outside of their pay grade. Of course these things could have perfectly innocent explanations but they can also be indicators of inappropriate or even criminal behaviour. Other employees in the organisation who notice these behaviour changes should feel compelled to notify their management.
When it comes to the IT side of insider threat prevention, I’m establishing partnerships with a few key organisations who have developed great technologies for employee and contractor activity monitoring. I was surprised too by how inexpensive some of these tools are. They can perform a variety of functions to alert the organisation to improper behaviour, both on the corporate network, and outside the company walls. The company Identrix, for example, has developed a system that monitors information in the public domain to determine if an employee has picked up any criminal charges that they haven’t declared, potentially saving your company from the embarrassing claim of ignorance to an employee’s character.
Impressive stuff! So what do your training programs have to do with real world security in the work place?
I’m also working with an ex-military security expert on dangerous situation training. This is a real danger over here in the US. Employees and bosses need to know how to react if an employee comes into the workplace with a weapon, intending to do harm. Training people to safely remove themselves and others from the situation, or to confront the dangerous colleague if necessary, can help save lives.
What made you want to start your own business?
There was no particular spark or eureka moment but I’d known for a while that I wanted to work in a field that would have a significant impact for my clients. Over my career I have become passionate about not only technology but also human resources and other strategic workforce issues. I wanted to find a way to combine cyber security with human resources. The answer was to help organisations detect and prevent insider threats and theft of their intellectual property. I call it the “human side” of cyber security.
Do you have any other motivation when it comes to security?
Absolutely. When I hear things on the news about 500 million Yahoo accounts being hacked, and then their credentials being sold over the dark web, I can’t help but think of the damage that could be done to people’s lives. Getting your identity back or securing it can be very, very stressful and take a long time. Honest people can work very hard to create new inventions, or to start something unique and highly valuable. If employees steal that information and sell it, or give it to foreign countries they totally undercut the US economy. My motivation is to prevent that for not only the US, but any organisation trying to protect its intellectual property.
Doug Sampson LinkedIn: https://www.linkedin.com/in/dsampson
Soteritech website: http://www.soteritech.com
To be featured or find out more:
e-mail us on email@example.com
call us on 0845 643 5375
or contact Janice on Linkedin
First published on Company Connecting October 2016