Living our Mission Blog Series: Hitting a Home Run with Circadence’s Security Management, thanks to TS Reed, Cybersecurity Engineer

Reading Time: 3 minutes

The journey to cybersecurity engineer has been an exciting one for Circadence’s TS Reed. The former baseball pro turned security tech expert found his passion for problem solving at Circadence. After completing an undergraduate degree in criminology at Cal State Northridge, he pursued a master’s degree in mechanical engineering at CSUN and then a master’s in cybersecurity engineering from the University of San Diego.

TS started as an intern at Circadence and was quickly onboarded as a full-time employee for his technical prowess, adaptability, and knowledge of modern security functions and processes. For the past three years at Circadence, TS has monitored the company’s network security, tested the security of its products (including Project Ares) and learned how and what to look for to stay one step ahead of attackers.

“It’s impossible to be bored in this job. Security is always changing: the way people build it, the way people attack it. You have to continuously learn and teach yourself the latest and greatest practices,” said TS.

But cybersecurity management wasn’t always in the stars for TS. Prior to joining Circadence, TS coached division one baseball at the University of San Diego and was also an assistant coach and recruiting coordinator at the University of Arkansas Fort Smith. A Cal State Northridge Alum, TS was a well-respected baseball player, hitting home runs in the athletic industry (named a CIF California Player of the Year and a Division 1 All-American at CSUN) with the fourth highest batting average at the 2008 Big West Conference. After college he went on to play one year of professional baseball in St. Louis for the Gateway Grizzlies of the Frontier League.

He traded in his baseball cleats for cybersecurity after discovering the inherent problem-solving nature of the field—a part of the job that greatly intrigued TS to dive into a completely new field of study and long-term career trajectory.

For TS, one of the best ways to “win the game” in the security field is to think like a hacker. By understanding what vulnerabilities they look for to exploit and why, security engineers like TS, know how to harden systems and deploy preventative measures beforehand. And while open forum online communities help TS and other security professionals “understand the mind of a hacker” there is always a level of uncertainty he has to deal with.

“Hackers are attacking constantly and finding new ways to infiltrate networks,” said TS. “We have to stay as close to them as possible,” he adds.

While TS’ professional journey has been unconventional at best, he has noticed many lessons from his baseball career that have translated into the cyber arena.

“Teamwork is huge; I learned early on in baseball that every teammate receives things differently. You have to take the time and care enough to figure out how your team members communicate. [In cyber security], everyone communicates differently too. Both in receiving communication and externally communicating. Step one is always getting a feel for that in order to be as effective as possible when communicating with teammates/team members.”

Likewise, TS learned that in baseball, a player’s own skill level and performance weren’t the sole indicator of how “good” a teammate was. The greatest measure, he says, is how effective one is at making others better and serving them.

“To be good at and handle your job is one thing but whenever you have a team involved, the greatest measure of a player or cyber employee is the capability to lift up those around them and make them better,” he advises. Empowering teammates, teaching them, and learning from them is the approach he lives by at Circadence.

We are proud to have TS as part of the Circadence family and know while he’s not hitting balls out of the park at the stadium, he’s hitting home runs with Circadence, hardening its cyber security posture.

Photo by Joey Kyber on Unsplash

Learning from the Top 5 Financial Cybersecurity Incidents

Reading Time: 3 minutes

Banks, credit unions, credit card companies, investment firms, and insurance companies are all under cyberattacks—making financial cyber security a hot topic of discussion. For years, the finance industry has been one of the hardest hit with cybercrime according to Deloitte. And it continues to rank in the top five most vulnerable industries. In 2017, 69 material cyber incidents were reported to the Financial Conduct Authority, an increase from the 38 incidents in 2016, according to Information Age. Financial cyber security regulations are keeping companies in check but the pace at which threats evolve in sophistication requires a persistent approach to stay ahead of hackers.

If you bank online or have an insurance policy, you likely understand the convenience of single keystroke access to financial information. It’s easy, convenient and useful to transfer funds from mobile device to mobile device; electronically sign a form; or get a quote for a mortgage company just by entering in new financial details. Unfortunately, the rapid pace of adoption of new technologies that make these everyday transactions convenient is widening the attack surface for hackers and prompting security professionals to consider even stronger finance cyber security risk management processes.

Financial Cyber Security Incidents

Below are some of the most notable cybercrime attacks on financial services firms that we can learn from in order to take a more proactive approach to cyber security readiness.

Equifax 

The consumer credit reporting agency was breached in 2017, exposing the sensitive personal information of more than 147 million Americans. Partial driver’s license data was the primary data leaked. Equifax representatives said the vulnerability that allowed for the attack to occur was the failure to keep its computer systems adequately up to date.

Bank of Chile

State-backed hackers infiltrated the Bank of Chile’s ATM system in January 2019 and stole $10 million. The cyber heist was deployed via hackers initiating a virus as a “distraction” then prompting banks to disconnect 9,000 computers to “protect customer accounts.” Meanwhile, hackers sneaked in and used the global SWIFT bank messaging service to deploy fraudulent transactions.

India’s Cosmos Bank

Unauthorized users accessed their system and siphoned nearly $13.5 million through withdrawals across 28 countries. Unidentified hackers created a proxy switch that approved all the fraudulent payments.

Lazarus group

North Korea’s hacking operations are targeting financial institutions nationwide—completely indiscriminate of a brand or geographic location. The country is linked to attacks in 18 countries, according to a report from Russian cyber security firm Kaspersky Lab. The hacking operation known as “Lazarus” targeted employees at banks who visited the hackers’ list of 150 specified internet addresses. Experts say the attacks are at a “level of sophistication not generally found in the cybercriminal world,” and companies should take proactive measures to carefully scan their networks for the presence of Lazarus malware samples, disinfect their systems and report the intrusion.

Bangladesh Bank 

Bangladesh Bank experienced a hack in February 2016 that drained $81 million from accounts in a few short hours. Attackers subverted the bank’s SWIFT accounts, the international money transfer system, to get what they wanted, reports Wired magazine. Hackers sent more than three dozen fraudulent money transfer requests to the Federal Reserve Bank of New York asking the bank to transfer millions of Bangladesh Bank’s funds to accounts in the Philippines, Sri Lanka, etc. Reports indicate lax computer security practices were to blame (e.g. lack of firewalls installed on the networks), allowing hackers to easily infiltrate the network and find the credentials needed to proceed. The concept of attacking systems on the weekend isn’t a new approach either—other banks like Tesco experienced the same timing in November 2016 when thousands of current account customers were hit with fraudulent transactions by hackers.

Learning from Financial Cyber Security Incidents

Outdated systems, employee exploitation, weakened network security, and a poor ratio of defenders to hackers all contribute to the severity of these financial cyber security incidents.

These attacks tell us a lot about what preventative steps can be taken. To ensure financial services firms have the latest systems updated and in place requires an experienced cybersecurity team to perform regular system checks and updates.

Financial cyber security compliance leaders need to empower their teams with the right tools and persistent learning opportunities so they can be prepared for any malware infection or system overwrite that occurs.

The increase in reported attacks reflects a greater need for accountability across all financial institutions. As the attack frequency grows, so must our cybersecurity vigilance. Cyberattacks will adapt to defense strategies so financial firms need to ensure they are always one step ahead. The best way to achieve this goes beyond hiring our way out of the issue. Training your cyber workforce proactively using gamified cyber range training to combat the latest threats is the key to sustained success.

For more information on how financial firms can upskill their security workforce
download Project Ares subscription brochure.

Photo by Alexander Mils on Unsplash