The IT Nerd

 Inversion6, a cybersecurity company, announces today that longtime Chief Information Security Officer (CISO), Tom Siu, has joined their CISO practice. As a part of the team, he will collaborate directly with the firm’s clients to develop and manage their cybersecurity programs.

Siu will use his expertise to advise clients on operational security processes and assist clients with developing cybersecurity leadership capabilities.

The expansion of the CISO practice enables Inversion6 to continue accelerating their evolution of tailored security solutions for clients, large and small, across numerous verticals.

Siu strives to enable organizational success through relationship building with world-class IT and business leaders, strategic planning and intent-based leadership with IT teams. He is a recognized industry expert in information security with an emphasis focused on building and mentoring other leaders.

Siu’s recent CISO roles include acclaimed universities, Michigan State and Case Western Reserve, as well as a Virtual CISO with a veteran-owned managed security services provider. During these experiences he developed an information security program, directed an information security office staff and supported global customers with their cybersecurity strategy and product development.

Founded more than 30 years ago in Cleveland, Inversion6 has been helping build custom cybersecurity solutions for their clients and helping them stay ahead of the ever-changing threat landscape.

I can already see that 2023 is shaping up to be one crazy year on a number of fronts. When it comes to cybersecurity, that’s going to absolutely the case. To that end Christopher Prewitt, CTO, Inversion6 provides his top five cybersecurity predictions:

1. Government regulations are about to balloon.

Even with the new understanding between the U.S. and the EU, there will continue to be changes in international privacy requirements. Meanwhile, new security regulations will surely come from the SEC. We’re also likely to see more executive orders, more Congressional committee meetings and a lot more talking overall from politicians in the coming year.

And yet, for all their growth in number and complexity, most of these regulations will probably lack real teeth. We haven’t seen any real shakeups since the birth of the “accept all cookies” button. This is unlikely to change in 2023.

2. Hacktivism is on the rise.

From a cybersecurity perspective, the ongoing conflict in Ukraine is notable as the first war to prompt large-scale cyberattacks from nonmilitary citizens of other nations.

The Ukrainian army has largely outsourced their offensive cyber operations to hackers across the globe, who are now attacking Russian infrastructure as both a hobby and a political statement. I would expect these types of offensive operations across borders to become more mainstream in the coming year. The results could prove very unpredictable.

3. Zero-trust models are about to have a massive impact on security.

As more and more organizations abandon their internally hosted data centers and migrate to the cloud, they will increasingly rely on zero-trust models to improve security and prevent lateral movement.

In the near future, this new reality will fundamentally change how we perform penetration testing and how we secure our networks. Together, a cloud workload and a zero-trust model will essentially eviscerate the network edge and may even remove the need for significant network security for some organizations.

4. Active response will become the default defense posture.

Historically, the industry has evolved from preventive to detective controls. Still, alerts and timely response have done little to slow the threats. As a result, we may well see systems begin to self-assess and respond to attacks in real-time using locked accounts, forced password resets, network contain systems or other methods to prevent data from egressing.

If things get bad enough, we can expect to see these features become default configurations, and we will begin experiencing auto-responses from many of the platforms we use and operate.

5. Governments will be more direct on attribution.

In 2022, we saw multiple public reports of U.S. espionage efforts in China. This falls in line with the U.S. government’s recent trend of outing its own cybersecurity enemies by name.

As China, Iran, North Korea and others continue to develop their defensive capabilities, we’ll likely hear more and more about attribution of attacks. We can also expect to hear more about the U.S.’ cyber operations, whether we like it or not.