Derek Harp is a serial tech and cybersecurity entrepreneur with a passion for helping others make a difference through new ideas and new companies. He has 20+ years of experience in the cybersecurity field, and he is on a mission to change the world. After serving in the US Navy, he founded his first cybersecurity company in 1997 which produced a product called IntelliShield that was eventually acquired by Cisco Systems. He has gone on to found several cybersecurity companies since then, and in the process, has earned the respect of industry leaders through his professional speaking gigs talking to Fortune 500 companies, military leaders, universities, and conferences across the globe.
Derek is currently the CEO and Founder of Sable Lion Group LLC, a cybersecurity holding company helping business leaders connect to the right services for their company. He is also the chairman and founder of a not-for-profit, peer-to-peer networking cybersecurity organization.
In this episode of the Smart Business Revolution Podcast, Derek Harp, CEO and Founder of Sable Lion Group, gets interviewed by Julie Musgrave about the importance of cybersecurity in the current technologically advanced world. Derek also explains how the internet has changed over the years and shares his best practices that organizations and people working from home can implement to stay safe online.
Here’s a Glimpse of What You’ll Hear:
- Derek Harp discusses the biggest cyber security concerns people currently have
- Why cybersecurity is very important to organizations
- How the internet and security needs have changed over the years
- Derek’s advice to business owners on managing cybersecurity and how small companies can be affected by it
- The role networking plays in Derek’s work and in building relationships
- Best practices in cyber security people can use while working from home
- Derek explains the significance of wearing yellow shirts
- Where to learn more and connect with Derek Harp
- Derek Harp’s website
- Derek Harp on LinkedIn
- Sable Lion Group
- Control System Cyber Security Association International
Today’s episode is sponsored by Rise25 Media, where our mission is to connect you with your best referral partners, clients, and strategic partners. We do this through our done for you business podcast solution and content marketing.
Along with my business partner Dr. Jeremy Weisz, we have over 18 years of experience with B2B podcasting, which is one of the best things you can do for your business and you personally.
If you do it right, a podcast is like a “Swiss Army Knife” – it is a tool that accomplishes many things at once. It can and will lead to great ROI, great clients, referrals, strategic partnerships, and more. It is networking and business development; and it is personal and professional development which doubles as content marketing.
A podcast is the highest and best use of your time and will save you time by connecting you to higher caliber people to uplevel your network.
To learn more, go to Rise25.com or email us at [email protected].
To learn more, book a call with us here.
Check out Rise25 to learn more about our done-for-you lead generation and done-for-you podcast services.
Welcome to the Revolution, the Smart Business Revolution Podcast, where we asked today’s most successful entrepreneur to share the tools and strategies they use to build relationships and connections to grow their revenue. Now, your host for the revolution, John Corcoran.
Julie Musgrave 0:40
Hi there. I’m Julie Musgrave guest host of Smart Business Revolution podcast where we talk with CEOs, founders and entrepreneurs of companies and organizations like YPO, EO, Activision Blizzard, lending tree, Open Table, app, software, and many more. Our guest today is Derek Harp, a serial tech and cybersecurity entrepreneur. He’s got a passion for helping others make a difference through new ideas and new companies. He has 20 plus years of experience in the cybersecurity field, and he’s on a mission to quite frankly, just change the world. What better time to adopt that way of thinking right? We are so looking forward to hearing from him. But first, I’ve got to let you know that this episode is brought to you by Rise25 Media. Rise25 helps b2b businesses get clients referrals and strategic partnerships with done for you podcasts and content marketing. If you’re listening to this and have ever thought, should I do a podcast? Well, we say yes, we specialize in helping b2b businesses with a high client lifetime value. So to learn more, and get some more inspiration and ideas about how you could get clients, referrals and some of the best friendships of your life from a podcast, go to rise25media.com or email [email protected]. As I mentioned, our guest is Derek Harp. After serving in the US Navy, he founded his first cybersecurity company in 1997, which turned out to be a product called Intelshield that eventually was acquired by Cisco Systems. Not that for your first go right? He’s gone on to found several cybersecurity companies since then, and in the process has earned the respect of industry leaders through his professional speaking gigs, talking to fortune 500 companies, military leaders, universities and conferences across the globe. Right now he’s the CEO and founder of Sable Lion Cyber LLC, a cybersecurity holding company, helping business leaders connect to the right services for their company. He’s also the chairman and founder of a not for profit peer to peer networking cybersecurity organization. Derek, thank you so much for being here with us today. We certainly appreciate it and really look forward to diving into your expertise. It’s really interesting, and something that I think a lot of entrepreneurs maybe aren’t considering right at the forefront when they’re trying to get their business going. So I want to start with something timely, the biggest concern, what is the one that you’re seeing right now, especially because of this pandemic? We’ve got a lot more folks working remotely, the online usage is increasing, what are you dealing with right now?
Derek Harp 3:26
You know, this era ushers in so many different issues that cybersecurity serves me already, you know, problem America has grown exponentially. In the last couple years since I started in the industry, instead of just referring to a billion dollar industry, and now it’s over 100 billion years. That’s what it’s done just in the last four years. And so now, we have with a problem, you know, already pre existing problem, we’ve, what we would call added so many new attack surfaces, all these remote workers, all these new connections, and new behaviors, you know, people doing things from their house that work and kind of evil that rapidly. So there’s tons of things going on, if you don’t want to have going on in enterprises. But of course, we have been before and I’m a pragmatist. You know, I actually don’t speak from you know, when I speak on this topic, it will be from a technical basis, I speak about human behavior and low hanging fruit and let’s mitigate these risks. I don’t talk about buying exotic new technology that had companies where I was the founder or co-founder of specific technologies. And right now, I’m not really doing broad based attacks, some of this stuff applies to all of us. And yeah, that’s everywhere.
Julie Musgrave 4:38
And we’re all kind of having to shift our way of thinking and learn new things. It’s just a really interesting time. I can tell you’ve got a passion for cybersecurity. So why is that aspect of a business so important?
Derek Harp 4:54
You know, it’s crucial to every I you know, I like it right. You should describe any organization We think in terms of businesses, but I’m involved in various nonprofit efforts. And so many human beings get together and do anything that is horrible. And then even our, even our family home networks and our home eater family, which is a business at all, as an entity, you know, legally, is horrible. So I do think in terms of this as a societal issue, not purely a business issue, even though business targets are juicy. And obviously, the more use of target, the more likely you are to get back. But it used to be also, that was really true, too. And so if you’re small, or obscure, or nobody knows about me, you know, your chances are a lot less, that’s just not true. Our automated tools to discover you, they don’t have to look for you, and discover you and discover that there’s openings and things, there’s points. So I’m passionate about it because I started school because it’s a big problem, and we haven’t solved it, no matter how much money you spend. And the other one is I just, I probably lucked into it. And I was coming out of the military. And putting on a line in the direction, I was determined to start a business, I had an early entrepreneurship dream, and exposure as a young person. But I had started at least on paper, a different business, a very different business, and ran into a former college mate, who was also in the Navy graduate program. And he’s the one who said, Hey, what about cyber security, I was involved in being exposed to security related things in the military, but I wasn’t thinking of applying that in, you know, in my afterlife. And he’s, we should take a look at this. And that nickname, seven just took me down this road, and it’s a growth industry course, it’s an exciting thing to do. And don’t get me wrong.
Julie Musgrave 6:43
I really feel like you got into this field at the right time. I mean, 1997, things were exploding. We were just trying to figure it out. Nobody really understood how the internet worked. how any of this worked. How have you seen the needs change over the years?
Derek Harp 7:01
Well, you’re right, in 97, you look at the 90, we were jamming all these cables together,
Unknown Speaker 7:08
dial up the phone number, you had to have a separate deal,
Derek Harp 7:12
online DVDs, or CDs,
Unknown Speaker 7:14
100 free minutes or whatever.
Derek Harp 7:18
You know, it was an exciting time, we were all getting online and getting connected. And this thing that was the purview of defense and universities suddenly became a playground for everybody. And do you know, nobody could say they knew it was gonna turn into all this. In fact, it really wasn’t designed for all this, which has a lot of things today. The security issue is partly as big as it is, because of that the architecture wasn’t secure. It had other goals. So I think it’s, it’s true that those were the heydays of plugging networks together and finding out we can do this with this, we can do that. Now. Now we’re adding so many things, you know, I’ve seen typically we’re adding, you know, internet of things we can very popular term for smart connected devices have so many different types are adding 5 million of those a day, this was a couple years ago, 55 million of those a day, you know, became another box, look at connecting, you know, to other devices at up to 250 billion or more, you know, in the next few years. That’s, that’s a lot of new applications. So we’re, we talked about the cybersecurity problem, I suppose one of my sciences, we’re not trying to solve like the moon landing, which is a static problem, just we’re going to work on it we’re going to work on it’s been millions, you know, the presidential speech, and they got the goal didn’t keep changing. Here, it’s like, let’s sell. We’ll be proud of Oh, by the way to target it’s going to change shape, size and color, you know, every five minutes, but let’s all and that’s that’s a, you know, that’s an interesting opportunity. And
Julie Musgrave 8:45
that sounds quite frankly, kind of exhausting, especially as a business owner, because a lot of folks, we don’t really understand that that is happening. That is these people that are trying to get into our information. It’s shifting, it’s changing. It’s complicated. It’s overwhelming. So what sort of advice would you have for folks to kind of ease them into understanding this knowing the importance of it?
Derek Harp 9:10
Yeah, you know, it’s a great question. It’s, it’s, it’s an important question, because fertilization is everything, what I just described, and most of my peers, a lot of my close friends are business owners, in the small medium sized market, some notable side businesses, but not, you know, not necessarily the fortune 500 companies, which are spending money next as you go into the SMB market segment, of course, with more entities never a problem, like what do i do and I’ve only got the resources maybe I happen to know a little bit about this, maybe I don’t betting on the size of the company, what sector if their credit card processing company that might be actually only 100 employees, they’re going to be cyber savvy, rollin, but if you’re a manufacturer, with on, you know, with all sorts of networks on your manufacturing line, you could have no cyber speeds out because, you know, in that sector, and so it’s It’s a huge, you know, winter wonderland of, of different levels of maturity. And so I always when I speak on this and my favorite audience to speak to, which I speak to regularly is non technical business leaders. So I don’t talk to technical people if you know, get into the ones and zeros in bits and bytes. I don’t, I love talking to non technical business here. But why don’t we focus on human behaviors, because, you know, there are gonna be other people that will recommend this technology to network here, I’ll leave that to them. What I’m focused on is what some of my startups to my wine cyber holding company are focused on. And the book that I’d like to finish with a lot of fun: you get to write a book on human behavior, the things that stop doing, example being fishing is so wildly successful at receiving communication. Now, that does not necessarily have to be an email, that’s the typical delivery method, it can be an X smishing SMS phishing, because they’re not getting a payload and interacting with it. And our suspicion is low. And our desire to just interact and do is really vulnerable, and all the statistics support that so many different attacks, start with a human being on the inside of yourself, including you to have gone down, opening and clicking and interacting with things that they should have been suspicious of. I test this all the time for companies and, and audiences and every simulation, every test is always a high percentage of people that interact with information.
Julie Musgrave 11:32
I know those things can be so sneaky because you mentioned they send you a text message and they disguise it as your at&t account has been compromised. Or click on this and it’s something that you had just been looking at online or you think that it’s coming from a reliable source. So I can only imagine the people that feel like a fool when they fall for it. But it’s they make it really hard for you to distinguish Do you have any advice for knowing?
Derek Harp 12:00
Yeah, you know, we can spend more time on justice. We’ve got a whole session on this. Yeah. But you know, your, your right gasket. Um, you know, the thing that I did with the realtor is obvious when you’re getting through to. So yes, there can be exotic calculations, let’s say it’s a foreign nation state state sponsored thing. And you’re for some reason being targeted, very unlikely. But it sounds fun, disturbing stuff. Hollywood, the nation states are very sophisticated. For some reason, you were in a company where they did want to target you. their likelihood of getting into your network is very, very high. If they’re determined, it’s going to probably happen. But what’s happening for most people is not exotic stuff. And it’s not obvious when I deficient simulations. I tried it. I could tell all throughout it was partly what I feature when I train people. And when I do like your last week on this I go, let’s break this down. Who here clue you to your misspellings? No salutation not from anybody. a domain name? If you Google the domain name, I registered the domain name three days ago. pages in complete sentences completely. None of this. Oh, hover over the link? Ugly hashtag numbers, dollar signs, characters, you have to put the word Google’s in. No, no, no, don’t don’t interact with that leave whatsoever. I just did the Google’s there maybe at the beginning and a bunch of stuff. No, look at that link and say no, that’s, that’s a horrible link. I’m not touching. I’m involved with it. Those should all be warning signs. And so so yeah, you know, let’s put aside the exotic ones. They’re very tricky. And just say, what about cutting out 80% of the stuff that’s and get your people on board and say, Sorry? Yeah. And if they’re not sure, I started a new email. And I emailed the originator. I say, you know, you’re getting, you know, did you mean to do this your bill? Can you send me this? Is this legitimate? incident? Well, that can be you know, that can be intercepted? Yes. But as soon as you start doing secondary communication, you’re narrowing down. Yes, it was determined in their monitoring email, and they’re communicating it possibly can interact. But sometimes if I really don’t know, I said, You know what, let’s, let’s take this outside of an email, and especially verify, verify, verify, and a lot of the bad apples fall off students verify.
Julie Musgrave 14:21
That’s a really good keyword to keep in mind. You brought up a really good point earlier just about how it’s not. They can find really anyone. A lot of people might have the mentality. Oh, I’m a small business. in Timbuktu, no one’s gonna know who I am. You kind of think maybe only Amazon gets hit by Apple, big companies, but no, they’re finding even the tiny ones, right?
Derek Harp 14:45
Yeah, absolutely. It’s, you know, I started in the 90s. Gets true to headlines, and the incidents were dominated by big banks, and things you would recognize. Oh, yeah, that makes sense. I don’t know. to them. That’s, that’s just not the case, we used to joke and all that people thought they had security through obscurity. And you know, and they don’t need to be looking for you, they don’t need to ever have heard of you they can offer, they are all sorts of tools, scanning the world looking for. And they can run it for hours and hours a day, and come back and say, Oh, look, my automated system is telling me here are 18 really intriguing, interesting things. systems, I should investigate and take a look closer, human based look at, you know, that’s how they’re doing. They don’t need, they don’t need to know you know about you, but they do discover. And you can say, Well, yeah, but what would they want to have to do with me that also, I hope is no longer a question for a business owner, they go well, I do get ransomware, if there’s any business owner that’s never heard of ransomware, they really got, you know, they maybe they need to do some reading, that’s very common billions of dollars in ransom being paid for what happens on an unknown company, I’m small, I don’t have any really deep intellectual property, I don’t store any credit card information, I’m not a risk. No, you are a risk to Hey, by the way, we’ve locked up all of your data, or we’ve locked up all your operations, manufacturing operations, and until you pay us a sum that by the way you can pay will be appropriate in our in our ransom, it might only be $10,000, we know you’re not going to pay a billion dollar ransom. But we will get there $7,000 fee out in Bitcoin or some sort of cryptocurrency and then we’ll let you most cases, we’ll give you a key and we’ll let you get your data back or let you resume operation. Those are being paid all the time.
Julie Musgrave 16:33
That’s scary just on its own. So hopefully, this will alert folks and just want to, you know, make sure that everything is lined up. I kinda want to switch gears a little bit and just talk about it because you’ve been through the startup process so many times you really understand the power of networking. So how would you say that that plays into each venture that you go into?
Derek Harp 16:59
Usually, I’m writing another book, this one I’m writing so I’m contributing to a Dropbox file folder that few people have access to contributing pieces and parts to. It’s not a book like Antonio next week. But I’ve been developing a system actually, before how I do that, because I, I’ve always been a networker, I’ve always been mind to meet people and connect to people. I’ve spoken about many stages and platforms and incubators, accelerators, university groups, I always talk about this, because I basically love my system called Ral Dell 360 relationship development, you know, and it’s like, it’s all around you. You don’t be like, Oh, I need to build some relationships with some investors. Last year, I needed to build some relationships with Eli, my employee. Well, that’s, that’s true. Oh, advisors, employees, customers, investors. These are all people these are all relationships. So I think for me, I I lucked out in that I like people and I like to meet people and I don’t, you know, Outlook 1000 yards past somebody at some jerks do. You know, if you’re looking for me, I’ll make a quick judgment call. I’m always eager. Now I sometimes have to make a decision. And instead, but I give someone like little attention, I try 90 nice for a minute or two. I don’t know where that relationship is gonna go. And so that my in person ethic, which is give someone your full attention, even if I have to say, I’m sorry, gonna break this off. But give people your attention, whoever they are, if I’m sitting on a bus and somebody aggressively I’m, you know, because I’m highly distracted. I’m going to do that right there as well. I’ve always, and I’ve had people in so many different capacities that way the system is about maintaining, those are those are those first, those first questions. Some of them are by accident, serendipity, some of them are purposefully trying to beat someone, either virtually or in person. Well, then what do you do with that? How do you nurture that relationship? And I’ve always said, you gotta invest in those things, you got it, you got to layer those on and give, you know, there’s the secret of the book out, you know, without forever out there. These are principles that are true, right? You gotta keep giving, you know, people think, oh, that’s magical. If you give if you’re constantly giving, you know, yes, the universe can recognize that, you know, I, I kind of believe in that. Another thing is it just creates the block and serendipity is more likely to happen. Because you’re out and you’re doing you’re giving you’re talking to people I’m getting to be of your time, you know, and I try I get requests for advice and mentorship, I certainly received a lot I try to give it as well. I don’t always get to everybody, but I really do try.
Julie Musgrave 19:27
There’s potential really in every relationship that you encounter. So it’s a good way of thinking that, hey, this could turn into something really, really beautiful. What relationships do you find yourself relying on most when founding a new business and helping others do so?
Derek Harp 19:43
You know, there you got your key service providers. You know, I think early on, you’re gonna do some finance and accounting, legal stuff. That’s always the future always, you know, maintaining and adding to those relationship categories. They’re instrumental, you’re gonna do some stuff, really, no matter what the venture is. I’ve often raised money for some of my ventures for most of my interests. And so I’m always interested in getting in contact with adult relationships with people who are interested in investing. In early stage ventures, that’s a particular cut. That’s not everybody’s cup of tea. And so when I need somebody who’s again, I enjoy that I try to, to keep track of that relationship. And that’s part of the system to keep track of these things. And, you know, and stay up with them. Because you don’t know me, I also again, don’t have a I’ve met you. And there must be a transaction you can do with the next 24 hours mentality with people do you tell me, I met you, I followed up if it has to do with whether you invest in my company, first time entrepreneurs do this all the time. Okay, probably gonna start to build a relationship for people. Yeah, because that usually, that usually is gonna be enough. Whereas if you start a relationship, and then at some future date, there may be interest in investing in something you’re doing. But that’s not based on the cold call, or we just meant something to ask you entirely. So, I think you meet people and you try to keep track of many relationships. And you might make some hard decisions. And those blossom or bear fruit, when you can kind of when you least least expected
Julie Musgrave 21:14
and sounds like just just trying to remember to be genuine in every aspect of your day to day life.
Derek Harp 21:22
I always say for me, I think that’s essential. You and I both know that that’s done. That’s not who they are. So I guess they could kind of fake it. Or they’ll have a different method for how they do life. And this maybe is the type bagel, or people it’s been quite successful. That’s just not me and not my mentality. And I think sort of those I speak to would say, That’s not either, and yeah, be genuine. And sometimes it takes longer for my process to bear fruit. But then as you’re always doing it, it’s always very first, because you build a pipeline process means you’re always meeting people for the first time, you’re always following up with people, you’re always, you know, involving people in not necessarily always business. You know, other hobbies act, as you know, things that you share in common affinities, you find those, and you connect on those levels. And so if you’re doing that all the time, there’s always fruit grabbing from those trees, even though it’s not the person you met yesterday, in most cases, occasionally it is, but you’re not looking for lightning in the bottle if that’s your effective way. So
Julie Musgrave 22:23
well, let’s, let’s focus on a big takeaway. Are there any best practices in your field that we can start implementing now? Making our time working from home kind of maneuvering this pandemic at how how do we get started, what’s your best take?
Derek Harp 22:40
Once you’re talking specifically, cybersecurity, again, train your people. You know, I do training for companies. But there are, you know, there are other reputable companies that do a variety of types of training simulations. And I think it’s key, find a find somebody that you trust, that knows what they’re doing, and make sure that your team is brought up to speed and that everybody, CEOs or senior executives who take themselves out of this is pretty boys are fooling themselves, because many of the transgressors are senior people. In fact, they’re the people who didn’t get access for decision making those distant wires. So it should be an all hands on deck. Everybody needs to get retrained every year. You know, I suggest one of my new startups is based on very regular smaller doses, very regular versus annual training. I think that how effective we still do them, and they’re better than nothing. But people’s awareness is everything people need to bring that up. This woman again, you know, is an arbitrator. Well, they gave 60% of all risks, guess what, that to get to very, very high levels of risk mitigation. Yeah, get to spend more money and do things with ultra specialize in that. But man, there’s low hanging fruit you can do, you can do with just getting everybody to move in and new cultural security owners will do that. Yeah, that,
Julie Musgrave 24:01
especially knowing this is all here to stay. It’s not, it’s not going to go away anytime soon. I know our listeners can’t see you. But you’ve got a yellow shirt on. And I’ve got to ask, I know that’s a thing for you. What’s the story with the yellow shirts?
Derek Harp 24:16
Yes, it is. So I started speaking at one point I have some comics made. I think they’re perfect slash yellow shirts where some of the yellow for comics are. And so in cybersecurity, it deserves to be a good practitioner. We know we use the concept of the blue team being defenders at Red Team being attackers. And so there’s simulations and training, Red team, Blue team, all that stuff. So I started especially with everything I just shared, and this is sort of what I share on stage and to companies that the rest of us are in team yellow 99.9% of our organization are those of us that aren’t attackers and aren’t defenders. We’re just making up most of the world where to and we are the ones making mistakes. Do you In the bad behavior, so it’s like a blue team and cyber defenders and you’re investing in that they do great things, but yellow is just out there floating around that train. Now we’re not raising up there, you know, their cyber practices, you’re not going to be successful no matter what you’re spending on the blue team. So I, I had, that’s my thing is I always speak in the yellow shirt. And I try to, you know, bringing those comments when I can say this thing we’ve got to really worry about.
Julie Musgrave 25:27
I like it. It’s a smart branding move. Derek, thank you so much. This was a great conversation. I really think a lot of entrepreneurs, small business owners, they’re just going to learn so much from you and really appreciate it. How can we learn more about you? Where can we find you online? Give us all those details.
Derek Harp 25:44
Yeah, so I’m, I’ve had my hands in so many different entities, especially over the years, I’m doing a little bit of reorganization to have just two domains where everything can be found. It used to be you just went to these different places. So derekharp.com is a great jumping off point, the lots of things that might you know, it kind of caters to speaking, but also for my audience, because I’m a scuba instructor in running a summer program on the island of Kodiak for Families and business groups.
Unknown Speaker 26:10
So that’s that’s not a bad spot.
Derek Harp 26:12
Yeah. That’s too shabby. quite sad about this. I think we have about 15 families and one person business revolves around the summer. Oh, man, but you know, that’s where my that’s where that stuff comes from. And then sablelion.com, which we’re now on creating Sable Lion Cyber, as of this morning company that has a variety things. I have a very large nonprofit trade association. But I don’t understand why in cyber, it’s a 501 c six called the Control System Cyber Security Association International. So this would be for anybody who’s concerned about cybersecurity as it pertains to control systems, the obvious stuff like gas and oil refineries and electric, you know, grid stuff, but it’s also building control systems and medical healthcare systems. Those are different kinds of than traditional IT systems. And so what I found some years ago, is that that’s a whole new emerging area of cybersecurity. 18,900. Now, close to 18,017, something of that trade association, are people trying to secure those kinds of systems? I do a lot with that as well. So sablelion.com, near-perfect, common ways to find, you know, the personal and business stuff. I mean,
Julie Musgrave 27:22
all right, we’re going to check it out. And hopefully a lot of folks want to come hear you speak in person, because I think you’ve got a lot of good words to say, and we want to listen. So Derek, thank you so much, appreciate it. And we’ll talk soon.
Thank you for listening to the Smart Business Revolution podcast with John Corcoran. Find out more at smartbusinessrevolution.com. And while you’re there, sign up for our email list and join the revolution. And be listening for the next episode of the Smart Business Revolution podcast.