Vice President of Technology, Office of the CTO
With more than 20 years of IT industry experience, Morey Haber joined BeyondTrust in 2012 as a part of their eEye Digital Security acquisition, working in overseas strategy for both vulnerability and privileged identity management.
ACSM: Hi Morey, thanks for agreeing to speak with us today. Can you give our readers an idea of what brought you into cyber security and why cyber security? and what aspects of your career to date have helped you get where you are today?
In all fairness, I stumbled into cyber security almost 20 years ago, while working in the network management space of operations. The security models for SNMP only included v1 and changing community strings was not possible on many devices. Simple discovery scans revealed that devices could have their MiBs modified and the runtime of the devices altered for malicious activity. This included changing email addresses on multifunction copiers to send copies of all copied/scanned material to an attacker. These basic attacks in the late 1990’s raised my interest in cyber security and so began my journey on my current career path.
In the early 2000’s, a former executive of mine joined eEye Digital Security and recruited me to grow the business. At that time, we were a young start-up with only two dozen employees and very limited venture capitalist funding. There were only two commercial vendors performing vulnerability assessments and the security community barely existed. Most organisations were in denial of the potential threats and the risks. Within a few years, I assumed responsibilities for product management and business development for our network scanner and endpoint protection platform. I will state candidly, that the learning curve was steep. There was very little training at the time, anti-virus was typically signature-based, and intrusion prevention solutions were just emerging on the market. Today, we take firewalls and basic threat protection for granted, before the wild west days of SQL Slammer and Code Red. In fact, many businesses at that time would not even put anti-virus on their server’s due to performance issues, let alone apply security patches, in fear of something breaking…Click HERE to read full Q&A.