The Silicon Review
In today’s age of smartphones, computers, Artificial Intelligence and other “smart” technologies it is vital that we keep our online presence and systems as secure as possible. The present computing landscape is simple, yet again very complex.
How can we be expected to keep up to date with all the potential Cyber Security threats that are emerging?
24By7Security, Inc. is one of the companies that has pioneered on the privacy and security implications of the assets of an enterprise. The company believes that Cyber Security needs to be priority ONE across all functions of the enterprise. 24By7Security, Inc. is a premier National Cybersecurity consulting firm with headquarters in South Florida.
So let us talk with Sanjay Deo, the founder, and president of 24By7Security, Inc. about his company and how they built the company to be one of the leading cyber security providers.
What led you to set up the company?
A few years ago, while working on several projects in the healthcare industry, I saw that there was a significant gap between healthcare industry requirements for security and what the industry was actually doing. Cybercrime in healthcare was rising and I looked to fill this gap which drove me to set up HIPAA-HITECH-SOLUTIONS, Inc. As we grew in healthcare and partially due to my expertise and background in security, we saw several opportunities outside the healthcare industry. This led me to launch another company 24By7Security, Inc which catered to non-healthcare industry clients. After about a year of significant growth, we decided to merge the two companies into 24By7Security, Inc, which now handles security and compliance services for all industries.
According to you, what is the most crucial factor that influences cybersecurity?
We can implement multiple technologies, but it takes one click by an employee to expose the company to malware, ransom-ware, or other types of cyber threats. Employee training is the most important defense against cybersecurity risks. Training employees and making them aware of cyber risks and teaching them the ability to identify and report attacks, must be key objectives here.
What are the hurdles businesses today have to cross in this era of cybercrime and what is your contribution to that aspect?
The moment businesses connect to the internet, they are exposed to a variety of dangers like hackers, organized crime and other nation-state risk factors. Having years of experience in Cybersecurity and having worked with multiple industries including healthcare and financial services, our company’s most important contribution is the ability to discern the risks and to proportionally implement security solutions while helping our clients manage costs.
What is the best way to create awareness among people about cyber security?
When it comes to security, people are the weakest link within an organization! Getting and keeping them on board with security requires a multi-pronged approach. Awareness and planning should begin from the top and percolate downward. Security awareness training should be available and provided consistently, on an ongoing basis. Employee evaluations should include segments based on their response to security tests, the training sessions that they have taken, and their work on day-to-day security-related matters.
How successful was your maiden project?
Our first project was developing policies and procedures for a healthcare managed services organization. I was the lone ranger in the company when I got this client. When I started working on the deliverables for this first project, I quickly realized that the scope of work could rapidly expand with this client if this first project is successful. Then I hired my first team member. Slowly but surely, the project expanded significantly enough for me to warrant hiring 2 more people in the next few months.
What factors helped you in expanding the company?
As potential customers learned about our services and most importantly, the strength of our team and our overall expertise in various Cybersecurity and compliance areas, we were able to expand significantly from just health care to now serving all industries including financial services, entertainment, retail, fashion, manufacturing, education, hospitality, and government. The increase in cybercrime in recent years has also spurred an increase in awareness of risks involved for businesses and this has resulted in the growth of the client base and service offerings. Our offerings span four basic categories – Cybersecurity, Compliance, Incident Response, and Training.
What are the five assets that drive your company and why?
People: There is a high level of talent, knowledge, and expertise in Cybersecurity and compliance within the team. Our team members are well trained and credentialed on different areas such as several Cybersecurity certifications, compliance rules and frameworks like HIPAA, FIPA, FERPA, HITRUST, GLBA, SOX, NYDFS, NIST-CSF and more.
Experience: Within our team and leadership, we have tremendous experience in IT applications, Cybersecurity, technology leadership, government projects, compliance roles for several industries, network security, and so much more.
Time to market: As we are a relatively small company with highly skilled professionals, our responsiveness is one of our biggest strengths. In cases where clients have had an urgent need for our services, we have been able to turn around and start the project on the same day that the contract was signed. Flexibility is our forte.
Process: While responsiveness and flexibility are our strengths, we do not lose sight of the process involved in a serious subject like security. We follow a 360-degree approach for our clients where we help them identify, evaluate and manage their risks in every aspect of the business. We use our proprietary processes Security 2.0 – Reactive, Proactive, Counteractive and Defense in Depth 2.0 combined with standard industry frameworks such as ISO27001 and NIST Cybersecurity Framework to provide an end-to-end security strategy and the right type of resolution for each situation.
Integrity: As part of our company’s mission statement, our team members always exercise good judgment and are trusted advisors to our clients, without compromising any of our values.
‘It is difficult to start a venture. But far more difficult to maintain it’ - How would you and your team interpret this saying?
In the beginning, the difficulty is to create revenue and find clients who are willing to take a chance with your new company. As time progresses and the client base grows, the company grows too. Growth brings other challenges. The founder’s vision, mission, and integrity need to extrapolate throughout the entire team. There is a massive amount of effort that needs to be put into standardizing company processes, procedures, communications, and deliverables. All this needs to be done without sacrificing client relationships and project execution.
Where do you see your company a couple of years from now?
Currently, we are growing rapidly in markets within and outside of South Florida, expanding within the state and also in other states. In a couple of years, I see 24By7Security as a major regional player and advisory company in Cybersecurity and Compliance functions. From a company size point of view, I expect us to be at least double our current size in terms of revenue and team strength.
About The Founder
Sanjay Deo combines over 20 years of Cybersecurity and compliance experience. At 24By7Security, the corporate mission is to assist clients with building a “defensible platform” in the face of rising Cybersecurity incidents and increased Regulations and Legal Action. Company clients include healthcare, financial services, media & entertainment, travel and cruise and industrial companies.
As President of 24By7Security, Sanjay is responsible for all aspects of corporate development and business development including execution of strategic business plans. The company focuses on Cybersecurity services – Risk Assessment, Policy & Procedures and Training including incident response across various industry lines.
He currently serves on the Board of the South Florida CIO Council, and also Co-Chairs the South Florida CISO Forum. Sanjay is part of the HIMSS Privacy and Security Committee focused on Risk Assessment in the Healthcare Industry. Sanjay is a frequent speaker on IT Governance and Cybersecurity at national conferences. Sanjay is a member of the South Florida InfraGard Alliance and Sector Chief for the Information Technology track.
Sanjay holds a Masters degree in Computer Science from Texas A&M University, and is a Certified Information Systems Security Professional (CISSP) and Healthcare Information Security and Privacy Practitioner (HCISPP).