Interview With Erdal Ozkaya, Vice President, Chief Information Security Officer

 

Can you please introduce yourself to security Kaizen magazine readers (bio, experience, history) ?

Erdal is an Australian IT Security Guru with business development and management skills who focuses on Cyber Security, Penetration Testing, IT Auditing and sharing his real life skills as a Lecturer/ Trainer and is currently working as Chief Information Security Officer at EMT.

Erdal has the following qualifications: Master of Information Systems Security (M.I.S), Bachelor of Information Technology (B.I.T.), MVP, Microsoft Certified Trainer, Microsoft Certified Leaning Consultant, ISO27001 Consultant, Certified Ethical Hacker (CEH), Certified Ethical Instructor, and Licenced Penetration Tester. He is a lecturer at Charles Sturt University and is also completing his Doctor of Philosophy (Ph.D.) in IT Security.

He is an award-winning speaker and technical expert in worldwide conferences such as Microsoft TechEd, Hacker Halted, Microsoft Management Summit, AusCERT, trade shows and in webcasts for Microsoft and EC-Council and many other vendors. He was awarded “Best Speaker” in Microsoft TechEd Australia and won the Global Instructor of the YearAward (2011 & 2012) and “Circle of Excellence Award” from EC Council. His proven success deployments, especially in the areas of Microsoft workloads in real life, has become subject to IT magazines.

Erdal is advising and creating content to Government departments, Fortune 500 companies and Information Security Professionals to ensure they are getting prepared against latest “Cyber Crime” and being able to defend their organizations against any security breaches. He is actively involved in the complex IT security solutions, and enforcing regulatory requirements to the organizations, to protect their digital assets.

As well as his extensive IT skills Erdal has been working in the management field for the past 15 years. He has built and managed CEO IT from scratch into a national training and IT solutions center. With the skills he has gained he has introduced and repeated the success with KEMP, where he was tasked to single-handedly manage the ANZ region and then build the Asia Pacific region.

Erdal has also developed and consulted Microsoft Official Exams and Courses. You can visit his blog for more information right here in my blog 

Could you tell us more about emt security solutions ?

Resellers see EMT Distribution as the distributor of choice for selected solutions sold and supported throughout the Asia Pacific, Europe, Middle East and Africa region. The company owned by EMT Holding a European holding company is a channel company with over 15 years of experience in IT Product distribution and with offices in Adelaide, Hong Kong, Singapore, UAE, Austria, UK and the Philippines. EMT Distribution is well positioned to provide pre-and post-sales support with our team of experienced product specialists.

EMT Distribution is focused on IT Security Solution and is also committed to selling through it’s channel partners enabling distribution through a large reseller base. Whether you are an end user, reseller, service provider or technology vendor, get in touch with us today to find out how we can address your technology or business requirements. Dedicated Technical Support

EMT Distribution has a strong and dedicated technical support team. With technical support teams located within Australia, Dubai, Vienna, London, Austria and the Philippines we have the ability to offer support outside the standard business hours. What this means for our customers and channel partners is a quality of service you can depend on.

I have a really good team at EMT, locally here Fawad Laiq who is my right hand, and Dan a Security guru in Australia. With their help we are helping many customers. Saying that, Dan is working in a great project with many other engineers, and here is a small hint Bing, Google “ Air Lock Digital” Beside our internal team, we work with partners as well. I need to mention DIFOSE here, Sukru Durmaz who is a Forensics’ expert who helps us when needed too.

What are the objectives and plans for EMT in 2015 ?

We are focused on distributing IT Security solutions and also supporting our customers on their IT Security needs. It’s my job to work with our Product managers very closely to distribute
only products they are useful in real life without looking in to profit margin. I do travel the world and talk about Latest Cyber Security attacks and help anybody who is listening to me / us to learn how they can stop or minimise the damage in of an attack

I am also working on launching new training via EMT Academy, which we are going to deliver only very high end customized Security training without any “junk”, only the stuff what you need to stop Cyber Crime or how you can recover and go back more secure with minimal effect, So keep an eye in our web site

What is interesting about Security? And what is the biggest problem with the public’s perception of security?

I think we should ask what is not interesting about Security  Security is such a broad topic, with a huge scope, which makes our job harder to create defensive practices. When it comes to public, they believe hacking is rocket science and it’s easy to defend against specifically via blocking everything, of course this is not the real life case…

The biggest issue in Security is “Education” in my eyes. It’s really very hard to educate people. We love to get paid staff for free, we love to click on any attachments we receive (of course end users), we hate to dedicate some budget to IT Security and as a result we hope not to get hacked. Of course this is only one of many attack vectors, but it’s also the easiest way to hack, as there is no patch for human stupidity.

One more note, neither hacking nor protection against hackers is rocket science. Hackers are good Human Engineers who uses the computer very well. They know the human behaviour and they use their skills to create applications (malware) based on publics weakness. (Vulnerability)

What kinds of things do you do in your daily life to protect yourself?

There is a really basic recipe. BE AWARE! Patch your computer, use a good anti-virus and firewall, adopt the modern threat environment and keep in mind there is nothing for FREE or for really very unusual price. It comes all back to my first point, if you are aware, you will watch out for danger and you will take the necessary steps to protect yourself.

How can you see the Future of Security industry in The Middle East?

As I mentioned my thoughts in E – Crime Congress few weeks ago, The Middle East is already under targeted attacks. The very recently Falcon Desert report from Kaspersky Lab’s or Microsoft SIR reports are showing it very clearly. Also if we check the Secunia Vulnerability report it’s also very clear that anybody in the region is in High risk.

As we still don’t have the regulations here which is in available I USA or other countries, we are not getting aware of hacked companies, also the Security teams here are afraid to lose their jobs if the attacks get published. Which makes things harder to figure out, but again I met very talented Security Professionals which they are aware of what is going on around them and I believe we need to build a strong community to protect our self’s against Cyber Criminals

You are also lecturer at Charles Sturt University, what is the difference between working in a company like EMT and working as a lecturer?

Academic world is always different to real world. But I can happily tell that I usually teach my students my experiences which I gained in real world. Most my
examples are given from what I have faced at the companies that I worked.

Please don’t get me wrong, when I say academic world is different, I can proudly tell I learned a lot as a student via IT Masters at Charles Sturt University (CSU), and now as Staff member at CSU I am trying to be better than my own lectures, my motto was always “Learn with Joy” now I am trying to lecture or more importantly share my knowledge with joy.

If you were asked for a few tips, what are the main recommendations to mitigate an incident?

The first step is to have a trained staff member, who has an Incident and Response architecture ready. I would highly recommend everyone to have a proper documentation in case things go wrong. Then:
– Ensure safety first.

– Keeping forensics in mind try to keep the hacker out of your network ( via cutting the access, unless life forensics is required)
– Securely create evidence
– Make sure to learn for the incidence and deploy some standards to minimize the attack surface

The best tip will be, do your best to not get hacked 

Can you tell us about your team? What activities they do and what are needed to join a security team in EMT ?

EMT Holding is a very big group operating worldwide. We have many different businesses operating independently. I work closely with our Distribution group. We only distribute Select IT Security products. Of course, we help our customers from A to Z in terms of IT Security. To join EMT group, you need to be highly skilled in your expertise area, could be sale, presales or CyberSecurity. If you are really good at what you are doing feel free to reach us out. Of course, it’s not

What is the different between working in a company like Microsoft and EMT ? (challenges you face, type of threats, risks,..etc)

Big companies are always targets. They take attention of everyone. From a script kiddie to a black hat hacker. Even being part of a University, we get so many scans, so many spams, so many target attacks. But working for a big companies has also a benefit, the benefit of working with good professionals. We all know, its very hard to stop a hacker, and we are really working hard to make their job harder

 

What are you doing in your spare times? Spare time?

Sorry, I don’t know the meaning of this word.:) I try to keep up with my knowledge, I try to read as much as I can, in the meantime I am trying to complete my theses to complete my Ph.D. I travel really a lot, from a conference to a customer meeting, in the time between I am trying to spend some time with my kids, Love to spend some time on our XBOX one. Listen to music, and read, but this time literature, novels…