An Interview with Rick Holland and Eric Foster

Recently we were excited to welcome Rick Holland, CISO and Vice President of Strategy from Digital Shadows, to sit down with our own Eric Foster, COO of CYDERES to discuss a wide range of topics across the landscape of cybersecurity.

Check out their fascinating discussion around:

  • Blue team as a service
  • Digital risk protection
  • The current state of SIEM
  • Dealing with account takeover
  • Going from an analyst to a defender
  • The genesis of most phishing attacks
  • The future of information security 
  • The best BBQ in the country … and much more.

Chronicle's revolutionary platform, powered by core Google infrastructure

Have you heard about Chronicle?

Born from X, Google’s “moonshot factory” intent on solving the world’s most intractable problems, Chronicle is a new company within Alphabet (Google’s parent company). Like Fishtech Group, Chronicle is dedicated to helping companies find and stop cyber attacks.

Giving good the advantage

Chronicle (which is architected over a private layer built on core Google infrastructure) brings unmatched speed and scalability to analyzing massive amounts of security telemetry. As a cloud service, it requires zero customer hardware, maintenance, tuning, or ongoing management. Built for a world that thinks in petabytes, Chronicle can support security analytics against the largest customer networks with ease.

Customers upload their security telemetry to a private instance within the Chronicle cloud platform, where it is automatically correlated to known threats based on proprietary and third-party signals embedded in each customer’s private dashboard.

How Chronicle protects your telemetry data

Chronicle has implemented several layers to prevent sharing your telemetry data with third parties. Each customer has its own Individual Privacy Agreement that forbids data sharing of any kind including with Google – who themselves are unable to access your Telemetry data.

Storage on Google’s core infrastructure
Chronicle inherits compute and storage capabilities as well the security design and capabilities of Google’s core infrastructure. The solution has its own cryptographic credentials for secure communication among those core components. Source code is stored centrally and kept secure and auditable. The infrastructure provides a variety of isolation techniques (firewalls, etc.) that protect Chronicle from other services running on the same machines.

The Chronicle services are restricted and can be accessed only by specific users or services. An identity management workflow system ensures that access rights are controlled and audited effectively.

Each customer’s Chronicle telemetry is kept private and encrypted. The core infrastructure operates a central key management service that supports automatic key rotation and provides extensive audit logs.

Chronicle is giving good the advantage. Fishtech Group is helping to deliver.

Solving for X: Fixing the Cybersecurity Pipeline #3

Part 3 of a series

By 2021, experts predict we’ll see 3.5 million open cybersecurity positions worldwide, with at least 500,000 of those unfilled jobs in the U.S. alone. That’s more than triple the shortfall that existed just two years ago. Meanwhile, cyber-attacks are growing in scale and impact.

What’s an industry to do? Clearly, fixing the cybersecurity pipeline is imperative, and it won’t be a simple fix.

The problem is not merely a talent shortage. There are plenty of people interested in a cybersecurity career. And while companies need people who can be effective immediately, they may not require traditional, let alone advanced, degrees.

So how did our analysts and developers get started? What would they tell a friend interested in a cybersecurity career? Here’s what they said in their own words. (Identities retracted to protect the very busy.)

Find what interests you.

“Half of the time the person is really asking “how do I become a hacker/pen-tester?” without realizing how broad cybersecurity is. So, my first advice to anyone is to research the different domains in cybersecurity and pick a few that seem interesting. Find your passion in this awesome domain chart.”

Get experience!

“When I was mentoring college interns, I’d tell them the degree doesn’t mean anything to me without actual practical experience. Get the experience however you can whether it’s through an internship or just personal education. Two of my best hires came from completely different worlds: one was just out of the Army with a networking background and the other had just completed his Masters. Both had ‘the hunger’ and were always searching for the Why. ‘Why did this alert fire? Why did this desktop communicate to a malicious site? How did it happen? Who else could be impacted?”

Get involved!

“Find local security and security-related groups where you can both network and learn. Many are free and are great opportunities to meet people at all different levels and career paths in the industry.”

Learn a language!

“If you don’t have any experience as a developer, you need to get some. Learn a language or two. Python is popular, but even learning Powershell can be helpful. Knowing .NET, Java, Elixer, or any other language that is used for web applications is extremely helpful if you’re looking to get into penetration testing.”

Get the basic concepts!

“Gain at least a basic understanding of networking concepts. You don’t need to be a CCIE, but understanding routing and switching concepts, network segmentation, traditional networking tiers/layers, and what should go where from both a network and security solution perspective (e.g. IDS/IPS placement) are conversations that our engineers and architects have on a daily basis.  Most organizations have separate application development and network engineering roles/teams, and you need to be able to communicate with both of them.”

Read up on Cloud and DevOps!

“Understand what Cloud and DevOps are — they’re being embraced by more and more organizations, large and small. As with networking and application development, you need a good grasp on what these concepts are, how they differ from traditional data center and waterfall development models, respectively, and how to interweave security controls into those concepts.”

Toastmasters anyone?

“The ability to write and speak in front of others are soft skills that are not always emphasized but are very important. At some point, you’ll need to write a policy, procedure, process, or report of some type, and it can’t look like a fifth grader put it together. Similarly, be able to effectively present and communicate your ideas in front of people, whether it’s a group of peers, a customer, or your executive board.”

Dig in!

“Experience is, first and foremost, the most important factor to getting hired, but even if you’re experience is limited to a lab environment, a class in school, or what you put together at home, it’s still experience. There are plenty of free solutions out there than can be installed virtually on a laptop to at least gain an understanding of how something like a firewall, SIEM, or IPS works.  You can also download many free toolkits for pen testing and vulnerability scanning, and then test them locally on a VM to see how they work.”

Fishtech Cracks New Code for Success in Martin City

Recently the generous folks over at Martin City CID sat down with us to talk about what we do, our history (and that of our founder, Gary Fish) and our vision for building up our community in South Kansas City.

Click through to read this snapshot into who we are and what we’re passionate about!

What’s new with Gary Fish: KC Business Journal

Has it been a year already? Gary Fish recently talked with the Kansas City Business Journal about the news at Fishtech Group. And there was a lot to catch up on: hiring a new CISO most recently with Walmart, opening the Cyber Defense Center, and announcing a once-in-a-lifetime partnership that is driving serious growth.

“We’ve just seen an enormous uptick in opportunities since we started working with Chronicle,” Fish said of the Alphabet subsidiary.

CYDERES, Fishtech’s Security-as-a-Service division, has been tapped as one of Chronicle’s initial partners worldwide trained and licensed to deliver managed detection and response services for its new Backstory platform. This partnership enables Fishtech to offer its clients unmatched capabilities for threat hunting, incident investigation, and ultimately detection and response.

From the KC Business Journal:
The Kansas City cybersecurity services provider and tech accelerator is one of only four companies Google Chronicle tapped as initial partners to be trained and licensed to deliver managed detection and response services for their new Chronicle security telemetry platform.

Fishtech also is integrating Chronicle’s technology into its Enterprise Managed Detection and Response platform, making it a “game-changer” in how Fishtech can deliver those services to clients. Chronicle’s platform makes it cheaper to store vast amounts of security data, and it offers a robust search engine that can help companies such as Fishtech quickly and easily search the data for potential security threats. That’s key because time is of the essence in those situations, he said.

“We’re really excited to be on the ground floor with these guys,” Fish said. “It’s a big boost to our business.”

A year ago, Fishtech launched a Cyber Defense and Response (CYDERES) security-as-a-service division, which saw revenue rise 431 percent during this year’s first quarter, Fish said. Overall company growth during the same quarter was 198 percent. Fish expects to end 2019 with overall revenue between $130 million and $150 million.

Fishtech’s growth is bolstered by a hot cybersecurity market, its push for top-notch hires, and the team’s past experience and industry reputation. It allows Fishtech to immediately build trust with prospective clients, Fish said.

READ the entire article. (Subscription required.)

In April 2019, Gary Fish was named to the KCBJ’s Power 100 in the Entrepreneur category for the fifth year in a row.

From the KC Business Journal:

“Gary Fish appreciates challenges. How else do you explain someone who has been driven for years to build businesses in the ever-changing tech security field? Fish already had built — and sold — FishNet Security and FireMon by the time he founded Fishtech Group.”

See the Power 100. (Subscription required.)

Fishtech and Chronicle, Changing Cybersecurity for Good

CYDERES, Fishtech Group’s Security-as-a-Service division, has been tapped as one of Google Cloud Security’s initial partners worldwide trained and licensed to deliver managed detection and response services for its new Chronicle platform. This partnership offers clients unmatched capabilities for threat hunting, incident investigation, and ultimately detection and response.

What is Backstory?
Announced during this week’s RSA conference, Chronicle is a global platform designed to help enterprise customers analyze the massive amounts of security telemetry they generate every year. Chronicle is an Alphabet business dedicated to cybersecurity that has been in stealth mode since February 2016.

“Together, CYDERES and Chronicle provide clients with unmatched capabilities for threat hunting and incident investigation,” said Eric Foster, COO of Fishtech’s CYDERES.

“Our customers can access this new platform in one of two ways. First, CYDERES can overlay our award-winning incident response and investigation capabilities to a customer’s own use of Chronicle, or overlaid plus the Chronicle platform delivered as a fully managed service.

“Second, Chronicle plugs directly and complementarily as a component of the CYDERES Cyber Defense Platform, along with leading detection technology like Perch Security for network traffic analysis and Thinkst Canaries for deception.  Chronicle plus the CYDERES Cyber Defense Platform takes our managed detection and response service to the next level – letting CYDERES analyze and act on the massive amounts of security telemetry our enterprise customers generate every year. The Chronicle platform yields a much bigger window – a full year of data that’s searchable in realtime delivered in a solution that’s exceptionally cost-effective.”

What makes CYDERES unique?
is a human-led, machine-driven Security-as-a-Service solution including Managed Detection and Response. Powered by Fishtech’s purpose-built, proprietary, cloud platform, CYDERES supplies organizations with people, process, and technology “as a Service” to manage risks, detect threats, and respond to security incidents in real-time.

“Like Chronicle, CYDERES was built to address systemic industry challenges, including a lack of skilled security resources, a shortcoming of cohesion between point products, and escalating security breaches,” said Fishtech CEO and Founder Gary Fish. “We’re honored and excited to begin immediately.”

“We enable security teams to focus on delivering value to the business instead of chasing events,” said Foster. “Partnering with Chronicle furthers our mission of making the internet safer for everyone and enabling organizations to fulfill their mission.”

Solving for X: Fixing the Cybersecurity Pipeline #2

Part 2 of a series

By 2021, experts predict we’ll see 3.5 million open cybersecurity positions worldwide, with at least 500,000 of those unfilled jobs in the U.S. alone. That’s more than triple the shortfall that existed just two years ago. Meanwhile cyber-attacks are growing in scale and impact.

What’s an industry to do? Clearly, fixing the cybersecurity pipeline is an imperative, and it won’t be a simple fix.

Today’s talent shortage is similar to the run-up to 2000 with the dot-com bubble, says Eric Foster, COO of CYDERES, the Security-as-a-Service division of Fishtech Group. Then, most colleges couldn’t keep up with workforce demand for programmers, and many IT degrees didn’t have the right technologies or skills.

Today, while schools such as Carnegie Mellon and Stanford offer exceptional cybersecurity programs, programs more broadly are missing the mark, he said.

“IT, and especially cybersecurity, tend to move fast, and you can’t set a curriculum on specific technologies and have that be good for four, five, let alone 10 years,” he said. “We are finding a lot of times what [graduates] are learning in those cybersecurity programs may or may not be relevant to the current, real world cybersecurity.”

To bridge the gap and cultivate the next generation of IT talent, Fishtech and others are exploring an old school idea: formalized apprenticeships.

Read the complete article here.

Fishtech Hires Fortune 1 CISO and establishes Fishtech Group Innovation Center

Former WalMart CISO will lead cybersecurity tech and talent center in NW Arkansas

Kansas City, MO (Feb. 13, 2019) — Fishtech Group, a next-generation leader in cybersecurity, announces it has hired Kerry Kilker to serve as Executive Vice President and Chief Information Security Officer. Most recently, Kilker was Senior VP and CISO for Walmart Technology, where he established and operated a world-class cybersecurity program for the world’s largest retail organization.

At Fishtech, Kilker will be responsible for driving internal and customer-facing initiatives related to security, governance, and compliance. Additionally, he will run and oversee a newly created Fishtech Group Innovation Center in Northwest Arkansas.

“I am excited to join the nationally recognized Fishtech team with its history of building large, fast-growth companies in the cybersecurity space,” says Kilker. “Being part of such an entrepreneurial team is a career high, and I’m especially pleased with this opportunity to bring leading edge cybersecurity resources to the Northwest Arkansas region.”

“Kerry is an icon in our space,” says Gary Fish, CEO and Founder of Fishtech Group. “Having worked at the ‘Fortune 1’ for 30-plus years, Kerry brings a wealth of knowledge from his viewpoint of customer wants and needs. His hard-won perspective will help tailor our service and technology offerings to serve today’s heavily burdened CISOs. With Kerry’s guidance, we expect to accelerate Fishtech’s triple digit growth trajectory in the years to come.”

The Fishtech Group Innovation Center will bring cybersecurity training, technology, and resources to Northwest Arkansas. The center is designed to bridge the resource and talent gap in high growth areas of the country – a gap that is often overlooked yet increasingly critical to enterprise success. In collaboration with local corporations, communities, and municipalities, Fishtech will bring much needed cybersecurity talent and attention to these smaller cities featuring concentrations of high-growth companies with growing cybersecurity needs.

About Fishtech Group

Fishtech is a data-driven cybersecurity services provider for any computing platform. We identify gaps and solutions to help organizations minimize risk, maintain compliance, and increase efficiency. Based in Kansas City, Fishtech is the flagship entity of Fishtech Group, which includes the Security-as-a-Service division CYDERES, and the security analytics firm Haystax of McLean, VA. Fishtech venture partners include Perch Security of Tampa, FL, and Foresite of Overland Park, KS. Visit or contact us at


Solving for X: Fixing the Cybersecurity Pipeline

Part 1 of a series

You’ve seen the startling numbers. By 2021, experts predict we’ll see 3.5 million open cybersecurity positions worldwide, with at least 500,000 of those unfilled jobs in the U.S. alone. That’s more than triple the shortfall that existed just two years ago.

Meanwhile cyber-attacks are growing in scale and impact.

What’s an industry to do? Clearly, fixing the cybersecurity pipeline is an imperative, and it won’t be a simple fix.

In this blog series, we’ll examine this multifaceted issue from several angles: internships and training, making a great (and sometimes unconventional) hire, and how to even get your start in the industry.

But first, the perspective of Gary Fish, a seasoned industry veteran who sees a unique solution: partnerships with full-service cybersecurity providers.

“Whether you’re responsible for managing IT security at a large multinational corporation with facilities spread across the globe or at a startup in Boulder or Beaufort, chances are your cyber defenses don’t measure up to the high standards you set when you took the job.

“I would also bet that the biggest single reason is an inability to hire enough personnel with the skills and experience necessary to mitigate your worst cyber threats. And even if you have beat the odds and assembled your cyber dream team, try retaining them when another company comes along tomorrow promising larger paychecks or more authority.”

Read Gary’s complete post here.

Ready to Move to the Cloud? Best Practices for Move & Maturity

Eric Ullmann, Director of Enterprise Architecture

At some point, most organizations realize that they are not in the business of IT. In order to return focus to their core business, be it airplanes or higher education or healthcare, the efficiencies and benefits of the public cloud make a ton of sense. But that doesn’t mean the C-suite always knows where to start. Here are a couple of questions to ask when moving to the cloud, or upgrading your AWS/Azure/GCP program.

Migration: How will you use the cloud?

In the cloud, everything becomes infrastructure as code. This can become challenging for organizations and requires a mindset change. Many organizations will take a lift and shift approach but this does not allow the organization to take full advantage of efficiencies that can be realized from the public cloud. In addition, security is now implied in everything we do. In order to remain secure in a cloud operating model, security teams must inject security controls into the CI/CD pipeline. Traditional approaches are no longer effective and applications need to be de-coupled to work effectively in a cloud model.

What does that mean? It means fully taking advantage of a cloud that offers elasticity and scalability for every use-case. Applications should be redesigned dynamically to be able to function differently, work differently, and react differently to everything that happens, and present it differently to the end user.

The problem with this whole scenario is every org sees the value-add of going to a public cloud or a hybrid (which is really a mixture of your private environment and your public cloud), but often don’t understand the available resources that, at best, are limiting their potential and, at worse, become a huge security liability. Every org sees the advantage of the cost savings, the faster go-to-market strategies, etc, but need to be careful how they formulate and execute their cloud strategy. (Example: GCP’s cloud technology itself is not new, it’s everything that Google used to build Search a decade ago, but now they’ve open-sourced it and given it to the community. Taking advantage of that intel offers huge potential!)

All of these tools are available, but how do we use them? And then how does security come into play?

Fishtech’s cloud enablement services might mean strategizing a full-blown migration — moving an org’s primary data center to a cloud approach. And using an advisory approach, we ask questions like:

  1. How are we going to get there? We have to get an understanding of what it’s going to look like from a security perspective.
  2. What controls need to be put in place?
  3. What does the migration strategy look like from an operational standpoint? While we don’t normally have our hands on the keyboard for this, we can if necessary.

Enablement: How do we mature a cloud program?

What happens when our client is already in the cloud? If an org has its primary data center and is already using resources in AWS or Azure, then we explore readiness or enablement. We say, “Hey let’s evaluate and figure out where you are and how you can take better advantage of security automation, Infrastructure as a code, and other Cloud benefits. Perhaps you are already doing well in these areas, but let us show you more.” Our advisors look at the entire infrastructure in real time and figure out how it’s being used to then develop a strategy to mature it.

Strategy: What are your ultimate business objectives?

Fishtech will look at governance, not merely in the traditional sense of compliance, but rather how do we actually govern inside that environment. We want to govern that environment so we can allow automation to occur without hindering any process.

We believe a core component of DevSecOps is that security is everyone’s responsibility. That means a security engineer no longer has to have their hands on the keyboard. A developer can actually do the same thing! Because of this new governance strategy, the security team will now have the process in place to build the framework, or guardrails, to enable the environment without hindering it.

During the build process, we test in run time. The developer builds an application and it goes through a testing period where we can ask — is X (scenario or result) happening? DevSecOps takes the same approach and throws security in there. We can automate the application security program, and if it fails, we have the processes in place to shoot it back. Everything is logged so the developer gets notified, is able to fix the problem, and it then goes out again. This process never stops; we just integrate everything into the process. This is the ultimate objective – to be able to continually iterate with security in mind every step of the way.

Next Steps: Where to Start

In summary, for organizations who want to move all their data or just an application or service to the cloud, understanding your business objectives will help you formulate a strategy on how you will use the cloud.

Becoming less popular is the idea of “lift and shift” where companies say “I want to just get up there first. I might just do DR (disaster recovery) up there, to learn the environment, and then I move everything over later.” Lift and shift is a common approach and a lot of companies do it. Cloud companies love it because there’s a lot of money heading their way, but in reality it’s never effective.

Why? Because orgs often fail moving over and not fail back correctly, and then have to redo everything all over again.

Every organization is different, with different objectives, goals, and outcomes desired.

It’s worthwhile to consider having a trusted cloud security expert assess your current state and draw up a plan to move to the cloud or upgrade your existing infrastructure while getting rid of excess, saving money, and optimizing business objectives.

Ready to move or upgrade your cloud? Take advantage of special year-end discounts and let our trusted advisors help secure your 2019 and beyond.