In the mid-1990s, as the digital revolution began to take hold, an E4 airman, Christopher Hills, in the Navy discovered the transformative power of technology. Amid the structured chaos of military life, he took on the additional duty of NT administrator for his local department, captivated by the burgeoning field of computers.
Colleagues were leveraging Navy-funded programs to earn MCSE certifications. This credential allowed them to transition from military service into lucrative civilian careers with salaries ranging from $70,000 to $80,000 annually.
Inspired by this opportunity, he immersed himself in computer studies, fuelled by a growing passion that hinted at a promising future.
The trajectory of his life was abruptly altered by the terrorist attacks of 9/11. The intensified demands of military service forced him to temporarily set aside his studies as his days stretched into gruelling 18-hour shifts.
However, a neighbour’s advice rekindled his academic ambitions upon completing his service. She stressed that resuming his education could be a decision he would look back on with pride in three to five years rather than regret.
Spurred on by this advice, he re-enrolled in school, progressing from a diploma program to a full degree. After graduating with honours and as the valedictorian, he embarked on a career encompassing tech support, consulting, and cybersecurity. His professional journey included significant roles at Charles Schwab and the Arizona Department of Health Services, each position a testament to his unwavering dedication and the ever-evolving nature of information technology.
Initially, his transition to civilian life began with a role in tech support at SBC Yahoo DSL, a common entry point for many IT professionals. This position led to several opportunities, including a contract at Charles Schwab during tax season. However, this short-term contract highlighted his efficiency and technical prowess, extending his tenure.
Seeking stability as a single parent, he joined the Arizona Department of Health Services, where he worked on the bioterrorism program and the MedSis system—a project funded post-9/11 to interconnect states for bioterrorism response. This role provided invaluable experience and opened doors to consulting gigs with various state agencies.
The financial crisis of 2007-2008 brought new challenges, drastically reducing consulting opportunities. Adaptability led him to various roles, from sysadmin at the US Census to IT generalist positions at small businesses. Eventually, he returned to Charles Schwab as an Active Directory engineer. He was tasked with maturing their Privileged Access Management (PAM) solution, a responsibility that spanned nearly nine years.
His expertise in PAM grew significantly during this period, evolving from simple password management for UNIX and Linux root accounts to comprehensive credential and session management. The role required him to navigate the end-of-life transition of legacy PAM systems, leading him to BeyondTrust, where modern solutions offered robust security and efficiency. Today, Christopher Hills is the Chief Security Strategist at BeyondTrust.
This journey from Navy airman to cybersecurity expert illustrates a path marked by adaptability, continuous learning, and a deep-seated passion for technology. His story underscores the importance of seizing opportunities and evolving with the ever-changing information technology landscape.
In a conversation with edge/he talks about the importance of PAM in today’s security landscape.
How have you seen PAM (Privileged Access Management) evolve? What was it like in legacy systems, and how has it changed?
PAM was primarily about password management for UNIX and Linux root accounts in its early days. For example, we initially implemented PAM at Charles Schwab to manage and rotate passwords for these root accounts.
This was during the era of EDMC, which later transitioned to TPM. The primary goal was to secure root accounts and prevent unauthorised access.
As the threat landscape evolved, so did PAM. We began to see the necessity for broader capabilities beyond just password management. Critical for various applications and systems, service accounts also needed secure management. This led to the integration of service account management into PAM.
One of the significant challenges with legacy PAM systems was session management. Early methods were often insecure and cumbersome. For instance, older PAM solutions used VNC and Java for session management, which were inefficient and posed security risks. Administrators had to navigate these clunky systems, which didn’t provide the robust security needed for critical assets like domain controllers.
How does the identity crisis affect organisations, and what role does PAM play in this?
The identity crisis is a significant challenge for organisations today, driven by the proliferation of digital identities across various platforms and services. In a typical organisation, identities are spread across on-premises Active Directory, cloud services, SaaS applications, and more. This fragmentation creates visibility and control issues, making managing and securing these identities difficult.
PAM addresses the identity crisis by providing a centralised framework for managing privileged identities. It ensures that all privileged accounts are securely vaulted, monitored, and audited. PAM solutions help organisations enforce the principle of least privilege, granting users only the access they need to perform their tasks and nothing more.
One of the primary issues in the identity crisis is the lack of visibility across disparate identity providers. For instance, an organisation might use Azure AD for cloud services, Okta for identity management, and on-premises AD for internal applications. Each system provides visibility, but there is often no single pane of glass to view and manage all identities collectively. This siloed approach can lead to overprivileged accounts, misconfigurations, and security gaps.
Effective PAM solutions bridge this gap by integrating with various identity providers and consolidating identity management under one roof. This integration provides a holistic view of all privileged accounts, regardless of where they reside.
PAM tools can identify overprivileged accounts, detect unusual access patterns, and enforce consistent security policies across the IT environment.
Moreover, PAM solutions facilitate regular access reviews and audits, ensuring that privileges are continuously aligned with users’ roles and responsibilities. Automated workflows can prompt managers to review and approve access requests, reducing the risk of privilege creep and unauthorised access.
The role of PAM becomes even more critical in the context of digital transformation and cloud adoption. As organisations move to the cloud and adopt a hybrid IT environment, the number of identities and access points increases exponentially.
PAM provides the necessary controls to secure these identities, ensuring that only authorised users can access critical resources.
What are some common security pitfalls individuals and organisations fall into?
Security pitfalls are numerous and varied, often stemming from human error and complacency. One of the most common pitfalls is password reuse. Many individuals use the same passwords across multiple accounts, including personal and work-related ones. This practice significantly increases the risk of a breach, as a compromised password on one platform can give attackers access to other accounts.
Another frequent issue is the failure to keep personal and work accounts separate. Using the same email or password for personal and professional purposes can lead to security vulnerabilities. If an individual account is compromised, it can provide a gateway to sensitive business information.
Outdated and unpatched systems also pose a significant risk. Despite the availability of security patches and updates, many organisations delay or neglect applying them, leaving systems vulnerable to known exploits. This is particularly problematic in industries that rely on legacy systems, which may not receive regular updates.
Additionally, the convenience of saving passwords in browsers or using weak passwords is a standard security flaw. While these practices make it easier for users to log in, they also create opportunities for attackers if the browser or device is compromised.
Organisations should focus on comprehensive security strategies to mitigate these risks.
This includes enforcing strong password policies, implementing multifactor authentication (MFA), and regularly updating and patching systems. User education is also crucial, as employees must know best practices and the potential consequences of security lapses.
How do you see the role of AI in enhancing cybersecurity and privileged access management?
AI has the potential to revolutionise cybersecurity and privileged access management (PAM) by providing advanced analytics, automation, and real-time threat detection. One of the most significant benefits of AI in cybersecurity is its ability to analyse vast amounts of data quickly and accurately, identifying patterns and anomalies that might indicate a security threat.
In the context of PAM, AI can enhance security by continuously monitoring privileged accounts and detecting unusual behaviours. For example, suppose an administrative account suddenly accesses a high-value asset at an extraordinary time or from an unfamiliar location. In that case, AI can flag this activity in real-time, trigger an alert, or even automatically lock the account pending further investigation.
AI can also help automate routine PAM tasks, such as managing access reviews and identifying overprivileged accounts. This reduces the administrative burden on IT teams and ensures that privileges are regularly reviewed and updated based on users’ roles and responsibilities.
AI can also provide deeper insights into user behaviour, helping organisations understand how privileged accounts are used and where potential risks might lie. This can inform more effective security policies and practices, ensuring that privileged access is tightly controlled and monitored.
One innovative idea is to use AI to manage the privileges of AI itself. For instance, organisations could stamp identities with the privilege of using AI in a read-only format versus a teaching format.
This means that only privileged users can input data that AI learns from, while other users can utilise AI without contributing to its learning process. This approach ensures that AI evolves based on high-quality, vetted data inputs.
Integrating AI with PAM can provide more proactive and intelligent security measures, improving visibility, control, and response times. As AI continues to evolve, its role in enhancing cybersecurity and PAM will become increasingly important, helping organisations stay ahead of emerging threats and vulnerabilities.
What challenges do organisations face in managing identities in a cloud-based environment?
Managing identities in a cloud-based environment presents several challenges, primarily due to IT systems’ increased complexity and fragmentation. As organisations adopt multiple cloud services and SaaS applications, the number of identities and access points grows exponentially, making it difficult to maintain consistent security policies and control.
One of the biggest challenges is the lack of centralised visibility and control over identities. In a typical cloud environment, identities are spread across various platforms like AWS, Azure, Google Cloud, and numerous SaaS applications.
Each platform may have its identity management system, leading to siloed visibility and inconsistent security practices.
Another challenge is managing permissions and ensuring the principle of least privilege. In a fragmented environment, it is easy for users to accumulate excessive permissions over time, increasing the risk of a security breach. Regularly auditing and updating these permissions can be daunting without the right tools and processes.
Moreover, cloud environments often require integration with on-premises systems, creating additional complexity. Ensuring secure and seamless integration between cloud and on-premises identity management systems is crucial for maintaining a unified security posture.
To address these challenges, organisations need comprehensive identity and access management (IAM) solutions that can integrate with multiple cloud platforms and provide a centralised view of all identities. These solutions should offer advanced features like automated access reviews, real-time monitoring, and anomaly detection to ensure permissions are adequately managed and potential threats are quickly identified.
In addition to technical solutions, organisations should implement robust policies and procedures for managing identities in the cloud.
This includes regular employee training on best practices, periodic audits of access rights, and clear protocols for granting and revoking access.
How can organisations improve their identity and access management to prevent breaches?
Improving identity and access management (IAM) is crucial for preventing breaches and ensuring the security of sensitive information. Organisations can take several steps to enhance their IAM practices and reduce the risk of unauthorised access.
Firstly, implementing robust IAM solutions is essential. These solutions should provide comprehensive features such as automated access reviews, real-time monitoring, and anomaly detection. By integrating with various identity providers and consolidating identity management under one platform, organisations can gain better visibility and control over all identities.
Secondly, enforcing the principle of least privilege is critical. This means granting users only the access they need to perform their tasks and nothing more. Regular access reviews and audits can help ensure that permissions are aligned with users’ roles and responsibilities, reducing the risk of privilege creep and unauthorised access.
Thirdly, multi-factor authentication (MFA) should be implemented across all critical systems and applications. MFA adds an extra layer of security by requiring users to provide additional verification, such as a code sent to their mobile device, in addition to their password. This makes it much more difficult for attackers to gain access, even if they have obtained a user’s password.
User education is also crucial. Employees should be trained on best practices for password management, recognising phishing attempts, and other security measures. Regular training sessions can help ensure that employees know the latest threats and how to protect themselves and the organisation.
Additionally, organisations should implement strong password policies, requiring users to create and change complex passwords regularly. Password managers can help users manage their passwords securely, reducing the temptation to reuse passwords across multiple accounts.
Lastly, continuous monitoring and auditing are essential for maintaining a secure IAM environment. Organisations should regularly review access logs, monitor for unusual activity, and conduct periodic audits of all identities and permissions. This helps identify potential threats and vulnerabilities before they can be exploited.
What is the future of PAM, especially with the integration of AI?
The future of PAM is intrinsically linked with AI, and this integration promises to revolutionise how we manage privileged access. AI can provide unprecedented insights into user behaviour, detect anomalies, and automate responses to potential security threats.
Imagine a system where AI continuously monitors privileged accounts, identifying unusual patterns that could indicate a breach. For instance, if an administrative account suddenly accesses a high-value asset at an extraordinary time or from an unfamiliar location, AI can flag this activity in real time, trigger an alert, or even automatically lock the account pending further investigation.
One innovative idea is to use AI to differentiate between users who can contribute data that AI learns from and those whose inputs remain read-only. This could be particularly useful in environments where sensitive data is involved. For example, developers or engineers might be privileged to train AI systems with new data, while other users might only utilise AI without contributing to its
learning process.
This approach ensures that AI evolves based on high-quality, vetted data inputs.
Furthermore, AI can enhance the efficiency of PAM by automating routine tasks. It can help identify overprivileged accounts, flagging those with more access than necessary. AI can also assist in managing access reviews, ensuring that only the right individuals maintain their privileges. This reduces the administrative burden and improves the overall security posture.
AI’s role in cybersecurity is already showing promising results. Reports indicate that organisations leveraging AI can detect and contain breaches significantly faster than those relying solely on traditional methods. For instance, AI can reduce the average time to detect and contain a breach from 277 days to around 108 days. This substantial reduction in response time can prevent potential damages and save millions of dollars.
What advice would you give to organisations looking to enhance their cybersecurity measures?
Enhancing cybersecurity measures requires a comprehensive and proactive approach. Here are several critical pieces of advice for organisations looking to improve their cybersecurity posture:
- Conduct a comprehensive assessment: Start by thoroughly assessing your current security posture. Identify any gaps or vulnerabilities in your systems, processes, and policies. This will help you prioritise areas that need immediate attention.
- Implement advanced security solutions: Invest in modern security solutions, such as PAM, IAM, and AI-driven analytics. These tools provide advanced features like automated threat detection, real-time monitoring, and anomaly detection, helping you stay ahead of potential threats.
- Enforce strong authentication methods: Implement multi-factor authentication (MFA) across all critical systems and applications. MFA adds an extra layer of security, making it more difficult for attackers to gain access even if they have obtained a user’s password.
- Regularly update and patch systems: Ensure that all systems and applications are regularly updated and patched. This helps protect against known vulnerabilities and exploits. Establish a routine for promptly applying updates and patches.
- Educate employees: Conduct regular training sessions to educate employees on security best practices, such as recognising phishing attempts, creating strong passwords, and safeguarding sensitive information. User awareness is a critical component of a strong security posture.
- Implement robust password policies: Enforce strong passwords, requiring users to create and change complex passwords regularly. Encourage password managers to manage passwords and securely reduce password reuse risk.
- Monitor and Audit Continuously: Monitor access logs, network traffic, and user activity to detect unusual behaviour. Conduct regular audits of all identities, permissions, and security policies to ensure they are up to date and aligned with current best practices.
- Establish Incident Response Plans: Develop and maintain incident response plans to quickly and effectively respond to security incidents. Conduct regular drills and simulations to prepare your team to handle real-world threats.
- Foster a Culture of Security: Promote a security culture within the organisation, where everyone understands their role in protecting sensitive information. Encourage employees to report suspicious activity and provide feedback on security practices.
Keep updated with the latest cybersecurity trends, threats, and best practices. Attend industry conferences, participate in training programs, and engage with the cybersecurity community to stay informed and prepared for emerging challenges.
By taking these steps, organisations can significantly enhance their cybersecurity measures, reducing the risk of breaches and protecting their sensitive information from potential threats.
