Exploring the Cyber Frontier: An In-Depth Conversation with Cybersecurity Expert Evgeniy Kharam

November 28, 2023

11 Mins Read

Digital reality intersects with the physical today! The role of cybersecurity professionals takes center stage.

Evgeniy Kharam, a Cybersecurity Architect, Evangelist, Consultant, Advisor, Podcaster, Visionary, Speaker, and an Awarded Dad, brings a wealth of experience and expertise to the table.

With a career spanning over two decades, he has witnessed the dynamic shifts and advancements in the world of cybersecurity.

He is not just an expert but also a storyteller, sharing insights and knowledge through various mediums, including podcasts and keynote presentations.

As the founder of EK Cyber and Media Consulting, he offers advisory services to both vendors and Managed Security Service Providers (MSSPs), covering essential areas like product development, market strategies, and board advisory services.

Mr. Kharam is not only a technical expert but also a thought leader who reads the minds of CTOs and CEOs through his podcasts to explore the inspirations behind their cybersecurity endeavors.

Hello, Mr. Kharam. How are you? We feel really excited to have you here and learn from you.

Q1: What inspired you to venture into podcasting, exploring the minds of cybersecurity leaders?

Mr. Kharam:

I started podcasting around four years ago before COVID-19 started, and my first podcast I started with a friend, Dimitri. Mainly because of my primary work as an architect. I saw that people customers buying solutions and not fully deploying them, what we call shelfware. I wanted to start a podcast that will help customers buy the correct solution that I will know they will be able to deploy. And will not stay on a shelf. We started the podcast called Security Architecture, where we basically created questions. On a particular theme or domain, we invited several vendors to answer the same questions. Later on, in 2022, I started my second podcast called Cyber Inspiration. From the idea to understand more. What is happening in the founder’s mind? Why did they want to start the company If there was a compelling event in their life, they saw a problem they wanted to solve, and my idea was to give a. Sneak a peek at the people behind these great ideas in cybersecurity. How easy or how hard it is to start a company. Understand how hard it is to hire people, create culture, deal with sales, and deal with tasks dealing with. personal challenges for example how to get back from a bad day and many many more

Q2: How have you seen the cybersecurity landscape evolve over your two-decade career?

Mr. Kharam:

At the beginning of my career in cybersecurity. We had, in a way, a much simpler life. From the beginning, I started to work for a while. Value-added reseller. During these days, there were fewer products, much fewer products and more easier to work with the customer, less documentation, and less complexity in how they buy. We can just send them an e-mail, kind of agree on the scope, and here we go. Right now we have hundreds of different products. There are a lot of different domains. Issues in procurement and how customers buy. There are definitely new challenges we see. Everybody wants better architecture and communications and integration and many other different things.

Q3: How do you see the importance of a layered defense strategy in cybersecurity?

Mr. Kharam:

A layered approach is definitely important in a way. We can go back to the old days when we had castles and there were different ways to protect the castle and the layered approach came from there. From a specific threat, we had a different way to defend it and we knew. There is a good chance that the first wall may be breached. So we’ll build several inside walls where we can go and people and still be protected. The same idea comes with cybersecurity. If the firewall cannot stop the attack, the endpoint may stop the attack if the endpoint cannot stack. the attack we will at least prevent the attack from spreading to all the other endpoints and the other locations in their company so there are many layers of cyber security and protections, and it’s definitely a very very long time we can talk about it

Q4: As a CISO, how do you approach overseeing corporate security and compliance frameworks, such as SOC 2?

Mr. Kharam:

Compliant, is tricky, and what I mean by this is if you just approach compliance to have a checkbox and be compliant, I don’t think you’re in the right approach. In some cases, compliance or pain is in the ****. But if you take the compliance and you improve the processes in your company and not just tick checkboxes, that in this case, you probably doing a very very good job because every compliance is built with logic and not just because it was built. so by doing this, you can improve your cybersecurity you can improve procedures in the company you can become more healthy and more resilient in the long run

Q5: What challenges and opportunities do you see in the intersection of cybersecurity and media?

Mr. Kharam:

Part of my work is consulting, and every consulting person or every company that is doing work needs to promote their work. So there is definitely a great opportunity to use media to promote my brand and my work. It’s also an amazing opportunity to listen to other people. And learn from other people that I need during my podcast and my interviews. It’s a way of networking these people as well. It’s a way to find friends, and I did find several good friends after we recorded an episode when I was invited to a podcast, or they were invited to match my podcast. So there is definitely a connection and there is definitely a synergy and I’m very grateful. I started on this journey.

Q6: Could you share your perspective on transforming the IT and cybersecurity industry with remote work? In your opinion, what are the most critical cybersecurity considerations for large enterprises today?

Mr. Kharam:

We started the change of remote work before. The pandemic was probably around 8 years ago when people got laptops when people got to travel more, but definitely, during the pandemic, it will hit the mainstream.

It will protect them all the time in the office when they travel. When their home went in the coffee shop it meant that we needed to understand what applications they were using, what devices they were using, what the best way to understand that the user is the user, and from where they connected. We definitely need to start. Using what we call zero trust and zero trust framework. And it’s not a product, it’s more of the idea. We can also call it in different ways, but because we’re working from anywhere, there’s really no way to create rules based on a network that we used to do in the past. We need to create rules. Based on identities and potentially, we want to layer the rules with including the laptops, including what’s installed on the laptop, and the identity itself. So many several steps need to be done to make sure users are secure and they can still do their work. Comfortably because we don’t want angry people who need to enter the password every 5 minutes or when they leave for coffee or to the washroom, the screen is locked right away. And many other different things. Now I’m not saying we don’t need to lock our screens. Don’t get me wrong, I myself lock my screen even when I leave the laptop, especially when I’m traveling. But when I’m home I am not.

Q7: How do companies assess the scalability of Secure Access Service Edge (SASE) enterprise architectures?

Mr. Kharam:

This is an interesting question because as the end user, it’s not your problem. Understand how it’s going to work on the back end. As an architect, as a person who designs how to secure people in the company, you definitely need to understand how sassy posse. The solution is going to scale. Are they going to scale for you in a particular region going to scale for you in all the regions where you are located that hint Hint you need to know where are you regions and where people are located need to understand the architecture of the solution. Is it done using traditional computers or software that moves to a cloud? Or is it designed to work in the cloud and it will scale vertically or horizontally and all this important stuff that is quite important to understand? The latency will be minimal the user experience is going to be good and people going to be happy with the way they work while we protecting their work. We’re not letting them download malicious files, we’re not letting them browse potentially dangerous websites, we’re not letting them. Upload documents that are protected to people we don’t want or even to themselves.

Q8: What unique insights would you share with us today from your day-to-day experiences guiding large enterprises through their cybersecurity journey?

Mr. Kharam:

The most unique part I see in large enterprises is the amount of product they’re using for cyber in AT and in many cases the miscommunication between different teams they have and in many cases. You can simplify the architecture. You can consolidate the license. You can make life easier in the enterprise by communicating better internally and also reviewing the license and the product you have internally.

Q9: How do you see the future of cybersecurity integration into customer environments? Would people value cyber security in the near future?

Mr. Kharam:

First of all, cybersecurity is not going anywhere. If in the past it was nice to have or kind of like a Duck tape approach, right now many companies already understand it must have. They will need to do it to work with the customers that we need to do it to make sure they can continue working. So it’s definitely here to say. We also see quite a big step of putting the security as part of starting a new product, so we have. What you call secure by design, we use secure development. Our developers learn how to develop securely, not to put keys or passports inside the code. We integrate and teach users how not to click on everything and many different things. Personally, I think the integration. Between the products will be the key, and we will see more integrated infrastructure and architecture for the customers.

Q10: What is the significance of understanding the distance to vendor Points of Presence (PoPs) in SASE architecture? Can you elaborate on the idea for common people?

Mr. Kharam:

The most important. To understand the point of presence is. Where are they located? One vendor may claim they have 200 different POP locations, but it’s not going to be significant for a customer if all the business is located only in one city like Toronto for example. But it’s definitely going to be more important if the customer has a very segregated. The environment between Canada, Toronto, India, Europe, China and you name it. There is also partly to understand how traffic travels from the user to the Internet. Depending on the solution, it may travel inside the vendor network or it may. Travel to the closest pop and go directly to the Internet. This all will impact latency and the user experience. I learned a lot about it. Also, we used to see it quite a lot in Europe where it was not so many pops in some cases you will go to Google in the UK and you will land on Google in France or Germany because the Pope was located there. So you will get a different language for example, instead of getting your local language. In most cases, you don’t see it anymore right now, but I still hear from case to case the problem with this.

Q11: Could you share a memorable experience from your military service in the Israeli Navy that has influenced your cybersecurity career?

Mr. Kharam:

When I was in the Israeli Navy, I learned a lot about IT, networks, Linux, Windows, how to make cables, and many different things. So for me, it was a preparation for cyber. I am a big believer that you need to know. The basics of Internet and networking and Oasis to become a good cybersecurity professional. Yes, there are certain cybersecurity professionals right now who are not technical, but because I’m a technical person, I think it’s important to understand the basics. I also learned. Quite a lot about protocols and services like DHCP DNS Active Directory and HTTP. That later on helped me to accelerate and become a very, very good troubleshooter as well. One part that I’m definitely grateful for the Navy is. The way to approach problems. As part of my work in the Navy, I needed to fix many different electronic devices and computers and it created a framework for me on how to approach problems and not jump from one point to another problem and more. Adapted in a serial matter to make sure the moment we’re done, we’re definitely going to find where the problem is.

There was a joke back in the Navy that the technician may not always understand what exactly the device can do, but were able to fix it. And the engineer was able to explain to you what the device does and how, but not able to fix it.

Q12: Performing in multi-roles is difficult. How do you balance your roles as an advisor, consultant, and cybersecurity expert in your consulting business?

Mr. Kharam:

I’m quite an active person. I also have twins, and if any of the people that are listening to us right now or reading this know which twins, it’s not easy and you sometimes forget about law, physics and you learn to multitask and it’s definitely helped me to be able to juggle many different things at work as well. I always prefer to have short different projects worth long different projects, so I’m relatively OK with switching between tasks. I am also quite passable on many different things and as part of my role in the Horejsi group for the last 15 years. When I was there I had the opportunity to do many different things and I learned how to become a technician in a different way, a consulting person, a product manager, and. Any other different things so I would be able to use these trades that I have picked up for the last 15 years right now when I’m doing my own work?

Q13: What advice would you give to aspiring entrepreneurs in the cybersecurity field?

Mr. Kharam:

It’s a good question. The main part is going to be bad days and good days, and sometimes it’s going to be more bad days. The best thing you can do for yourself to understand, I call it like a sinus. You know it’s going up and down. You need to understand when it is. Graph goes down and figure out what you can do to make yourself more cheerful. So this is one part, and whatever you do could be physical activity, meditation, or spending time with your family, kids, or friends. But this is more on the Internet entrepreneur side in the cyber security field is definitely understand that there is no way you will be able to learn and know everything and we will need to hire people. Or work with people who can help us with the parts we don’t know. As an entrepreneur in cybersecurity and in general, I am a big believer in soft skills and learning how to deal with people and probably this is the main part, understanding how to talk to people. Understand people that have different modalities and everybody is different and there is no way everyone that you see will be similar to you and it’s OK.

Q14: As a father and an outdoor enthusiast, how do you maintain a work-life balance in a demanding industry?

Mr. Kharam:

In your previous question, you were asking about how to. Become and learn to be an entrepreneur in cybersecurity. For me, outdoor IT is the part that. Keep me afloat, keep me happy and it’s something I like to do. And in a way, right now, because we work remotely, nothing is stopping me from having a laptop with me and still balancing the outdoors and work. Not always. It’s definitely possible, but I can answer emails and I can do some of the work or I can write a report. Creating new offerings for a customer. So for me, being outdoors and being active is definitely important, and it definitely makes me smile and definitely removes the tension I have at work this is my way to kind of balance work and my hobbies. The other part I often do is I’m trying to take my experience outdoors and the risk and the collaboration with other people. And reflected in my working cybersecurity.

Q15: If you could travel back in time and give your younger self one piece of advice, what would it be?

Mr. Kharam:

The biggest advice I will give to myself is to start public speaking.Much.Over here I did it right now. And tackle the power that it’s hard for me right now. Younger as well, but I also in a way understand that certain things are going to be hard for me to fix and I need strength. The part that I’m doing well and rely on other people to help me with the powers that it’s hard for me because it’s gonna be very, very hard to. kind of fix everything I think I need to fix and in some cases, it’s going to be much better value to string the part I know I can do better so definitely public speaking is the part that I will start much earlier to accelerate much earlier in this field

Marrium Akhtar

November 28, 2023

5 months ago

Marrium is a dedicated digital Marketer and an SEO enthusiast who is skilled in cracking SEO codes. Other than work, she loves to stream, eat, and repeat.

Have Your Say!!

Cookie	Duration	Description
__stripe_mid	1 year	This cookie is set by Stripe payment gateway. This cookie is used to enable payment on the website without storing any patment information on a server.
__stripe_sid	30 minutes	This cookie is set by Stripe payment gateway. This cookie is used to enable payment on the website without storing any patment information on a server.
Affiliate ID	3 months	Affiliate ID cookie
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
Data 1	3 months
Data 2	3 months	Data 2
JSESSIONID	session	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
woocommerce_cart_hash	session	This cookie is set by WooCommerce. The cookie helps WooCommerce determine when cart contents/data changes.
XSRF-TOKEN	session	The cookie is set by Wix website building platform on Wix website. The cookie is used for security purposes.

Cookie	Duration	Description
__lc_cid	2 years	This is an essential cookie for the website live chat box to function properly.
__lc_cst	2 years	This cookie is used for the website live chat box to function properly.
__lc2_cid	2 years	This cookie is used to enable the website live chat-box function. It is used to reconnect the customer with the last agent with whom the customer had chatted.
__lc2_cst	2 years	This cookie is necessary to enable the website live chat-box function. It is used to distinguish different users using live chat at different times that is to reconnect the last agent with whom the customer had chatted.
__oauth_redirect_detector		This cookie is used to recognize the visitors using live chat at different times inorder to optimize the chat-box functionality.
Affiliate ID	3 months	Affiliate ID cookie
Data 1	3 months
Data 2	3 months	Data 2
pll_language	1 year	This cookie is set by Polylang plugin for WordPress powered websites. The cookie stores the language code of the last browsed page.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_ga_J2RWQBT0P2	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_12584548_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gat_UA-12584548-1	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_gcl_au	3 months	This cookie is used by Google Analytics to understand user interaction with the website.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_hjAbsoluteSessionInProgress	30 minutes	No description available.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
_hjid	1 year	This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
_hjIncludedInPageviewSample	2 minutes	No description available.
_hjIncludedInSessionSample	2 minutes	No description available.
_hjTLDTest	session	No description available.
PAPVisitorId	1 year	This cookie is set by the Post Affiliate Pro.This cookie is used to store the visitor ID which helps in tracking the affiliate.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.
fr	3 months	The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
NID	6 months	This cookie is used to a profile based on user's interest and display personalized ads to the users.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.

Cookie	Duration	Description
_app_session	1 month	No description available.
_dc_gtm_UA-12584548-1	1 minute	No description
_gfpc	session	No description available.
71cfb2288d832330cf35a9f9060f8d69	session	No description
cli_bypass	3 months	No description
CONSENT	16 years 6 months 13 days 18 hours	No description
gtm-session-start	2 hours	No description available.
isoCode	1 month	No description available.
L-k26wU	1 day	No description
L-KVHA4	1 day	No description
m	2 years	No description available.
newVisitorId	3 months	No description
owner_token	1 day	No description available.
PP-k26wU	1 hour	No description
PP-KVHA4	1 hour	No description
RL-k26wU	1 day	No description
RL-KVHA4	1 day	No description
wisepops	2 years	No description available.
wisepops_session	session	No description available.
wisepops_visits	2 years	No description available.
woocommerce_items_in_cart	session	No description available.
wp_woocommerce_session_1b44ba63fbc929b5c862fc58a81dbb22	2 days	No description
yt-remote-connected-devices	never	No description available.
yt-remote-device-id	never	No description available.

Exploring the Cyber Frontier: An In-Depth Conversation with Cybersecurity Expert Evgeniy Kharam

What is the Golden Ticket

How it works: