Cybolt is a “pure-play” cybersecurity firm and a TXOne Certified Partner that provides a broad range of cybersecurity services to clients throughout the Americas and is now expanding into European markets. Cybolt’s purpose is to “Identify, prevent, and neutralize risks to create spaces of trust.”
“We provide managed security services as well as deskside services to a multitude of markets, realistically from Canada all the way down to South America,” explained Ken Dohan during a recent conversation. Ken is Cybolt’s Sr. Director for OT and Managed Services in the Americas. Luis Daniel Avendaño Trejo, an OT Solutions Architect with Cybolt, joined as well. Ken is based in Calgary in Alberta, Canada, while Luis is in Naucalpan de Juárez, just northwest of Mexico City. Cybolt’s headquarters are in Coral Gables, Florida.
“Cybolt is not an IT company that wanted to enter the OT cybersecurity world,” Luis added, pointing out a key differentiator for their OT security team. “Our director has been doing cybersecurity in OT for at least 15 years, so we have considerable experience in the field,” he said. According to Ken, Cybolt is one of the top two or top three cybersecurity companies in Latin America in terms of presence and brand awareness.
“Luis and I are both dedicated to OT cybersecurity,” Ken said. “However, Cybolt still has a deep consulting bench around governance, risk and compliance, identity and access management, network architecture, and the like. So we’ve got a full infrastructure team. But as a pure-play (focused solely on its sector) company in the security world, that’s where we tend to sit.”
Ken also mentioned what he called Cybolt’s “latest crowning glory,” opening a Security Operations Center in Chicago in the summer of 2023. “Right now, we’re only servicing OT clientele out of that SOC, but that will be changing this month to include the IT side as well.”
Client Relationships with Cybolt
Ken makes it clear that Cybolt is a true partner to their clients, but he also suggests it’s more than that.
“I hate to sound clichéd, but what I love about Cybolt is a kind of family atmosphere that is, first and foremost, our primary goal in building relationships with our client partners,” he said. It’s important that clients trust them fully because they need the client’s guidance and input to be effective.
Technologically, a typical relationship may begin with a site assessment of the OT environment’s assets and vulnerabilities. They offer a free assessment that provides a basic level of visibility and can also design industry-specific assessments, as they have for oil and gas installations, for example, or for an acquiring company that wants a target company’s assets and security situation assessed.
“We also have an extensive paid assessment where elements of our GRC team (Governance, Risk, and Compliance) join our OT team in a plant situation. We conduct interviews to understand things like company policy and governance. And the OT team will do a physical plant walk-through, network architecture review, and look at assets and vulnerabilities, etc.”
Closing Security Gaps with TXOne
Cybolt’s formal certification as a TXOne Partner is fairly recent, but they have actively applied TXOne solutions for over a year.
“With the breadth and depth of our skill set in OT cybersecurity, we can see where one vendor leaves off, another vendor joins in, and where the gaps are in between,” Ken said. “Cybolt always takes a best-of-breed approach, and TXOne provides a lot of unique capabilities that we’re quite hungry for because we see how they fill those gaps. And that’s why we have the relationship that we have.”
Luis cited TXOne’s Portable Inspector as an especially compelling example of filling one very large gap: the risk of an employee or visiting technician infecting the network by connecting a laptop or other device carrying unknown malware.
“It’s quite common for a vendor to enter a plant and plug a computer in,” Luis said. “But how do you know it’s safe? You have workstations, PLCs, SCADA, etc. There are probably no firewalls, no IPS (intrusion prevention system) to block malware from entering the system. So, if a provider computer already has malware, Portable Inspector is the key to avoiding disaster.”
Luis and Ken describe Portable Inspector as “basically a USB key” that simply plugs into the computer, scans it, and cleans it if needed. Luis may go into the field to inspect a machine and analyze the results himself, but according to Ken, “It’s not a hard sell if the customer prefers to do it.”
Regarding the general lack of segmentation and firewalls, Ken mentioned that TXOne’s Edge products make firewalls, segmented networks, and even intrusion prevention very achievable.
“EdgeFire lets us segment the operational network to prevent lateral movement of threat actors should they get a toe into one sector,” he said. “We can prevent them from essentially taking over the entire network.” For intrusion prevention, Ken finds the EdgeIPS appliance very effective. “It’s a layer of protection in front of PLCs and other vulnerable assets that can see and block intrusion attempts.”
The Human Element of IT/OT Convergence
IT and OT have traditionally been considered different worlds, but everyone realizes convergence is inevitable. “Like it or not, the smashing together of the two worlds has happened and continues to happen due to trends like digital transformation and the Internet of Things,” Ken says. This is where Cybolt’s broad knowledge base, including long IT security expertise, is especially valuable. “We’re able to apply whatever we can from our IT knowledge to the OT side, but while playing by the OT rules. It requires a bit of a change in focus and skill set from the IT side, but there are a lot of tools on the IT side that can handle, monitor, orchestrate, and automate responses to many problems,” he explained.
In Luis’s view, successfully managing convergence also requires IT and OT people to converge.
“Convergence isn’t just IT and OT technologies,” he advised. “It also has to be human, in person. We encourage our customers to make that part of their strategy, to have IT cybersecurity people work in OT so they can understand the situation from both sides.” On many occasions, when they have introduced this strategy to a client, “It was the first time that both teams actually sat down in a meeting and talked to each other,” Luis said, and it’s to the benefit of both sides.
Knowledge Sharing Through Cybolt Academy
A general lack of industry expertise or even basic knowledge of OT security is a problem widely discussed and just as widely unsolved. “There’s such a shortage of skill sets in the cybersecurity realm in general,” Ken said, “and there’s a workforce out there eager to learn and understand more, so we created Cybolt Academy.”
Cybolt Academy’s cybersecurity training program is unique in the industry. Over several days, in a very intensive cybersecurity boot camp, students are exposed to what Ken calls “network trials and tribulations.” The benefits are widely spread, with Luis himself being one of the beneficiaries, augmenting his background in industrial automation through the academy.
The primary function, Ken said, would be to continue to educate Cybolt’s internal employees, round out their skill sets, and broaden their careers within the company. The academy lets Cybolt fill open positions from one of the best sources available — their own experienced and well-trained employee base. This helps retain employees, which lets Cybolt clients enjoy stable, skilled teams protecting their networks. Just as importantly, it also draws top talent to the organization. And for clients who know they need to bring more OT security knowledge into their own organizations, Cybolt Academy gives them a path to get there. As it evolves, that will happen even more.
“Cybolt Academy is fairly new,” Ken said. Construction on the academy’s physical structure is just being finished, so they’ve been delivering training electronically. “But it’s really become very popular, especially with the new clientele we’ve been able to track in the last year.”
Learn More About Cybolt and TXOne
Learn how Cybolt and its partnership with TXOne can serve your organization’s cybersecurity needs at Cybolt.
