Tangela Davis with CEHT

Intro: [00:00:04] Broadcasting live from the Business RadioX Studios in Atlanta, Georgia, it’s time for GWBC Radio’s Open for Business. Now, here’s your host.

Lee Kantor: [00:00:18] Lee Kantor here. Another episode of GWBC Open for Business, and this is going to be a good one. Today, we have with us Tangela Davis with CEHT. Welcome.

Tangela Davis: [00:00:28] Thank you, Lee. Glad to be here.

Lee Kantor: [00:00:31] Well, before we get too far into things, tell us about your work. Who do you serve them and then what are you up to?

Tangela Davis: [00:00:36] Well, I am very happy to announce that we are CEHT, which stands for Cyber Experts Highly Trusted. And we are considered an advanced IP cybersecurity innovative company. And we serve global markets in the areas of manufacturing, health care, sports and entertainment. And we also service the retail area as well. What we’ve been doing, as you well know, with 2020, we’re seeing unprecedented times right now with cyber attacks where we’re seeing companies are deploying all of their workforce remotely and virtually. So, that has really increased our spike in cyber attacks. So, we have been helping our clients in that space, really, to be more diligent in protecting their data networks. That’s what we’ve been up to.

Lee Kantor: [00:01:37] Now, how did you get into this line of work?

Tangela Davis: [00:01:39] Well, one of the things that we did was, we took a look around and really saw there was certainly a need for a company such as ours. I am actually the co-founder as well as our co-founder is a service disabled veteran woman-owned, who spent 25 plus years in this space working at the highest level in the Pentagon. And we decided to form CEHT because we saw there was a very big need in this space. Not only there was a lack of female in this space, but there was also a lack of minority females in this space. And so, we felt that with our combined efforts and the experts and teams that we have worked with over our careers, that we could really bring something of tremendous value to our clients. And that’s, hence, how CEHCT came to be.

Tangela Davis: [00:02:39] Now, what is something that maybe a CEO doesn’t fully understand when it comes to these kind of cyber attacks and these kinds of threats when it comes to, you know, even their supply chain or, like you mentioned, these remote working opportunities now. There’s an assumption, I’m sure, of safety for a lot of folks that maybe there’s a lot more threats out there that kind of the lay person doesn’t really understand the scope of things.

Tangela Davis: [00:03:09] Well, that is something that we do ongoing with our clients. There are three core areas that we support our clients around. One is consulting, the other one is customized training, and, finally, the last, are solutions. And some of the areas that we work with closely with our CEOs, CIOs and CISOs, which, obviously, are the chief information security officers, are ways to really keep, not only their enterprise, but their supply chain secure from cyber attacks. So, some of the things that we have to think about is how do they demonstrate due diligence on the ship of effective management when it comes to matters of cyber risk. We are asking them to think about, are their risk maps developed to show current risk profile as well as timely identifying emerging risks so that they can get ahead of the curve? Do they have the right leadership and organizational talent? Because that is extremely critical.

Tangela Davis: [00:04:17] And so, those that have some familiarity of this space, there is a shortage of key cyber talent globally. And so, we have been fortunate that we haven’t been faced with that issue and we have been able to be successful in helping our clients identify the right cyber talent to fill those gaps. Some other areas that we’re helping them to think about is, beyond the enterprise systems, who is leading their key cyber initiatives related to their incident command systems and connected products. Also, they need to consider a more established and appropriate cyber risk escalation framework that includes their risk appetite and reporting thresholds. There’s just many things, Lee, that we work with our clients around that they should consider.

Tangela Davis: [00:05:12] And I’m not going to go into some of the more detailed areas, but I think I’ve given you enough. Some of those, our audience and listeners might get an idea of some of the more critical things that they should be considering when they’re looking at securing their enterprise.

Lee Kantor: [00:05:31] Now, when it comes to securing the enterprise, are the threats more likely to come from an outside source or an internal source, like a disgruntled employee or some vendor or something like that?

Tangela Davis: [00:05:48] We’re seeing that it’s coming from an outside source. And, especially, if we’re talking about domestically here in the United States, we’re seeing that it is occurring outside of the United States. And those that are seeking to do undue hardship to our supply chain or anything that would impact our financial systems, that’s what we’re seeing. So, some of the things that we are very diligent about is keeping our clients, as well as some of our audiences, apprised of some of those threats that we’re seeing on the horizon, some of the malware that’s coming, and ransomware that’s showing up. And we have a publication, it’s actually a biweekly publication, called Cyber Insights, where we’re keeping our audience and our clients up to date on some of those critical things that we’re seeing and coming through. So, those are just some of the things that we’re seeing out there.

Lee Kantor: [00:06:53] And this isn’t something that’s a set it and forget it solution, right? This takes due diligence every single day in order to stay ahead of the bad guys, right?

Tangela Davis: [00:07:03] Yes, it does. And, Lee, you have nailed it. And what we’re also seeing, and this is a part of how they are leveraging CEHT, is, because we’re facing these unprecedented times, we’re seeing high stress levels when it comes to the sideburn leadership as well as their cyber workforce. And so, some of the things that we are proposing and supporting in how they can manage their stress levels is to really develop a framework that identifies minimal level of organizational capabilities, such as in the areas of managerial, operational, and technical. We’re also asking them to map out their supply chain for business continuity scenarios in the event of a threat. That is very, very key.

Tangela Davis: [00:07:53] Also, they should adopt a standard set of rules that apply to all firms along the way of their supply chain, because there are customers that we have that may have in excess of 30,000 vendors that is a part of their supply chain. So, that is not always an easy thing to manage, any security around their vendors, so that’s an area. We have a block chain solution that really helps to help our clients manage both the large and global supply chains.

Tangela Davis: [00:08:26] Some other areas in terms of how they can help manage those stress levels is to apply rules to regular, enforceable, digital security and audits to prevent lapse in downstream suppliers and also to adhere to the standard set of definitions for whatever security protocols have been developed. More importantly, to really involve cyber and privacy breach reporting practices, policies, and controls. Because with some of the upgrade protections for organizations, there is also the sharing of information and be able to share some of the cyber incidents that are occurring.

Tangela Davis: [00:09:05] So, those are just some of the ways that our clients, or even the audience that might be listening today, can help manage some of the stress levels. And then, more importantly, obviously, to contact us, where we can come in and give you some advisement and insight in navigating the tremendous wave of some of the risks that may be occurring within their current enterprise.

Lee Kantor: [00:09:31] Now, do you find that during these kind of crises, whether it’s a pandemic or even just the fact that it’s, you know, the holidays, that those kind of situations open the floodgates of bad guys trying to penetrate, using that as a lever, to kind of get into, you know, either through phishing or some sort of hack into somebody’s website. They’re kind of piling on to this onslaught of information you’re seeing and hearing. And you don’t know that someone’s being sneaky during these kind of chaotic times.

Tangela Davis: [00:10:09] You’re dead on. You’re dead on, Lee. And that is attributed to the fact that a lot of people are distracted right now with what’s happening with the pandemic, what has been going on with our election, post-election, the holidays occurring. Also, we mentioned the virtual remote workforce. You have the workforce that are working virtually there. Also, being the baby sitter and helping to support the educational initiatives for their children that are at home. So, when you have those kind of distracters, you may not have people that are as intuned or attentive to the things that are required and necessary to help secure your environment. And, particularly, now that we are in a more remote environment setting, their control, we’re having to have more control measures in place to be much more strategic in securing the environment.

Lee Kantor: [00:11:14] Now, is there any kind of low hanging fruit that an organization can do kind of on their own? Or is this something that you really do need an expert to kind of audit what you’ve got going on and then have an expert kind of just check to make sure that you’re protecting yourself to the best of your ability?

Tangela Davis: [00:11:37] It’s actually going to take a blend of both. But there are things that the organization can look at certainly on their own. But if they feel that it’s over their head and they just don’t know where to start or really have a better control over it, that’s where they can turn to us. But to really look at how organizations can further strengthen their cybersecurity posture within their organization, I’m going to give you or give the audience a few highlights of some things that they can do. The first is to remind employees to stay focused and diligent. That is very, very important. And we’ve already talked about their distractors that are occurring right now that really prevents people from really doing that. But we have to continuously remind them, remind employees that security policies are still in place to protect corporate information and to build mechanisms to reinforce policies. And then, also seek staff augmentation to support the company’s already stretched resources. Because of the climate that we’re in, a lot of companies are still working in a very lean capacity, despite the fact that the workforce is remote.

Tangela Davis: [00:12:56] There are some industries where they’ve had to cut back. And as a result of that, they may not have the level of support that they once had to manage and navigate certain initiatives within the enterprise. Add a security operation center support as an extension to their existing monitoring. We’re finding that our clients may already have 24/7 monitoring, but there are still gaps that they’re experiencing where they’re still turning to us. We have a 24/7, 365 days a year security operation center. It’s actually based in the State of North Carolina. But we are here to be that extension as needed.

Tangela Davis: [00:13:40] And then, finally, conduct testing to identify gaps, which is something that we do frequently for our clients just to stay ahead of the curve and to kind of help identify some of the cyber attacks that might be heading our way. But those are just some of the things that we would encourage companies to be proactive on their own, to really do for themselves. And then, leverage our services and leverage our company and support and expertise as an extension of that. We consider ourselves to be that extended family, so to speak, that extended support.

Lee Kantor: [00:14:20] And this level of due diligence or diligence when it comes to this, your radar has to be kind of distrust first, like if you get an email, even. I heard recently someone told me this, that they got an email from somebody that it looked like it was somebody they knew, a vendor they knew. But when they looked closely at the email, two letters were switched. So, at a glance, it looked like the firm’s email. But it really wasn’t. It was some other URL, you know, on the email side. And then, they were trying to hack into their system and get information by sneaking this through. And these bad guys, this is what they’re doing every day. This is their job. Like, this isn’t, like, a 14 year old hacker, you know, eating Cheetos in the basement. These are professionals that are doing their best to trick people.

Tangela Davis: [00:15:16] That is correct, Lee. And to your point, when you’re looking at emails that are coming, particularly if you’re in a situation where you have lots of emails that are flowing through on a daily basis, or if you are seeing links that are coming through, you really have to be diligent before you click on that link, before you open that email. And particularly some of those emails that come through that have attachments, because some of that malware could be embedded in the attachment of that email. So, you do have to operate from a perspective of not being trustworthy.

Tangela Davis: [00:15:56] And to your point, there are emails that are coming through – and I’m saying this because even our own company, we had to report this up to the highest level, once again, to the Pentagon, where there are those bad guys out there that are leveraging high level people within government, within corporations, and sending these emails out. The people that may not think twice to open, “Oh, such and such actually sent something to me.” Or, particularly, if it’s a small business and they’re seeking out new business opportunities, they may think that it’s a new opportunity for them and they click on that email.

Tangela Davis: [00:16:35] Or we’ve even seen a scenario with a customer where there was a bad guy that had sent an email for a job shipment of computer equipment. And after further due diligence, we found that the location where this – because it was actually in the form of a purchase order in how it was sent via email. And after further research and due diligence, it was all fake. And it was going to be a scenario where it was going to be, I think, it was like a $300,000 purchase order of computer equipment that would have been shipped at this location that wasn’t even real.

Tangela Davis: [00:17:17] So, it’s stuff like this that we have to be mindful and intuned to in terms of the fraudulent activities that’s all associated with the cyber attack. And so, I would just ask everyone, I know we have a lot going on right now during these unprecedented times and this turbulent climate, but let’s still remember to be diligent. Because not only is it protecting you and your family, it’s protecting your employer and your ability to earn your income. Because there’s a lot of damage that can occur when systems go down, when business go down, and people are not able to receive the level of service or care that’s needed. And if you can imagine, when we talk about care, speaking of health care, just imagine if their systems went down, the doctors and nurses and health care providers were unable to really treat their patients accordingly.

Lee Kantor: [00:18:20] Now, the show is GWBC Open for Business, can you talk a little bit about why it was important for you to be part of the GWBC community and join and become a member and a certified woman business owner?

Tangela Davis: [00:18:38] Well, I can’t tell you enough about GWBC. It has really enabled us to access channels that we may not have been able to access on our own. And Roz Lewis, who is the GWBC president, and her team, they are just phenomenal. There are no words to describe how they are such an advocate for women in business and really developing and being the trailblazer to enable us the opportunity to connect with the major corporations. What we’ve seen in our business is the ability to access those markets that we have a desire to access and really just present our solutions.

Tangela Davis: [00:19:28] And, particularly, with us being an MBE and services-abled business enterprise, it really has enabled us to just change the paradigm and bring just a top level of services to our customers that are just as passionate as we are in, really, the work that we bring, the innovation that we’re bringing. And I just can’t speak enough about GWBC. They’re just really doing tremendous work and continue to do this tremendous work to enable companies such as ourselves to access those channels and those opportunities that are there.

Lee Kantor: [00:20:12] Now, regarding your company, CEHT, what is the ideal client for you? Are you working primarily with the largest companies or do you work with companies of all size? I know you mentioned, you know, health care, fintech. You have certain niches that you serve. But what does an ideal customer look like for you?

Tangela Davis: [00:20:36] Yes. And we normally work with larger corporations. Lee, that is a good question. Our profile ideal customer will typically be $500 million to billion plus customer. They will be in the industries that I mentioned earlier, health care, finance, manufacturing, supply chain, sports and entertainment, and retail. Those customers, they’re typically looking for staffing support or block chain as well as stock services or that extension. And so, those are just some of the customers. If we’re talking about problems they’re seeking to solve, lots of times they’re seeking to solve problems in terms of just ensuring their networks and systems are secured properly. They will often have us come in to help do audits of their existing systems and everything, particularly from a supply chain perspective. I’ve mentioned already our block chain solution and how we’re able to track everything from inception to completion.

Tangela Davis: [00:21:53] And we have actually received awards for that block chain solution. But if I had to say why CEHT? Here’s what I’d leave with our audience today, we are a global service provider. We operate right now in five regions within the United States, South Korea, Sri Lanka, Germany, Singapore, Hawaii, Honduras. Also, our team is extremely advanced in terms of red and blue cyber teams and possession, [inaudible], professional expertise of penetration testing. We also understand the dynamics of the successful cybersecurity experience. And more importantly, we successfully navigate enterprise wide security solutions in extremely complex environments. We do what we say we’re going to do and we are very eager to work with you. We want to work with you. So, if we had to sum it up, why CEHT? Why should companies work with us? I would leave it at that, Lee.

Lee Kantor: [00:23:00] Well, congratulations on all your success. And thank you so much for doing the work you’re doing. It’s important and we appreciate you.

Tangela Davis: [00:23:10] Well, we are so happy to be a part of this morning’s radio, GWBC Radio. And I hope that the information shared with our audience will be something that will be extremely helpful. If they would like to learn more or feel that they need to certainly have some added support, they can reach us, of course. Visit our website, www.ceht-jv.com or email us at info@ceht-jv.com. And they can also find us on LinkedIn, we actually have a CEHT LinkedIn page. And, certainly, we welcome you to follow us for behind the scenes information about cyber security.

Lee Kantor: [00:23:58] Well, thank you again for sharing your story today.

Tangela Davis: [00:24:01] Thank you for having us. And certainly feel free to reach out anytime.

Lee Kantor: [00:24:05] And once again, that website is ceht-jv.com. All right. This is Lee Kantor. We will see you all next time on GWBC Open for Business.