TechBirmingham thrives through its immensely talented and diverse group of member companies. Meet our Member Companies is an ongoing Q&A series highlighting this group of movers, shakers and makers in B’ham’s tech industry.
Meet Wes Stewart, Founder and Principal Security Engineer at Assimilated Asylum Technology Group. Wes is a Birmingham native and founded the company earlier this year. Read on to learn more about Assimilated Asylum and the great things they are doing in Birmingham and beyond.
Assimilated Asylum is the new cybersecurity group on the block in Birmingham. We provide cost effective cybersecurity and compliance services for the small and mid-size business markets that find themselves battling with technical issues around cybersecurity without realizing why they are vulnerable nor who their adversary is, all the way to helping organization’s build their Security Governance programs around their industry regulations, whether it is based on NIST, HIPAA, NERC or PCI.
Assimilated Asylum’s niche however, is that we provide innovative services and solutions outside the everyday IT space and in what is referred to as the OT (operational technology) space. We are the ones that worry about the Cybersecurity of Industrial Control Systems (ICS), SCADA, Building Automation Systems and Process Control Systems just to name a few. These are the systems that run electric generation facilities, chemical plants, oil/gas (upstream, midstream and downstream) and that keep hospitals running during outages and emergencies. As a population we often don’t think about these systems, but as our world becomes even more connected, so do these OT/ICS environments and they begin to blend with IT. This blending of environments, which used to be separate from one another, creates some interesting challenges in the cybersecurity world because most of the next generation OT/ICS technologies are based on the Internet of Things (IoT) concept and are embedded devices with limited security configuration so vulnerabilities must be mitigated via alternative means while still not impeding with normal operations of the environment as a whole.
Assimilated Asylum’s employees come from backgrounds in IT security, ICS/OT security and system engineering, along with our more compliance focused employees who come out of both the energy and healthcare sectors and are experts in NIST CSF, NIST 800-53, PCI, HIPAA and NERC CIP regulatory standards.
What do you think is the biggest misconception about your industry?
In my opinion there are a few fairly big misconceptions about cybersecurity in general. Probably the biggest that I find in particular in the SMB space is that businesses do not believe they are a target when the opposite is most often times the case. The adversary takes advantage of the fact that your typical midsize business will not have the same level of protection as say a Fortune 500, but the data they can exfiltrate or the harm they can cause from targeting this space ultimately has the same impact. You do not have to be a large company to be a target and, if nothing else, you are certainly a target of opportunity. We can use physician practices as a great example as they are typically small in nature and have little to no real cybersecurity programs or training. Not only can the adversary target them for Personal Identifiable Information (PII) but also, since many physician practices have connections to hospitals and insurance providers, they become a target of opportunity thus allowing the adversary to pivot through the network and up the chain to a larger target… essentially utilizing a backdoor. In conjunction with the misconception of “I am not a target”, many of the same businesses have the idea that there is nothing they can do about cybersecurity in their environment, which is absolutely false! There is a great deal of things that can be done at any business level to improve your overall posture ranging from business practices to some wonderful open source toolsets your IT team can utilize.
The last misconception that I will speak about because I feel like I am getting on a soapbox now but it applies across all lines of business and at all levels, there is no “silver bullet” for cybersecurity but it is certainly not your firewall. The typical firewall is a basic part of protecting your network boundaries it does not stop the adversary in their tracks. The methodology your educated hacker will employ will not be coming across your perimeter or screening firewall, and if something did get through it, then it was an opportunistic attack due to a misconfiguration and not the top echelon of the “adversary pool”. It is safe to say that for the most part unless the adversary is actually compromising your firewall to get a foothold into your environment they are going to come via a different direction more times than not a SpearPhishing or similar Social Engineering campaign.
How do you feel about B’ham’s tech scene?
Honestly, after starting Assimilated Asylum I was pleasantly surprised to find out how vibrant it actually is, while I am a Birmingham native and I did work for Southern Company for 15 years, the past 4 years before opening Assimilated Asylum I worked as a cybersecurity consultant for a Chicago based firm and worked all across North America securing critical infrastructure, mainly in the energy sector. So when I decided to take the leap and go into business for myself and started attending ISSA, Infragard and local ISA meetings along with finding TechBirmingham and other likeminded individuals it was very refreshing to know you have that community locally.
What exciting news or product/service announcements does your company have on the horizon?
Well right now we are still largely a consulting services based organization with a distributed workforce across the country but in the near term we will be expanding and offering an array of managed security services which will be based out of Birmingham. We are concentrating on expanding our customer base across the southeast as well as still focusing on how we can be the best MSSP for our niche areas and what that could look like for local businesses as well that have never even really have thought about how their OT/ICS environments like Process Control Systems, Building Automation Systems and Building Energy Management Systems could be vulnerable and how they should be secured. A firm part of our MSSP strategy will be standing up a security operations center for our clients and offering 24×7 for incident response amongst other services.
Anything else about you or your company you want us to share?
I think I have pretty much said everything but if I had one parting thought it would be that no matter how large or small of a business you have, you have a digital footprint and as you begin to look at your cybersecurity needs, you need to ensure that you are taking a holistic approach and not simply looking a one or two aspects of the overall attack surface. This holistic approach is what sets Assimilated Asylum apart from many in the industry as we have an understanding of cybersecurity for a multitude of environments and industries and do not simply through products at issues or vulnerabilities unless truly needed.
We are always up for talking CyberSec so just hit us up on LinkedIn or Twitter or via email!
Thanks so much for sharing, Wes!
Follow Assimilated Asylum and Wes online here:
Website & Blog: www.assimilatedasylum.com
View more blog posts by visiting TechBirmingham's full blog.