CTO Sessions: Morey Haber, BeyondTrust

What predictions do you have for the role of the CTO in the future? "The CTO of the future will work more closely with the CISOs, and technology and cybersecurity will have to be considered together."

Name: Morey Haber

Company: BeyondTrust

Job title: Chief Technology Officer and Chief Information Security Officer at BeyondTrust

Date started current role: January 2018

Location: Atlanta, Georgia, United States

With more than 20 years of IT industry experience, Morey Haber serves as the CTO and CISO for BeyondTrust. He joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition and currently oversees solutions for privileged account management.

What was your first job? My first job ever was working in a family business at a jewellery store in Brooklyn, New York. But, my first job after college was working as a reliability engineer, building database systems to track component failures for equipment sold in support of government contracts.  

Did you always want to work in IT? I've always been interested and involved in IT, however I specialised in photonics (lasers) in college. I got my first computer when I was 13 (TRS-80 CoCo) and taught myself how to programme Basic before the IBM XT was even released. It then became my passion and career.

What was your education? Do you hold any certifications? What are they? I have a bachelor's degree in electrical engineering from the state university of New York at stony brook, and since 1990 I've been involved in IT from database design, to programming, to complex network construction.

Explain your career path. Did you take any detours? If so, discuss. Since college I've only worked for three major companies but had various jobs and titles along the way. My biggest detours were starting and selling my own consulting company in the mid 90's and then building upon that experience to help build my career.

What type of CTO are you? I'm a hands-on CTO. I look at things from a top-down approach rather than top only. I like to stay abreast of the technology, but I also aim to stay involved with all facets the organisation to see how they are interacting with clients, analysts, press, competitors and other teams. In other words, once in a while it is good to do a demo or help build a trade show booth. The visibility into the business is priceless as an executive.

Which emerging technology are you most excited about the prospect of? Quantum computing. It will be a game changer if it can be brought to the masses and not only be available to governments and high-end environments.

Are there any technologies which you think are overhyped? Why? Artificial Intelligence (I call them A.I. - Arrogance and Ignorance) and Machine Learning are completely overhyped. Most companies represent their technology as such but really, they are simply using statistical algorithms which could be 50 or 100 years old.

What is one unique initiative that you've employed over the last 12 months that you're really proud of? Stepping up to handle the CISO role for the combined BeyondTrust entity and taking on new challenges of actually securing a company based on all the theories and technology we develop.

Are you leading a digital transformation? If so, does it emphasise customer experience and revenue growth or operational efficiency? If both, how do you balance the two? Yes, BeyondTrust is leading a digital transformation. By understanding the risks and attack vectors of new technology from DevOps and IoT, we are developing strategies to combat cyber risk and evolving our products to manage those threats.

What is the biggest issue that you're helping customers with at the moment? The biggest issue we are helping our customers with are the cybersecurity basics. Everything from basic password and privilege management to the removal of admin rights. If an organisation cannot manage basics like vulnerability and patch management first, then we help our customers build a foundation for all cyber security basics so advance threats can be identified and mitigated.

How do you align your technology use to meet business goals? Privileged accounts are now outside the standard data centre, and as such there are new initiatives whereby BeyondTrust's privileged access technology can now be being baked into the design process of products, to ensure greater security and lower risk. This includes next generation technologies and cloud/hybrid cloud initiatives and environments.

Do you have any trouble matching product/service strategy with tech strategy? Yes, every organisation does. The primary problem is that even though there are good solutions to many strategies, it is market education, awareness and funding that get initiatives baked in as part of a project. Knowing something is good is only part of the problem. Just like exercising every day, making it a reality is much harder from gym membership to actually going every day.

What makes an effective tech strategy? An effective tech strategy will solve one of three needs; saving money, making money, or lowering risk. If any technology strategy can map to those three then it's something clients and the security community will embrace.

What predictions do you have for the role of the CTO in the future? The CTO of the future will work more closely with the CISOs, and technology and cybersecurity will have to be considered together. This means, instead of worrying about protecting an individual technology stack, vulnerabilities or configuration problems, it will be more about the threats targeting the entire process, like third party vendor risk.

What has been your greatest career achievement? Being the first vendor on the market with a fully licensed Windows appliance including Microsoft SQL Server hardened to United States DoD Gold Standard STIGs and approved by Microsoft to sell fully self-contained.

Looking back with 20:20 hindsight, what would you have done differently? I would have learned to listen better earlier in my career and not have been so head strong on miniscule topics.

What are you reading now? The Mind of the Leader: How to Lead Yourself, Your People and Your Organisation for Extraordinary Results, by Rasmus Hougaard and Jacqueline Carter.

Most people don't know that I… Am a closet Trekkie and an author of two books: Privileged Attack Vector and Asset Attack Vectors. I have a third book called Identity Attack Vectors currently in draft.

In my spare time, I like to…Write.

Ask me to do anything but… Jump out of a perfectly good airplane. Just let it fly.