Home Interviews “Build your processes around the ability to stay agile”

“Build your processes around the ability to stay agile”

Michael Raypold

As the Chief Technology Officer of Echosec, Michael Raypold oversees the strategy and implementation of the engineering and product development for the company’s OSINT initiatives.

From coder he has now transformed to IT leader, though he still enjoys dabbling with code. He is deeply passionate about building a DevOps culture to allow agility in product delivery.  In an exclusive interaction with CISO MAG’s Rudra Srinivas, Raypold explains more about Beacon, the dark web search tool, and how it compares with a Tor browser. And then he talks about his transition from a developer to a CTO.

Tell us about your journey. What was your transition from a developer to a CTO like?

My journey has involved a lot of hard work, continuous learning and developing cross-functional skills. I’m still relatively young, but always eager to accept new responsibilities, learn and improve. My journey has been condensed as a result, but, has certainly been helped by the fact that I have an appreciation for both the technical and business side of building a company.

Transitioning from a developer to a CTO has been about learning how to scale strategy amongst the team, while also taking a step back and allowing others to take ownership of day to day product or technical initiatives. I’ve learned to remove myself from the critical path so that the company can better scale.

Can you brief us about Beacon, the dark web search tool?

Beacon is a data discovery tool that helps security professionals and analysts uncover threats to their organization from hidden online sources. Threats can include data leaks, fraud, personally identifiable information, and other critical data that can negatively impact an organization and its people. The platform is designed to make hidden data more accessible while improving proactive monitoring, without overloading the user with information or notifications.

As a security leader, what are the challenges you face while executing new security strategies?

The biggest challenge when executing new security strategies is information asymmetry. Often times you don’t know what you don’t know, and the execution of the new strategy slows down as you incorporate new information. You need to build your processes around the ability to stay agile while fostering a culture that encourages continuous learning and discovery.

Your profile says that you oversee the implementation of Open Source Intelligent (OSINT) initiatives.  Can you brief us about the same? Why does an organization need an OSINT team?

It is difficult for organizations to aggregate and tag relevant open data from dozens of external data sources. As such Echosec has built Beacon around the ability to gather and tag publicly accessible data. Echosec’s customers find that often times there is data that can be sourced through OSINT that damages a brand, reputation, employees or event security. OSINT is another means for organizations to operate in an environment where data is more available for decision making.

Primarily, my role as CTO is putting a strategy in place which allows Echosec to continue to build data discovery and OSINT products such as Beacon without constraining the company with technical debt or rigid processes.

How do you think security teams and public safety professionals will find Beacon as beneficial and explore newer avenues of cybersecurity that have not been tapped?

Beacon delivers publicly available information in an organized way that can be queried and pivoted on to draw connections between internal data sources, validate the hypothesis and gather supplementary information. Beacon helps reduce information asymmetry which allows better decision making and outcomes without further straining the resources of existing teams. This is a huge benefit for security and public safety teams.

How does Beacon differentiate itself from a regular Tor browser? While Tor is free, open-source software that enables anonymous communication on the web, Beacon is a commercial product. How does it fare in comparison with Tor?

Beacon is more comparable to a search engine than a TOR browser. It allows users to query and pivot on entities on Onion domains, amongst other Darkweb and open web content. When Beacon sources data, it retains a summary of that data and then tags relevant entities so that the information can be discovered more easily without the need to install multiple tools such as the TOR browser to discover content. Echosec has some open source initiatives that we will be releasing soon. Since all the data we source is publicly available, how we source that data should be public as well.

Echosec recently secured $2million from TIMIA Capital. What are your plans around this investment? 

We secured the $2M to cover the cost of growth over the last year. We found that with explosive growth there was a lag in receivables, and it was the best way to manage the trajectory of the company. Echosec has listened to a lot of feedback from current customers and will be using the additional funding to incorporate feedback into Beacon going forward.