Interviews
Andrew Buldyzhov, H-X CIO for Safety Detective
10 February 2020
Safety Detective: What was your cybersecurity journey to H-X Technologies and what do you love about it?Andrew Buldyzhov: I came from an industrial automation background. What I love about H-X is that here I can combine the two worlds, industrial automation and IT. Those two domains have had a totally different approach and solutions until quite recently when IoT and Industry 4.0 started.
The industrial world is now starting to use up-to-date IT solutions, which makes all the processes much more efficient and robust. But, unfortunately, there are drawbacks as well. One of the biggest is security. With the introduction of Internet connection and all those nice things we have in IT, software and hardware, we also introduces immense risk. Once we have all this connectivity and computing power, we also have the exposure. Industrial IT systems can and will be accessed by hackers. We are already seeing examples of such intrusions into critical infrastructure.
For me, personally, this is quite a promising development in my career and a new business line for H-X Technologies.
SD: What services does your company offer?
AB: We offer quite a wide range of services starting with penetration testing and security assessment and audits, but also, we provide managed security, compliance and Security Operation Center (SOC). One of our strengths is application security. We serve software-as-a-service (SaaS) and other IT companies, helping them to develop software securely and teach software developers, architects, and testers.
SD: How does your company stay ahead of the competition?
AB: I think our main selling point is that we provide high quality for a very good price. We have the best quality-to-price ratio and we also have strong competencies in penetration testing, red teaming, and in compliance. For example, we are among the leaders in automotive industry. We have been the first to implement TISAX certification in Eastern Europe.
Another strong point is our versatility and flexibility. We can start with very small budgets and we have solutions for even smallest of companies. But, of course, we are ready to tackle challenging projects for big corporate clients as well.
SD: What are the worst cyber-threats today?
AB: There was a recent attack on SolarWinds—an Advanced Persistent Threat and supply chain attack, which was very serious. A supply chain attack means that even if your system is perfect, and you have protected it from everything, and your personnel behave perfectly, you are still vulnerable because one of your suppliers can be hacked and you get the malware from them.
Nation states and big corporations now have their own teams of hackers. Such threats are very difficult to resist because those guys are really smart, and they constantly grow. They are very determined, and they build up their attacks gradually step by step. It may take them years, sometimes, to penetrate a system and then they can stay there for years. So I think this is the biggest threat for the moment.
SD: How do you think cybersecurity is going to change now that we’re living through this pandemic?
AB: Since the pandemic and quarantine started, cybersecurity is becoming more and more important, for technical, psychological, and social reasons. The technical reason is, obviously, that we are all working remotely, and so we are lacking the protection of the company perimeter and have limited support from IT departments.
Psychologically, people are more agitated, and they are more susceptible to attacks. They can follow hackers' links connected to COVID cures or other solutions to their problems.
And socially, your kids and even pets can play on your keyboard if you leave it unlocked. And that is also a cybersecurity risk, albeit not a usual one.
How a Cybersecurity Company Can Grow in the Crisis
Andrew Buldyzhov, H-X CIO for Edyta Adzo (startup.info)
5 February 2020
First of all, how are you and your family doing in these COVID-19 times?
Good, thanks for asking. Now I spend more time with my family, less time is wasted traveling. But, of course, we all have had to improve our communication and living-together skills.
Tell us about you, your career, how you founded or joined this company
I've come to the company from industrial automation. This is a different world, compared to IT and cybersecurity, with rather different goals and objectives, approaches and technology. But these two worlds, IT and industrial automation, are now coming together quite rapidly. So it has been interesting to apply my experience from industrial automation to cybersecurity, and it now helps to develop a separate line of business for H-X Technologies. We put high hopes in this new area and we are developing it as one of the leaders in Eastern Europe.
How does your company innovate?
We follow global trends in the field of information security and respond to the most recent problems with the most modern methods and solutions. In particular, we apply the latest industry security standards such as TISAX, and we are also a leader in Eastern Europe in implementing this standard. We use advanced SOC approaches in order to respond to modern attacks like APT and supply chain attacks. Solarigate (Solarwinds) is a prime example of such an attack, which has affected many private companies and several US government bodies.
We respond appropriately to these attacks and our monitoring tools make our customers feel more secure. In addition, we develop a number of our own solutions related to vulnerability analysis.
How does the coronavirus pandemic affect your business finances?
Many projects have been frozen or were postponed, but on the other hand, the configuration in the market changed due to the fact that some of our competitors could not stand the crisis and ceased their activities, and so we got their market share. Now the market is being redistributed and we see positive dynamics in marketing, slightly less positive in sales, and we hope that 2021 will bring us greater financial results.
Did you have to make difficult choices regarding human resources and what are the lessons learned?
Yes, we did have to dismiss people, reduce resources, reallocate and reformat responsibilities. We are going to restructure the company and, perhaps, pay more attention to the established lines of business instead of starting new lines.
The lessons learned are:
a) We have realized the importance of employees' competencies, including hard skills and soft skills, and their constant growth. Now we strive to increase the value of each employee and their contribution to the end result in the company's income and profits. Our competency management system directly tracks this contribution.
b) We have begun to pay more attention to independence of employees, which would allow them to be responsible for specific areas of work and to deliver.
c) We've learnt that we should respond quicker to market changes and look for new market directions that are most relevant and in demand at the moment.
How did your customer relationship management evolve? Do you use any specific tools to be efficient?
Remarketing, cross-selling and up-selling have always been quite important in our operations, so we try to track our customers' full life cycle and appear at the right time in the right place. But nowadays, communications have become even more important, so we have been paying even more attention to customer feedback, which we use to improve ourselves, our services and, consequently, our reputation.
We use a standard set of tools for customer relations: a CRM system, mailing system, advertising remarketing tools, and we are also planning to optimize our CRM.
Did you benefit from any government grants, and did that help keep your business afloat?
No, we have received none. We live independently of the state. We participate in government projects and tenders on the basis of fair competition with other companies.
Your final thoughts. Your website and link to online video if any.
Cybersecurity is becoming very important in the quarantine era. Remote work increases the amount of traffic and time spent on the Internet. These are the reasons for the extensive growth in demand for security. However, there are also intensive reasons, such as the increased physical security threats to work-related information, social engineering, lack of traffic filtering in home environments, and blurring of corporate security perimeters.
We see that the market will continue to grow and develop, and we will grow in this market. Our company will occupy leading positions, we will be more flexible in responding to market changes and capture new segments, both in horizontal and vertical markets.