Ariel Parnes joins host George Rettas, president and CEO of Task Force 7 Radio and Task Force 7 Technologies. Ariel is responsible for designing and delivering Mitiga’s cyber security solution set. Mitiga is a stealth cyber security company out of Tel Aviv, Israel.
Ariel spent over 20 years as an 8200 unit member before retiring as a colonel. The unit, which is comparable the United States’ National Security Agency or the UK’s GCHQ, is the largest single unit of Israel’s Defense Forces. During his time with the unit, Ariel held roles in intelligence, information technology, offensive and defensive cyber security operations, and cyber warfare. He was awarded the prestigious Israel Defense Prize for technological breakthroughs in cyber security.
Ariel believes the success success of the military branch is due to a couple of things. For one, each year, new talent enters the military. He credits the unit’s constant energy and innovation to the continuous addition of fresh-minded young soldiers.
Second, the unit is in constant demand. The digital ecosystem is rife with challenges that 8200 is called upon to work on. For example, it is currently providing the Israeli Health Ministry with data science expertise to analyze the evolving COVID-19 situation.
Finally, 8200 started out as a SIGNIT unit, but its talented leaders saw the need to take a disruptive approach to IT which laid the foundation for its successful cyber security capabilities.
As a commander, Angel had to balance the discipline of the military with creativity. That meant not just enforcing rules, but interpreting and sometimes updating them based on the needs of the unit’s young talent. It’s a delicate balance. Retaining talent after a three-to-five-year military stint is also difficult. 8200 alumni are highly sought after.
While there’s no magic bullet, Angel credits the military unit’s retention with three things: the privilege of participating in efforts that are highly significant for the country, their families, and communities; the opportunity to work with cutting-edge technologies; and the high caliber of experience and talent they get to work alongside. He also left the military with these three lessons: take risks and accept mistakes, surround yourself with people who are smarter thank you, and embrace uncertainty and constant challenge.
When George poses a question about the most concerning cyber security threat actors of the future, Angel answers, “I believe that the main concern nowadays to be from nation state capabilities filtering to the cybercrime arena.
“I don't have to mention examples such as Shadow Brokers and EternalBlue, WannaCry. My concern is that this is a case where something really had an influence and an impact in the world. My concern is that as more and more nations invest more and more in building cyber capabilities, the risk for this capabilities to leak to less, I would say less controlled cybercrime groups or actors increases.
“And this trend will certainly will suddenly change the balance between the attackers and the defenders as the attackers will have nation-state level resources, while defenders, unless we do something different, will have very limited resources and capabilities in their hands.”
Angel cites new technology adaptation during the pandemic crisis as a more immediate threat. The pressure and rush to use products such as Zoom means making security compromises, whether they be from the users to the developers to everything in between. Opportunistic cybercrime groups are taking advantage of these vulnerabilities, and Angel expects to see new waves of attacks that pray on these weaknesses. The biggest tool to defend against these types of attacks are ongoing education and awareness.
Coming from the Israeli military in particular, Angel expertly acts under pressure. He can process a lot of data in a short period of time, make rapid decisions, execute fast, and learn and improve on the fly. This skillset is valuable to a business corporation in cyber security, as successfully managing breaches and vulnerabilities depend on these attributes.
Ariel believes that 8200 can learn from corporate America as well. “I've always admired the ability of the corporate America as well as American large organizations in general to design, plan and implement large scale changes in projects based on structure and methodology etc.” Still, Ariel knows the public sector has a long way to go.
“One of the biggest surprises for me when I left the army and started this new journey in cyber the security industry was how segregated the industry is, not only in terms of infinite number of niche solutions to problems, but also in the lack of communication, dialogue and exchange of knowledge. For example, I was amazed to realize that in many organizations there is a separation by design between people who deal with the reactive cybersecurity, the IR, and the people who deal with the proactive cybersecurity. To me, it is really frustrating, since I can see the huge value that there is in bringing these two perspectives to the same room.”
Ariel believes the best way to keep an organization safe from cyber threats is to fund the entire cyber security ecosystem, war game, and effectively manage crises as they happen. While a lot of emphasis is put on prevention, Ariel believes that breaches are inevitable, and investing only in prevention is a missed opportunity.
Starting a business is hard enough as it is, but cyber security issues add to the struggle. Angel suggests that every company hire experts to help close the knowledge gap, invest in education to raise cyber security awareness company-wide, and practice, practice, practice. “Conduct drills and exercises to identify gaps and build improvement plans and then implement the plans obviously.”
As for the cyber security industry itself, startups in the industry struggle with talent acquisition, a go-to-market strategy, and endurance and agility. What makes Mitiga so successful? “on the one hand, we are bringing constant value to clients from the very beginning and are addressing real needs, and on the other hand, we are constantly investing efforts into building capabilities and technologies that will scale up and automate the services that we're providing.”
Angel closes by encouraging anyone interested in the cyber security arena not to hesitate. There are a lot of career opportunities in the field right now. With a little luck and the willingness to spot and embrace opportunity, a fruitful career in cyber security awaits.
To listen to the full convesation and past episodes, click here.