BlackFog, a leader in on-device data privacy, data security and ransomware prevention, today announced it has expanded its leadership team by adding David Schnurstein as Director of Threat Intelligence. This new role will support the company as it enters a new period of increased momentum and growth.
We spoke with David to learn more about his time in law enforcement and how his skillset transfers to his new role.
What are you most excited for in your new role?
The opportunity to help organizations protect themselves and their customers from the ever evolving and expanding cybersecurity threats we all face. BlackFog’s approach to cybersecurity is truly revolutionary and the vCISO offering in particular is much needed in the market, particularly for SMBs. While working in the government sector last year, I was fortunate to spend some time within private enterprise. This experience really opened my eyes to the need for better support when it comes to cybersecurity and protection from threats such as ransomware.
What skills are you bringing from law enforcement to the position? What skills do you feel transition really well into an in-house CISO role?
I spent the first 15 years of my career working on keeping people and property safe while serving as a Patrol Officer, Tactical Team Member, Detective and then later, a Supervisor and Commander in operations. During the last 10 years of my career I was the Commander of Records & Technology as well as working in our PSAP (public safety answering point - 911 center) for the final two years. In many ways I wore the hats of Chief Privacy Officer and Chief Security Officer during this time as I had responsibility for ensuring all Criminal Justice information was stored, transmitted and accessed in compliance with CJIS policies. My skills in forensics and investigations along with network Security, data security, and physical security of infrastructure will directly translate to the private sector.
What has your time in law enforcement taught you about the threat landscape?
The criminal will always adapt and the threat landscape is never static. Ultimately the "bad actors" in cyber are nothing more than criminals. They act like water and tend to follow the path of least resistance. If it's too hard, they will move on to the next target. It’s critical to continually adapt as they adjust tactics.
For other people in law enforcement looking to go over to the vendor side of cybersecurity, what advice would you give them?
The transition is possible for anyone who has a background in forensics and investigations and an interest in cybersecurity. Many of the principles of crime prevention through environmental design also apply to cybersecurity. Basically, the harder you make it for the cybercriminal to be successful, the more likely they will give up or move on. Knowing how to investigate an incident directly translates to how to investigate a cyberattack or breach.