Shifting Gears in Cybersecurity: From CISO to COO with Gus Anagnos, Cyber Defense Group

In this interview with Gus Anagnos, COO of Cyber Defense Group, we delve into the career shift from a technical role as CISO at USC to a strategic business role at Cyber Defense Group. We also explore the motivations behind the transition, the unique challenges faced by enterprises in cybersecurity, and the strategies Cyber Defense Group employs to address these issues efficiently and cost-effectively. We also chat about insights into the evolving landscape of cybersecurity and the proactive measures businesses need to adopt in 2024.

Before joining Cyber Defense Group as COO, you served as CISO for USC. What drove the decision to move from a technical security role to a more strategic business role for a security firm? 

The primary reason for the transition to Cyber Defense Group revolved around the frustration I experienced due to the consistently poor quality of service and the excessively high costs associated with engaging security consulting services firms. It appeared that at every juncture, I encountered Statements of Work (SOWs) with exorbitant price tags for minimal work, often exceeding $1 million for just 6 weeks of service. This situation prompted my eagerness to align myself with a company that prioritized delivering top-notch security services at affordable rates on a larger scale so that I could be a part of the top level – where we are creating a solution rather than extra red tape and headaches.

Cyber Defense Group is best known for offering bespoke (and comprehensive) security teams and strategies to SMEs, but they are now moving into the enterprise space. Why do larger companies need this type of support?

Given the continuously evolving and increasingly sophisticated nature of security threats, businesses of all scales must persist in fortifying their security posture to remain viable and competitive. Drawing from my extensive professional background, primarily with large-scale enterprises, I've encountered a substantial need for security consulting services and staff augmentation at every organization I've engaged with.

A primary challenge that enterprises face today is that they have vast and complicated environments with large data sets that continue to proliferate, requiring substantial external support and skills to secure those assets and business operations. Furthermore, if you add in a deficit of cybersecurity expertise in the marketplace, an ever-changing regulatory compliance landscape, and overall budget cuts/tightening, you have a recipe for disaster. 

Due to recent increases in security spend over the years, enterprises are now looking for more cost effective ways to manage their security risk. Fueled by executives and boards asking for ROI on all security spend, businesses need to  prioritize their resources and efforts. 

Cyber Defense Group, a full service consultancy, answers the challenge SMEs and enterprises face by providing the people and processes necessary for robust cybersecurity strategies at a fraction of the cost of FTEs or larger consultancy, using an outcomes based approach to security that doesn’t compromise on quality. This makes the ROI not only clear, but favorable. 

Cyber Defense Group, a full-service consultancy, addresses the cybersecurity challenges encountered by the Mid Market and Enterprises. We stand apart by combining strategic consulting with operational cybersecurity support, to deliver expert-led, outcome-focused services at fixed, predictable costs (at a fraction of the cost of larger consultancies and a full-time hire). We don’t compromise on quality, this not only clarifies the ROI but also makes it advantageous.

As a CISO, did you witness the cybersecurity skills shortage firsthand, and if so, what were the impacts?

The cybersecurity skills gap is a pressing issue. Despite a surplus of security practitioners seeking jobs, there is still a shortage of the specific skills needed. While recent industry layoffs have slightly eased this gap, it remains insufficient to make a substantial difference. Consequently, organizations are overspending on pricey consultancies with minimal returns on investment.

What are your top two pieces of advice for cybersecurity teams in 2024?

First, emphasize tackling tasks that mitigate the highest risks. Concentrate on the essentials. Employ security risk management principles when making strategic decisions at the enterprise level.

Second, enhance your comprehension of the businesses you support by prioritizing engagement with their strategies and desired outcomes.

What do you hope to accomplish in the next year at Cyber Defense Group?

My goal is simple, to help secure the future by enabling businesses to expand and innovate securely. As well as become the leader / preferred provider of best-in-class security consulting services to the mid-market and enterprises. Embracing cutting-edge cybersecurity strategies and technologies positions us at the forefront. I have full confidence in our business model and trajectory.