AiThority Interview with Jack Mannino, CEO at nVisium, a Herndon, Virginia-Based Application Security Provider

Hi Jack. Please tell us about your journey in technology and how you started at nVisium.

I was always interested in technology as a teenager but began my career professionally in IT security while enlisted in the United States Navy on the USS Enterprise (CVN-65). My love for programming began while I was performing mundane Security and Administration tasks. I picked up programming to automate the parts of my job that bored me, so I could work on more meaningful and interesting things.

The skills I developed in the military and through self-education were valuable and helped me launch my broader career. After I departed the Navy, I worked at several jobs doing a mix of Security Testing and Software Development. I realized that my ideal job would combine my love for developing software with my passion for digging deep into security.

nVisium started in 2009, in my basement. My wife convinced me to get the ball rolling with organizing the company and we each took on responsibilities to get started. She handled all back-office aspects, and I built our technical solutions and practice delivery. Thankfully my wife is incredibly organized and has great attention to detail, so her role gave me the ability to land our first major clients by being the external face of the company. We did not take investor capital out of the gate, and we were fortunate to grow our business over the past decade. nVisium got started out of love for security and succeeded because of a lot of hard work by incredibly passionate, talented people.

Tell us more about the team you work with? What kind of skills and abilities does one need to be part of your technical team? 

I work with a team comprised of talented, humble individuals who continuously strive to be their very best at everything they do. We are headquartered in Northern Virginia, with a local workforce as well as employees distributed around the US, in every time zone. We are a remote-first organization, where we empower our team to be productive regardless of their location.

When we interview potential candidates, we look for a mix of technical abilities and intangible skills. We understand that everyone has something valuable to bring to the table, regardless of their years of experience. Our team is made up of Security Engineers and Software Developers, with their own respective areas of domain expertise. The ability to write your own tools to construct new attack techniques or to automate an impossible task is important in our line of work. There has been debate over the years about how important it is for security teams to be able to code. As we’re moving towards Infrastructure-as-Code and Security-as-Code models, being able to code in security has never been more important.

Having an unsatisfiable curiosity for technology is important to be successful on our team. We are privileged to work with some of the largest and most innovative software engineering shops on the planet, and they are continuously pushing the boundaries of technology. We have to keep up with the ever-changing security and technology landscape in order to deliver the best services and software possible.

Read More: AiThority Interview with Gary Ogasawara, CTO at Cloudian

nVisium is among the first unique IoT and Cloud security and assessment companies in the world. How have these technologies evolved in the last 2-3 years, especially with the coming of AI, ML and Blockchain?

With the increase in Edge Computing and distributed Sensor Networks, Cloud infrastructure and Edge devices are an increasingly attractive target. Edge Computing requires a Hybrid Cloud approach, where the Edge devices and Cloud services must establish trust at each layer. Whether your goal is business disruption, stealing sensitive data, or establishing command and control, edge device and Cloud infrastructure resources are prized assets to compromise.

The Cloud is becoming increasingly complex, as many teams operate in Multi-Cloud environments targeting different compute types (Virtual machines, Containers, and serverless Functions). We are seeing a drastic shift in the development methods and software stacks leveraging Cloud-native capabilities, requiring organizations to adapt and retool for the future.

Is AI and Cybersecurity a safe and controllable confluence to deal with? How can the smaller businesses jump into this whole gig economy of AI+ Cybersecurity? 

Developing and training AI systems for security will be critical to covering as much ground as we must, but we certainly need to be realistic with where the technologies themselves are today in terms of maturity.

Over time, increasingly complex and sophisticated automation will be possible as our systems become more intelligent.

We hear a lot about AIOps and its role in transforming IT and Cloud Services. What opportunities and challenges do you work with on a daily basis?

Artificial Intelligence (AI) and Automation offer many opportunities in security, to complement the work humans are doing today. Humans excel at tasks in different ways than computers do, so it’s important to tap into the value that each provides.

Leveraging the best of what each provides is important for building a sustainable approach to security, where Analysts and Engineers are often buried in alerts and technical debt. AI will help us maximize efficiency by reducing the mundane tasks required to run a successful security initiative.

Your platforms leverage almost every programming language – Java, .NET, NodeJS, AngularJS, Ruby, Python, Scala, iOS, Android, AWS, Azure and more. Which language, according to you, has proved to be the game-changer in your industry? Please tell us why and how?

We support many of the most popular programming languages and frameworks across our secure development platform. Python and Scala are excellent programming languages for Data Scientists, with strong support for Machine Learning and distributed Computing tools.

Code written in Rust and Go are less vulnerable to many classes of vulnerabilities such as memory corruption issues, that have plagued software for decades. Over time as more native C and C++ packages and libraries are rewritten using Rust and Go, we’ll likely see a significant decrease in exploitable vulnerabilities in software.

Big data, Mobility and IoT/Connected devices— these have opened up a whole new level of cybersecurity layers that need to be addressed immediately. How does nVisium help safeguard applications for businesses in these industries?

nVisium empowers organizations to eliminate application and Cloud security vulnerabilities before cyber threats exploit them with proven in-depth security assessments, remediation, and training programs.

Our experienced team of security-savvy developers guide organizations to build best practices with high ROI into their engineering and development lifecycles through services, software solutions and R&D unique to business operations and compliance initiatives.

Read More: AiThority Interview with Gian LaVecchia, SVP Brand Partnerships at DoubleVerify

What kind of governance policies are we looking at to tackle issues with data thefts, frauds and identity stealing? How can Blockchain governance and forensics prevent these? 

Blockchain is a promising technology that has a significant number of potential use cases, but it does not solve every problem in security, unfortunately. Developers write software intended to leverage Blockchain and distributed ledger technologies while continuing to introduce vulnerabilities and flaws into software.

As we’ve seen at nVisium, some of the more interesting and novel Blockchain security issues are developer-induced.

As more and more business groups join the digital transformation revolution, Data Breach incidents are only going to increase. Which businesses are more likely to fall victim to such risks in the modern digital era?

While many organizations have been in the Cloud for a while, many are still making the transformation and are attempting to replicate security controls they’ve developed internally within a new architecture.

While the Cloud providers certainly do a lot to provide strong security, many security controls are still up to you to implement, and as organizations migrate, they tend to pile up a lot of new security debt and potentially introduce critical flaws and vulnerabilities into their environment. Businesses vulnerable to causing disruption in the physical world are at increasing risk, as we live in an increasingly connected world.

How can such businesses prepare against app-focused cyber risks and data breach?

Businesses can prepare themselves by investing in security throughout the software development lifecycle. Secure development requires a cultural mindset that enables collaboration between the security and development teams.

Developers and Engineers must have a firm grasp of security concepts, reducing the volume of security defects introduced through code or configuration. Security teams must help with security testing, monitoring, and defending systems from attack through hardening and defensive techniques.

Thank you, Jack! That was fun and hope to see you back on AiThority soon.