Lessons Learned: Q&A with Security Leader Jeff Kohrman, Founder of eCISO

I recently sat down for a Q&A session with Jeff Kohrman, Founder and Strategic Advisor at eCISO. eCISO is a boutique cybersecurity consulting firm that provides remote security services like leadership mentoring to strengthen security teams and remote security leadership to help companies define their security strategies. Before Jeff started eCISO, he was the Global Head of Security at HashiCorp. He and I spoke about some of his latest successes (and struggles) when it comes to leading security teams and securing cloud email. Here’s what he had to say.

First, tell us more about yourself and your background.

I’m the CEO at eCISO. I help growth-stage companies, venture capital firms, and the humans who support them build mature, sustainable security programs. Before eCISO, I led security and privacy for startup unicorns at large, globally-distributed organizations. Each company had their own unique twist, but they all had one thing in common that they needed to figure out how to properly scale security.

What are some of the security challenges that you’ve recently faced?

I most recently managed global cybersecurity at a high-profile organization that works with Fortune 500 and Fortune 10 companies. Since the organization worked with such high-profile companies, we adopted some of their additional risk. As a result, we frequently saw the same types of attacks that these huge, 80,000+ employee companies and multi-billion-dollar enterprises were struggling to address.

As their cybersecurity leader, I needed to understand the risks and focus on what matters most. Many times, cybersecurity programs focus on the wrong things and therefore investments are skewed. Programs usually center around what cybersecurity vendors are trying to push–making program managers invest in managing the wrong risks–risks that shouldn’t necessarily be top priority. My priority, first and foremost, was to protect my company’s people and the vast amount of information and data they’re exposed to and manage daily. One of the most important things we can do, at any company, is reassure our customers that protecting their information is paramount. We’ve earned their trust, so we need to be responsible and preserve that by being their advocate.

How does email security usually fit into your overall strategy?

I think email security should be one of your pillars. As companies grow, they typically see a massive uptick in the number of emails processed daily. For example, at my most recent gig we rapidly grew from receiving and processing five million emails a month to five hundred million.

Finding the right approach to managing and securing email can be a challenge. You don’t want a tool that enforces obnoxious or cumbersome processes on employees, and you also don’t want a solution that hides information or infringes on privacy.

When securing cloud email, how important is privacy?

Well, when looking at email security solutions, you need a solution that can say yes, this message is legit, the sender is expected, and there’s an existing relationship. But, how do you build patterns around whether a message is an appropriate conversation without having engineers look at the content of those emails? You need to respect privacy.

When I previously tackled this problem at HashiCorp, this was one of our biggest challenges–to find a solution that gave us the ability to investigate the indicators of attack in an email thread without compromising the privacy of our people.

Through our search for the right email security solution, we found that so few vendors respect privacy. Today, so many vendors are still taking the “big brother” approach—granting dogmatic and authoritative controls over everything. But I think we need to trust our people and give them the accountability they need to do their jobs. We hire smart people to solve hard problems. Everyone has a responsibility and a part to play in security, in protecting our information and our customers.

At the time, it became obvious to us that GreatHorn would be a close strategic partner. We ended up building our security awareness training program around the core components that GreatHorn provides like proactive alerts and the ability to build out those alerts to educate people with every email. With GreatHorn, everyone understands their role, their responsibility, and the level of risk associated with each email message.

How has GreatHorn changed the way you approach security awareness training?

At my previous company, all our teams understood that security was a priority. But GreatHorn boosted our ability to educate and influence our already-savvy employees.

With GreatHorn, we helped our employees better understand the more targeted, spear phishing attacks. We kept our employees aware of the types of threats we (the security team) we’re seeing and educated them through examples that we pulled from the GreatHorn platform or that they saw in their own inboxes.

How would you compare your email remediation process before GreatHorn and then with GreatHorn?

Before GreatHorn, we had to use our email provider’s API to manually drudge email attacks. Or we had to build custom scripts to intercept messages. We had an incident early on in our implementation with GreatHorn. We were able to quickly jump in, see who received the attack, who opened it, and redacted all the content from affected inboxes before anyone actually noticed. We were able to use GreatHorn to do all of that in a fraction of the time it would have taken us previously. It was a beautiful thing and that’s when I realized that GreatHorn isn’t just an email security tool, it’s an email remediation tool as well. From there, I was able to get our security engineers, analysts, and IT team on the platform so they could also help respond to and swiftly solve these incidents.

The ability to execute quickly (in a single browser window) and see all the malicious messages has been a huge win. We’ve gone from an initial turnaround time of detecting and responding to business email compromise within 48 hours, at best, to having instant alerts on our phones and desktops, able to catch these events as they happen in real time. In a recent example, we were able to mitigate a BEC attack within five minutes. Yes. Five minutes. We couldn’t have done that without GreatHorn.

Would you recommend GreatHorn to your peers?

I would absolutely recommend GreatHorn! To the smallest of security shops to large enterprises. No matter the size of your team, GreatHorn is scalable. GreatHorn is the right choice. The right investment. GreatHorn protects your employees and your partners. They give you confidence that your business, your people, and your communications are safe. If you want a tool that you don’t have to babysit, GreatHorn’s an obvious choice. You don’t have to dedicate a team of engineers to it. It’s great (and super rare) to see that there are security vendors out there who legitimately care about their customers.

With GreatHorn, my team and I were able to support the company’s overall mission of protecting our employees, our customers, and their information.

Ready for a demo?

Schedule a personalized demo, and we'll show you:

  • Advanced analysis that identifies even the most sophisticated threats
  • In-the-moment warnings to educate employees
  • Robust search and remediation to reduce exposure time
  • Account takeover protection

...and a 5-minute deployment to get you up and running fast.