Black Hat: The Importance of Collaboration With Digital Hands’ Charlotte Baker

Shira Rubinoff: This is Shira Rubinoff here at Black Hat, coming at you live. I’m here with Charlotte Baker, CEO of Digital Hands.

Charlotte, it’s such a pleasure to see you again.

Charlotte Baker: It’s so nice to see you. Thanks for having me for this conversation.

Shira Rubinoff: My pleasure, Charlotte. Can you please introduce yourself to our audience? Tell them who you are. And besides being CEO, what you do for Digital Hands?

Charlotte Baker: Well, my name is Charlotte Baker. I’m the co-founder and CEO of Digital Hands, and I love service design in the cybersecurity industry, and have run this company for about two decades.

Claroty

Shira Rubinoff: Amazing. So, let’s dive deeper into that. Please tell us about Digital Hands, the journey of Digital Hands, how long you’ve been around, and the most important things we should know, really, about your company.

Charlotte Baker: Well, as I mentioned, two decades, we’re one of the oldest in the industry.

Shira Rubinoff: Amazing.

Charlotte Baker: And we were started 45 days after September the 11th. Not the best time to start a company. For a couple of years, we couldn’t give it away. In the early days, we private labeled for large organizations, and that was at a time when cybersecurity was really a component of IT. And so, back then, it was all about software, hardware platforms, keeping them up and running and available for work. So, it was about performance and availability. And over time, the industry has morphed and we morphed along with it.

Shira Rubinoff: Excellent. What specifically does Digital Hands do and who are some of your clients who would need to utilize Digital Hands?

Charlotte Baker: The space that we occupy, I guess, you would say, is the MSSP space. But truly, the space that we occupy in the hearts and the minds of our customers is really around effectively staffing for detection and response and remediation. So, we solved the labor problem. And in doing so, we focus on large enterprises. Typically, we had been with large enterprises due to our channel partner and private label partnerships. And over time, we have found the ways through technology, to be able to scale, in order to capture market share in the areas where customers may be earlier on in their journey than the larger organizations.

And so, over time, you think about, who needs us and why? It’s people who care about their data. We have a fundamental belief around, organizations have the right to operate their businesses and their enterprises without the fear of extortion, theft, and brand damage. And so, we are the specialists that do that. We go deep and bring the skillset to the table, to help in a market where labor is very scanned. I think the last stat I saw, there was something like 3.4 million worldwide and about 700,000 in North America alone of jobs that are going unfilled. And so, we hit that space and we’ve always been in the services industry.

Shira Rubinoff: Oh, that’s very important. They say that there’s a lack of talent in order to fill jobs that are needed. But then, we talk about very mature companies and companies that may not be as mature, the different levels of companies and their growth and size and wherever that may be. And the larger companies or the more mature companies would feel, “Yes, we’re targets.” But maybe the less mature companies may feel, “Well, you know what? There’s bigger fish to fry.” What do we really need around this? How do we really need to protect ourselves, where there’s better companies to target? What would you say to somebody who would say that to you?

Charlotte Baker: Everyone’s a target.

Shira Rubinoff: Yes.

Charlotte Baker: Absolutely, everyone is a target. Some of the smaller companies, especially in the supply chain for the federal government or for larger organizations are targets, as back doors. Everyone is a target, but everyone does have a different stage of their maturity and understanding. Some companies want to check boxes for compliancy, and they think that cyber’s kind of a side benefit to that. Others are full-blown into it, understanding where the attacks are coming from.

I think it’s interesting that, originally, when we started the company, we were doing private label deals with some of the largest brands in the cyber tech industry. Then, we morphed to work for some of the SIs, and we would always get the very difficult cases. And I would laugh and say, “We can do the easy stuff too, but we would get the weird stuff, trying to make-“

Shira Rubinoff: Explain some of the weird stuff.

Charlotte Baker: Weird stuff would be trying to make some of the newest technologies work. And so, our sustainable competitive advantage has always been taking a look at the newer technologies and putting a service wrapper around it. And that would solve the problem both for the people that we private labeled for, that didn’t want to spin up a group to support the new technology, as well as the customers that were buying the new technology that said, “I don’t have the staff that’s trained for this.”

And so, some of the more esoteric brands have actually already been morphed and bought by other larger brands. But usually, it was a first to market advantage with the newer technology with some of the first and early adopters of those technologies.

Over time, I would say that, we still do some of the esoteric stuff, some of the custom and bespoke service design for large organizations. But because we’ve honed ourselves over two decades on that particular sector, we’ve been able to take some of the lessons and some of the shortcuts and some of the systems, and scale them to the point where if an organization is earlier on in their maturity cycle, we have prescriptive packages. So, regardless of size, the larger ones will come to us for bespoke operations and integrations, completely integrating our back office with theirs, so that we’re a very visible extension to them. Others will come and say, “I’m a new CISO” or “I’m a new director of security”, and we’re starting over again, and we will come to them with a prescribed package that says, here is the minimum required to play, and start them off on a cyber journey that, over time, morphs and increases in its prowess, based on budget.

Shira Rubinoff: I think that is such a critical element that you’re filling. Certainly, the less mature companies are able to really know where to start, and start off right, and not pushing it to the side and saying, “We really don’t need this”, but they can grow with you. They can grow in their cyber posture within their organizations, and their security could grow along with it if they incept it from the beginning. And there’s never a late time to start, right? Anyone can come at any time?

Charlotte Baker: Anyone can come at any time. And in fact, the one philosophy that we have is, one size fits one. There is no such thing as one size fits all. And so, one of the things we bring to the table is the expertise and the skillset to run operations teams, to deal with whatever legacy devices and whatever legacy infrastructure you bring to us.

And so, we do have our favorite picks for, if you’re going to let us subscribe to which technologies to use, we do have our favorites that we’ve honed and we’ve integrated for very fast orchestration and response. But we can take, we call it WITO, W-I-T-O, walk in, takeover, and that allows people to bring their legacy, not rip and replace, and to integrate with some of the newer technologies.

The concept of some of the newer entrance into the space is that they standardize, they let the equipment, they let the software do the work, and then they’re wed to that particular set. We are the ones that would come in and say, “Okay. Even as a smaller organization, what is the bespoke offering that we need to integrate? What do we need to integrate into our systems and into our solutions?” And all of these cells are custom scopes of work, regardless of the size of the organization.

Shira Rubinoff: Well, let’s say an organization has some legacy systems and they want to migrate out into newer solutions as well. Is that something you could help them with and keep that cyber stuff that they need around it and wrapped around it, ongoing, while this situation is occurring?

Charlotte Baker: Yes. In fact, some organizations, some Fortune big ones, have used us exactly for that purpose. They have known that they wanted to migrate. They have known that they wanted, for example, a three-year contract, and then they would take it over in house. And so, we look like a transition team in those cases. And then, they bring us back in, periodically, to assist.

And so, the flexibility, I would say, is one of the superpowers that we have. And it’s afforded by, again, two decades of doing this very mature systems. We have twice the tenure of our employees as the rest of the industry, and have quite the creative expertise. We actually have a room called, What Works? We’ve had it since 2001, and no matter where we’ve moved the What Works room is where you go in, and you take off your functional hats and your whiteboard, and you figure out what works for a particular customer. And it results in some pretty industry winning strategies that get us awards.

Shira Rubinoff: Well, it sounds like you hit the nail on the head in one of the areas, as well as the digital transformation across the organization. From the C-level perspective, you’re talking about operations, ongoing, continuous. You can’t really slow down. Then, the CISO, the CIO saying, updated security and patching and whatever’s going on. But how do those go hand in hand when they need to be incentivized the same way? And it sounds like you really provide that service around it to keep operations going, to keep it secure all at once. And that, I think, is something that organizations could look at when they’re trying to implement the digital transformation across the organization, and have the different folks work hand in hand together, because people aren’t siloed anymore. Different types of roles are not siloed and cannot be, in order to have a secure atmosphere within the organization. So, I think that’s just an extra layer of something you provide, without even saying so, it’s something very much needed.

Charlotte Baker: That’s very true. And organizations are morphing at very fast rates. And the days are gone where you would have a three-year contract and say, “This is what we’re in and this is only what we’re doing.”

Shira Rubinoff: Yeah.

Charlotte Baker: I think the most successful partners to organizations and CISOs are the ones that say, “Okay, here’s where you are today. What you’re going to need is going to change over 36 months. And let’s plan for that now.” Hit the milestones, make the changes. And the prices are not on a nickel and dime basis of, that’s an hourly rate, this is an hourly rate. You look at the partnership, you say, “This is how we’re in it with you to win.” And you help them through the transition. And instead of dealing with multiple contracts and a termination fees and things like that, it’s a contract for the digital transformation and for the security maturity journey, and you’re in it with your customers.

Shira Rubinoff: Wow, that’s so important. And I think you really hit the nail on the head of many different areas when it evolves to this specific space.

So, if you could talk to our audience for a moment and say, here we are, Digital Hands, this is why you need us. What would you say, in a concise way, to our audience, they could really understand from everything you said, why they need to look at Digital Hands and see that they need to implement your solution?

Charlotte Baker: I think looking at Digital Hands is all about saying, “I need something different than what’s in the marketplace today. I don’t want to be sold to. There’s too much technology chasing the dollars, I need to maximize my return on my security investment. And I’d like to look to Digital Hands in order to help me look at that strategy.”

We’re not just there to sell services. We don’t have a resell arm. We don’t have a vested interest in selling you software or hardware. And I think, as true partners, we bring that business solution to the table where we say, “Maximum return on your security dollar and what’s not needed, and where are the highest priorities for you”, with no ax to grind as to what the manufacturer or what the solution is, or whether or not you keep your solutions or you buy new infrastructure.

Shira Rubinoff: Certainly. And I love what you said, there’s no one size fits all. A lot of different solutions out there, it’s, “You got to fit our profile in order to use us”, and you really understand the marketplace and understand companies from less mature to more mature. They have different needs, different budgets, and different ways that they also want to face their global audience, but also internally. So, I think that’s very critical as well.

So, anything you want to let our audience know or leave our audience with around the cybersecurity world, as a whole? You’ve come from a wealth of knowledge, your career is so impressive, and you’ve really made a mark in the space of cybersecurity. Is there anything you want to leave our audience with today?

Charlotte Baker: I think we’ve covered most of it in this introductory conversation. And I really appreciate your time, and looking forward to more conversations in the future.

Shira Rubinoff: Thank you, Charlotte, and it’s my absolute pleasure, and I look forward to speaking to you again soon.

And folks at Black Hat, we will continue streaming live shortly. We’ll be back with more interviews. Thank you.

Avatar photo

Shira Rubinoff

Shira Rubinoff is a recognized Cybersecurity executive, and Cybersecurity & Blockchain Advisor, Speaker & Influencer, who has built two Cybersecurity product companies, and led multiple women-in-technology efforts. She currently serves as President of NYC tech Incubator, Prime Tech Partners & social-media-security firm, SecureMySocial as well as on the Boards of the Executive Women’s Forum for Information Security, Leading Women in Technology, Blockchain company, Mainframe, AI company, TrueConnect , AI company, Pypestream, and Crypto company, Castillo Networks.

shira-rubinoff has 8 posts and counting.See all posts by shira-rubinoff

Application Security Check Up