Wayne Lewandowski on Building Out Vormetric’s Federal Practice, Protecting Data Rather than Perimeters, and the Role of Collaboration in Cybersecurity

Lewandowski has spent more-than-20-years working in the federal market with emerging integrators and technology companies, most recently helping establish virtualization and storage consulting company Plan B Government Systems‘ federal market presence.

He recently caught up with ExecutiveBiz to discuss where he sees Vormetric differentiating itself with public sector customers, why securing network perimeters is not a reliable cybersecurity strategy, and the advantages of securing an organization’s data through a layered approach.

ExecutiveBiz: When did you join Vormetric and what attracted you to the firm?

Wayne Lewandowski: I joined Vormetric in January of 2013 and what attracted me the most was Vormetric’s positioning to lead within the U.S. federal market to protect the critical data assets of our government.

We have all seen changes to budget prioritization, and consolidation, as well as the future of IT spending within the market. There are only a few bright spots, and cyber is certainly one of them.

Vormetric is well positioned to lead in the federal space, mainly due to the broad use cases supported for cloud, big data, and insider threats, in protecting the data, not the perimeter of the network. Vormetric’s effectiveness in these areas has been well validated by customers that we’ve developed in the intelligence community, Department of Defense, and civilian agencies.

We have also gained an enviable list of commercial clients both domestically and internationally now exceeding more than 1,300 organizations.

ExecutiveBiz: What have been some of the main items on your agenda in building out the federal practice?

Wayne Lewandowski: There are several major objectives I have been focused on this past year.

Vormetric has the benefit of having a very deep and meaningful relationship with several large customers. The IC is a strategic customer, along with key civilian and DoD clients. That being said, the Vormetric federal practice was still in its infancy when I came on board.

A couple of priorities I had in coming in included localizing our marketing message for federal customers and building out a trusted network of channel and technology partners.  My goal was to not only build through our ecosystem of value added resellers, but also by technology vendors that are further enabled by securing data at rest.

This includes; storage providers, big data, and cloud vendors.  As we established this momentum, the next phase was building out systems engineering specific to federal, as well as a larger sales force to help drive demand and awareness of our capability.

We have been fortunate in a very competitive market, to find exceptional talent to join our team both internally as well as in our channel/partner ecosystem.

ExecutiveBiz: How do you apply in your current job the experience you gained from helping establish an organization in the federal space prior to joining Vormetric?

Wayne Lewandowski: The most recent challenge that I completed was with a SDVOSB in MD, which primarily focused on virtualization consulting.

This along with other similar opportunities in my career have given me the experience to build a government practice, brand, localized messaging, as well as a market strategy through direct/indirect sales organizations.

It’s very similar to what I’ve done with Vormetric – I identified key messages and unique value propositions that directly resonated in the federal marketplace, and then executed on building the business.

During my tenure at my most recent company, we applied this methodology and went from effectively a zero revenue base in federal to being number 11 on the Fast 50 in Washington D.C. by our second year.

ExecutiveBiz: What advice do you have for businesses looking to enter the federal space?

Wayne Lewandowski: Companies entering the federal space have a real challenge in front of them. Customers have shrinking budgets, and have high levels of concern because of those IT cuts.

Every dollar they spend has to be allocated to solutions that are critical to their success. Crucial for emerging technology vendors is to have very clear messaging about how they will directly benefit federal customers.

Largely, this means creating process efficiencies and driving a true ROI.

Messaging cannot be a slight modification to a commercial execution. It’s really critical that messaging is localized to the federal space.  Messaging may even need several versions, each tuned to the differing communities – the intelligence community, civilian agencies, and the Department of Defense.

That’s really key to get that messaging on target, as is hiring seasoned professionals that understand not only the market, but have a strong presence and trusted relationships with key customers, and partners in each segment of the space.

ExecutiveBiz: What are some areas that firms like Vormetric and agencies can better collaborate in the area of data security?

Wayne Lewandowski: It’s such an important element to how we move forward, because the paradigm in security today is that, if we defend the perimeter, we will be assured of success. Almost every week you’ll see another breach where that has been proven to be a fallacy.

The most publicized over the last 12 months is the incident that happened with Ed Snowden at the NSA. Here’s a privileged user that had unfettered access to data, and he chose to exfiltrate that content.

Similarly, Bradley Manning was a trusted user with access to data and also exfiltrated sensitive data on portable media.   Once a trusted user (or one posing as one) has access to your data, breach risk increases dramatically.

When you look at these cases as well as external threats that have breached our network perimeters, we need to realize that security must be looked at from other aspects of the environment, meaning, that the protection point has to be attached to the data, not just the perimeter.

This goes along with monitoring and isolating data access from trusted insiders (i.e. root and sys admin) that have traditionally had access to data so that this threat vector is virtually eliminated.  The outside threat is just as critical, because realistically, it’s very much the same.

Successful attacks on data have leveraged valid user credentials – and privileged user credentials are preferred due to the data access they provide.

When you look at cyber threats and the forensics that have been analyzed on a global basis, you’ll notice that the credentials of a privileged user are used 90 percent of the time in breaches. So, government and industry have to examine and challenge the thought process of where we’ve looked at security and IT up to this point. It has to change.

Organizations need to adjust to the realities of these changes, alter the mix of the solutions they use and create a layered approach to protecting data based on the type and sensitivity of the information, the organization’s mission and the unique risks they face as result of their operations and infrastructure.

Government as well as industry, need to collaborate on creating new methods of responding to the changing landscape of threats and attacks, and apply protection that will be most effective in preventing data breaches. This collaboration needs to be proactive in nature – or risk falling behind the pace and innovation that adversaries are leveraging to attack our critical information assets.