CDSA

What do you get when you mix broad business savvy with a sophisticated understanding of today’s threat actors? Denver-based boutique cybersecurity firm Digital Silence, who, in just five years of work, have amassed a client base of 125-plus companies, and has completed more than 300 cybersecurity projects.

JT Gaietto, Chief Security Officer with Digital Silence, spoke with MESA about the entertainment industry services his company provides, how the shift to work-from-home changed the approach to cybersecurity, and how looking into new ways to attack embedded devices helps for better defense.

MESA: What was the impetus for Digital Silence, how did the company first come about in 2017?

Gaietto: Digital Silence was founded with the focus on doing cybersecurity “right.” By creating a boutique cybersecurity firm, focused on going deeper and operating more strategically for our customers we were able to build a team filled with industry leaders with years of experience, but we were also able to provide better value to our customers when compared to the larger consulting companies.

MESA: From Red Team, application and other testing services to ransomware assessments, threat intel and other response services, Digital Silence’s cybersecurity services run the gamut. What does the company do that especially stands out, what would you say you’re most proud of?

Gaietto: There are two services we offer the entertainment Industry that really standout above others in the space. First, our Penetration Testing Services, we do more than just border and infrastructure testing. Our team does embedded device (IoT/OTT) testing, usually with pre-release devices and gaming platforms. We also do quality work on Web/Mobile Application testing, this is deeply important in both gaming and digital streaming platforms where content and consumer payment details are handled.

The second is our Onsite Production Security services. This service is used by production groups usually as part of a shoot or short-term production. We deploy our teams onsite, to validate site security and technology contractors have implemented the security controls needed to secure the set. In addition, through our OSINT/Threat Intel group we can monitor for production leaks identifying everything from security breaches to infrastructure issues before the rest of the director’s team is aware. This enables production teams to ensure they are getting done on-time, on-budget, securely.

Lastly, it’s worth mentioning that we were recently recognized at RSA this past month as a Global Infosec Awards market leader for our Ransomware Assessment service.

MESA: How has this shift to work-from-home changed the approach to cybersecurity, what are the biggest threats now, and how do you suggest clients address them?

Gaietto: Migration to cloud and remote work workflows enable a more robust experience for the creative teams our clients support, we want to protect that work. More specifically, we must ensure that the remote VPN and other traditional infrastructure solutions studios use are properly secured, but the various API integration points between internal platforms, cloud platforms, and third-party vendors are even more important now. Prior to the pandemic many of our customers were able to “air-gap” production networks something that simply isn’t supportable or scalable in today’s work from home environment.

MESA: What are some of Digital Silence’s favorite use-case examples (that you can share), where media and entertainment companies made especially good use of your services?

Gaietto: Questions like these are always the most difficult because one of the largest values we bring to our clients is not “kissing and telling.” We take the “Silence” in our name pretty seriously, with that being said there is one project in particular that should resonate with other production teams and that is our site-security testing on a shoot.

By using our industry aware security professionals as augmentations to their production staff, we have been able to identify staffers leaking security credentials on the Dark Web through our OSINT/Threat Intel platform. The leaks were specifically being offered for sale to enable the media onsite access to take pictures and snoop on talent. For production teams, keeping both content and talent secure is paramount, we use our team to support the technology side of that.

MESA: How has the pandemic impacted your business, in what ways has the company adjusted its offerings?

Gaietto: We know the pandemic was hard on so many businesses, we were fortunate to have a model that could adjust around the changes driven by the pandemic. Our business continues to grow at an accelerated rate, this has been driven by growth in all areas of our business but most notably our Digital Forensics and Incident Response (DFIR) group. Due to the increase of risk presented by distributing workforce, the increase in monetized attacks, and the loss of many of the cybersecurity insurance carriers. Companies have needed expert DFIR talent at reasonable rates and that was the niche we wanted to fill from the beginning of our operations, the pandemic only further highlighted that need.

The demand for these types of services has increased so much we have recently hired an industry expert; Devin Hill, to lead our DFIR team. Devin joins us with 17 years of experience resolving cybersecurity issues.

MESA: What’s next for Digital Silence, what advances or added services can we expect from the company on the horizon?

Gaietto: One of the values we take pride in, is supporting our employees and their growth. That has enabled us to secure some of the best cybersecurity talent available in the US. As we continue, we have security researchers looking into new ways to attack embedded devices (especially items that run on wireless/radio technology (RF)). It’s the various skunkworks programs that we have that sets us apart from many of the other cybersecurity services firms in the space. Not only are these projects great for supporting the continued growth of our staff, but the different advances and discoveries enable us to grow our services portfolio for our clients as well.