Marty Momdjian fala sobre o Ready1 com o ISMG Studio no RSAC 2025

Hello, I’m Anna Delaney with ISMG. I’m very pleased to be joined by Marty Momdjian, General Manager of Ready1 at Semperis. Really good to see you Marty. You as well, thank you for having me. It’s our pleasure. So, we are here to talk about incident response sprawl. Can you just define this for me and why it’s so crippling for organizations? Yeah. Incident response is pretty much cybersecurity, the business, the people of the organization, all responding to incidents, right? Incidents happen 24 hours a day. Sometimes incidents happen once a day, once a week, once a month. A big focus this year for the industry and any industry is really resilience. And the core of resilience is incident response. So what’s the sprawl element? The main focus for it is essentially there’s a lot of cyber threats out there. Cyber threats are one of the biggest problems that organizations have to deal with, and incident responders are having to take charge in dealing with those major incidents that are happening. There’s a big focus in every industry right now of being more resilient. People being resilient, cybersecurity being resilient, the business being more resilient when it comes to revenue operations. Cyber incident response is the core of that. Because if you look across the landscape of any major business out there right now, it’s generally a technology business running a lot of technology that also happen to be good at other things…such as healthcare—the world I come from—is technology companies that are good at taking care of patients. Airlines are technology companies that are really good at moving planes around, scheduling and moving people around. Finance is big banks that are good at technology and that are also very good at managing money. And incident response is the core of that because everything relies on technology. Now, sprawl is one thing, but tackling it is another. So where does one begin? Essentially, my take on it is how do you be prepared? Right? It’s all about preparedness and response. Generally, organizations are getting better at incident response because of a lot of the cyber threats. Now it’s being focused on beginning to expand out cyber incident response to the organization for more of a holistic unified crisis response. So beginning with the cybersecurity side and the people and the process, selecting the right technology, and then amplifying that at the crisis and organization level—starting from cyber and expanding it out to the business itself. So what tends to cause the most friction when teams try start to untangle their tools and their processes? A lot of it is who should be doing what. A lot of the roles, because it’s very, very complex. The cyber teams have their roles. The crisis team have their roles. IT has their own roles that are defined. And there’s a lot of overlap because you can’t really do incident response fully at the organization level without IT support as well as the crisis management and business support. And a lot of friction is there in day-to-day roles of what we do for work every day, and then that could change during an incident. And there’s a lot of overlap, lot of delegation, a lot of who does what. And then communications is one of the other parts, right? Communications is key to incident response and crisis management. And it’s really a lot of friction between different departments and business units on who handles what type of communication, how you communicate that. I wanna ask you about identity here. What’s the benefit of a platform approach to identity? A unified and holistic view, at the end of the day. Identity is the core of everything when it comes to cybersecurity and operations for a business because your identity has to exist at the company for you to come to work, be able to log in, access what you need to access, and then get rights to what you need rights for to do your job. Right? A platform approach to identity is managing the identity, securing the identity for the organization from HR to the IT operations team, to the business unit, to the person that has that identity, to understand what they have access to, and really pushing that to a unified platform and saying, I now can see all the integrations, all the technology, all the gadgets that are out there of who is this identity, what do they have access to, and how are they accessing that? And really you have to have a platform that’s integrated to do that. Right? That’s the Semperis approach. A part of it is also identity is very complex. Bad actors don’t break in. They log in. Right? They log in as you. They log in as me. How are you monitoring and watching that identity, applying controls to that identity, and automating that identity for lifecycle management? You have to have a platform approach now. You can’t just buy point solutions and try to duct-tape things together and make it work because it is so complex and identity is key to operations. So I wanna bring this back to the incident response element. How can organizations tell if their identity strategy is really working when it matters, not just in theory, in an incident? Almost every incident, it is tied to an identity. If it’s a cyber incident, a bad actor, an internal threat, just a threat actor in general, is leveraging an identity to log in and be malicious. Right? The adversary’s goal is to log in, gain access, gain privileged access, exfiltrate data, and then be as malicious as possible, go back and demand the ransom. It’s all identity driven. Now the core for incident response in my career as an incident responder is we always start with identity. It’s what was that identity that was compromised? How was it compromised? And what did it have access to? And then what other identities had access to the systems that were compromised? Because it’s a chain link effect. If one identity is compromised, then many identities could be compromised. And you wanna stop the bad actors as quickly as possible at the identity level to get them off your network, right, to do forensics and so on. So how does this help resilience? The platform approach? The platform approach for resilience is: You can have resilient people. But your technology might not be resilient. Your processes might not be resilient. Right? The core of resilience is essentially how well prepared are my people, my process, and technology. If an incident happens, whether it’s a cyber incident, natural disaster, or a crisis in terms of something happening operationally for your organization. And how can I make all three of those be as resilient as possible to make my operations resilient? And will business continue if my systems are offline or my people aren’t available and my processes don’t work at the end of the day? It’s a very complex subject. And what I generally ask people is, has your organization defined what it means to be resilient? And is cyber resilience a part of that? Should be. Right? Because it’s technology. Everything we do depends on it. So how are you helping customers at Semperis? How are you helping customers really tackle this identity—incident response sprawl challenge? We mainly focus on the Ready1 side where the platform is built to be a crisis response platform. And it’s built for the enterprise. It’s not generally a point solution. It’s a platform approach that says we will provide you a platform that is easy to onboard, that you can start with the cyber incident or crisis side, but amplify to the entire organization from the board, the stakeholders, down to the end user. And let’s give them the right personas to always be prepared to deal with an incident in that same platform. So getting away from point solutions that are out-of-band for communications—Ready1 handles that. Offline documentation store—Ready1 handles that as well. Anything that you have to do for managing an incident response in a crisis team down to business units, it’s all a single platform to log into on the browser and the mobile application. So it becomes business as usual for them. So when there is a major event that can turn into an incident, that can turn into a crisis, every stakeholder at the organization, every impacted member of the workforce, the cyber incident response, the crisis team, can log into the same platform and they know how to react to it. They’re communicating on the same channels in that platform. It’s a secure platform. We have some, I would say, I don’t wanna say next generation, but kind of next generation legal workflows that can apply privilege at a certain level within the platform, as well as the mobile application being intuitive for the end users so they know how they’re impacted. And they essentially will get a notification and jump in, and it’s a communication bridge for the entire enterprise. Right? So it’s one place to go when there’s an incident or crisis so they know what to do and be able to communicate with each other. And that really displaces a lot of the point solutions that are out there because they’re not used day to day. How do you balance this consolidation with the need for speed and flexibility? The biggest factor starts small, start with tabletop exercises. Everybody does a tabletop exercise. Our pitch really is, hey. Come do it in Ready1 and start small. And in 30 minutes, you can be online in the platform, build your incident response team within 7 days, do a tabletop, find your gaps, remediate them in the platform, and then expand out from there so you can essentially replace point solutions that are out of band and not being utilized and realizing value every day. So the value for Ready1 grows while you’re depreciating some of your legacy technology that you’re not using every day. Final question. What should our audience be asking right now about their own landscape? My number one question right now is resilience is a big buzzword this year. Really at a business, cybersecurity, IT stakeholder level, ask the question, have we defined as a company what resilience means to us? Is it cyber resilience, business resilience, is it both? And how are we defining and tackling that and educating the rest of the organization on plans to be more resilient? Where do you think the misunderstanding is there, though? A lot of reliance, I think, from cybersecurity teams are really good at what they do. Right? A lot of organizations rely on the cybersecurity and incident response team because what are we good at at cyber? Keeping the bad guys out of our network, leveraging our tools that we have, and IT is good at process. Right? And it’s really starting to become more cybersecurity led, where that resilience conversation has to move up the ladder at a senior leadership level, at the board level, at the C suite level, to say cyber resilience is a pillar of organization resilience. And now let’s make sure we bridge the gap between cyber operations, the revenue team, the HR team, the PR team, and everybody else. And that’s really the main conversation that has to happen right now. This has been really insightful, Marty. Thank you so much for your time. Appreciate your insights. Yeah. Thank you for letting me come on. Absolutely. And thank you so much for watching. For iSMG, I’m Anna Dulaney.