Who you gonna call? Inova’s Breach Busters!
At the best tech companies, cybersecurity is built into everything they do. Bad actors are continuously inventing new ways to break into systems and exploit confidential and vulnerable data.
At Inova, security is at the core of the development and deployment of our partnering platform. We take it so seriously that we established our own internal force of Security Champions to combat potential intrusions: the Breach Busters!
We sat down with the architect of our Breach Busters team, Chief Information Security Officer (CISO), Ludovic Lecomte, to learn more about this team, why they were formed, and how they proactively ensure the security of Inova’s cloud technology.
But first, a quick background on cybersecurity and cybercrime.
The terms cybersecurity and cybercrime first appeared in 1972, when a researcher at ARPANET (The Advanced Research Projects Agency Network, the Pentagon’s predecessor to the internet) created a program that could move across ARPANET, leaving a breadcrumb trail that read ‘I’m the creeper, catch me if you can.’ Naturally, the solution hunted the problem: another ARPANET researcher invented what’s now considered to be the first antivirus software, Reaper, which chased and erased Creeper.
Fast forward to the 2000s: the past 20 years have seen the rise and pervasion of smartphones, tablets, laptops, and connected devices (IoD), and an explosion of start-ups offering digital solutions that enable businesses and organizations to be more efficient, lucrative, and inter-connected. According to Gartner, cloud services are predicted to grow from $387.7 billion in 2021 to $805.5 billion in 2025.
Unfortunately, this is also the perfect environment for cybercrime to be a big moneymaker, and life science companies are prime targets. Techniques to hack systems or trick individuals into divulging sensitive data and personal credentials are only becoming increasingly sophisticated, sneaky, and effective.
Hence why, at Inova, in addition to other robust security measures, we have created the Security Champion training program: the Breach Busters team. They ensure our digital platforms are secure by design.
Q&A with CISO, Ludovic Lecomte
What does it mean to be CISO for a tech company like Inova?
As CISO, I’m in charge of security for strategic and operational aspects of our digital partnering platforms, business operations and compliance, and the day-to-day life of Inovians who use digital technology themselves.
What is Inova doing to build security into our biopharma partnering technology and other aspects of business and life at Inova?
Over the past couple of years, we’ve put in place vigorous security processes and procedures. This includes clearly defining potential risks and corresponding security measures; tracking and measuring KPIs and data; conducting regular penetration tests with third-party auditors; and customizing checkpoints from A to Z in the design of our digital solutions. Our ISO 27001 certification demonstrates that we have a clear-cut process and are managing our security both at wholistic and granular levels.
As part of the security strategy, we created a training program for Security Champions to preemptively design and execute security into our product development process.
What is the Security Champion training program, aka the Breach Busters, and how do they operate?
The Security Champion training program, dubbed the “Breach Busters” team, was initiated in spring 2021 with our partner, NBS System. It started with a simple need: we first must think about the people who are developing and refining our digital solutions to make sure they are aware of, educated on, and integrating security as a priority into their daily tasks and long-term projects.
The idea is you train your people about cyber risks and security and how to best use testing tools to ensure our products are created secure from the get-go—and each Breach Buster can then pass on best practices to their respective teams.
We have six Breach Busters: me, as CISO, Dana (Quality Analysis), Nathan (Front End Development), Laurent (Back End Development), José (Framework Architecture), and Michel (OPS). Each Breach Buster is responsible for security in their stage of development and production so that any potential vulnerabilities are detected and resolved early.
We have monthly half-day workshops led by NBS System where the Breach Busters explore a specific topic and conduct a “lab experiment” or security exercise. For example, past training sessions have included best practices and standards, like the Open Web Application Security Project (OWASP). NBS System also provided fake environments to infiltrate with hacking tools, so the team gets a sense of exactly how bad actors operate in the wild.
Let’s talk about Les Assises de la Cybersécurité in Monaco: what is it and why did you attend?
Les Assises de la Cybersécurité is a major annual conference held in Monaco, reuniting over 2,000 CISOs, Chief Technology Officers (CTOs), CEOs, Chief Information Officers (CIOs), and more from the technology, SaaS, and cybersecurity communities.
This year, I presented to a group of 60-70 people about our Security Champion (Breach Busters) program alongside our partner NBS System. The best part of the session was the Q&A—our Breach Busters incited a lot of curiosity!
During the Q&A, I received an interesting question on why we have one Breach Buster per team rather than per platform or application. The answer to this is that one of Inova’s core values is diversity so each Breach Buster has their own expertise and background, e.g., Dana = functional security, Michel = system security, Nathan = security of the code, etc.
Les Assises was an opportunity for me to share how Inova is concretely empowering our engineers with a security by design mindset in the hopes that it may inspire other tech companies to do the same.
What is the long-term vision for the Breach Busters and cybersecurity at Inova?
Part of the Breach Buster’s mission is to evangelize to their respective teams on security by teaching best practices and enforcing thorough use of testing systems. Security issues will also be regularly introduced into team sprints and we’re continuously improving the security solutions that scan the code to qualify the best testing methods.
Later this year, the Breach Busters will receive coaching sessions on how they as Security Champions can interact and pass on their knowledge to their teams.
We’re also considering rotating the membership of Breach Busters so that in the long term, we will have a whole army of Security Champions designing and creating our digital partnering technology.