Trump picked Giuliani for his cybersecurity expertise but many industry members haven't heard of his work - Action News
Home WebMail Saturday, November 23, 2024, 12:36 AM | Calgary | -11.5°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
Science

Trump picked Giuliani for his cybersecurity expertise but many industry members haven't heard of his work

President-elect Donald Trump's new cybersecurity expert, former New York City mayor Rudy Giuliani, has run a cybersecurity consulting business since 2003 and claims to offer services to its clients, but few in the industry are familiar with his work in that area or his company.

Few in cybersecurity know much about former New York City mayor or his consulting company

Little is known about the cybersecurity work of a consulting company run by former New York City mayor Rudy Giuliani, centre, though a partnership with BlackBerry whose CEO John Chen is pictured here was announced earlier this month. (The Associated Press)

U.S. president-elect Donald Trump announced Thursday that former New York City mayor Rudy Giuliani would lend his expertise to the government on issues related to cybersecurity.

But manyin thecybersecurityindustry aren'tfamiliar withGiuliani'swork in that area,or his company,GiulianiPartners leading some to conclude he may not have the expertise the Trump team believes he does.

Giulianihas run a consulting business since 2003, claims to offercybersecurityservices to its clientsand is chairman of global law firm GreenbergTraurig'scybersecuritypractice.

"I have been working in cybersecurity for 17 years and been all over the world. I have yet to encounter anyone who has had any interaction with Giuliani Partners," said John Bambenek, who manages threat intelligence systems at Fidelis Security and teaches cybersecurity at the University of Illinois.

"I don't know him or the firm," echoed Boris Segalis, a New York City-based lawyer who co-chairs the Data Protection, Privacy & Cybersecurity practice of law firm Norton Rose Fulbright. "They are certainly not huge in this space."

If you've ever worked with Rudy Giuliani on cybersecurity issues, or have any information on Giuliani Partnersand its clients, you can contact CBC securely and anonymously usingSecureDrop. You can alsoemailmatthew.braga@cbc.ca directly (PGP key here).

In an interview with MarketWatch a year ago, Giuliani said he entered the cybersecurity business after reading a 2003 FBI report that forecast a rise in cybercrime and national security risks.

By 2005, Giuliani said the company had begun offering penetration testing to clients, evaluating their security with attempts at breaking into their networks from the outside, and as recently as this month claimed "deep experience" in cybersecurity.

Otherwise,little else is known about the services the company offers and the clients it serves.

'I've never heard of it'

Cybersecurity companies often demonstrate their expertise by publishing research and reports on new and emerging threats, appearing at conferences, providing expert commentary to media, and participating in legal and policy discussions on security matters.

But for 13 years, Giuliani Partners and its subsidiary, Giuliani Security and Safety, has remained all but silent oncybersecurity to the extent that many in the industry were unaware of the firm'sexistence.

"I don't know anything [about] his company or what they do," said HD Moore, computer security researcher who created a widely used piece of software called Metasploit.

"I've never heard of it," said Mikko Hypponen, another computer security expert who is the chief research officer of Finnish cybersecurity firm F-Secure.

"I had no idea that it existed until you just said, but my bet is that it's probably congruent to the DNC or the Hillary campaigns defensive capability," said Dan Tentler, founder of the computer security company Phobos Group.

Indeed, security researchers spent much of Thursday on Twitter posting information about the security vulnerabilities they had found on the GiulianiSecurity and Safety website ironic, some said, for a person who had just been chosen for his purportedexpertise on cybersecurity issues.

Not a technical play

Marcus Carey, the founder of cybersecurity company vThreat, and a former researcher at Rapid7 and U.S.navy cryptologist, believes "the company clearly isn't a 'technical' cybersecurity play."

Rather, Carey thinks that "Guiliani's business is focused on corporate governance, compliance, and legal issues related to companies being breached."

Reporting by Motherboard's Jason Koebler and Lorenzo Franceschi-Bicchierai supports this view. An anonymous cybersecurity executive, who claimedto have experience with Giuliani Security and Safety, told Motherboard,"If you hired them on a cyber engagement, they are going to tell you what your legal obligations are and how to manage the legal risk related to cyber,"

The company also announced earlier this month that it is teaming up with BlackBerry to "to assess infrastructures, identify potential cybersecurity vulnerabilities, address gaps and secure endpoints," further suggesting that it may not have those skills in-house.

BlackBerry's chief security officer, David Kleidermacher,declined to comment, referringCBC News to Giuliani Partners' media contact, who has yet to respond to a request for an interview.

"We have seen a lot of politicians and military leaders use their personal brand to launch cybersecurity firms, especially based off 9/11," said Carey.

"I think that people are conflating homeland security with cybersecurity. Just because you have made a reputation in the government related to homeland security doesn't mean that transfers to the cyber realm."