Cerberus Sentinel Announces Addition of Kiki VanDeWeghe to Board of Directors

NEWS RELEASE                                                                 

Investor Relations:

Matt Glover or Alex Kovtun

Gateway Investor Relations

949-574-3860

CISO@gatewayir.com

Public Relations:

Cathy Morley Foster

Eskenzi PR

925-708-7893

cathy@eskenzipr.com

Cerberus Sentinel announces addition of Kiki VanDeWeghe to Board of Directors

U.S. cybersecurity services firm adds NBA executive as director

Scottsdale, Ariz. May 06, 2021 – Cerberus Cyber Sentinel Corporation (OTC: CISO) (“Cerberus Sentinel”), a cybersecurity consulting and managed services firm, announced today that E.M. “Kiki” VanDeWeghe III has been appointed to its board of directors. VanDeWeghe adds significant executive and management experience to Cerberus Sentinel’s board of directors. 

Currently, VanDeWeghe serves as executive vice president, basketball operations, for the National Basketball Association. In this role, he oversees all aspects of basketball related to the playing of the game, and he serves as a key liaison between the league office and its teams. He was a two-time NBA All-Star during his 13-year playing career, and he has previously served as general manager with the Denver Nuggets and New Jersey Nets. VanDeWeghe played collegiately at UCLA and was a Rhodes Scholar finalist. 

“Kiki VanDeWeghe is an outstanding addition to our board,” said David Jemmett, founder and CEO of Cerberus Sentinel. “His experience within the NBA gives him a unique perspective of the operations and security challenges of multi-national organizations and vendor networks.”

“Each of our board members provides a unique perspective to the company, including government, healthcare, and finance expertise,” said Jemmett. “Mr. VanDeWeghe raises our national and international experience and brings his exceptional expertise to our board.” 

“It is a great honor to be joining the board of Cerberus. I look forward to collaborating with the many bright minds entrusted with helping shape the future and vision of the company as we move forward in a very important space,” said VanDeWeghe. 

VanDeWeghe joins fellow board members Ret. Gen. Robert Oaks, Scott Holbrook, Andrew McCain, Sandra Morgan, Stephen Scott, and David Jemmett.

About Cerberus Sentinel

Cerberus Sentinel is an industry leader in Managed Cybersecurity and Compliance (MCCP) services with its exclusive MCCP+ managed cybersecurity and compliance services plus culture program. The company seeks to expand by acquiring world-class cybersecurity talent and utilizes the latest technology to create innovative solutions that protect the most demanding businesses and government organizations against continuing and emerging security threats.

Safe Harbor Statement

This news release contains forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Statements including words such as “believes,” “expects,” “anticipates,” “intends,” “estimates,” “plan,” “will,” “may,” “look forward,” “intend,” “guidance,” “future” or similar expressions are forward-looking statements. Because these statements reflect Cerberus Sentinel’s current views, expectations and beliefs concerning future events, these forward-looking statements involve risks and uncertainties. Investors should note that many factors, as more fully described under the caption “Risk Factors” and elsewhere in Cerberus Sentinel’s Form 10-K, Form 10-Q and Form 8-K filings with the Securities and Exchange Commission and as otherwise enumerated herein, could affect Cerberus Sentinel’s future financial results and could cause actual results to differ materially from those expressed in such forward-looking statements. The forward-looking statements in this press release are qualified by these risk factors. These are factors that, individually or in the aggregate, could cause the Cerberus Sentinel’s actual results to differ materially from expected and historical results. You should not place undue reliance on any forward-looking statements, which speak only as of the date they are made. We assume no obligation to publicly update any forward-looking statements, whether as a result of new information, future developments or otherwise.

MCCP+

Introducing: MCCP+[CE1] 

Working Smarter

It is often said that madness is doing the same thing over and over and expecting different results. So why has the corporate world continued to work in the same way across IT, compliance, and security departments when  all the evidence – spiraling costs, a skills shortage, the never-ending stream of data breaches – indicates that the current system of separating these three intrinsically intertwined disciplines is not working. This is not just a question of collaboration, but one of trust. PGI.com points out five of the most common “dysfunctions of team collaboration,” discussed by leadership and business author Patrick Lencioni:

  1. Absence of trust
  2. Fear of conflict
  3. Lack of commitment
  4. Avoidance of accountability
  5. Inattention to results

The current failure of collaboration is felt nowhere more keenly than in the security/compliance/IT space. The three departments with interconnected remits in this area – Security, IT and compliance – plus the associated vendors which every company outsources elements of their work to, have been a case study in the failure of the multi-sourcing model. [CE2] 

What is the multi-sourcing model? 

When we talk about a multi-sourcing model, we are talking about splitting IT, Security, and Compliance into 3 distinctly separated departments. While these departments are interrelated and codependent, they retain their own distinctive ownership of specific issues, despite these issues often impacting every department. This creates an increasingly complex and convoluted workflow, amongst each of these departments and their respective vendors. Meetings in such a setup are inefficient at best, and completely ineffective at worst. According to work-flow provider Unito, each poorly-executed meeting makes a team lose an average of 10 hours due to unclear goals and scattered efforts. What’s more: 

  1. [CE3] 

The implications of these findings are very clear:  poor coordination between cybersecurity[CE4] , compliance, and IT teams costs time, creating risk and exposure for the client organizations, particularly in the face of an active breach event.  

The Basics: What is MCCP+?

Traditionally, cybersecurity is provided by one organization, compliance by another and each work independently. However, in the interests of promoting a unified, centralized approach to the intertwined disciplines of cybersecurity and compliance, at Cerberus Sentinel we bring both under one roof and harness the power of collaboration to deliver a better solution for our customer[CE5] .

The concept of MCCP [CE6] arose from the ashes of the outdated Managed Security Service Provider (MSSP) structure. The roots of MSSP date back to the 1990s, a time before the need to comply with a host of various data security and cybersecurity compliance regulations. Many organizations are hiring governance, risk and compliance (GRC) consultants or executives, but this must not come at the expense of a comprehensive cybersecurity program.

By combining the separate, but connected, disciplines of compliance and cybersecurity, Cerberus Sentinel arrived at the concept of the Managed Cybersecurity and Compliance Provider

IT Services:  adding the +: 

With the addition of IT in the collaborative tent of MCCP we offer a unified triumvirate [CE7] to solve business needs with the highest level of security, efficiency, and effectiveness, thereby delivering the highest possible value to our customer. This is not just a repositioning from our perspective; we are responding to feedback from our customers with a fundamentally different approach that creates customer delight. 

We recently began working with a healthcare organization who needed a comprehensive audit of their security posture following the departure of a long-serving IT manager. Once we had completed our initial penetration test, the concerns of the company were not alleviated but exacerbated, so we remained in place in order to provide a fully integrated service to their IT infrastructure, both from an IT and a security perspective. It is these kinds of experiences that lead us to believe MCCP+ is such a necessary evolution of our company journey. 

The MCCP+ Venn diagram of success:

Managed Cybersecurity: From endpoints and networks to databases and applications, we monitor, manage, and protect the tools and systems you rely on to run your business. This can include the Protection and Monitoring of: 

  1. Endpoints 
  2. Networks 
  3. Databases
  4. Applications
  5. and more…

Managed compliance: The complex rules and regulations governing how you run your business will no longer be a constant burden on your overstretched compliance team. With our continuous monitoring, we’ll ensure you don’t run afoul of your obligations. This will include the implantation and monitoring of

  1. Rules
  2. Regulations
  3. Permissions
  4. Access
  5. Governance

Managed IT: The backbone of your communications, teamwork, and business operations should be out of sight and out of mind; it just needs to work. We handle that, including the administration of support of: 

  1. Devices 
  2. Servers 
  3. O365 
  4. Cloud 
  5. and more…

Value proposition 

Our integration of IT, Cybersecurity, and Compliance [CE8] means we can deliver the following value to our customers:

  1. The opportunity to work with a ‘one-stop shop’ for all your security needs. We can provide our customers with one point of contact – and crucially, one bill – which encompasses all their compliance, cybersecurity and IT needs. 
  2. A program working at 100% maximum operational efficiency. By managing the entire workload associated with compliance, cybersecurity and IT [CE9] deployment and support, the MCCP+ offering will work to eliminate the costly, time consuming and laborious work of introducing, managing and stacking a series of internal teams and/or service providers to provide the full suite of necessary services: with a single relationship, Cerberus Sentinel has that covered. 
  3. Maximized efficacy: Not only will we be working as a lean, centralized support team on your behalf, but without the need to work across various stakeholders and corporate structures, we will be able to better understand and distill our customers aims into actionable and focused next steps, across each of the three portions of our Venn diagram.
  4. Maximized value: By sharing information and resources across our three vectors, we can offer our customers a program which maximizes the value in their investment. 

 [CE1]We ned to deine this.

 [CE2]Not sue what this is saying

 [CE3]This is true regardless, so not sure how relates to these 3 things

 [CE4]We said security earlier – need to be consistent.

 [CE5]client

 [CE6]Is it MCCP or MCCP+

 [CE7]Big word

 [CE8]Recommend consistent use of commas and Security vs Cybersecurity

 [CE9]Recommend we order these like MCCP order and make consistent

Incident Response to SolarWinds Orion Software Compromise for SMEs

NEWS ADVISORY

Contact:

Charles J. Zigmund, Vice President

Cerberus Sentinel

617-838-4183

charles.zigmund@cerberussentinel.com

Cathy Morley Foster

Eskenzi PR

925-708-7893

cathy@eskenzipr.com

Incident Response to SolarWinds Orion Software Compromise for SMEs

Scottsdale, Ariz., March 1, 2021 — In early December 2020, it was revealed that a state-sponsored cyber attack had been launched through a supply chain compromise of the SolarWinds’ Orion monitoring software, initially affecting FireEye, a cybersecurity company. The cyber threat worked by inserting a backdoor, known as Sunburst, into the software to enable hackers to remote control the SolarWinds platform and use it to exfiltrate sensitive data from private-sector businesses, organizations, and government agencies. The attacks appear to have started in September 2019 and were discovered almost a year later.

More recently, it was learned that a separate, unconnected attack — also believed to be state-sponsored — was launched at the same time on certain government payroll systems. Now, others have been attacked. While SolarWinds announced it has patched the vulnerabilities, investigations into the incidents are ongoing, especially in light of additional attacks via Microsoft 365 and the Azure cloud environment. 

“These hacks present ongoing risks to businesses and organizations, with the potential to compromise networks, employee and consumer data, and intellectual property,” said Chris Clements, vice president, solutions architecture, Cerberus Security Officer, Cerberus Sentinel. “Small and mid-sized enterprises (SMEs) can be particularly vulnerable, often operating with smaller staffs and limited budgets.”

Cerberus Sentinel Corporation (OTC: CISO), a cybersecurity consulting and managed services firm based in Scottsdale, Ariz., reinforces the need for all organizations to be vigilant in keeping their cybersecurity defenses up to date. Specifically, the company offers the following counsel to SMEs to ensure protection against exploitation of mission-critical operations, resources, and software by the SolarWinds attack. 

Questions for IT Teams

  • Do you know if your organization has a SolarWinds product installed in production or if IT has tested it in a free trial demo?
  • If not, do the following:
    • Contact your IT department and ask if the SolarWinds Orion product suite is or has ever been in use in your environment. The known affected software of the Orion platform are as follows:
  • Application Centric Monitor (ACM) 
  • Database Performance Analyzer Integration Module (DPAIM) 
  • Enterprise Operations Console (EOC) 
  • High Availability (HA) 
  • IP Address Manager (IPAM) 
  • Log Analyzer (LA) 
  • Network Automation Manager (NAM) 
  • Network Configuration Manager (NCM) 
  • Network Operations Manager (NOM) 
  • Network Performance Monitor (NPM) 
  • NetFlow Traffic Analyzer (NTA) 
  • Server & Application Monitor (SAM) 
  • Server Configuration Monitor (SCM) 
  • Storage Resource Monitor (SRM) 
  • User Device Tracker (UDT) 
  • Virtualization Manager (VMAN) 
  • VoIP & Network Quality Manager (VNQM) 
  • Web Performance Monitor (WPM)
  • If IT can’t say for certain or needs help determining with assurance whether backdoored instances of SolarWinds product are present, consider utilizing a network inventory or scanning tool or working with a third party to assist with detection. 
  • If you know you are using or have used a SolarWinds product in the past, do the following:
    • Review all instances of the product (e.g., production, DR, lab) to learn what version of the software is installed.  Versions of the software known to contain the Sunburst malware are:
  • v2019.4 HF5 
  • v2020.2 (no hotfix) 
  • v2020.2 HF1 

If infected versions of SolarWinds are detected, enact the organization’s incident response plan but at a minimum:

  • Block outbound network access from the SolarWinds system(s) or take them offline.
  • Apply the Solar Winds v2020.2.1 HF1 or v2019.4 HF6 patches that remove the Sunburst backdoor.
  • Reset any passwords used by the SolarWinds software to monitor organization computer or network devices.
  • Review the rest of the environment for known indicators of compromise (IoC)s to determine the extent of the exposure.
  • Do you know if any of your vendors or business partners utilize SolarWinds?

What to do:

  • Ensure your vendor list is current plus ensure you have a clear understanding what data your vendors have access to.  
  • Communicate with the vendor’s point of contact and ask what response the vendor has taken as part of the attack revelations.
  • If a vendor has been affected, enact your incident response plan to ensure that you have contained any exposure that may stem from a compromise of the affected vendor(s).

Are you prepared for the next SolarWinds style supply chain attack from other vendors?

What to do:

  • Review or create a comprehensive vendor (compliance) management program to ensure all vendor interaction with your organization’s network or data are understood and that the appropriate contractual requirements are in place for vendors to demonstrate they follow information security best practices.
  • Review all available internal controls that may be implemented to limit exposure stemming from a future vendor supply chain attack.
  • Ensure your incident response plan takes into consideration #1, and #2.

For additional information, contact Cerberus Sentinel advisors at https://www.cerberussentinel.com, 480-389-3444

About Cerberus Sentinel

Cerberus Sentinel is a U.S. provider of consulting and managed services, focused solely on cybersecurity. The company seeks to expand by acquiring world-class cybersecurity talent and utilizes the latest technology to create innovative solutions that protect the most demanding businesses and government organizations against continuing and emerging security threats.

Safe Harbor Statement

This news release contains forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Statements including words such as “believes,” “expects,” “anticipates,” “intends,” “estimates,” “plan,” “will,” “may,” “look forward,” “intend,” “guidance,” “future” or similar expressions are forward-looking statements. Because these statements reflect Cerberus Sentinel’s current views, expectations and beliefs concerning future events, these forward-looking statements involve risks and uncertainties. Investors should note that many factors, as more fully described under the caption “Risk Factors” and elsewhere in Cerberus Sentinel’s Form 10-K, Form 10-Q and Form 8-K filings with the Securities and Exchange Commission and as otherwise enumerated herein, could affect Cerberus Sentinel’s future financial results and could cause actual results to differ materially from those expressed in such forward-looking statements. The forward-looking statements in this press release are qualified by these risk factors. These are factors that, individually or in the aggregate, could cause the Cerberus Sentinel’s actual results to differ materially from expected and historical results. You should not place undue reliance on any forward-looking statements, which speak only as of the date they are made. We assume no obligation to publicly update any forward-looking statements, whether as a result of new information, future developments or otherwise.

Cerberus Sentinel Announces Sandra Morgan to Join Board of Directors

NEWS RELEASE                                                                 

Contact:

Charles J. Zigmund, Vice President

Cerberus Sentinel

617-838-4183

charles.zigmund@cerberussentinel.com

Cathy Morley Foster

Eskenzi PR

925-708-7893

cathy@eskenzipr.com

Cerberus Sentinel announces Sandra Morgan to join Board of Directors

U.S. cybersecurity services firm adds regulatory and compliance professional as director

Scottsdale, Ariz. February 2, 2021 – Cerberus Cyber Sentinel Corporation (OTC: CISO), a cybersecurity consulting and managed services firm based in Scottsdale, Ariz., announced that Sandra Morgan has joined its board of directors.

Morgan adds significant legal, regulatory and compliance experience to the board. Previously, she served as chair of the Nevada Gaming Control Board and commissioner of the Nevada Gaming Commission. She also has served as director of external affairs at AT&T Services, Inc., as the city attorney for the City of North Las Vegas, as a litigation attorney for MGM Mirage, and as an athletic commissioner on the Nevada State Athletic Commission. Morgan currently serves on the board of directors at Fidelity National Financial, Inc.

“Sandra Morgan is an outstanding addition to our board,” said David Jemmett, CEO and founder of Cerberus Sentinel. “With the increased level of regulatory and compliance requirements specific to cybersecurity, her perspective and experience will be invaluable.”

“I am honored to work with a forward-looking board and management team committed to providing cybersecurity solutions and compliance services in our growing technological world,” said Morgan.

Morgan joins fellow board members Ret. Gen. Robert Oaks, Scott Holbrook, Andrew McCain, Stephen Scott, and Jemmett.

“Each of our board members brings a unique perspective to the company, including government, healthcare, and finance.” Jemmett added, “Sandra’s compliance and regulatory background will provide us with an expert perspective as we help our clients meet the advancing cybersecurity compliance standards.”

About Cerberus Sentinel

Cerberus Sentinel is a U.S. provider of consulting and managed services, focused solely on cybersecurity. The company seeks to expand by acquiring world-class cybersecurity talent and utilizes the latest technology to create innovative solutions that protect the most demanding businesses and government organizations against continuing and emerging security threats.

Safe Harbor Statement

This news release contains forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Statements including words such as “believes,” “expects,” “anticipates,” “intends,” “estimates,” “plan,” “will,” “may,” “look forward,” “intend,” “guidance,” “future” or similar expressions are forward-looking statements. Because these statements reflect Cerberus Sentinel’s current views, expectations and beliefs concerning future events, these forward-looking statements involve risks and uncertainties. Investors should note that many factors, as more fully described under the caption “Risk Factors” and elsewhere in Cerberus Sentinel’s Form 10-K, Form 10-Q and Form 8-K filings with the Securities and Exchange Commission and as otherwise enumerated herein, could affect Cerberus Sentinel’s future financial results and could cause actual results to differ materially from those expressed in such forward-looking statements. The forward-looking statements in this press release are qualified by these risk factors. These are factors that, individually or in the aggregate, could cause the Cerberus Sentinel’s actual results to differ materially from expected and historical results. You should not place undue reliance on any forward-looking statements, which speak only as of the date they are made. We assume no obligation to publicly update any forward-looking statements, whether as a result of new information, future developments or otherwise.

Cerberus Sentinel Looks To Uplist To NASDAQ…

30 NOV 2020

Cerberus Cyber Sentinel [OTC:CISO], a cybersecurity consulting and managed services company, is in “final negotiations” to mandate an advisor to assist it in uplisting to the Nasdaq, said founder and CEO David Jemmett.

The Scottsdale, Arizona-based company, which started trading over the counter in June 2020, wants to uplist to the Nasdaq rather than the NYSE because it is more noted for technology and high-growth companies, Jemmett said, declining to provide a timeline. It expects the raise to likely be between USD 10m-USD 20m because its business model is focused on acquiring talent and making them shareholders, he said.

Cerberus Sentinel has signed “quite a few” letters of intent and hopes to close multiple acquisitions before year-end, Jemmett said. It most recently acquired Atlanta-based cybersecurity assessment firm Clear Skies Security in September for an undisclosed price.

The company sees its acquisition strategy as a consolidation of talent, and is not specifically acquiring for revenue, according to the CEO. It is looking for cyber training experts at companies that do penetration (PEN) testing, focus on compliance, or have a strong Security Operations Center (SOC), he added.

Pen testing is a simulated cyberattack against the customer’s computer system to check for exploitable vulnerabilities. Cerberus Sentinel provides continuous and periodic scans based on the customer’s regulatory requirements. An SOC monitors a customer’s network and server infrastructure to track potential threats and protect against them.

Cerberus Sentinel, which has closed seven acquisitions to date, typically targets companies with between USD 3m-USD 25m in revenue, Jemmett said. It expects to increase that target to between USD 35m-USD 65m in revenue in 3Q21, he said.

The company does expect to use a buyside advisor when it targets larger deals, but it has already been approached by advisors looking to represent it at that time, Jemmett added.

To date, Cerberus Sentinel has primarily funded operations and acquisitions through revenue and the sale of equity in private placements, according to its latest quarterly filing. During the nine months ended 30 September, it received USD 790,000 from private placements of its common stock to accredited investors.

It posted USD 2m in revenue in the third quarter, up from USD 1.6m in the second quarter and USD 281,000 in the prior-year period, according to filings. Founded in 2019, Cerberus Sentinel is not yet profitable. It received about USD 710,000 in a forgivable loan through the government’s Paycheck Protection Program, as reported.

COVID-19 “rocketed us five years” ahead of where we would’ve been, Jemmett said. With employees working remotely, there has been more than a 300% increase of cyber incidents amid the pandemic, and cybersecurity has become a “central focal point” for businesses to secure themselves, he added.

“Instead of us going out to find clients, the clients are finding us,” the CEO said. Almost 99% of Cerberus Sentinel’s increased growth is through company referrals, and the demand is 10-fold what it was last year, he said.

Companies in the financial and healthcare industries have the most cybersecurity exposure through their handling of personally identifiable information and personal healthcare information, respectively, Jemmett said. Cerberus Sentinel also has government contracts and customers in oil and energy, he added.

It occasionally competes against companies such as KPMGAon [NYSE:AON] subsidiary Stroz FriedbergDeloitte and Booz Allen Hamilton [NYSE:BAH], but Jemmett calls them “frenemies” because there is so much demand for all of these cybersecurity firms to target. “We’re all trying to do our best to keep up with the demand,” he said.

Cerberus Sentinel has 71 employees in offices in Scottsdale; Arlington, Virginia; Austin, Texas; Nashville, Tennessee; Atlanta; Chicago; Denver; Las Vegas; Phoenix; and San Diego.


by Rachel Stone in Charlottesville, Virginia

Source

Persistence of Phishing


By David Jemmett, founder and CEO, Cerberus Sentinel

Read the full article here

We’re all likely to have experienced some form of phishing in our lifetimes and are likely to experience it again in the future. Time and time again, cybercriminals are resorting to tried and true methods of phishing and business email compromise (BEC) for financial gain. An overwhelming 80% of security incidents begin with a phishing attack and an average of almost $18,000 is lost every minute. Recently, a BEC scamming ring was caught which managed to successful hit nearly two million targets, obtaining almost $500 million. With such a high success rate, it is no surprise that criminals are continuing on the trend of phishing scams. 

It’s a universal truth in security that phishing emails are in a constant state of development on the attacker end, becoming more and more sophisticated with criminals incorporating official-looking headshots, phone numbers and signatures from a genuine law firm. Those unfortunate enough to click on the attached PDF that would have no doubt found malware rattling through their computer and beyond, ensuing large amounts of damage. While we’re lucky to be in the industry we are, and understand these threats, not everyone has the same awareness or experience on their side. 

Upon further investigation into some phishing emails I had recently received, I found that some details didn’t add up. For starters, the location of the sender didn’t match up with the location of the real attorney’s office, in fact, they were in completely different states. Then, we calling the phone number given in the email, which was answered as though it were a legitimate law firm but revealed that the phone number for this attorney was different to the one given. 

These phishing emails can have data security implications for both those that are uneducated and the firms the cybercriminals are impersonating as it could lead to a lack of trust. However, one of the best, and only ways to confirm the legitimacy is to do rigorous research, and that is what we did. 

Myself and one of the engineers at Cerberus Sentinel did some forensics on one of the emails and attached PDF to see what it intended to do. We took the email and put it into a safeguarded standalone sandbox where it redirected us to seven know malicious sites that would have uploaded into my browser via the PDF. Along with that, it also contained Ryuk-type program that would run as soon as I clicked the file, opening adobe on my system. 

The results were astonishing. Not only was it redirecting to the malicious sites, but it also started giving out data to bad IPs. After only in a few minutes of this test, the sandbox was compromised through several file directories and connections with these bad IPs. Within a commercial network, this scam would have compromised both the device the email was received on and the network itself. 

Worryingly, we are seeing such scams becoming more expertly targeted to individuals meaning they are more likely to open the emails, and without the necessary security awareness training, they are none the wiser. Yet, the increase in sophistication of phishing and BEC scams highlights the need for increase email security systems and training to bypass human vulnerability. 

     
Copyright Cerberus Sentinel2021. All Rights Reserved.   Privacy Policy / MSA