Cerberus Sentinel Looks To Uplist To NASDAQ…

30 NOV 2020

Cerberus Cyber Sentinel [OTC:CISO], a cybersecurity consulting and managed services company, is in “final negotiations” to mandate an advisor to assist it in uplisting to the Nasdaq, said founder and CEO David Jemmett.

The Scottsdale, Arizona-based company, which started trading over the counter in June 2020, wants to uplist to the Nasdaq rather than the NYSE because it is more noted for technology and high-growth companies, Jemmett said, declining to provide a timeline. It expects the raise to likely be between USD 10m-USD 20m because its business model is focused on acquiring talent and making them shareholders, he said.

Cerberus Sentinel has signed “quite a few” letters of intent and hopes to close multiple acquisitions before year-end, Jemmett said. It most recently acquired Atlanta-based cybersecurity assessment firm Clear Skies Security in September for an undisclosed price.

The company sees its acquisition strategy as a consolidation of talent, and is not specifically acquiring for revenue, according to the CEO. It is looking for cyber training experts at companies that do penetration (PEN) testing, focus on compliance, or have a strong Security Operations Center (SOC), he added.

Pen testing is a simulated cyberattack against the customer’s computer system to check for exploitable vulnerabilities. Cerberus Sentinel provides continuous and periodic scans based on the customer’s regulatory requirements. An SOC monitors a customer’s network and server infrastructure to track potential threats and protect against them.

Cerberus Sentinel, which has closed seven acquisitions to date, typically targets companies with between USD 3m-USD 25m in revenue, Jemmett said. It expects to increase that target to between USD 35m-USD 65m in revenue in 3Q21, he said.

The company does expect to use a buyside advisor when it targets larger deals, but it has already been approached by advisors looking to represent it at that time, Jemmett added.

To date, Cerberus Sentinel has primarily funded operations and acquisitions through revenue and the sale of equity in private placements, according to its latest quarterly filing. During the nine months ended 30 September, it received USD 790,000 from private placements of its common stock to accredited investors.

It posted USD 2m in revenue in the third quarter, up from USD 1.6m in the second quarter and USD 281,000 in the prior-year period, according to filings. Founded in 2019, Cerberus Sentinel is not yet profitable. It received about USD 710,000 in a forgivable loan through the government’s Paycheck Protection Program, as reported.

COVID-19 “rocketed us five years” ahead of where we would’ve been, Jemmett said. With employees working remotely, there has been more than a 300% increase of cyber incidents amid the pandemic, and cybersecurity has become a “central focal point” for businesses to secure themselves, he added.

“Instead of us going out to find clients, the clients are finding us,” the CEO said. Almost 99% of Cerberus Sentinel’s increased growth is through company referrals, and the demand is 10-fold what it was last year, he said.

Companies in the financial and healthcare industries have the most cybersecurity exposure through their handling of personally identifiable information and personal healthcare information, respectively, Jemmett said. Cerberus Sentinel also has government contracts and customers in oil and energy, he added.

It occasionally competes against companies such as KPMGAon [NYSE:AON] subsidiary Stroz FriedbergDeloitte and Booz Allen Hamilton [NYSE:BAH], but Jemmett calls them “frenemies” because there is so much demand for all of these cybersecurity firms to target. “We’re all trying to do our best to keep up with the demand,” he said.

Cerberus Sentinel has 71 employees in offices in Scottsdale; Arlington, Virginia; Austin, Texas; Nashville, Tennessee; Atlanta; Chicago; Denver; Las Vegas; Phoenix; and San Diego.

by Rachel Stone in Charlottesville, Virginia


Persistence of Phishing

By David Jemmett, founder and CEO, Cerberus Sentinel

Read the full article here

We’re all likely to have experienced some form of phishing in our lifetimes and are likely to experience it again in the future. Time and time again, cybercriminals are resorting to tried and true methods of phishing and business email compromise (BEC) for financial gain. An overwhelming 80% of security incidents begin with a phishing attack and an average of almost $18,000 is lost every minute. Recently, a BEC scamming ring was caught which managed to successful hit nearly two million targets, obtaining almost $500 million. With such a high success rate, it is no surprise that criminals are continuing on the trend of phishing scams. 

It’s a universal truth in security that phishing emails are in a constant state of development on the attacker end, becoming more and more sophisticated with criminals incorporating official-looking headshots, phone numbers and signatures from a genuine law firm. Those unfortunate enough to click on the attached PDF that would have no doubt found malware rattling through their computer and beyond, ensuing large amounts of damage. While we’re lucky to be in the industry we are, and understand these threats, not everyone has the same awareness or experience on their side. 

Upon further investigation into some phishing emails I had recently received, I found that some details didn’t add up. For starters, the location of the sender didn’t match up with the location of the real attorney’s office, in fact, they were in completely different states. Then, we calling the phone number given in the email, which was answered as though it were a legitimate law firm but revealed that the phone number for this attorney was different to the one given. 

These phishing emails can have data security implications for both those that are uneducated and the firms the cybercriminals are impersonating as it could lead to a lack of trust. However, one of the best, and only ways to confirm the legitimacy is to do rigorous research, and that is what we did. 

Myself and one of the engineers at Cerberus Sentinel did some forensics on one of the emails and attached PDF to see what it intended to do. We took the email and put it into a safeguarded standalone sandbox where it redirected us to seven know malicious sites that would have uploaded into my browser via the PDF. Along with that, it also contained Ryuk-type program that would run as soon as I clicked the file, opening adobe on my system. 

The results were astonishing. Not only was it redirecting to the malicious sites, but it also started giving out data to bad IPs. After only in a few minutes of this test, the sandbox was compromised through several file directories and connections with these bad IPs. Within a commercial network, this scam would have compromised both the device the email was received on and the network itself. 

Worryingly, we are seeing such scams becoming more expertly targeted to individuals meaning they are more likely to open the emails, and without the necessary security awareness training, they are none the wiser. Yet, the increase in sophistication of phishing and BEC scams highlights the need for increase email security systems and training to bypass human vulnerability. 

Copyright Cerberus Sentinel2021. All Rights Reserved.   Privacy Policy / MSA