/industry-wired/media/agency_attachments/2024/12/04/2024-12-04t130344212z-iw-new.png)
/industry-wired/media/agency_attachments/2024/12/04/2024-12-04t130332454z-iw-new.jpg)
/industry-wired/media/post_attachments/wp-content/uploads/2019/09/IW-AUG19-Rectangle6.jpg)
Security researcher and author Georgia Weidman founded Shevirah in 2015 to commercialize software for penetration test teams to assess mobile security solutions leading to more secure enterprise endpoints such as smartphones, tablets, wearables, and the Internet of Things (IoT).
As hackers shifted methods from traditional remote network attacks to social engineering and new endpoint attacks a gap in enterprise testing had emerged. Shevirah closed that gap with software for internal test teams and services for businesses without their own standing teams.
Dennis Blair, former Director of National Intelligence, described Shevirah's tools as "truly cutting edge". The CIO and CTO of the Department of Defense said that there was nothing like Shevirah's tools in their arsenal.
Georgia is a serial entrepreneur, penetration tester, security researcher, speaker, trainer, and author. She authored Penetration Testing: A Hands-On Introduction to Hacking. She is also a New America Cybersecurity Policy Fellow. Georgia has presented or conducted training around the world and she regularly featured internationally in print and on television. She is also a member of the CyberWatch Center's National Visiting Committee, on the board of advisors at Cybrary, and an Adjunct Professor at University of Maryland University College and Tulane University.
Georgia founded the security consulting firm Bulb Security and was awarded a DARPA Cyber Fast Track grant for her work in mobile device security culminating in the release of the Smartphone Pentest Framework. She later founded Shevirah whose products assess and manage the risk of mobile devices in the enterprise; Shevirah is a graduate of the Mach37 cybersecurity accelerator.
Georgia says, "As Shevirah’s Founder I basically have to be able to do everything.”
Innovating Products for Better Customer Reach
According to Georgia, the way our networks and assets communicate has changed. In a traditional network, everything was hosted locally, physically in an enterprise data center, on someone’s desk, etc. The only way these devices communicated was over the corporate network, with all traffic passing through the network perimeter to the Internet. With the rise of mobile, the cloud, etc. this changed drastically. Traditional methods of vulnerability assessment, incident response, egress detection, etc. are not sufficient to deal with these changes.
In particular, Georgia's work centers around moving vulnerability assessment and penetration testing capabilities forward to cover the unique issues around mobile devices such as the mobile modem, near field communication, and the effectiveness of security controls around mobile including enterprise mobility management solutions and application sandboxes.
Georgia cited, “Mobile phishing is also a big part of what we do. Most people think of phishing as a solely email-based endeavor and the simulation products have followed suite. The myriad communication methods that come with mobile such as SMS, Bluetooth, social media such as WhatsApp and Facebook Messenger, basically anyway a link can be delivered, are now valuable vectors for phishing campaigns.”
Evolving to Stand Out in the Crowd
When it comes to journey towards a successful leader, Georgia expresses, “In my work as a penetration tester, we went after laptops, servers, desktops, networking equipment, websites, apps, the list goes on. But every time we were leaving out mobile devices, bring your own device, and the Internet of Things.”
On the conference circuit, Georgia was researching and speaking about new ways of exploiting mobile devices from building the first proof of concept SMS botnet to building the Smartphone Pentest Framework to allow researchers to work with the unique attacks available in mobile such as the mobile modem, Near Field Communication, etc.
"It occurred to me there was a disconnect," Georgia said. “The real attackers were not going to ignore mobility just because it was out of scope on penetration tests. There are tons of preventative products such as Enterprise Mobility Management and Mobile Threat Defense to protect mobility. But, as in the traditional computing world, the attackers are buying or pirating the same preventative technologies their target has deployed to ensure their attacks can bypass them and nothing is 100% unhackable. “
Georgia knew there was a gap to be filled. But as a technical founder, she needed to learn more about the business side of things. So, she founded Shevirah and ran it through the Mach37 cybersecurity accelerator in Northern Virginia to help her fill in those business skills.
Learning Always to Drive Innovation
Georgia says “Recognize that no one knows everything and everyone is constantly learning. Everyone feels like a moron sometimes. Don’t be like me and beat yourself up about it. There are plenty of people in this industry to do it for you. Never stop learning.
Most importantly, stay alive long enough to appear lucky.”
Crafting Products to Conquer Risk Factors
Shevirah's patented Dagah product bridges the gap between the traditional perimeter defense cybersecurity paradigm and the new mobile and IoT paradigm by providing vulnerability assessment, penetration testing, impact analysis, and mobile-specific phishing for enterprise blue teams, red teams, and nation-state offensive operations, as well as mobile phishing training capabilities for human resources/IT.
Overcoming Primal Challenges
Georgia feels being female in a technical industry remains challenging, “It seems like no matter how much I achieve I’ll always be asked, ‘Whose girlfriend are you’” – even at the speaker party for a conference, I am keynoting!”
She says, "I’ve been written off more times than I can count, but, like a glutton for punishment, I keep coming back. Particularly when I was starting out, first in security and then in the startup world, it was difficult to get anyone to take me seriously. Even in venues that are cool with women being in security and being an entrepreneur, they don’t seem to recognize that we may speak on technical subjects instead of soft skills and that we might be the technical founder who brought on a CEO instead of just being on the business side."
The Future Ahead
Georgia believes that all the “next-generation” ways we use technology pose a clear and present danger — be they cloud-based via outsourcing our email to Google Apps and our lead generation to Salesforce.com; increasingly coupling more of our business and personal lives to mobile devices that do not truly call us master; technologies that enter our homes and offices with everything from Smart TVs that listen to our every conversation, Smart Assistants that take it a step further and act upon our unwitting conversations, or lightbulbs with IP addresses and hardcoded root passwords; or our ever-increasing reliance on industrial controls that are so fragile they often cannot be security tested in a traditional way and continually prove susceptible to malware little more sophisticated than that which plagues our unpatched Windows Desktops.
Georgia builds products that help enterprises and consumers understand and manage their risks around these next-generation technologies with a deep focus on the under-addressed risks associated with mobile security and IoT security.
In her consulting practice, Georgia sees customers every day who bought the best preventative technologies, all of which make a lot of claims on the back of the box, but, in a matter of minutes, her products prove that these preventative technologies fall far short of success. When pressed, the client simply says that the vendor had a compelling sales team. Georgia also gets customers who are very firm on the fact that they will only do something about the state of security beyond Windows desktops and their public-facing websites when regulations such as HIPAA, PCI, or the NIST force them to take their head out of the sand.
Advice that Encourages Emerging Leaders
Giving her advice to budding business leaders, Georgia says, "I used to work so hard and so single-mindedly that I would routinely burn myself out. After a few rounds of that, I realized something had to give. I re-engaged in my childhood sport of horseback riding. I’m still a super-driven, competitive person, so instead of a relaxing hobby, I compete for equestrian titles. Taking the time to put work aside for a few hours, focus on my riding, and bond with my horse, Tempo, allows me to focus single-mindedly on work the rest of the time."