What's Up with Tech?

Securing Hybrid Workforces: Timus Networks on Zero Trust, SASE, and SMB Cybersecurity Solutions

Evan Kirstel

Share episode

Interested in being a guest? Email us at admin@evankirstel.com

Ever wondered how to truly secure your hybrid workforce in this evolving digital landscape? Join us as we sit down with Pinar from Timus Networks, a cybersecurity extraordinaire whose journey from electrical engineering to top tech roles at Qualcomm, Hiya, and Lookout will leave you inspired. Pinar dives into Timus Networks' mission to provide always-on connectivity for SMBs, emphasizing the vital role of Zero Trust and SASE frameworks. Learn why comprehensive identity verification is no longer a luxury but a necessity in today's world, and get a firsthand account of how Pinar transitioned into the world of cybersecurity to tackle these challenges head-on.

We also explore the future of cybersecurity solutions for Managed Service Providers (MSPs). Pinar sheds light on the unique hurdles MSPs face and unveils Timmus, a groundbreaking tool designed for rapid deployment that caters specifically to the needs of SMBs, which are frequent targets of cyberattacks. Discover the global demand for user-friendly and robust cybersecurity solutions, and the importance of advanced tools to combat sophisticated phishing and social engineering attacks. Plus, get a sneak peek into the bustling event season and its potential for growth and engagement in the cybersecurity sphere. This episode is packed with valuable insights for anyone keen on staying ahead in the cybersecurity game.

Support the show

More at https://linktr.ee/EvanKirstel

Speaker 1:

Hey everybody, diving deep into the world of cybersecurity today with a real innovator and thought leader, pinar from Timmis Networks. How are you?

Speaker 2:

Thanks so much, Evan, for having me. I'm well, thank you.

Speaker 1:

Well, thanks for joining, really intrigued by your mission at Timmis. And let's start a little bit about your background and biography. Really, you worked for some amazing companies out there over the years, from Ericsson and Qualcomm, many others but how did you get into the cybersecurity space? What was most interesting or appealing to you and the team?

Speaker 2:

Yeah, sure. So first of all, my accent comes from originally being from Turkey. I was born and raised in Istanbul. My background is actually in electrical engineering. I went to college for electrical engineering and then I came to the US for grad school and my journey in the tech sector actually started as a systems engineer. I was at Qualcomm in their R&D department for a while and slowly I moved into the business side and I've done sales, business development in all kinds of products and solutions and majority software almost all software. So six years ago I started getting more into cybersecurity, first with Haya, another startup, seattle-based startup. I was running the North American business there for large partners, so Haya does voice security. And then slowly I moved into Lookout, which was more mobile security. It's another startup, a later stage startup. It's actually HQ in Boston. And now with Timmus, it's cloud-based security of the network.

Speaker 1:

Oh, what a fantastic background. And talk about the security landscape these days very complicated, diverse, many different approaches. How do you fit on this landscape?

Speaker 2:

What's your particular vision? Yeah, you know, from our side, you know, when you say cybersecurity, it just sounds like one thing, right, and then you go to a cybersecurity conference and there are like millions other. You know there's so many companies that's focused on one aspect of cybersecurity, because it's really a pretty large umbrella of topics and with the current risk economy and with the current threats and how easy for bad actors to actually get into the network or your devices and phishing and so on, there are so many things that need protection. How we fit into it is so we do network security. Meaning our mission, evan, is to protect the company from bad actors and data breaches wherever their employees are working from.

Speaker 2:

So in this current you know current workforce, as you know, the modern workforce has become really hybrid. So you know you have employees working from home, but also from Mallorca, from Latin America, from wherever, and these people you know, when they're accessing on their day to day lives, when they're working, we cannot expect them to be security at the top of their mind 24 seven, because it's not fair to them Right? Their job is to be productive, to be productive. So how can the organizations make sure that they are secure while being productive, without them having to think proactively about security all the time. And don't get me wrong Of course employees have to be cognizant of security, but the more we can automate and the more we can make sure that they can connect the company resources securely, even when they are remote, the better, and that's really our job.

Speaker 2:

To summarize, what Timmuz provides is secure, always-on connectivity to company resources, regardless of the device the employee is using or wherever they are accessing from. When you open your laptop, we automatically create an encrypted tunnel to the company resources, be it on-premise servers, firewalls or business SaaS apps or cloud servers. We make sure that data is encrypted and the connection is secure is encrypted and secure.

Speaker 1:

The connection is secure. Well, it's a fantastic approach and it leverages frameworks like Zero Trust and SASE. Maybe for the audience here explain the importance of Zero Trust and SASE as more and more businesses, particularly SMEs, move to the cloud and SaaS.

Speaker 2:

A hundred percent. So Timo really focuses on the small to mid-sized enterprises versus the very large scale enterprises. At the higher end you have a lot of companies that do similar to what we've done but in a much more complicated manner, like it takes much longer to deploy, lots of integrations and so on. But for the small, medium businesses, they really need the same security, if not more, these days. So how can they still protect their resources and their employees with something that's really easy to deploy and easy to use? And that's where companies like Timmus comes into play to use and that's where companies like Timmus comes into play. So, firstly, zero trust. So zero trust is actually a framework versus an actual solution. So zero trust means never trust and always verify.

Speaker 2:

In the good old days, you know when everybody used to go to the office and you have the four walls, you have your nice firewall, you put your device and, based on the Mac address, right Like they make sure the device is only accessing what it needs to access. It was an easy world, if you will. But now, with everybody's everywhere, you're in a conference, you're in a coffee shop, you're traveling, you're in an airport lounge, and when you're accessing the company resources. It's not good enough anymore If the company is just looking at your credentials, your username passwords. Dark Web is full of all these things, even the VPN, the traditional VPN Again, the VPN credentials are a dime a dozen in the Dark Web. And if you keep sending a multi-factor authentication, first of all, the MFA fatigue is real. People hate it after a while. Plus, nowadays hackers also have a way to really circumvent even the 2FA and MFA rules.

Speaker 2:

What Zero Trust does is it says that I'm going to make sure you are who you say you are really sure you are who you say you are really, and I'm going to look into many more things to confirm your identity, just more than just looking at your username and password. So we look at, for example, what's your ip address? Is it a trusted ip address? What's your location? Is this a new device? Did you do an impossible travel? Like two hours ago you were connecting, connecting from Boston, and now you're in LA, like, unless you know, you lasered yourself. It's not possible, right? So these are some of the things a zero trust scheme looks at to make sure only the person who they say they are can access.

Speaker 2:

And another thing about zero trust that's also very important is, let's say, god forbid, a hacker was able to access the network. It's very segmented, so you do micro segmentation so that only you are allowed to access what you need to do your job and nothing else. Like for a developer, they are not supposed to access financials, you know, I'm just giving an example. So that's really the zero trust philosophy, and then the secure access service edge in the small, medium business framework. What that really means is like combining a couple of these things like zero trust, network access, a cloud firewall software, defined perimeter, secure web gateway to do category filtering, you know, dns filtering, making sure you're not getting phished while you are on the internet. So it combines everything into a nice framework to make it very easy to use and deploy.

Speaker 1:

Wow, really compelling. And in cybersecurity we've seen the rapid rise of managed service providers for many good reasons, but particularly just can't find a higher cybersecurity talent these days or expertise. So tell us about your partnerships with different MSPs and how you're working with them and what the feedback has been from those partners them and what the feedback has been from those partners.

Speaker 2:

Yeah, so, timo's actually as a go-to market model. We only work with our MSP and MSSP partners. We don't sell direct, and there are multiple reasons for that. So the biggest one is so the key reasons and I'll start with the first one In the US, small medium businesses up to 90% of them use an MSP for either all of their IT or some of their IT needs, including cybersecurity.

Speaker 2:

Because, to your point, especially cybersecurity there's a massive labor shortage and small medium businesses a dentist office, for example, right, or a law office instead of hiring full-blown IT and cybersecurity teams, full-time employees, they prefer to hire these trusted advisors and tell them hey, I'm going to give you X amount of dollars per month for each of my employees, but you choose the vendor, you need to do what you must and handle my stuff right. So 90% of the small medium businesses in the US, or close to 90, use an MSP. So it makes really sense if you're trying to sell into, get into an SMB, you actually work with your MSP partners and become part of their cybersecurity stack that when they are going to this MSP sorry, smb they actually deploy you as part of that. The other thing that's very critical for MSPs is the solutions that they choose should be really easy to use and easy to deploy Like.

Speaker 2:

One thing about MSPs is, you know, they are very resource limited. They are not full of people sitting around right and they are usually working with a lot of clients. A typical MSP has, you know, 70 clients, if not more. So your solution needs to be multi-tenant, through a single pane of glass. They need to be able to deploy you to all of their clients, bring their endpoints, and it shouldn't take three weeks to be able to deploy this right. What we take pride in is literally and I'm not exaggerating in here NMSB can deploy Timmuz to a client of them in as little as 15 minutes and definitely less than half an hour.

Speaker 1:

Wow, Well, that's pretty impressive. That's quite a mic drop moment and you're very channel centric, obviously with an MSP strategy. Care to call out any partners or customers or what's your go-to-market look like these days and how's it going it's going actually really well.

Speaker 2:

Thanks for asking. We just closed august, obviously, uh. So you know, we just have the uh numbers for that. We are one of the startups out there in the in hyper growth mode and there's a reason for for it because there is a huge demand in the SMB space for a solution like ours.

Speaker 2:

You know, small medium businesses are actually in the hackers sweet spot. Hackers don't care if it's an enterprise or an SMB. Data is data. If anything, small medium businesses are more vulnerable. They get 400% more phishing attacks because they you know their employees have less training. The business has less resources, less tools and even if they have tools, not necessarily they have configured themselves properly, right, right. So hackers love small medium businesses and especially in regulated industries like finance, health care, manufacturing and, you know, it and business services, we see a tremendous need for a zero trust slash, sassy solution like ours, and MSPs love using us when they go to their clients. And the best thing, evan, is, the industry is just picking up. So when we are working with MSPs, it's usually that we're not replacing a competitor, it's usually a green field. Msps are just starting to do vendor selection and that's where we come in and we, you know, most of the time get chosen as a selected vendor which we are very proud of.

Speaker 1:

You have quite a diverse global team around the world. I assume you sell and support market around the world. What are some of the differences in the different geographies and regions around the world when it comes to security?

Speaker 2:

different geographies and regions around the world when it comes to security. Well, so the regions that we play in, especially in the MSP space, the needs of the MSPs are usually the same In any solution that they are looking to provide. Being multi-tenant is very important wherever you are. Making sure that it's easy to use, easy to operationalize is very important, and support is very important wherever you are being able to support your partners and their clients in a way that really is responsive, is solution oriented and, with an approach partner first really works.

Speaker 1:

Oh, fantastic, and you're on the front lines, as it were, of cybersecurity. You know so many headlines every day. What are some of the biggest threats and challenges that you see in the industry right now? Beyond just the headlines, what do you advise your clients to be most aware of?

Speaker 2:

Personally, you know I've been working in cybersecurity now, you know, six plus years and I've worked in multiple companies, so I've seen different products, different threats. I really think human factor is still the biggest threat to companies. And the phishing attacks became so sophisticated, evan, it's just impossible to detect with the naked eye what is a fake website and what is an actual website. These people became so proficient in being able to trick you into getting your usernames and passwords, so credentials mean nothing. I think that's why this zero trust is incredibly important and relying on tools to protect your resources instead of being on the lookout personally with your eyes and ears, because it's not going to work.

Speaker 2:

The world has become too sophisticated, unfortunately, so you have to rely on the latest and greatest cybersecurity tools to protect yourself, be it mobile security, you know, protecting your devices. It's so easy how these social engineers use urgency to trick you. Right, you get an SMS message and say like hey, we see a fraudulent alert on your Chase bank. Click here to confirm it's actually a phishing attack. So you click on it. Lastly, you're worried about because it looks very legitimate. So you immediately put your Chase username and password Because everything looks the same, exactly the same. It looks like a Chase login and then yeah, voila, like you, basically they stole your credentials. So stuff like this is so easy. So if you have a mobile security app on your device, that's automatically going to cut that link, you'll still see the SMS message, but if you click, it's going to say that hey, this is a phishing site, so we're not even letting you go there.

Speaker 2:

I think the biggest threat that I see is still the phishing smishing, all the variations of it, and now, with AI, of course, deepfakes. We all are now reading news, right, people do these videos with deepfake CFOs asking for bank transfers. So it's getting a tricky world out there. You need to keep relying on vendors like us to hopefully stay ahead of the bad actors.

Speaker 1:

Yeah, that would be a wonderful mission. As we head into the busy end of year season, what are you looking forward to? There's so many events and meetings and meetups, get-togethers. What's on your radar?

Speaker 2:

Yeah, as we say, the event season is picking up again with the end of the summer. As we say, the event season is picking up again with the end of the summer. You know, october, november are very busy months for events. It's a good thing that I'm living in Miami because a lot of the events of the channel are actually in Florida. So, you know, we have events in Orlando, we have events in Miami. We will personally be in Datacon and then IT Nation in Orlando and Datacon is coming in Miami. So those are the two big events of the channel.

Speaker 2:

A lot of MSPs show up. But you know the events in the channel space, especially in the MSP space, literally you can go to a different event like every day. Literally you can go to a different event like every day. So, as a vendor, you need to be really selective and you need to make sure that you're able to reach out your prospects and partners not only using events, because it's usually always also the same MSPs you know have the. So we try to do a mix of it right. Of course we go to the events, but we also try to educate through webinars, roadshows, websites, white papers and so on.

Speaker 1:

Fantastic. Well, congratulations on all the success. Really important mission and here's to your success in getting this problem under control to somewhat. Congratulations and good luck in the future.

Speaker 2:

Thank you so much, Evan. Thanks for having me.

Speaker 1:

Thanks for being here. Thanks everyone for listening or watching.