Business Innovators Radio - Interview with Justin Leger, Chief Operating Officer with Cybeats Discussing SBOM Studio
Episode Date: September 20, 2023Justin, with a blend of military and corporate leadership, catalyzed the expansion of Cybeats as Chief Operating Officer and brings nearly 20 years of strategic and operational expertise, underscored ...by decorated service as a senior officer in Special Operations Forces.Learn more:https://www.cybeats.com/Influential Entrepreneurs with Mike Saundershttps://businessinnovatorsradio.com/influential-entrepreneurs-with-mike-saunders/Source: https://businessinnovatorsradio.com/interview-with-justin-leger-chief-operating-officer-with-cybeats-discussing-sbom-studio
Transcript
Discussion (0)
Welcome to influential entrepreneurs, bringing you interviews with elite business leaders and experts, sharing tips and strategies for elevating your business to the next level.
Here's your host, Mike Saunders.
Hello and welcome to this episode of Influential Entrepreneurs.
This is Mike Saunders, the authority positioning coach.
Today we have with us Justin Leger, who's the chief operating officer with Sybeats.
Justin, welcome to the program.
Mike, thanks for having me.
You are welcome. So I want to learn all about what you do and the space that you are occupying
in technology today, but get us started with a little bit of your story and background. And how did
you get into this industry? Yeah, sure. I guess it probably all started as a kid, joining the
military. I joined around 16, the Canadian Armed Forces and moved into the regular force from the
reserves. I became an officer, did my university degree, and after about 10 years, I'd gone
into special operations forces, got promoted as a lieutenant commander. I'd kind of achieved all
of my military goals and started to think about the next step. So I looked at doing my MBA,
got my MBA, used that as a sort of platform to transition out of the military, and got into
something somewhat adjacent, although operationally completely different, and got into government
contracting, worked on a few large projects for the provincial government here in British Columbia
and in Canada, obviously, and later with the federal government. And after a few years of that,
working in a large enterprise, still sort of working with government, again, wanted to make a change.
So I branched out on my own and was working as a consultant.
And through that, I got introduced to Sybeats when it was very early on.
I think where I'm probably strongest is on helping companies grow, on scaling operations,
on taking big complex problems, breaking them down and just churning out solutions bit by bit.
And that's the stage that they were at.
And through that engagement was offered the role of chief operating officer and, you know, what ops guy doesn't want to jump into that top seat.
So I took that opportunity and been at that for coming up on two years.
You know, when you were describing that, it made me think of two things.
Number one, you like working with or this opportunity is very optimal because the train had left the station.
You know, it wasn't a startup.
It wasn't some concept.
You know, it was up and running.
and now you're able to come in and see opportunities to tweak this, polish that.
And then secondly, with your military background, I just would love to know the stats out there.
I know someone has done this research study, but a high percentage of the top performing companies, CEO, CEOs, all of these positions are coming out of the military because of discipline, because of structure, because of leadership.
And like you said, you can see a big problem slash opportunity, break it down, and then right.
rally the troops, you know, per se and go, okay, let's do this right in front of us.
You know, let's work this problem, which then leads to the next.
So talk a little bit about how that approach has served you well when you now are moving
into the next steps with sidebeats.
Yeah.
I mean, I think it comes down to leadership.
The military organization is a leadership organization from top to bottom and from bottom to
top.
I also found particularly my experience with special operations forces.
You're dealing with highly motivated, highly trained people, well equipped.
And really, it was one of the best experiences of my life,
just being able to be part of an organization where everybody cares so much.
Everybody wants to be the best.
Everybody's trying all of the time.
And taking an organization where everyone has something to contribute,
it gives you a different perspective on what management and leadership can be with the right attitude.
And trying to bring that attitude is something that I've tried to incorporate into my work and into our team.
So it is very much a team sport.
I don't know anyone who's done anything incredibly hard without a team and everybody working towards that same goal.
And that is something that I think, whether it's conventional,
versus whatever, the military is really, really good at setting those goals and going after them
with a no-fail attitude.
You know, when they say, what's your biggest weakness?
Mine is definitely, I don't know when to quit.
That's awesome.
You love how you weave in a big strength into the weakness, right?
Well, it's definitely, it's definitely, it can be a strength, but it certainly can be a weakness as well.
Yeah. So on Sybeach website, I see a really nice, clean, crisp first glance, and I see
automating S-bomb management. What in the world is S-bomb management? Yeah. So I think it's best if I put
this in the global context for you. We'll go big and then we'll break it down. Okay. So over the last
you know, a few decades, and really within the last couple of years in particular, we've seen a
massive increase in cyber espionage, sabotage, disruption of critical infrastructure, and cybercrime.
And this is to the tune of trillions of dollars. It's a massive shadow economy out there.
It's costing the global economy trillions. And they're always looking for new ways to exploit
weaknesses. They've moved away from some of their more conventional attacks. And they've gone
after what's called the software supply chain. So these are the building blocks of our society
essentially. Everything is digital. Your phone, your TV, your refrigerator, everything has software.
And they're going after the building blocks of that software in order to gain access and
conduct their, let's just call them nefarious operations, whether they're political, criminal,
what have you. So software supply chain, that's,
That's the key, key element that we want to take out of that.
And silence is becoming.
Isn't that very foundational?
So for instance, you might, you know, that's kind of like coming in the side door,
you know, like from the military, you might, you know, have a frontal attack.
But really, if you come in the back door or the side door, you know, it's not as obvious.
So isn't that part of that vulnerability, which is, oh, if we go a couple layers deep here,
boy, they might not see us until it's way too late.
Exactly.
And the real problem with that is that we can put up all the fences we want.
But as you say, if they're able to just walk in the side door because, you know, they were
able to get a couple layers deep, then we're completely out of luck.
And it's an intelligence issue, essentially, just to go back to the military metaphor.
We don't know what all of, we don't know what we don't know.
And this is one of the problems that we're trying to address.
So S-bomb is a software bill of materials, just like you'd have an ingredients list on your food to make sure, you know, there's no lead in it or what have you.
A software bill of materials lists all the components, all the libraries, all the dependencies, the licenses, the relationships of all these different components in that software so that we can have some visibility on the software supply chain.
and it creates a whole new problem, an S-bomb, right?
Because this is machine-readable data.
This isn't just a list I can pick up just and look at like a food label on a can.
It's highly complex.
You need another layer of analysis on that S-bomb to actually get useful intelligence out of it.
And that's where S-beats comes in.
We're adding a layer of intelligence onto, getting that intelligence,
out of that data to help company secure their software supply chain. That's the problem that we're
addressing and that's the high level of how we're addressing it. Yep. Neat. Well, to me, it just seems
like about the time you see some intrusion, it's way too late. So how does how does this help
find it before it's too late and plug it up with confidence?
Yeah. Well, I should probably mention that we've got some really major tailwinds from government on this one. They've mandated at the federal level in the United States the use of S-bombs for anything that has software, whether there's a medical device or a frigging toaster or what have you, or more complex solutions as well.
if you do business with the U.S. federal government, you have to provide an S-bomb.
That's been mandated for some time now.
The FDA has regulation coming in now where in October, if you want a new medical device approved,
you're going to have to, and it has software, you're going to have to submit an S-bomb for that.
So we've got those major tailwinds.
But any company that cares about their security is generating S-bomb and managing that data and actually getting useful insights out of it.
So the way that this works is it is preemptive.
It's intelligence that you're gathering, you're getting insights out of,
you're referring to other databases that have vulnerability information that's really
going to help you prioritize what you need to address.
So we're pointing companies in the right direction for what they need to fix.
And they might have a thousand holes in their fence.
and they will tell them you know you only really need to worry about like five of them and these are the five
and here's what you need to do to go and fix them and so how old is side beats because i understand
that a huge percentage of your clients are fortune 500 um obviously that's a huge feather in your cap
and how did you get to that a level of status quickly if that's the case yeah um science is is is not
an old company was founded in 2016.
It initially was started to go after IoT security issues.
But less than, well, just a little over two years ago, actually,
it transitioned towards S-Bomb management.
We saw the opportunity and went after it vigorously.
And just through a mix of having a good sense of which way the wind is blowing,
having a strong team and a bit of luck.
We've been able to establish ourselves, I think, as the leaders in our niche, in S-bomb management.
And with those tailwinds from government and just the overall climate and the increase of cyber warfare, cyber crime, companies are, they need this.
There is a strong, strong need.
So as much as we're pushing, we're being pulled.
and our ability to deliver mixed with having a really strong product
and I think a willingness to listen to customer feedback
and being able to actually implement that feedback
has enabled us to get clients that a company at our stage,
let's just call it two years,
few years old in this space,
wouldn't necessarily be able to do.
But we're not only doing that,
we're beating other companies with much deeper pockets.
at this game.
And we've been able to get those clients.
Now, I'd love to tell you every logo that we have
because, man, it's a point of pride for us,
but, you know, it's security.
And they don't always want us telling everybody,
what solutions they're using to secure their environment.
So it's, we tell people when we can,
but it's not always something we're able to do.
You know, as you were describing that,
I literally was thinking about, like when you watch movies and you probably know from firsthand, but, you know, when military or CIA or FBI, you know, thwart some huge terror event, you know, the scene afterwards is the big boss going, good job, good day, guys. We prevented this huge thing. But as you know, no one will ever know this, you know, we existed or we did this. So many times, you know, you are behind the scenes like what you just said. You're not going to know that XYZ company uses this.
But can you think of an example without mentioning names, but just like an example of, oh, one time we came in and we identified this, which prevented that?
Yeah.
I'll give you an example in terms of how our solution is being chosen.
So one large Fortune 500 company, $35 billion a year company, they're in energy management operational technology.
So they're part of critical infrastructure all over the.
world. They chose our solution because in part these problems, these these vulnerabilities that
can come up. And a great example, if you or your listeners want to Google it, is log 4J.
That was a major incident back in late 2021. Log 4J, it's simply a component in software.
It's one of these ingredients. It manages data in software. And it's prolific. It's everywhere.
like 95% of enterprise software has log 4j and it.
And a vulnerability came to light.
And this vulnerability essentially opened the door to cyber criminals or nefarious state actors or who have you.
It allowed them in some case to execute their own code within your software,
opening the door, right?
And when it was announced, there was no fix for it.
So, you know, it got announced.
Everybody's freaking out, oh, my gosh, where is Log 4J in my stack?
I need to address this.
You know, you've got, if it's getting the attention of, of CIOs and CEOs wondering,
okay, what's this Log 4J thing and, you know, how are we affected?
Unfortunately, at the time, most companies couldn't answer that question.
People really don't know what's in their software.
And without an S-Bomb, they have a really tough time of actually figuring that out.
So in that first 72 hours following disclosure of Log 4J,
an estimated 800,000 attempts to exploit that vulnerability.
So massive, massive problem.
And by that time, most companies didn't even understand the scope of the problem within their own environments.
So they were desperately trying to answer the question, what's in my software?
In some cases, this one incident cost millions of dollars and upward of three months
just to address where this was in their environment.
And that's something that S Bond Studio, our solution, could have answered in seconds.
Wow.
So this large company, going back to that, when they're looking at our solution and how we can address this problem for them, they're not just looking at the risk management side of it.
They're not just looking at the compliance side of it.
They're looking at a very clear business case for how we can save them.
know, they're estimating over 80% cost reduction in addressing issues like this.
And these issues exist today.
One's just as bad.
We just don't know about them.
Nobody's discovered them yet or notified the community of those yet.
So it's just a matter of time.
And companies that are ready, like this one, will be able to address it very quickly and very
cheaply compared to their competitors or to other companies. And we can only hope that the impacts
of not being able to address those quickly are very minimal. Yeah. And what a huge cost savings that is,
the larger the company, the larger the risk. And what a big solution that is. So if someone is
interested in learning more about your S-bomb technology, what's the best way they can learn more
and then also reach out and connect with you guys.
Yeah, so our website has all of our contact information,
so www.sybeats.com.
There's some information there,
but of course, we love to talk about this.
It's peeking in terms of hype globally,
so there's going to be lots more interest in S-Bond.
But I would still say it's early days,
and we're really excited to be riding this,
wave.
Excellent. Well, Justin, thank you so much for coming on.
Today's been a real pleasure talking with you.
Yeah, thank you so much.
You've been listening to Influential Entrepreneurs with Mike Saunders.
To learn more about the resources mentioned on today's show or listen to past episodes,
visit www.com.