Ondrej Krehel founded LIFARS in 2013, after spending many years analyzing, preventing, and investigating cybersecurity attacks. In our recent discussion, he explains how he sees the future of cybersecurity and what services his company offers to prevent and battle potential attackers.
Please tell me a little bit about yourself and your background.
I am the CEO and Founder of LIFARS LLC, which is an international cybersecurity and digital forensics firm, based in New York City. Before starting LIFARS, I was the Chief Information Security Officer of Identity Theft 911, the nation’s premier identity theft recovery and data breach management service. I also have experience conducting forensics investigations and managing the cybersecurity department at Stroz Friedberg and at Loews Corporation. With two decades of experience in computer security and digital forensics, I have been involved in a broad range of IT security matters. Some of my efforts have received attention from CNN, Reuters, The Wall Street Journal and The New York Times, among many others.
I’d like to start by understanding the company, at a very high level. First of all, what does LIFARS stand for?
LIFARS stands for Liberty Investigation Forensic And Response Services.
Your web site says that LIFARS is a “digital forensics and cybersecurity intelligence firm.” What exactly does that mean?
Our focus areas are incident response, digital forensics, technical assessments, advisory services, and intelligence gathering from various cases we have processed.
What are the main services and products that you offer?
LIFARS provides a diverse array of cybersecurity solutions that are tailored to each client’s business objectives. Our main solutions include digital forensic investigations, incident response, and ransomware solutions. We have experience with various cases ranging from minor intrusions to high-profile, multinational security breaches. Our expert team of emergency responders is available both remotely and onsite. With our thorough remediation, clients won’t have to face a “worst-case-scenario”. We have dealt with a number of ransomware cases, where we mitigated the risks of ransomware and refined the security posture of our client organizations.
Do you develop your own software or just recommend and configure third-party products?
As I briefly mentioned above, we conduct digital forensic investigations, incident response, web application security testing, and digital risk assessments. Think of us as a consulting firm that delivers holistic solutions, including third party products, rather than a software or hardware provider. However, we do have an extensive alliance network, which allows us to access the latest and the best tools in the market. We have around 10 alliances that we work with closely, and these strong relationships help us to provide the most suitable products for each type of clients.
Are you normally called in only after a security incident occurs?
LIFARS offers both proactive and reactive measures when facing incidents. From advisory services and training to intrusion source detection and remediation, our team of experienced professionals ensure immediate assistance and expert advice. We are the modern cyber ambulance. As technology continues to become more innovative, so does the tactics used by malicious hackers. From individuals to businesses to academic institutions and agencies, the number of cybercrimes is increasing and there is no sign of it slowing down. LIFARS’ expert team provides a variety of services to ensure your information is kept safe, or in the case of an incident, is recovered.
How do you define your market? Who is your specific target audience within that market?
Any company that deals with valuable data could be a target of cybercriminals and that is our audience. However, we work mainly for small to mid-sized organizations that are dealing with sensitive data. We have clients from financial service firms, insurance companies, hospitals, law firms, etc.
How many customers do you have today? Where are they mainly located?
We have processed hundreds of incidents, including a number of ransomware forensic cases, in a calendar year. We primarily operate in North America and Europe.
How would you describe your current typical customer?
Our typical customer has some incident response team members already on staff, and needs to increase cyber resilience, effectiveness and velocity of cyber response.
Who are some of your biggest customers?
We work for various clients from Fortune 20 companies to small and mid-sized organizations. The detailed information about our clients is confidential due to legal agreements.
If we were to segment your services into (i) preemptive activities, (ii) crisis (breach) management, and (iii) training, what would be the percentage of your overall efforts/revenues would each of those categories represent?
I would have to say both preemptive activities and crisis management would cover 70% of what we do. Managed detection, threat hunting, and managed incident response would be part of the preemptive solutions we offer and incident response retainers and digital forensics would be part of crisis management solution.
Who do you see as your main competitors?
I believe we are too different to have competitors. Most of the firms operating in the space of incident response are billion-dollar companies. We have a smaller team here, but we do have an excellent network with a number of alliances, which makes us unique. We work with an appropriate alliance in the network for each of the case we deal with, so we can tailor our service that fits to the client organization’s needs. I believe this makes us different from any other companies that offer the same services.
How do you see your services and tools as different and/or better than theirs?
We offer a customized security plan that is specific for each customer. We map out a step-by-step program together with our clients that is tailored to each organization’s needs and objectives. Moreover, we guarantee premier response time for our clients, as we provide superior speed and accuracy in execution.
How many employees do you have today? Where are they located?
Including all the contractors with whom we work, we have more or less 50 employees, who are located mainly in NYC.
How do you see cyber security in general, and security forensics in particular, evolving in the coming years?
Orchestration and automation will play a significant role in cybersecurity and digital forensics. However, even with the new technology that is coming in, forensics examiners will still be needed for resolution and remediation of data breaches.
What are your future plans for LIFARS?
We will grow and share success with LIFARS team members. Our team here works hard and we all believe that one day rewards will present themselves.
How did you first get involved in cyber security and digital forensics?
I have always been very curious about mathematical algebra, and other computer systems. Since I was in university, I’ve always enjoyed breaking codes and have been interested in security structures in operating systems. My major in mathematical physics helped me bring a scientific view into the field. At one point, I was able to break a complicated encryption system designed by one of the Swiss banks in a case within the US Department of Justice. I truly have passion in what I do, and I do enjoy being part of the industry.
You are also on the faculty of IANS - the Institute for Applied Network Security. Please tell me about that.
The IANS Faculty includes thought-leaders and industry experts in the information security community. I am part of the faculty in order to share my insights with other IANS members and at many IANS hosted events. Most recently, I was invited to the IANS Toronto Forum to present 3 different sessions related to threat intelligence, incident response planning, and threat hunting.
Another organization you are involved in is OWASP - Open Web Application Security Project. What is that project?
OWASP is a community where members share insights, tools, and technologies in the field of web application security. Important aspects that people focus on are forensics investigations of compromised web applications.
How many hours a day do you normally work? What do you like to do when you are not working?
I do work a lot due to fact that we are a fast-growing company and need to deal with lots of details. Many days are full with appointments and sometimes I need to work full-time during the weekends. However, I do like to do outdoors sports when I have free time.
Is there anything else you’d like to share with our readers?
Do not underestimate the time and effort you have to put in to be one of the top in your domain. What will define you is your impact and execution in what you do. Understand what your capabilities are and then build trust and integrity for your success.