Santiago Ayala's first experience with the Digital Forensics and Incident Response NetWars competition was in 2013. He was at a security and digital investigations conference in Las Vegas, with more than 2,000 computer security experts. He entered the competition on something of a whim and wound up tied for first place.
When he entered again for the 2016 conference, he brought not only his skills, but also a little superstition. “I sat in the same spot as 2013 and wore the same T-shirt,” he quips.
The good-luck gestures paid off: Ayala won the competition. “I am not a special person,” he says. “I just pay a lot of attention to details.”
Ayala grew up in Venezuela, where he studied chemical engineering and marketing. He started to tinker with computers in his teens. “We always had computers at home, and I potentially destroyed these computers hundreds of times,” he says.
He moved to Bradenton in 2003 and worked in digital forensics at Sarasota-based Sylint Group, a nationally known cybersecurity firm, for 10 years. A chance reunion with his cousin, Ray Yepes, who had also moved to the States from Venezuela and was working in digital forensics, led the two to partner on their own firm, ATX Forensics, in 2015. Yepes is based out of Austin — the inspiration for the firm's name — while Ayala does his modern-day high-tech sleuthing out of an old-school 1920s building in downtown Bradenton.
Ayala has performed more than 1,000 digital forensic investigations for clients ranging from mom-and-pop businesses to Fortune 500 companies. “I do not approach things from an IT or law enforcement background,” he says. “I like to put myself in the shoes of the person who committed a particular act. My dad always told me: 'You're not an engineer; you are a very curious person. You like to dig and find out the reason why things work.'”
Here are five of Ayala's tips businesses could do to improve cybersecurity:
1. Prioritize it: “The biggest mistake businesses make is not taking cybersecurity seriously,” Ayala says. “It is upsetting to walk into an environment that has been compromised and find out that the incident occurred because someone was too negligent to spend three hours to pay attention to something that needed to be taken care of.”
2. Never assume: You may have hired an IT company to set up your computer network. But you can't assume it's also handling security. “It's so easy to just move the ball and the responsibility, but you need to separate things,” says Ayala. “IT manages the computers; they do not manage security. That is a completely different field. But that misconception is all over the place.”
3. Get personal: Ayala says a lot of companies that sell cybersecurity services really just sell some kind of cybersecurity product. “And a product is not going to replace a good assessment by a human,” he says.
4. Know your business: “You need to know what kind of data you have, where it is, who is in charge of that data, and who has access to it,” says Ayala. “If you don't know what kind of data you hold and who has access to it, there's no way you can protect it. And if you know what kind of data you have and who has access to it, but you don't audit it to determine that the people who have access to that data are accessing it correctly, you're in the same boat.”
5. Make a plan: Ayala compares the moment a company realizes it's been digitally compromised to the “Star Wars” trash compactor scene. “Everyone's yelling and people call me panicking,” he says. “But it doesn't have to be like this, if you have a plan.”
A business should detail the steps to follow if a cyberattack happens, including who's in charge of the website and departments that should be notified. “Throughout this last year at ATX I've been trying to preach a little about preventive security,” he says. “Because a lot of people fail at the basics.”