The Ottawa-based leader and Forty Under 40 recipient has nearly twenty years of experience in SaaS industries, professional services and M&A, working in technology for both start-ups and large multinational organizations, such as IBM, Nortel and CGI. Sacha joined Calian in September 2021.
Q: Welcome, Sacha! What attracted you to Calian?
SG: What caught my eye most about Calian was the leadership and the fact that Calian is a trusted brand. In the last three years I started to pay much closer attention to Calian, watching the company grow with acquisition and mergers. I had the opportunity to hear CEO Kevin Ford speak at some local technology executive events and I was impressed with his conviction, vision and passion for innovation.
I see immense potential in Calian. With continued growth and a strong financial footing, we have the ingredients to make something great. This is an environment conducive to growing profitably, and we understand it is important to grow profitably because markets expect profits, not just growth.
Sandra Cote [retiring ITCS President] and the team have done an excellent job. Now is the time to put all these great ingredients together and make some digital meals.
Q: The pandemic has forced companies to rethink how, when, and where work is performed. Working remotely brings unique cybersecurity challenges. What are your top tips for organizations with remote workers?
SG: I’ve worked for large multinational organizations throughout my career, and they were trailblazers in encouraging remote work. Personally, my preference is to go into the office. I’ve missed certain things, like watercooler talks and whiteboarding. I’m looking forward to returning to the office three days a week.
That being said, remote work has made it increasingly difficult to maintain a consistent cyber posture. The old “four walls of cybersecurity” (firewalls and virtual private networks) are no longer sufficient. And the cyber footprint is more expansive than ever – it’s ‘boundary-less’. It has to account for working from anywhere, corporate networks, Wi-Fi, 5G, BYOD devices, corporate devices, multi-cloud compute resources (Azure, GCP, AWS etc.) and new IoT endpoints like sensors.
This new cyber footprint requires new solutions – like Zero Trust Network Access, Secure Access Service Edge and Multi-Factor Authentication. It’s also important for companies to certify with a security standard, such as SOC2 or ISO27K.
Q: Another impact of the pandemic is the rush to enable remote delivery of healthcare services, like virtual doctor appointments. Are there any special cybersecurity considerations for the healthcare sector?
SG: The shift to the cloud and unified communications has happened at unprecedent pace, leaving many institutions ill-prepared as they struggle to keep pace with the acceleration of digitization. It all ties back to the cyber footprint – it’s expanded, boundary-less, and the attack vectors are more complex than ever.
With the adoption of video technologies, virtual lobbies, and wearables that collect data for doctors to remotely monitor patients, we had to figure out how to make these collaborations more secure. Our Corolar Virtual Care (CVC) makes this possible.
Healthcare institutions researching video collaboration tools should keep a few things in mind:
- A secure, encrypted connection is a must throughout the entire journey. This includes information in transit and at rest.
- Personal health information (PHI) must be obfuscated. Retaining HIPPA compliance is equally important.
- Features like a virtual lobby room, pin access code entry, and secure video transmission & messaging are table stakes.
Q: A recent survey by Proofpoint, Inc. shows 64% of CISOs fear their companies are at risk of a major cybersecurity attack in the upcoming year and 66% feel their organization is unprepared to handle it. What are the top risks they face and what advice can you offer?
SG: The top risks today exist inside the business – phishing, behavioural or social engineering and ransomware. Attacks are comprehensive and commonplace. It’s not a matter of whether your data will be stolen or breached, it’s when. “Steal Now, Decrypt Later” is a reality even if your data is encrypted.
So, cybersecurity training for employees is an absolute must. Start with a cyber assessment, run a penetration test and execute internal audits to first understand where you are. From there, you can create a “heat map” of vulnerabilities and phased remediation plans. Run simulation exercises, ensure incident response is ready to handle a real attack, and keep liability insurance.
Not every company has a CISO to lead this process, so consider a CISO as a Service from a reputable player like Calian. Fractional CISOs are a good way to complement existing CIO teams and fill in the gap.
Q: What is your vision for Calian? What role do you play in evolving Calian from a services business to a technology business?
SG: Customers come to us with complicated problems that need solutions. Our “secret sauce” of services and technology assets allow us to provide the comprehensive solutions that customers need.
We’re already known for Managed Security Services and Multi-Cloud IT solutions in North America. I plan to build upon our deep client relationships and provide a highly responsive, “one stop shop” for managed IT & cyber services, procurement, systems integration and digital consulting, advisory & staffing augmentation services. We instil confidence in customers across a variety of verticals – including healthcare, government and transportation, making Calian the trusted brand for government, mid-market and enterprise.
Q: When you’re not fighting cyber crime, what are you reading, watching, or listening to?
SG: Reading: Outliers…love the 10,000 hours notion. Listening: U2, Arcade Fire, Killers, Coldplay. Watching: Manifest - check it out, it won’t disappoint.
September 7, 2023
#FacesOfCalian: Oscar Morales
Get to know the Calian team with our Faces of Calian series!
August 1, 2023
Google Engages iSecurity, a Calian Company, to Conduct Assessments of Google Cloud
Google's recent decision to engage iSecurity, a Calian company, for a comprehensive privacy impact assessment (PIA) and a threat risk assessment (TRA) for Google Cloud services in Canada was a significant step towards even stronger data protection and risk management.
May 26, 2023
Meet the Experts - Kevin de Snayer
In today’s edition of Meet the Experts, we have an interview with Kevin de Snayer, Director of Cyber Solutions, ITCS, Calian.