Specifically Speaking with Pierre Bourgeix

Bourgeix is president of Cleveland-based ESICONVERGENT
 - 
Wednesday, November 1, 2017

What services does the company provide and what vertical markets does the company specialize in?

We focus on converged assessments within information technology, operational technology, and physical security systems and technology, as well as IoT technology convergence assessments. ESICONVERGENT LLC focuses primarily on manufacturing, technology companies, municipalities/government, utilities, and healthcare.

How did you get started in security and designing/specifying?

I started in the barrier industry in 1998 and progressed into integration of solutions and design in 2002. I worked on many projects in the banking sector, such as work with Wachovia and others. I spent time working with design and specification of utility and government applications in the Middle East in 2006-2010. I then moved into IT security since I saw the converged aspects becoming a barrier and an issue but few people in the physical security world knew how to cross the chasm.

From there I moved into cybersecurity in 2012. With all of this I have created a new methodology that takes operational environments and assesses against IT, OT, PS, IoT and its policies and procedures related to compliance as well as industry norms and rates it against liability that it holds, which the insurance industry has been interested in learning. The second aspect is assessing the technology and its legacy versus compatibility to current industry and compliance requirements. This rating (1-4) is then merged into a rating that the insurance industry sees as usable to rate risk. With this in mind the issues we face in a converged world is the ability to mitigate this risk with the correct technology and with the proper people, process and technology in place.

Can you talk about what new or emerging technologies you are seeing or specifying today?

Technologies that are at the forefront such as Hitachi Vantara, CISCO Mereki, IBM Watson, etc., are quickly becoming the bridge between IT, OT, PS. With that in mind, the need to converge threats to react through the use of data (meta data) are critical. We are reaching a critical mass that will invariably lead us to begin shutting down informational streams because operators become overwhelmed with data.

The only way to alleviate this is to clear the noise and insure that the information received is viable and correct. Credentials and secure data will be needed. Companies such as NCODED and SoloInsight will be needed to not only secure the credential but to create a secure transaction of information. These solutions allow for secure transactions in a field of insecure technology at the edge.

Finally, it is crucial to use aggregators of information to visualize incidents with the use of technology that brings this to “one pane of glass,” as well as the use of AI (artificial intelligence) to digest and define data and clear the noise through analytics and information refinement. Storing of data can be done through enterprise cloud solutions to segmented storage such as Hitachi VMP, or EMC DELL.

Taking this into account, the world of security is no longer harnessed by equipment but thin application layers working in harmony in an IoT world.

What do you see on the horizon for the industry?

As I have written about extensively, the convergence of information technology, operational technology, and physical security has arrived.

Today, the world has seen how physical, logical, and electronic controls are intertwined and affected by one another. With examples such as the Metcalf incident in San Jose to the Target and Sony breach, we are seeing that attacks are being waged on all private and public facilities through IT and physical controls. With this in mind, manufacturers of security products and services are being pressed by not only the need for better integration with IT, OT, and physical security, but the public and private desire for ease of use and a cohesiveness within the Internet of Things.

This leads to only one formidable question: How do we create the most effective process for acceptance of allowing the three worlds to work in harmony and create solutions that not only solve problems but also keep them at bay?

With this in mind, manufacturers and service providers are realizing that the next phase must be educating clients in understanding that it is crucial to bring physical security and IT together under the umbrella of ‘risk.’ The proactive nature of security and the Internet of Things are the only hope to preventing attacks that are stealing headlines daily.

*/