In the SecureWorld Spotlight Series, we learn about the speakers and Advisory Council members that make our events a success. In Q&A format, they share about their professional journeys, unique experiences, and hopes for the future of cybersecurity—along with some personal anecdotes.
Evgeniy Kharam is a cybersecurity architect and evangelist, founder of EK Cyber and Media Consulting, and founder and host of two podcasts. He serves on the Advisory Council for SecureWorld Toronto and will be presenting at our upcoming conference on April 3rd.
Get to know Evgeniy Kharam
Q: Why did you decide to pursue cybersecurity as a career path?
A: I spent five years in the Navy, engaging in a wide variety of tasks. My work spanned from Linux and Windows to handling cables; essentially, anything the Navy required, whether below or above water, I was involved. I played a role in modifying and enhancing what we could liken to the "GPS" system. Additionally, I earned my Microsoft Certified Systems Engineer (MCSE) certification for Windows in 2000 during my military service. After completing my service, I was eager to discover what the future held for me.
Fortunately, I secured a QA position at Check Point, arguably one of the pioneering companies in the cybersecurity field. There, I served as a QA analyst for firewalls, where my responsibilities included verifying the functionality of one of the first next-generation firewalls (NGFW), at the time referred to as a Unified Threat Management (UTM) firewall. This model, initially known as R57, was later launched as the R60 NGFW. This role offered me a profound understanding of internet protocols and the complexities of network security. After two years at Check Point, I relocated to Canada, where I joined my family and began working at the Herjavec Group. At that time, formal education in cybersecurity was scarce, and most learning occurred on the job. My first week concluded with a hands-on experience assisting in a firewall upgrade, and by the following Tuesday, I was tasked with managing customer upgrades independently.
Over 16 years at the Herjavec Group, I progressed from a Professional Service Engineer to leading several teams, eventually serving as the Vice President of Architecture. My roles spanned across pre-sales, product sales, managed services, and more, offering an invaluable learning experience in customer interaction, success strategies, and the sales principle of Always Be Closing (ABC).
I graduated in the summer of 2023 and have since established my own consulting firm, primarily aiding MSSPs, VARs, and vendors. Additionally, I host two podcasts: the "Security Architecture Podcast" with my friend Dimitri, which focuses on the technical aspects of architecture; and "Cyber Inspiration," which highlights the motivational stories of founders starting their own companies. Moreover, I am actively involved in panel moderation and public speaking.
Q: When and why did you join your current organization (employer)?
A: I actually started my own company. After I left, it took me about three months to figure out exactly what I wanted to do, and I'm still in the process of fully figuring it out. Currently, I am combining public speaking, panel moderation, and podcasting, alongside consulting for VARs, MSPs, and vendors. So, it's a very interesting and unique path. I've spent so much time around managed service providers, and I have a lot of knowledge on how a good practice looks like.
Q: How would you describe your feelings about cybersecurity in one sentence?
A: I am fascinated by the industry, how fast it's moving, and how much I can learn and teach, as well.
Q: What has been your most memorable moment thus far working in cybersecurity?
A: There are many. I will describe two.
There was a week I called the "travel from hell," where I needed to fly to San Francisco on Monday, present there, drive to Palo Alto and present there on Tuesday, fly to LAs Vegas and present on Wednesday, catch a plane at 9 p.m. to fly to London, take a bus for three hours, wake up and deliver a four-hour managed services presentation, take a train back, and fly back to Toronto. So, I spent less than 24 hours in every place, including the U.K., and we won three out of four deals for Managed Services.
There was a deal worth many millions of dollars to a bank, which was supposed to protect the bank from data leaks. The people who agreed to buy the technology left the company shortly after the deal was signed. As part of my work for a VAR, I was assigned as the Architect to figure out what the best architecture should be from web, email, monitoring, and endpoint security perspectives, involving more than 80,000 endpoints and more than 140 different appliances. It was a true challenge from a technical perspective, team management, and diplomacy with the bank's leadership and staff.
Q: If you had to choose, what's the one cybersecurity practice people can adopt that would have the greatest impact?
A: If I were to be completely selfish, I would say Architecture, but honestly, everything is important. What I see missing is, let's call it a "translator"—how to translate technical information to business needs and vice versa. I am also a big believer in people skills/soft skills. With most people working remotely, it has become even harder to get on the same page. Therefore, understanding that the project is going in the right direction and that people are conveying information correctly is key to success.
Q: What are the biggest challenges facing the cybersecurity profession?
A: The amount of information we have to deal with makes it humanly impossible for one person to know everything related to cybersecurity now. You need teams of people who trust each other to get a complete or more comprehensive picture. Regarding AI, the adversaries can move much faster, significantly increasing the margin of error. If there is a hole in the defense, the bad guys will find it.
Q: What are the biggest opportunities facing the profession?
A: How to adapt to new world where we have AI, AI, AI and we're still not sure where it's applicable and where it's not.
Q: When you tell people what you do for a living, what do you say?
A: I mainly tell people I am doing consulting, but it's a bit tricky because I am consulting to consulting companies.
Q: What advice do you have for someone considering cybersecurity as a career and/or someone new to the field who is looking to move up the career ladder?
A: Don't become a pen-tester right away. First, gain some knowledge. Also, understand more about who you are, what you like—whether it's long projects or short projects, technical aspects or more people-oriented tasks. Consider what you are passionate about now; this will help you find your path, not someone else's.
Q: In honor of our 2024 conference theme, Legacies Untold: Revealing Cybersecurity's Hidden Figures, who is someone that you consider to be a Cyber Hero?
A: Sean Higgins, who was my mentor several times and was my first leader in Canada. I know I can always call him for advice.
Q: Lastly, what are you most looking forward to at your regional SecureWorld 2024 conference?
A: Learning from other people, giving back to others, and making new friends.
More from Evgeniy on the personal side:
"I've always had a passion for extreme sports and outdoor activities. Over the years, I've engaged in a diverse array of pursuits. From my school days, I started diving at the age of 16, played volleyball and table tennis, and engaged in both mountain biking and a bit of road cycling. My education at the Nautical College meant that sailing was a part of my daily life. After moving to Canada, I delved into whitewater canoeing and kayaking—although, I must admit, I prefer canoeing over kayaking. Two years ago, I also took up whitewater SUP (Stand Up Paddleboarding), which truly pushed me out of my comfort zone. Winter sports, such as snowboarding, are also among my interests.
I've managed to merge my passion for sports with my career in cybersecurity by co-creating a ski and snowboard cybersecurity conference. Our inaugural event took place in 2023, and we just hosted our second one on February 29th. It's a unique way of bringing together passions and professionalism in cybersecurity, drawing around 200 participants this time.
Besides sports, I'm a twice-immigrant, having moved from the USSR to Israel at the age of 11, and then to Canada at the age of 27. This journey involved a lot of adaptation and cultural learning. Currently, I'm also working on a book aimed at helping sales professionals better connect with their customers. Additionally, I have a passion for photography, having had the rare opportunity to follow Robert Herjavec's Ferrari racing and capture the moments through my lens.
I'm the father of three young children, including twins, and an older child, as well. Raising twins has taught me a great deal, to the point where not much can stress me out anymore."
To connect with Evgeniy Kharam and other cybersecurity leaders in Canada, attend the second annual SecureWorld Toronto conference on April 3, 2024. Evgeniy will be participating in two panel discussions, Harmony in the Digital Age: Cybersecurity, Privacy, and Technology Unveiled and Elevating Security Through Cloud Resilience and AI Innovations.
Continue to follow our Spotlight Series for more interviews of industry experts.
