Chris Opp is Celerium’s Director of SMB Cybersecurity Solutions
Tell us a little bit about your background.
When I graduated high school, I joined the Air National Guard working on small computers. I eventually got a full-time, active-duty position there working as the network manager/engineer for about six years. After that, I moved into the Regional Operations Security Center (ROSC) where I worked with local and national organizations doing everything from firewall configuration, infrastructure, server management, virtualization, policy, you name it. Since I retired, I have done various things in the IT field ranging from network manager to what I do now at Celerium, which is helping companies find simple ways to improve their security in a world where administrators often have overloaded schedules and small budgets.
As Director of SMB Cybersecurity Solutions, what does your average day look like?
My typical day is made up of doing research on solutions as mentioned above. I spend a bit of time working with others to find the best ways to present this information. I attend various meetings in relation to the Cyber Defense Network (CDN) product; I work with internal operations on things like compliance and sharing of security information; and recently, I’ve been invited to be a part of the project where Celerium works with colleges to help students be a part of the cybersecurity solution.
What are things that small businesses need to know about cybersecurity?
The most important thing a business needs to know is that you need to just pick a place and start. As defenders, we are immediately at a disadvantage when protecting our systems because there are so many ways an attacker can approach them. This can often become overwhelming, and many organizations take the approach of “we can’t do anything anyway, why spend the money?” This idea is incorrect because most of what we do in security is to manage these threats, not eliminate them. Finding a way to cut out 80% of a threat is vastly better than 0%, and getting that last 20% is also a lot more costly and difficult. Essentially, organizations should try to be on the leading edge of the security bell curve, and the only way to get there is to take a step and keep moving forward.
You are presenting your dissertation for a PhD. Can you tell us more about that?
I’m one of those folks who can’t sit idle very long, which explains why at my age I’m still working through college. Since I joined the military right away, I have continued my education in the evenings, a class or two at a time, partly because it keeps my mind ‘in shape” and partly because I’m a curious person. The program I am in is Doctor of Information Technology with a focus on information security and cybersecurity. One thing I would like to point out is that I’m working on a DIT not a PhD. The difference is that a DIT is a professional doctorate intended to focus on best practices, business problems and to solve practical applications. A PhD on the other hand focuses more on extending or creating new theory and tends to end up in academia as a teacher more often than as a professional in the field. In the end, a DIT is a practitioner-scholar, and a PhD is a scholar-practitioner.
When I retired from the military, I was lucky enough to be hired by a government contractor. Once I started, I saw that they were working on their NIST 800-171 compliance, and I noticed right away how big of a lift being compliant with this system can be and how costly. Speaking with my peers in other companies, I also quickly noticed that organizations like this one may not know exactly what the government entity is asking, so there was a great deal of confusion surrounding this.
Since I was just starting my doctoral program and because I saw a place that could use help, I decided to write my dissertation on the NIST 800-171 and the barriers to implementation that are there. As I’ve been working on it, the government has been trying to solve it themselves and release the Cybersecurity Maturity Model Certification (CMMC), which I have also been incorporating into my research.
What are you most excited about right now at Celerium?
I can say about Celerium that everything we do is exciting, at least to me! The world of cybersecurity is vast, and there are so many avenues that a company can go, and the ones that we are working on now are great. I even found Celerium because I was looking for CMMC information for my co-workers and found the CMMC Academy site. They were offering something free to help with security which resonated with me as proof that Celerium also wants to be a part of the solution. My goal after many years in IT and Cybersec is to give back to the community and to help “the good guys” get better at security. I feel that the CMMC Academy, the Cyber Defense Network, and our partnerships all work toward that goal as well! I would be remiss not to point out that everyone at Celerium is a true professional at their job, and the team of minds that has been brought together for this journey is just impressive as well!
When you are not working, how do you like to spend your time?
I have quite a few “hobbies.” My family loves to travel, which can mean anything ranging from going on a weekend trip to stay in a hotel somewhere to going deep into the woods to spend a week camping. Obviously, from the answer above, I love to learn. I like to keep up on new technologies and find new things I didn’t already know outside of my doctoral program. I’m also a teacher at a university, and I teach cyber classes at a local community college. I like to volunteer as well. I recently joined a Cyber Patriot (uscyberpatriot.org) team as a coach, and I often give lectures or “talks” for organizations looking to improve their cybersecurity.
I know all of this sounds like more work, but I genuinely enjoy technology, teaching and sharing; so for me, all of this is enjoyable!
What’s the last book or movie you recommended to someone?
This is a great question. Partially because I’m constantly reading and recommending books, it puts me on the spot to pick a good one! The most recent book I recommended was “The Fifth Domain” by Richard A. Clarke and Robert K. Knacke. But because the book, “This Is How They Tell Me The World Ends,” by Nicole Perlroth is very similar and many in our company have read it, I’ll share my second choice which is “Hackers: Heroes of the Computer Revolution” by Steven Levy. This book is a very light read; I found it super enjoyable and very nostalgic! It also makes the point that the term “hacker” is misunderstood as something bad. Without people looking outside the box and hacking, we wouldn’t have all the cool technology we have today!