Cimcor and Cybersecurity Ventures have been industry partners for 10 years. In a recent podcast interview, Cybercrime Magazine host Paul John Spaulding is joined by Steve Morgan, Founder of Cybersecurity Ventures and Editor-in-Chief at Cybercrime Magazine, to discuss the many projects produced with Cimcor, what's coming in the future, and more, with commentary from Robert E. Johnson III, President and CEO of Cimcor, Inc. The podcast can be listened to in its entirety below.
Paul: I'm Paul John Spaulding and here with me today is Steve Morgan, the editor-in-chief of Cybercrime Magazine. Steve, as always, great to be talking with you.
Steve: Thank you, Paul. Great to be here.
Paul: Steve, today I wanted to talk with you about Cimcor. Now, Cimcor is a cybersecurity company that specializes in file integrity monitoring. But you've known the CEO and President, Robert E. Johnson III, for quite a few years, and that's what we're here to get into today as well as talk a bit about Cimcor, the company itself. Steve, why don't you give us your account of how you first met Robert and got introduced to Cimcor.
Steve: So Robert and I met online via Linkedin like a lot of people in the industry do. And we moved that over to email and a series of phone conversations, I had a chance to learn a lot about the company and what they're doing. And I think more than anything I really really respected Robert. He was a true thought leader in the industry. There are so many companies out there making noise based on how much venture capital they raised and you know, lots of news around that and he's just someone who'd been in the industry for a very long time. Hands-on practitioner really really knew what he was talking about and they operated in a very, very important niche, file integrity, which is central to cybersecurity, and over the years, built up a really impressive company. I also really appreciated that Robert was a volunteer, very committed to his local community, donates a lot of his time. I really like that. They're based in Merrillville, Indiana, a small town, we're based in a small town. And yet, you know, we're both in cyber. I actually was so intrigued that I looked up Merrillville and wanted to learn more about it. And they're a great contributor to the local economy by having a growing cybersecurity company there.
Paul: So, Steve, when I spoke to Robert, he did tell me a bit about the early days of Cimcor. Let's hear from him.
Robert: Believe it or not. Initially, we did not actually develop cybersecurity software. We actually specialized in automating manufacturing processes. If there was some complex process, say, in manufacturing, a utility, a steel mill, we could find ways to automate that entire process. One of the things that really started to bother me is that it all seemed so fragile. It felt as if it only took a person with mal-intent and a USB stick to bring these critical processes down to its knees. So, that really led us down the path of trying to understand. What could we do to actually have an impact here? What could we develop that can give insight if any nefarious acts or changes occur to those industrial environments, and today you would call that OT. Back when we first started, the whole concept was called Process Automation and Control, and we're adding a layer of security on top of that.
Paul: So, Steve, what are your thoughts about the early days of Cimcor? I do find it a bit funny that he's saying, "Hey, well, initially, we really didn't specialize or do anything directly in cybersecurity." But I'd be curious your take on the whole situation.
Steve: You know, it's interesting, Paul. I learned more about Cimcor from other people than I did from Robert and the Cimcor website and doing some research talking to CISOs, some of their customers. What I heard back is that CimTrak had developed a very, very compelling alternative to Tripwire with their real-time integrity monitoring solution, and that is a fairly big niche.
What I consistently heard back were two things. One, he CimTrak solution, which was comparable or better, was far less expensive and way easier to install, configure and use. Now for them to go up against a major competitor in the industry, that was really really impressive. Cimcor is a leader in file integrity monitoring with their CimTrak solution.
There was a time when you wouldn't call that cybersecurity, but in fact, it is part of cybersecurity.
Paul: Gotcha. I got another quote here from Robert, and he's talking a bit about how the product's developed, what's really changed, he's going a bit more in depth about the present, and maybe little hints about the future. Let's listen to what he had to say.
Robert: When I first met Steve, our software was really just monitoring files for changes, databases, for changes, active directory for new users, things like that. And we've been continuing to add capabilities. And I really think our software is night and day from that initial recognition. We've evolved to also add the ability to identify if your system is hardened according to best practices and then give you the ability to continuously monitor that to identify if you've drifted away from some expected security posture. We've added the ability to digest and react to threat intelligence feeds since that time, and we've also added a lot of unique capabilities in terms of integrating with other platforms. When I first met Steve, we didn't have the ability to integrate with third party ticketing systems, such as ServiceNow, BMC Remedy, or CA ServiceDesk, or Jira, and now we do, and that just opens up a whole host of additional capabilities.
Paul: Steve, for me. What I'm hearing from Robert is just how much the industry has changed even since Cimcor first started. So what's your take on what he said?
Steve: So, Paul, it's so interesting. Cimcor was started up nearly 3 decades ago. So this is 1997. Cybersecurity was not a word then. So you know, a lot has happened.
When you look at a company like this, so impressive without any outside funding, at least not any that I know of. This company has been all about execution, and that's what makes them so special as a pure play now cybersecurity company, and they've continuously innovated over that time, they've kept up with the market. In 1997, we weren't talking about cloud-based security. We weren't talking about half of what we're talking about today. So just not a lot of companies who have been in the market that long. So that speaks to their success. You don't hang around for 30 years unless you're delivering value.
Paul: Well, as always, we'll continue to follow Cimcor and bring Robert on some of our podcasts. But before we go, Steve, do you have any final thoughts?
Steve: Yes, if you're not familiar with Cimcor, you should be because not only do they have a great solution, they provide a lot of thought leadership. If you go to cimcor.com right on their homepage, you can click on the State of Security, and they have some great resources there. It's continuously being updated. Some facts, figures, statistics that CISOs and cybersecurity leaders would be interested in.
Paul: Awesome as always, Steve. Thank you so much for joining.
Steve: Thank you, Paul.
