Platform

Insights You Need

ColorTokens Named a Forrester Wave Microsegmentation 2024 Leader Badge

Download Report

By Industry

By Use Case

Services ZERO TRUST AS A SERVICE

Let's Win Together!

Partner Program Overview

Designed to deliver unparalleled customer value and accelerated mutual growth by harnessing partner expertise and ColorTokens cybersecurity technology.

Learn More
Become a Partner

Resource Center

View all Resources

Asset Type

Customer Success Stories

View all
What's New
Analyst Mentions, Awards, & Certifications
View All
platform-forrester-badge

ColorTokens named a Leader in the Forrester Wave™ Microsegmentation Solutions report.

Download Report

ColorTokens named a Leader again. The only vendor among 15 to achieve a perfect 5.0 across key feature categories.

Access Report

Xshield™ earned a spot on Constellation's Shortlist™ for Microsegmentation

Learn More
arrow Back
March 31, 2026 | 44 min

Breach Readiness Lessons From a Former U.S. Secret Service Agent

What can CISOs and security leaders learn from the U.S. Secret Service?

In this episode, Agnidipta Sarkar, Chief Evangelist at ColorTokens, speaks with Hazel Cerra, a former U.S. Secret Service leader and now Director of Digital Security Convergence at BlackCloak, about what executive protection teaches us about breach readiness, cyber resilience, and incident response planning.

They discuss why organizations need to assume breach, how access control and microsegmentation help limit movement, why tabletop exercises build real muscle memory, and how simple, accessible incident response plans can make the difference when a cyber incident hits.

In this episode, you’ll learn

  • Why prevention alone is no longer enough
  • What “zero fail” protection can teach cyber leaders
  • How microsegmentation helps reduce lateral movement
  • Why incident response plans must be simple and accessible
  • How tabletop exercises prepare teams for real breaches
  • Why human behavior, social engineering, and offboarding gaps still cause failures
  • Why executive protection now extends into digital life

If you are a CISO, security leader, board member, or cyber-aware executive, this conversation will help you think differently about how to prepare for the day a breach actually happens.

Agnidipta Sarkar: Hi. Good morning, good afternoon, and good evening. Welcome to the Breach Ready Dialogues, the show that focuses on all aspects of a cyber attack. We assume that the bad day is coming and the whole focus is on how we would survive that day if we were breach ready. Or we will collapse in this area because we were not.

Agnidipta Sarkar: So if you’re a CISO or a security leader or a cyber aware CEO or a board member, you already know that the rules of the game have changed. It’s no longer about whether we will be breached or not, but when it happens, how fast can we react to contain it, withstand its effects, and keep the business going unaffected and walk into the next board meeting with a straight face.

Agnidipta Sarkar: With a clear understanding of what will happen next. On this episode, we are talking about that exact shift from traditional perimeter heavy defenses and genuine cyber resilience. My guest today is Hazel, Sarah, and she is an ex secret service member. She has a lot of experience. In the physical world, and now she’s bringing all of that to the digital world, and I’ll let her experience speak for herself.

Agnidipta Sarkar: So before I introduce you introduce you hail, I just wanted to tell my audience whether you’re listening to this on your way to the office or you’re heading into a risk committee, or just trying to step, stay a step ahead of the next cyber incident. Just give us a listen. Let me hand over to Hazel.

Agnidipta Sarkar: Hazel, welcome to the Breach Ready Dialogues. It’s

Hazel Cerra: for having. Thank you, Agni. And it’s a pleasure to be here and speak to your audience. I think that what you do is really excellent work. Just the, based on your background and having survived so many breaches, that’s the kind of mentality that we want to have.

Hazel Cerra: I’ll tell you a little bit about myself. I’m a 25 year veteran with the United States Secret Service. I served in multiple offices and I was on the. President’s detail for former president Will Clinton. And I learned many things from just being in the protection side of the house along with the investigative side of the house.

Hazel Cerra: I ended my career as the resident agent in charge of the Atlantic City Resident Office in New Jersey. And I spent a lot of my time not just. Investigating financial fraud cases, cyber natal fraud, but also protection and protection in the intelligence space because there were many times where the threat was very high, especially in this kind of political climate.

Hazel Cerra: But one thing that we do as Secret Service agents is that we are the per the guardians of democracy. That’s what we protect regardless of who’s in that seat. They represent the most powerful person in the world, and that’s the president of the United States. So we are constantly on guard as to, you never know when that day will be, where.

Hazel Cerra: There could be an attack. There were, there’s always, we always assume that there will be an attack. We always assume that someone is gonna be close. So being breach ready, it has that comparison to what we do in the Secret Service. I will say that with all the years that I’ve been with the Secret Service the preparation and the time that is spent in doing these advances, it’s very similar to incident response, right?

Hazel Cerra: Like the way that you have an instant response plan. For your organization. Think about it. In our line of work, we create that every single time the president leaves the White House because the White House is the most securest place there is for him. We would love for him to stay there and never leave, but more and more.

Hazel Cerra: We are, we’re seeing that the presidents wanna be out there and the people want him out there. So that’s not gonna happen. They’re gonna go out. But that does present a huge challenge for us every time he leaves the White House, because we have to start with the basics, finding out where he’s going.

Hazel Cerra: Creating partnerships and then basically preparing for doomsday. And that is something that if you are been in the cybersecurity space for a while, you already know what that’s like. You already know how to find out first, you’re looking for what are your crown jewels, right? And the cybersecurity and presidential protection is very similar.

Hazel Cerra: Our crown jewels are the president of the United States. Now the other similarity that we have is that we both have adversaries. You have the cyber criminals that are trying to break into your organization, whether it to be to steal money, it could be to just embarrass the organization and create reputational harm for a merit of reasons, right?

Hazel Cerra: And with the secret service. We also have adversaries. It is a constantly, on a regular basis, people make threats against the president and we have to follow up with those threats, and it could be for a number of reasons as well. Then the last thing that we both have in common is that. We both have competing interests.

Hazel Cerra: In our case, we want to be able to protect the president and we wanna keep him again isolated in the White House or somewhere else, and only take him out once a year so people can see that he’s alive. But that’s not gonna happen, right? We have the staff that we have to work with, and their job is to make the president, put him out there.

Hazel Cerra: So that the people could see him and that he could engage with the American public. Now in cybersecurity, what do you have that’s competing? It’s your end users. And time again, we see that m. Most of these risks or these breaches occur with because there was a human element involved.

Hazel Cerra: And sometimes our end users want to circumvent the security that you have in place. I know, ’cause I did it too. And it’s not a good thing. But again, that’s your competing interest and you have the business needs to function. So you can’t just say, yeah, you can’t e email anybody outside of the business or you can’t work from home.

Hazel Cerra: That’s not gonna happen anymore. To, in an age where people are used to working from home now. So you have to make all of these sort of compromises, right? So that the business can function and that, it could thrive. And then you’re trying to apply security to all of that, and it’s a huge challenge.

Hazel Cerra: I totally understand where everybody’s coming from. And every time you make it more and more convenient, the, you’re opening yourself up for that potential breach. And, I remember when I was a young agent. You all every agent starts out with a post standing assignment and you get your duties.

Hazel Cerra: You get a list of, hey, you, these per people are allowed in. These people aren’t, whatever. It’s all about access control. And while you’re there, I remember my, my, my leadership telling me, you know what, it’s not about what you do. If this happens, it’s about what you do when this happens and when you change your mindset to that, instead of if and when, then you really start thinking like, oh, this is gonna happen.

Hazel Cerra: What do I need to do to protect the organization? Or in my case, what am I gonna do? Somebody gets shot or if you know somebody ha passes out in front of me, or if I’m just trapped in this area, or how do I communicate with someone when there’s nobody around? Who’s the closest person that I can reach out to to help or to strategize?

Hazel Cerra: So all these things start running through your head. And it’s the same thing that we have to do in the cybersecurity space. And one of the things that I say about cybersecurity is that, there’s three of the best inventions in the world, right? And I say the wheel fire.

Hazel Cerra: Cybersecurity professionals because without you all, the economy would just plummet. So you have such an important role in the space and it’s just important to be breach ready, just like this podcast is. It’s really important to do that. From my experience in the Secret Service, one of the things that I think that we did very well was our training.

Hazel Cerra: And it’s also in law enforcement too. It’s not just the Secret Service, but we train and, the same way that, we practice. So whatever it is that we’re. Preparing for some kind of a event that could be catastrophical where let’s just say multiple layers of defense failed.

Hazel Cerra: We know how to react. So if we go with the president to some kind of event and we’ve already done our advance work, we’ve already created our. Version of the incident response plan, that location is very secure, but things happen. Maybe somebody you know, somehow brought a weapon in or some kind of, a tool to hurt the president.

Hazel Cerra: We know exactly what to do in that kind of scenario and what we call it is maximum to the protectee, minimum to the problem, which means that we are gonna grab that protectee. And run the hell out of there. Just take ’em into safety. And we have multiple exit routes. One thing that people do wrong all the time is that when you go into a big crowded event, people will always go back to where they came from.

Hazel Cerra: If they entered a certain way, they’re just gonna go back that way. That’s not our mindset. We’re always looking for different ways and we have a plan to go a different way. We don’t go in the same place that, that the public enters. And sometimes people think, oh, I’m gonna drive by this area, I’m gonna see the president.

Hazel Cerra: The president’s not coming in with the public, that will never happen. So we already have that evacuation mindset. It, it documented as to what everybody knows what to do. And what we need to do is transfer that into cybersecurity where yes, you have an incident response plan, that’s great, but how often do you look at that plan?

Hazel Cerra: Have you reviewed it? Okay. Are their names current? Do you have it written up that it’s so complicated that people don’t understand what to do? Th that plan should be really in like third, fifth grade language. Very simple. Where you could rip it out and you could look at it and update it.

Hazel Cerra: Something that, again, everybody’s aware of. And the other thing is that plan shouldn’t just be sitting in your network. It has to be somewhere that’s accessible. Actually, I have, something in my wallet that I still have from when I left the agency and we carry one of the, oh, I can’t see it. We carry one of these with us.

Hazel Cerra: Hold on. You can’t see it ’cause my, oh, there it goes.

Agnidipta Sarkar: Yeah.

Hazel Cerra: But basically it’s a card. There you go.

Agnidipta Sarkar: Yes. You

Hazel Cerra: can see now it’s a card. Yes, it’s our evacuation plan so we know what to do. But this is just for us as agents in our office, like if something happens. ’cause obviously we’re a target.

Hazel Cerra: Our, where our employees are a target. Our building is a target, so we protect ourselves and if something were to go wrong, it has where we’re gonna meet as a rally point and everything is in there. So I carry that in my wallet everywhere I go. How many of you have your. Incident response plan accessible.

Hazel Cerra: Because I will tell you that I’ve gotten phone calls from CISOs that were on vacation and they say, I’m in the middle of a breach. How do you think that happened? That happened because your bad guy was already in your system. They knew when you were going on vacation. So you have to plan for these things.

Hazel Cerra: ’cause I always say they’re going to get you when your pants are down. It’s not gonna happen at, 10 o’clock after you had your coffee and your bagel on a Monday. That’s not gonna happen. It’s gonna happen on a weekend. It’s gonna happen on a, on a holiday weekend at that. I’ve seen that happen many times.

Hazel Cerra: I had an investigation where that occurred. It was a big business. And right on, on that holiday weekend, it was a disgruntled employee. And he decided to log into the VPN. They hadn’t changed his credentials and he deleted all their voice files. So now here’s a holiday weekend and had to bring everybody in to repair everything.

Hazel Cerra: It was a mess. And they did a couple of things wrong. I’m not gonna go into the whole story unless you want me to, but but anyway, it’s about being breach ready. Just assume that the bad guys inside your system and they know everything that you’re doing because they do. If they’re in there, that’s, they’re just waiting for that opportunity.

Hazel Cerra: One, one thing about criminals is that they’re unbelievably persistent. And they are going to wait when the timing is right, because they’ve done a lot of work. So they’re not gonna execute

Agnidipta Sarkar: Yes.

Hazel Cerra: Willy-nilly. Yes. They’re gonna, they’re gonna do it when it’s the most opportunistic. So especially for BEC they’re not gonna wait for the $2,000 wire.

Hazel Cerra: They’re gonna wait for that $500,000 wire. That’s what they want.

Agnidipta Sarkar: Yeah.

Hazel Cerra: Don’t assume that, oh, we’re been doing wires forever, but when there’s a certain threshold that they’re monitoring and that’s what they’re going to hit you. So going back to being breach ready, one of the things that I recommend is tabletop exercises.

Hazel Cerra: And the reason for it is because you have to practice all the scenarios you

Agnidipta Sarkar: what could go

Hazel Cerra: wrong.

Agnidipta Sarkar: Back to, you’re going back to your card. Your card that you showed and you, what I think what you’re trying to bring on the table is muscle memory. Like you just, yes, you explained what you guys do when you go to events and when you have to plan for, what should happen in the event of an emergency and that you have the exit routes plan.

Agnidipta Sarkar: Let me unpack whatever you said until now. Yes, please do it. It was a lot. But I think you’ve. Practically done the whole no whole podcast by now. I’m sorry. No. I’m just trying to unpack, but there’s a lot what you said which, and I’m gonna now speak it in terms of being breach ready.

Agnidipta Sarkar: One of the things that, that I think you started off by saying is you need to know the landscape. You need to know where you are headed. If you go into an event, you need to do the reiki to figure out. What the exit points are. Where would somebody come in from? Where would you exit in the event of a, of an emergency?

Agnidipta Sarkar: And everybody on the team will know that, like the back of his hand, right? Yes. So it’s very important. And I think that is where color tokens has taken up this whole step of microsegmentation, because what you’re trying to do is to divide the enterprise into small bits and pieces. Into microseconds.

Agnidipta Sarkar: Now what happens with that is your governance becomes so much easier instead of one single block where you don’t know who’s going where. You now have clearly de marketed smaller boxes so that and you can divide them into zones, right? So you can say yes. Okay so all my critical servers are going to be in certain zone.

Agnidipta Sarkar: You can have more than one zone if it wants, but broadly, you should have, let’s say three to four zones, the zone which you really want to protect. The second zone is where you have your IT teams and those experts who have access to the zone. So even if the IT teams are not available, it’s okay. But the critical zone keeps working because you’re focusing.

Agnidipta Sarkar: Yes. Your whole idea of being breach ready is to be unaffected when that day comes, if the breach does happen.

Hazel Cerra: Yes. And Agni. And while you were saying that, what I was thinking about was, it’s a perfect example of a fire alarm system.

Agnidipta Sarkar: Yes.

Hazel Cerra: So when we do our assessments at a hotel where the president’s gonna stay, we’re looking at if there’s a fire in one of the floors.

Hazel Cerra: What is the response? And oftentimes it’s just that they’re segmented. So if there’s a fire on the 17th floor, the whole building doesn’t evacuate it. That is contained and the fire is contained on the 17th, it might be like maybe the floor above, maybe also the floor below, but that the, the sprinklers were go on.

Hazel Cerra: They will contain that. Fire it. Then the rest of the building can function. We don’t wanna evacuate everybody. We don’t wanna evacuate. The people that are checking into the lobby when it’s not necessary, when it’s a small thing. So to your point that’s what came to my mind as far as when you’re wanna do like that micro segmentation.

Agnidipta Sarkar: I think you also said another thing which is very important for what I preach about breach readiness, and that is to prepare earlier to model. For example, what you can do with modern microsegmentation is that. You can model your defenses. There’s enough information, for example, on csaw and if, you have say, for example, an AI inside your system, which can look up csaw, which can look up Mitre.

Agnidipta Sarkar: Mitre gives you attack tactics. CS a gives you attacker profiles, and you have already have in your enterprise the context which tells you, okay, these are my critical servers. These are my not so critical servers. And if you combine all of that, and then you can figure out, okay, so what if a Chinese actor were to attack us?

Agnidipta Sarkar: What would that look like? And the, and it’s documented on CISA website. And that’s how you create those plans. Let’s say we, we, I call them playbooks, breach ready playbooks. So that, and the playbooks are not only technical jargon because there’s of course a technical part to it, which means you need to figure out how you’re going to disconnect systems from which other systems, which micro segments, from which other micro segments.

Agnidipta Sarkar: So ideally, let’s say you had 26 microsegments and you had, in your view, a fire on the 17th floor,

Hazel Cerra: right?

Agnidipta Sarkar: It should remain. If the attack happens in microsegment C, it should add the most, go to B and d, but nothing more that. You should be able to contain it on time, which means you need now need to know a model that they the people need to be trained and what happens usually in a breach is that it’s not so much about the technology, it’s about everything else, because as you said.

Agnidipta Sarkar: The you also said this earlier, and I was just thinking, comparing it to IT systems that, it’s never that that your security technology fails. Security technology is technology. It’s like as long as the conditions are the same, it’s going to work the same every time.

Agnidipta Sarkar: It’s not gonna fail. What really fails are the changes. And you mentioned the changes as well, that you don’t want the president to go out. You want them to stay inside, but they want to go out because that’s business.

Hazel Cerra: Oh, yeah. Yes.

Agnidipta Sarkar: You want to do business and therefore you want change. You want to change a procedure, you want to change.

Agnidipta Sarkar: You want the humans to make a change. They can make errors. There’s so many things that are going haywire at the same time, if you’re not prepared for change, now the traditional method of working used to be that. You know you need to do change management, and I know given my experience, change management and asset management, which is to know what all assets you have in the organization are the two most misused capabilities in every company.

Agnidipta Sarkar: There’s no difference, small or big. No. You wouldn’t come across someone who can tell you, I have a hundred assets and I know exactly what they are. I know exactly where they are. I know exactly how they’re connected and I know exactly how they work. No, there’s no one like that in the universe. So the fact is asset management is never ever going to be a hundred percent correct.

Agnidipta Sarkar: The second part is change management. There are changes we do, there are changes we follow through. Of course, change management is a good procedure, but what happens is there’s certain changes that you cannot do. For example and I’m going back to some of the breaches that happened, typically, in industrial systems. There are systems that I think a few days ago there was a CVE that came out, a common vulnerability, enumeration, as they call it, a number of vulnera vulnerability, which said it was 9.9 for a device which was manufactured by one of the top OT companies.

Agnidipta Sarkar: I think it was Rockwell or Siemens or somebody like that, which is in deployment in multiple places. Remember TaxNet. Where, yes, we say that there was some virus that went in. Which means now this system is vulnerable and an attacker can go in and attack. Now you don’t have at that situation a mechanism to do change management because you’re already vulnerable and as you said the perpetrator probably already inside.

Agnidipta Sarkar: But what you can do is you can narrow down because you decide. We decide who gets connect, gets to connect, we decide who to give access to, which means we need to decide what should be the path that someone can reach it from. And where if we are able to do that, if your tools are able to give you that knowledge, then you can go to the next phase.

Agnidipta Sarkar: So in a way, I feel that microsegmentation is your most foundational capability that decides who can get access to and where. Yeah, so even that is

Hazel Cerra: yeah,

Agnidipta Sarkar: if that is, so in that case, the main thing that happens then is the moment you implement this kind of technology, you narrow down Thatt path.

Hazel Cerra: Yes.

Agnidipta Sarkar: Which means you only allow the valid user to go in and if the invalid user, and let me give you another example for this. I know I’m talking for a long time. Haven’t done that. No, it’s okay. Go ahead.

Agnidipta Sarkar: But what I’m trying to say is think about this. Let’s say there’s a user who goes in and who’s trying to find.

Agnidipta Sarkar: An application. So you go to office, for example, you go in there, you open your Outlook or email or whatever application. You just go in there, go to the system, open your application, do your job, and you get out. That’s a normal user. The perpetrator is not gonna do that. The perpetrator is going to go there, find out, let me find out what other ports are open.

Agnidipta Sarkar: Where can I move from here? And because microsegmentation actually stops lateral movement, suddenly they don’t find abilities to move around. So it narrows down that. The second thing that microsegmentation does is it stops lateral movement, which means now you found that there are 10 servers connected on a land, but you just can’t go from server one to server two because that’s not allowed.

Agnidipta Sarkar: So basically what you’re, what microsegmentation does is giving an example of your secret service thing. Is it predef defines how the president should move.

Hazel Cerra: Yeah. It does it what

Agnidipta Sarkar: I’m and how others will move, which means really more how

Hazel Cerra: others will move. Yeah.

Agnidipta Sarkar: Yes. You are very clear. Yes. That others cannot come here, cannot travel across this, and you’re gonna say, sir, you’re not allowed to be here.

Agnidipta Sarkar: And you can, you’ll also notice the behavior that person exhibits to determine whether he’s a threat or not.

Hazel Cerra: Correct. And there’s multiple ways to do that. But like you said, like sometimes it’s not a person of how we can limit movements. It could be just that we blocked that area somehow. So very similar to microsegmentation is limiting that access to the areas that we know the president’s gonna walk through.

Hazel Cerra: The president’s gonna come in and he’s first gonna, he’s gonna do his thing. He is gonna settle down. He is gonna prepare for his speech. He might have some photos that he’s gonna take first, but that whole area is not going to the public. And

Agnidipta Sarkar: you may meet a few people.

Hazel Cerra: And, but that area is closed off to the public.

Hazel Cerra: Yes. So we are in essence, segmenting, you’re narrowing down the com, the location and the path because the walkway where the president is going to be the most secure with every asset that we have because that is gonna be our inner most ring. Everything else is gonna be contained ’cause we’re gonna have an area for the public to come in.

Hazel Cerra: We’re gonna have an area for maybe VIPs. We have an area for the press to come in. Everything is gonna be basically segmented separately. Yes. And it’s done that way on purpose because we don’t want that flow. It’s like almost, another thing that comes to my mind is like when you go to this big hall where there’s like multiple weddings going on.

Hazel Cerra: You don’t want one wedding guest to go to the other wedding, show you want them all contained into their own spots. And that’s why those places are successful. Yes. ’cause you could have 10 weddings at one time. Yeah. Yeah, you have to segment things, especially the most concentrated areas gonna be where your crown jewels are.

Hazel Cerra: That area has to be the most secure.

Agnidipta Sarkar: Absolutely. And then like you said, the, I think the framework that I use, which I. I told you earlier as well, anticipate Withstand and Evolve actually has two main parts. It’s about anticipation. It’s about preparing for, oh

Hazel Cerra: yeah.

Agnidipta Sarkar: For an attack. So what you do is, yeah you first go and do an assessment as what we call as a breach readiness impact assessment, and you figure out what your current state is.

Agnidipta Sarkar: That’s the first recon that you need to do, right? Just like an attacker does recon, you go and do a recon on your enterprise and then you figure out, okay, so I have these things. Let me now do a model. Let’s, let me try and build models. Okay? So if the attacker were ransom hub and I have a web server that’s on the outside, it needs to be on the outside because that’s my business.

Agnidipta Sarkar: And it has a vulnerability, which I did not know it had until, Seesaw came up or somebody, came up with that vulnerability. But I can’t fix it because immediately because the business won’t allow that downtime. So I need to figure out a way that if someone were to exploit that, how far can you go?

Agnidipta Sarkar: Have I stopped and reduced that attack path so that. Should someone even attack that web server and that web server goes down, that person shouldn’t be able to go in. That’s what I need to ensure. That’s the modeling part. And then you take the modeling part and then you train the organization. Build, preach, ready playbooks.

Agnidipta Sarkar: That if this server goes down, if this is the indicator of an attack, then immediately the IT teams are going to alert A, B, C, D, and someone’s going to tell the CFO, you know what, we should be doing this now you should be telling this to the market. Someone should go and tell your let’s say SVP manufacturing that you need to tell your teams who are working on this floor to go and work on this floor.

Agnidipta Sarkar: Th this is digital. Very different from physical because you can’t see anything. So these plans need to be done well ahead in advance, so that when that attack absolutely happens, then you move to the second phase. The second phase is to withstand the attack, and most people think in terms of response, in terms of containment.

Agnidipta Sarkar: No one is thinking about withstanding, but that to me is the most important part because you want your business to work. Unaffected. Even when the attack is going on, even when the most unprecedented attack is going on. And the only way you can do that is like the example you gave. If there was an incident, you would make sure that your precedent is out.

Agnidipta Sarkar: That’s the first thing. That’s your first priority. The precedent remains unaffected. That’s what the business needs to focus on, that if there’s an attack, someone triggers, its cybersecurity. Teams get called in. The narrative in front of the media will be very different. Instead of saying we had a cyber attack and then in order in the, to save the interest of all stakeholders, we shut down the whole company.

Agnidipta Sarkar: Yeah. You now will go and say, we had a cyber attack. We are in operation, we are in continuous operation. We’ve got the best cybersecurity guys looking at the attacker, and we will, we will come back to you in certain period of time and let you know how we’ve dealt with it. So it gives confidence to the stakeholders that, yes.

Agnidipta Sarkar: This company is doing this and today, this breach readiness impact assessment is so simple. I come from a world where microsegmentation was a scare. It used to take 18 months to do microsegmentation Now.

Hazel Cerra: It

Agnidipta Sarkar: takes about. So I, if I remember correctly we, we recently did something like 10,000 assets in about four hours.

Agnidipta Sarkar: We could figure out what’s going on. Wow. That’s because we’re

Hazel Cerra: what’s the average on that though? What’s, what do,

Agnidipta Sarkar: lemme tell you how it works. So there are two ways. So typically if this intelligence were to work, you need an agent or a software agent onto the system, right?

Agnidipta Sarkar: That’s what usual method was. What we did was much smarter. We figured out that there is a way you can leverage an existing tool. So someone has an EDR, let’s say CrowdStrike, why should I go about putting another agent? I now build a relationship with CrowdStrike, and I’m gonna take the data that CrowdStrike’s already ingested.

Agnidipta Sarkar: They’ve been in the system for three years, four years, five years. They’ve got the network data far better than anybody else. So all that I need to do is ingest that data and build micro segments out of that. Okay. That’s why it takes so less time, and it could be mic, it could be CrowdStrike, it could be Microsoft Defender, it could be Sentinel One, whatever the next one that comes out.

Agnidipta Sarkar: The idea is that. Tomorrow’s ciso. In 2026 I wrote a a blog recently that in 2026, you should be thinking unaffected. How can I keep the business unaffected? You should not be thinking, oh, do I need an MFA? Of course you need an MFA. But when you think of investment like that, then you’re looking at it from a different angle.

Agnidipta Sarkar: Then you’re thinking, okay, I have 10 servers. I need 10 antivirus, I need 10 of this, I need 20 of that. Now, that’s a shopping list, but to your example of one large area with 10 different weddings going on, no one thinks about. How many guards do I need in the beginning? Unless they figure out I’ve got 10 weddings, I need to segment them out.

Agnidipta Sarkar: I need to make sure that the parts are very clear. Now that’s a very different approach versus, oh, I’ve got 10 weddings, so I need 200 guards. You really don’t need so much you can optimize. You can focus your investment in things that you need more than, things that you need less. But I think I spoke a lot that you got me thinking actually after you told me.

Hazel Cerra: I know that. And that’s what the convers, that’s why it’s so exciting that I could bring what I’ve learned, in the highest levels of protection. The Secret Service has over 130 years of protection experience. We’d, I dare to say that no one does it better than we do. And then when you make that comparison to cybersecurity, it’s just so similar.

Hazel Cerra: Yes. It’s so similar, and I feel that with the Secret Service, we’re just, years in advance of the trends that you are all facing now. And that’s what’s, again, when I made the comparison, it was like, wow, this is insane. It’s the same thing. It’s security and it’s just very basic things that we do in my agency that the profession the private sector is just starting to implement.

Hazel Cerra: So yeah, the microsegmentation, to me that’s a no brainer in my world. Okay. ’cause that’s just access control and that’s just having multiple brains.

Agnidipta Sarkar: Zero trust. It’s actually

Hazel Cerra: zero trust. Zero trust. Exactly. Zero trust. Which what we call is zero fail. Same thing.

Agnidipta Sarkar: Yes.

Hazel Cerra: Just like John kinder bag.

Hazel Cerra: His, the godfather of zero trust model.

Agnidipta Sarkar: Yes. And, there was this standard called NIST 802 0 7.

Hazel Cerra: Yes.

Agnidipta Sarkar: That’s got I think in clause 3.1. And like I told you earlier I’m good with standards. I, there was a time where you could wake me up and I would tell you which clause of 27,001 you need to think of, by clause number. So that’s why, and I’m referring to clause number. So in, in NIST three do in NIST 802 0 7, there is a, there’s a Clause 3.1, which tells you how you could implement zero trust in your enterprise. And it gives you multiple methods. It gives you how you can look at it as enhanced identity protection, how you can look at it through microsegmentation, how you can define software defined networks.

Agnidipta Sarkar: And you can bring in all of those, but it, but the basic thing that I like about that is the fact that you have to assume breach you. Unless you are doing that, you are not really investing. And that’s not the traditional method of thinking, oh, I need network security. I parameter security. I need this, I need that.

Agnidipta Sarkar: If you turn that around and if you say, let’s look at it from the perspective of how we are gonna do business. And how we would assume breach as we do business, how we assume, if we assume breach, then you’re looking at it from the perspective of being ready for the next P one incident. That right.

Hazel Cerra: You, you have to look at it as, like you’re the adversary. Like you have to think like the wolf. And if you apply that think like the wolf mentality, then you could see all the holes in your security plan and you could start working through those holes and how you’re gonna patch them.

Hazel Cerra: And, the basic foundation is what? Everything you, that you just said with the microsegmentation that’s just laying out the lay of the land. But then there’s still those other things that are going on that you still have to deal with. And that’s why I recommend highly to do that tabletop exercise because you have to Absolutely.

Hazel Cerra: You have to talk through all of that, talk through all of those problems. And then, once you do that and I highly recommend that you do that virtually. How many breaches that you were in actually happened in the office?

Agnidipta Sarkar: Initially, lots of them, because we used to be in office, lots of them.

Agnidipta Sarkar: But what happened over a period of time was that and I’m, and when I say lots of them, at that time, more people were in office. This was like 1990s and. Everybody was in office. Yes, it was

Hazel Cerra: an office environment.

Agnidipta Sarkar: Alright,

Hazel Cerra: so maybe after.

Agnidipta Sarkar: Yeah. Yeah. And the fun part was, and I know people are gonna laugh and when I say this, we had a firewall administrator who shut down the firewall after office work.

Hazel Cerra: Wow.

Agnidipta Sarkar: Yeah. Office is over. You guys go home. Why do you need to connect? Those were the times where, yes, everything used to happen in office, but

Hazel Cerra: yes,

Agnidipta Sarkar: later on as we transitioned into being more available, 24 by seven, things changed and that. Okay. Just like right now, everybody’s transitioning into AI and it’s all, it’s everything is so uncomfortable.

Agnidipta Sarkar: There are a bunch of guys who know a lot. There’s a bunch of guys who don’t know anything about it. There are a bunch of guys in the middle who are still working out what really need to do. We had the same ex experience ourselves, right? 24 by seven. We didn’t know what to expect. So once we started going 24 by seven, you’re right.

Agnidipta Sarkar: You don’t need to meet in person. In fact. In fact the tabletop exercises that people developed after that. And one of the biggest mistakes people do is that they discuss about events and then they improv, improvise on the response. And I have done many of those as well. And what I figured out, I say I’m just giving you an example from my days in HP that I was in, in, in a crisis management meeting and people were discussing about the tabletop exercise that they did.

Agnidipta Sarkar: And I asked them so what was the result? What did you find? They said, no, we are good. We decided to work from home. I said, hold on. Your business continuity plan doesn’t list that as an option. So what did you exercise? No. You know this gentleman who was pro the regional director of that location, he was in the room and he said, we are gonna work from home and that’s where we ended.

Agnidipta Sarkar: I said, no, that’s not how you exercise. Yeah. The way you exercise is that you need to exercise a plan that is implemented and that is repeatable. Because yes, you need to be comparable, repeatable, and hence predictable in the event something were to go wrong, you.

Hazel Cerra: That’s exactly right.

Agnidipta Sarkar: You cannot do on, just because you had a smart guy in the room.

Agnidipta Sarkar: It’s like designed for failure. You don’t want smart people. You want people who are trained, who are who’ve got it in their muscle memory to go and do the same thing. Over and over again. Every time it’s only then you reduce the error. That’s when you’re going to come up and say, you know what? My incident response plan is working because I’m able to do it.

Agnidipta Sarkar: Do the same thing every time for a different scenario. Yes. Now a hundred percent, that’s how it has to be. It has to be muscle memory. It has to be something that you practice on a regular basis. And if you think about it, in our schools, for our children. How often do they have a fire drill? Why do you think they do that?

Hazel Cerra: Because little kids, they need to be, yeah, they need to learn where they need to go if there’s a fire

Agnidipta Sarkar: and they’re better than us.

Hazel Cerra: Oh, absolutely. They do it on a regular basis, and unfortunately they do active shooter drills now, but they’re learning how to react when that kind of situation occurs.

Hazel Cerra: So if we could do this for our schools, why aren’t we doing that for the enterprises? Why aren’t we applying that same quarterly, mindset to. Applying like your reaction to a breach where all your teams are together. And what I was getting at with practicing the tabletop exercise is that do it in a virtual space.

Hazel Cerra: ’cause that’s more likely how it’s gonna come down happen.

Agnidipta Sarkar: Oh, it’s not happen at the

Hazel Cerra: office.

Agnidipta Sarkar: And you might have. You might have a security expert who’s across the world in, I mean your, if your attack happened in Australia, a security expert might be in the US or if your attack happened in Europe, a security expert might be in Singapore.

Agnidipta Sarkar: You, you don’t really know and it’s anywhere going to be. Over the wire. So yes it completely makes sense. But I know we talked a lot but we have, I would love chatting with you continuously. There’s more that we can discuss. But before we go is there any recent incident that comes to your mind that, if people have thought about all these things, then they might have been far better?

Hazel Cerra: I think again, it, they all have the same premise, which is social engineering, and it’s the human element. And I’ve seen so many different scenarios, so many different incidents. It’s hard to pinpoint it, one with the limited time that we have here. But there’s been things that I’ve seen just offboarding people where something gets missed.

Hazel Cerra: And then that person continues to have access to the enterprise. You know that’s something that really needs to just be. Solidified as an organization. Other things, it’s just not applying the controls, not teaching your employees security awareness. And one of the, some, the advice that I usually give is that teaching your employees about security awareness.

Hazel Cerra: Should be more personal to them, where you’re teaching them about security in general. Like

Agnidipta Sarkar: exactly

Hazel Cerra: how to protect, right? How to protect your wifi at home how to protect your bank accounts, how to protect on social media

Agnidipta Sarkar: across everything. Everything, right? One of the things that we bring to the table is the fact that it doesn’t matter whether you are on it.

Agnidipta Sarkar: Or industrial systems or the cloud the way you need to do this. Whole planning about being breach ready needs to be the same. You need to apply the same thing. It

Hazel Cerra: does

Agnidipta Sarkar: it, it does. But before, one last question before we go. Tell us about your current role and how exciting that is.

Hazel Cerra: Oh, thank.

Hazel Cerra: Yeah I’m really excited. Like I said I’m a former Secret Service agent, and I left a couple of weeks ago and I just joined Black Cloak and their mission is to protect digital lives, and I am the Director of Digital Security Convergence, and it’s a excellent role for me, like the perfect fit because I do believe that the way that the physical space is affected, it starts with the digital.

Hazel Cerra: Information, the digital information of things that are out there. So in order to protect executive these days it’s almost like that battleground that that people, I don’t think that enterprises are realizing that’s a new battleground, because adversaries, what they always do is they look for soft targets and you can no longer just protect the enterprise.

Hazel Cerra: You have to protect the executives that represent the enterprise. It’s very similar to what we do, right? We don’t just protect the White House, we protect the president. We protect him everywhere he goes. Why? Because he represents. The country. So it’s the same thing with black cloak. They found this gap, and I’m just mad that I didn’t come up with the idea, but I’m happy to be in an organization where I could still be mission oriented, because at the end of the day it’s not just protecting digitalized, but it’s protecting the safety of these people because there’s just a lot of, unfortunately unbalanced, people out there and that they are willing to harm someone for their own beliefs. And Black Cloak does it really well. They have what they put out was the Digital Executive Framework work. I’m sorry, the Digital Executive Protection Framework. And out of all of those various items in there they do they have a subnet of the majority of them.

Hazel Cerra: So it’s like a one stop shop, and most of it is that they’re protecting the devices of your executives because you know that when they leave the work and they go home, they’re very comfortable at home, just like we all are. We’re comfortable. So they get on their devices and they’re gonna start doing work, whether it’s, on their work device or their personal device.

Hazel Cerra: They’re gonna use their computers, they’re, and they’re all on the same network. And guess who’s on the same network? Their children, their spouses, and what Black Cloak does, it protects all of the devices of not just the executive but their entire family. And if they have a second home, they protect that as well.

Hazel Cerra: And what’s really great about it is that they have a 24 7 concierge white glove service. Of 55 members in US-based SOC that will initiate incident response or even just to entertain a question. So that I think is one of the most valuable assets that they offer, is that, holding the executive’s hand or their family member through anything.

Hazel Cerra: ‘Cause we’ve seen, I’ve seen a lot in the Secret Service. One of the crimes that was there was an uptick in sextortion. And we’ve seen a lot of that. And it’s, people, freak out when something’s happening to your child. I know I got a call from my doctor.

Hazel Cerra: That her son was being sex doted. And I thought, what’s wrong? And my doctor’s texting me, this is really weird. But that’s the kind of stuff that’s happening. So in order and to be in black cloak and to be an executive and when you have so much on your mind to be able to not have to worry about that and have that peace of mind where we can handle the incident response and take care of everything, I think that’s a huge, valuable asset.

Hazel Cerra: And the organizations are realizing that, and black cloak is, they’re. It’s very present. They’ve made a great name for themselves because the services are far, they’re uncomparable to anything else on the market. And that was one of the reasons why I came here, because I do believe in the mission.

Hazel Cerra: I believe in the work that they do. I did it. I could have gone to other companies, larger scale, but this is, I’m a mission person. And this felt, to me, protecting digital lives as a mission was something that I could stand behind.

Agnidipta Sarkar: Thank you so much. It was a yes, thank you. Pleasure talking to you.

Agnidipta Sarkar: And

Hazel Cerra: pleasure talking

Agnidipta Sarkar: to you too. And welcome to chaos because you’re coming from order the enterprise world is all of chaos because there are multiple interests. And you’d realize that it’s a, it’s, I would say you were in a nicer world. Before as competitors. I dunno

Hazel Cerra: about that. I dunno about that.

Hazel Cerra: No, we had chaos all the time.

Agnidipta Sarkar: No, that’s so you were in a situation where you had chaos in the organization that you built here, you’re going to find that the organization itself is chaos. That’s the difference. Okay, so let me stop recording. Thank you so much that

Hazel Cerra: you’re welcome.

Agnidipta Sarkar: That you talked to, that we talked and.

xshield-logo

Explore the Platform

forrester-badge

Download Report

Request Your Free Customized Demo

What can CISOs and security leaders learn from the U.S. Secret Service?

In this episode, Agnidipta Sarkar, Chief Evangelist at ColorTokens, speaks with Hazel Cerra, a former U.S. Secret Service leader and now Director of Digital Security Convergence at BlackCloak, about what executive protection teaches us about breach readiness, cyber resilience, and incident response planning.

They discuss why organizations need to assume breach, how access control and microsegmentation help limit movement, why tabletop exercises build real muscle memory, and how simple, accessible incident response plans can make the difference when a cyber incident hits.

In this episode, you’ll learn

  • Why prevention alone is no longer enough
  • What “zero fail” protection can teach cyber leaders
  • How microsegmentation helps reduce lateral movement
  • Why incident response plans must be simple and accessible
  • How tabletop exercises prepare teams for real breaches
  • Why human behavior, social engineering, and offboarding gaps still cause failures
  • Why executive protection now extends into digital life

If you are a CISO, security leader, board member, or cyber-aware executive, this conversation will help you think differently about how to prepare for the day a breach actually happens.

Agnidipta Sarkar: Hi. Good morning, good afternoon, and good evening. Welcome to the Breach Ready Dialogues, the show that focuses on all aspects of a cyber attack. We assume that the bad day is coming and the whole focus is on how we would survive that day if we were breach ready. Or we will collapse in this area because we were not.

Agnidipta Sarkar: So if you’re a CISO or a security leader or a cyber aware CEO or a board member, you already know that the rules of the game have changed. It’s no longer about whether we will be breached or not, but when it happens, how fast can we react to contain it, withstand its effects, and keep the business going unaffected and walk into the next board meeting with a straight face.

Agnidipta Sarkar: With a clear understanding of what will happen next. On this episode, we are talking about that exact shift from traditional perimeter heavy defenses and genuine cyber resilience. My guest today is Hazel, Sarah, and she is an ex secret service member. She has a lot of experience. In the physical world, and now she’s bringing all of that to the digital world, and I’ll let her experience speak for herself.

Agnidipta Sarkar: So before I introduce you introduce you hail, I just wanted to tell my audience whether you’re listening to this on your way to the office or you’re heading into a risk committee, or just trying to step, stay a step ahead of the next cyber incident. Just give us a listen. Let me hand over to Hazel.

Agnidipta Sarkar: Hazel, welcome to the Breach Ready Dialogues. It’s

Hazel Cerra: for having. Thank you, Agni. And it’s a pleasure to be here and speak to your audience. I think that what you do is really excellent work. Just the, based on your background and having survived so many breaches, that’s the kind of mentality that we want to have.

Hazel Cerra: I’ll tell you a little bit about myself. I’m a 25 year veteran with the United States Secret Service. I served in multiple offices and I was on the. President’s detail for former president Will Clinton. And I learned many things from just being in the protection side of the house along with the investigative side of the house.

Hazel Cerra: I ended my career as the resident agent in charge of the Atlantic City Resident Office in New Jersey. And I spent a lot of my time not just. Investigating financial fraud cases, cyber natal fraud, but also protection and protection in the intelligence space because there were many times where the threat was very high, especially in this kind of political climate.

Hazel Cerra: But one thing that we do as Secret Service agents is that we are the per the guardians of democracy. That’s what we protect regardless of who’s in that seat. They represent the most powerful person in the world, and that’s the president of the United States. So we are constantly on guard as to, you never know when that day will be, where.

Hazel Cerra: There could be an attack. There were, there’s always, we always assume that there will be an attack. We always assume that someone is gonna be close. So being breach ready, it has that comparison to what we do in the Secret Service. I will say that with all the years that I’ve been with the Secret Service the preparation and the time that is spent in doing these advances, it’s very similar to incident response, right?

Hazel Cerra: Like the way that you have an instant response plan. For your organization. Think about it. In our line of work, we create that every single time the president leaves the White House because the White House is the most securest place there is for him. We would love for him to stay there and never leave, but more and more.

Hazel Cerra: We are, we’re seeing that the presidents wanna be out there and the people want him out there. So that’s not gonna happen. They’re gonna go out. But that does present a huge challenge for us every time he leaves the White House, because we have to start with the basics, finding out where he’s going.

Hazel Cerra: Creating partnerships and then basically preparing for doomsday. And that is something that if you are been in the cybersecurity space for a while, you already know what that’s like. You already know how to find out first, you’re looking for what are your crown jewels, right? And the cybersecurity and presidential protection is very similar.

Hazel Cerra: Our crown jewels are the president of the United States. Now the other similarity that we have is that we both have adversaries. You have the cyber criminals that are trying to break into your organization, whether it to be to steal money, it could be to just embarrass the organization and create reputational harm for a merit of reasons, right?

Hazel Cerra: And with the secret service. We also have adversaries. It is a constantly, on a regular basis, people make threats against the president and we have to follow up with those threats, and it could be for a number of reasons as well. Then the last thing that we both have in common is that. We both have competing interests.

Hazel Cerra: In our case, we want to be able to protect the president and we wanna keep him again isolated in the White House or somewhere else, and only take him out once a year so people can see that he’s alive. But that’s not gonna happen, right? We have the staff that we have to work with, and their job is to make the president, put him out there.

Hazel Cerra: So that the people could see him and that he could engage with the American public. Now in cybersecurity, what do you have that’s competing? It’s your end users. And time again, we see that m. Most of these risks or these breaches occur with because there was a human element involved.

Hazel Cerra: And sometimes our end users want to circumvent the security that you have in place. I know, ’cause I did it too. And it’s not a good thing. But again, that’s your competing interest and you have the business needs to function. So you can’t just say, yeah, you can’t e email anybody outside of the business or you can’t work from home.

Hazel Cerra: That’s not gonna happen anymore. To, in an age where people are used to working from home now. So you have to make all of these sort of compromises, right? So that the business can function and that, it could thrive. And then you’re trying to apply security to all of that, and it’s a huge challenge.

Hazel Cerra: I totally understand where everybody’s coming from. And every time you make it more and more convenient, the, you’re opening yourself up for that potential breach. And, I remember when I was a young agent. You all every agent starts out with a post standing assignment and you get your duties.

Hazel Cerra: You get a list of, hey, you, these per people are allowed in. These people aren’t, whatever. It’s all about access control. And while you’re there, I remember my, my, my leadership telling me, you know what, it’s not about what you do. If this happens, it’s about what you do when this happens and when you change your mindset to that, instead of if and when, then you really start thinking like, oh, this is gonna happen.

Hazel Cerra: What do I need to do to protect the organization? Or in my case, what am I gonna do? Somebody gets shot or if you know somebody ha passes out in front of me, or if I’m just trapped in this area, or how do I communicate with someone when there’s nobody around? Who’s the closest person that I can reach out to to help or to strategize?

Hazel Cerra: So all these things start running through your head. And it’s the same thing that we have to do in the cybersecurity space. And one of the things that I say about cybersecurity is that, there’s three of the best inventions in the world, right? And I say the wheel fire.

Hazel Cerra: Cybersecurity professionals because without you all, the economy would just plummet. So you have such an important role in the space and it’s just important to be breach ready, just like this podcast is. It’s really important to do that. From my experience in the Secret Service, one of the things that I think that we did very well was our training.

Hazel Cerra: And it’s also in law enforcement too. It’s not just the Secret Service, but we train and, the same way that, we practice. So whatever it is that we’re. Preparing for some kind of a event that could be catastrophical where let’s just say multiple layers of defense failed.

Hazel Cerra: We know how to react. So if we go with the president to some kind of event and we’ve already done our advance work, we’ve already created our. Version of the incident response plan, that location is very secure, but things happen. Maybe somebody you know, somehow brought a weapon in or some kind of, a tool to hurt the president.

Hazel Cerra: We know exactly what to do in that kind of scenario and what we call it is maximum to the protectee, minimum to the problem, which means that we are gonna grab that protectee. And run the hell out of there. Just take ’em into safety. And we have multiple exit routes. One thing that people do wrong all the time is that when you go into a big crowded event, people will always go back to where they came from.

Hazel Cerra: If they entered a certain way, they’re just gonna go back that way. That’s not our mindset. We’re always looking for different ways and we have a plan to go a different way. We don’t go in the same place that, that the public enters. And sometimes people think, oh, I’m gonna drive by this area, I’m gonna see the president.

Hazel Cerra: The president’s not coming in with the public, that will never happen. So we already have that evacuation mindset. It, it documented as to what everybody knows what to do. And what we need to do is transfer that into cybersecurity where yes, you have an incident response plan, that’s great, but how often do you look at that plan?

Hazel Cerra: Have you reviewed it? Okay. Are their names current? Do you have it written up that it’s so complicated that people don’t understand what to do? Th that plan should be really in like third, fifth grade language. Very simple. Where you could rip it out and you could look at it and update it.

Hazel Cerra: Something that, again, everybody’s aware of. And the other thing is that plan shouldn’t just be sitting in your network. It has to be somewhere that’s accessible. Actually, I have, something in my wallet that I still have from when I left the agency and we carry one of the, oh, I can’t see it. We carry one of these with us.

Hazel Cerra: Hold on. You can’t see it ’cause my, oh, there it goes.

Agnidipta Sarkar: Yeah.

Hazel Cerra: But basically it’s a card. There you go.

Agnidipta Sarkar: Yes. You

Hazel Cerra: can see now it’s a card. Yes, it’s our evacuation plan so we know what to do. But this is just for us as agents in our office, like if something happens. ’cause obviously we’re a target.

Hazel Cerra: Our, where our employees are a target. Our building is a target, so we protect ourselves and if something were to go wrong, it has where we’re gonna meet as a rally point and everything is in there. So I carry that in my wallet everywhere I go. How many of you have your. Incident response plan accessible.

Hazel Cerra: Because I will tell you that I’ve gotten phone calls from CISOs that were on vacation and they say, I’m in the middle of a breach. How do you think that happened? That happened because your bad guy was already in your system. They knew when you were going on vacation. So you have to plan for these things.

Hazel Cerra: ’cause I always say they’re going to get you when your pants are down. It’s not gonna happen at, 10 o’clock after you had your coffee and your bagel on a Monday. That’s not gonna happen. It’s gonna happen on a weekend. It’s gonna happen on a, on a holiday weekend at that. I’ve seen that happen many times.

Hazel Cerra: I had an investigation where that occurred. It was a big business. And right on, on that holiday weekend, it was a disgruntled employee. And he decided to log into the VPN. They hadn’t changed his credentials and he deleted all their voice files. So now here’s a holiday weekend and had to bring everybody in to repair everything.

Hazel Cerra: It was a mess. And they did a couple of things wrong. I’m not gonna go into the whole story unless you want me to, but but anyway, it’s about being breach ready. Just assume that the bad guys inside your system and they know everything that you’re doing because they do. If they’re in there, that’s, they’re just waiting for that opportunity.

Hazel Cerra: One, one thing about criminals is that they’re unbelievably persistent. And they are going to wait when the timing is right, because they’ve done a lot of work. So they’re not gonna execute

Agnidipta Sarkar: Yes.

Hazel Cerra: Willy-nilly. Yes. They’re gonna, they’re gonna do it when it’s the most opportunistic. So especially for BEC they’re not gonna wait for the $2,000 wire.

Hazel Cerra: They’re gonna wait for that $500,000 wire. That’s what they want.

Agnidipta Sarkar: Yeah.

Hazel Cerra: Don’t assume that, oh, we’re been doing wires forever, but when there’s a certain threshold that they’re monitoring and that’s what they’re going to hit you. So going back to being breach ready, one of the things that I recommend is tabletop exercises.

Hazel Cerra: And the reason for it is because you have to practice all the scenarios you

Agnidipta Sarkar: what could go

Hazel Cerra: wrong.

Agnidipta Sarkar: Back to, you’re going back to your card. Your card that you showed and you, what I think what you’re trying to bring on the table is muscle memory. Like you just, yes, you explained what you guys do when you go to events and when you have to plan for, what should happen in the event of an emergency and that you have the exit routes plan.

Agnidipta Sarkar: Let me unpack whatever you said until now. Yes, please do it. It was a lot. But I think you’ve. Practically done the whole no whole podcast by now. I’m sorry. No. I’m just trying to unpack, but there’s a lot what you said which, and I’m gonna now speak it in terms of being breach ready.

Agnidipta Sarkar: One of the things that, that I think you started off by saying is you need to know the landscape. You need to know where you are headed. If you go into an event, you need to do the reiki to figure out. What the exit points are. Where would somebody come in from? Where would you exit in the event of a, of an emergency?

Agnidipta Sarkar: And everybody on the team will know that, like the back of his hand, right? Yes. So it’s very important. And I think that is where color tokens has taken up this whole step of microsegmentation, because what you’re trying to do is to divide the enterprise into small bits and pieces. Into microseconds.

Agnidipta Sarkar: Now what happens with that is your governance becomes so much easier instead of one single block where you don’t know who’s going where. You now have clearly de marketed smaller boxes so that and you can divide them into zones, right? So you can say yes. Okay so all my critical servers are going to be in certain zone.

Agnidipta Sarkar: You can have more than one zone if it wants, but broadly, you should have, let’s say three to four zones, the zone which you really want to protect. The second zone is where you have your IT teams and those experts who have access to the zone. So even if the IT teams are not available, it’s okay. But the critical zone keeps working because you’re focusing.

Agnidipta Sarkar: Yes. Your whole idea of being breach ready is to be unaffected when that day comes, if the breach does happen.

Hazel Cerra: Yes. And Agni. And while you were saying that, what I was thinking about was, it’s a perfect example of a fire alarm system.

Agnidipta Sarkar: Yes.

Hazel Cerra: So when we do our assessments at a hotel where the president’s gonna stay, we’re looking at if there’s a fire in one of the floors.

Hazel Cerra: What is the response? And oftentimes it’s just that they’re segmented. So if there’s a fire on the 17th floor, the whole building doesn’t evacuate it. That is contained and the fire is contained on the 17th, it might be like maybe the floor above, maybe also the floor below, but that the, the sprinklers were go on.

Hazel Cerra: They will contain that. Fire it. Then the rest of the building can function. We don’t wanna evacuate everybody. We don’t wanna evacuate. The people that are checking into the lobby when it’s not necessary, when it’s a small thing. So to your point that’s what came to my mind as far as when you’re wanna do like that micro segmentation.

Agnidipta Sarkar: I think you also said another thing which is very important for what I preach about breach readiness, and that is to prepare earlier to model. For example, what you can do with modern microsegmentation is that. You can model your defenses. There’s enough information, for example, on csaw and if, you have say, for example, an AI inside your system, which can look up csaw, which can look up Mitre.

Agnidipta Sarkar: Mitre gives you attack tactics. CS a gives you attacker profiles, and you have already have in your enterprise the context which tells you, okay, these are my critical servers. These are my not so critical servers. And if you combine all of that, and then you can figure out, okay, so what if a Chinese actor were to attack us?

Agnidipta Sarkar: What would that look like? And the, and it’s documented on CISA website. And that’s how you create those plans. Let’s say we, we, I call them playbooks, breach ready playbooks. So that, and the playbooks are not only technical jargon because there’s of course a technical part to it, which means you need to figure out how you’re going to disconnect systems from which other systems, which micro segments, from which other micro segments.

Agnidipta Sarkar: So ideally, let’s say you had 26 microsegments and you had, in your view, a fire on the 17th floor,

Hazel Cerra: right?

Agnidipta Sarkar: It should remain. If the attack happens in microsegment C, it should add the most, go to B and d, but nothing more that. You should be able to contain it on time, which means you need now need to know a model that they the people need to be trained and what happens usually in a breach is that it’s not so much about the technology, it’s about everything else, because as you said.

Agnidipta Sarkar: The you also said this earlier, and I was just thinking, comparing it to IT systems that, it’s never that that your security technology fails. Security technology is technology. It’s like as long as the conditions are the same, it’s going to work the same every time.

Agnidipta Sarkar: It’s not gonna fail. What really fails are the changes. And you mentioned the changes as well, that you don’t want the president to go out. You want them to stay inside, but they want to go out because that’s business.

Hazel Cerra: Oh, yeah. Yes.

Agnidipta Sarkar: You want to do business and therefore you want change. You want to change a procedure, you want to change.

Agnidipta Sarkar: You want the humans to make a change. They can make errors. There’s so many things that are going haywire at the same time, if you’re not prepared for change, now the traditional method of working used to be that. You know you need to do change management, and I know given my experience, change management and asset management, which is to know what all assets you have in the organization are the two most misused capabilities in every company.

Agnidipta Sarkar: There’s no difference, small or big. No. You wouldn’t come across someone who can tell you, I have a hundred assets and I know exactly what they are. I know exactly where they are. I know exactly how they’re connected and I know exactly how they work. No, there’s no one like that in the universe. So the fact is asset management is never ever going to be a hundred percent correct.

Agnidipta Sarkar: The second part is change management. There are changes we do, there are changes we follow through. Of course, change management is a good procedure, but what happens is there’s certain changes that you cannot do. For example and I’m going back to some of the breaches that happened, typically, in industrial systems. There are systems that I think a few days ago there was a CVE that came out, a common vulnerability, enumeration, as they call it, a number of vulnera vulnerability, which said it was 9.9 for a device which was manufactured by one of the top OT companies.

Agnidipta Sarkar: I think it was Rockwell or Siemens or somebody like that, which is in deployment in multiple places. Remember TaxNet. Where, yes, we say that there was some virus that went in. Which means now this system is vulnerable and an attacker can go in and attack. Now you don’t have at that situation a mechanism to do change management because you’re already vulnerable and as you said the perpetrator probably already inside.

Agnidipta Sarkar: But what you can do is you can narrow down because you decide. We decide who gets connect, gets to connect, we decide who to give access to, which means we need to decide what should be the path that someone can reach it from. And where if we are able to do that, if your tools are able to give you that knowledge, then you can go to the next phase.

Agnidipta Sarkar: So in a way, I feel that microsegmentation is your most foundational capability that decides who can get access to and where. Yeah, so even that is

Hazel Cerra: yeah,

Agnidipta Sarkar: if that is, so in that case, the main thing that happens then is the moment you implement this kind of technology, you narrow down Thatt path.

Hazel Cerra: Yes.

Agnidipta Sarkar: Which means you only allow the valid user to go in and if the invalid user, and let me give you another example for this. I know I’m talking for a long time. Haven’t done that. No, it’s okay. Go ahead.

Agnidipta Sarkar: But what I’m trying to say is think about this. Let’s say there’s a user who goes in and who’s trying to find.

Agnidipta Sarkar: An application. So you go to office, for example, you go in there, you open your Outlook or email or whatever application. You just go in there, go to the system, open your application, do your job, and you get out. That’s a normal user. The perpetrator is not gonna do that. The perpetrator is going to go there, find out, let me find out what other ports are open.

Agnidipta Sarkar: Where can I move from here? And because microsegmentation actually stops lateral movement, suddenly they don’t find abilities to move around. So it narrows down that. The second thing that microsegmentation does is it stops lateral movement, which means now you found that there are 10 servers connected on a land, but you just can’t go from server one to server two because that’s not allowed.

Agnidipta Sarkar: So basically what you’re, what microsegmentation does is giving an example of your secret service thing. Is it predef defines how the president should move.

Hazel Cerra: Yeah. It does it what

Agnidipta Sarkar: I’m and how others will move, which means really more how

Hazel Cerra: others will move. Yeah.

Agnidipta Sarkar: Yes. You are very clear. Yes. That others cannot come here, cannot travel across this, and you’re gonna say, sir, you’re not allowed to be here.

Agnidipta Sarkar: And you can, you’ll also notice the behavior that person exhibits to determine whether he’s a threat or not.

Hazel Cerra: Correct. And there’s multiple ways to do that. But like you said, like sometimes it’s not a person of how we can limit movements. It could be just that we blocked that area somehow. So very similar to microsegmentation is limiting that access to the areas that we know the president’s gonna walk through.

Hazel Cerra: The president’s gonna come in and he’s first gonna, he’s gonna do his thing. He is gonna settle down. He is gonna prepare for his speech. He might have some photos that he’s gonna take first, but that whole area is not going to the public. And

Agnidipta Sarkar: you may meet a few people.

Hazel Cerra: And, but that area is closed off to the public.

Hazel Cerra: Yes. So we are in essence, segmenting, you’re narrowing down the com, the location and the path because the walkway where the president is going to be the most secure with every asset that we have because that is gonna be our inner most ring. Everything else is gonna be contained ’cause we’re gonna have an area for the public to come in.

Hazel Cerra: We’re gonna have an area for maybe VIPs. We have an area for the press to come in. Everything is gonna be basically segmented separately. Yes. And it’s done that way on purpose because we don’t want that flow. It’s like almost, another thing that comes to my mind is like when you go to this big hall where there’s like multiple weddings going on.

Hazel Cerra: You don’t want one wedding guest to go to the other wedding, show you want them all contained into their own spots. And that’s why those places are successful. Yes. ’cause you could have 10 weddings at one time. Yeah. Yeah, you have to segment things, especially the most concentrated areas gonna be where your crown jewels are.

Hazel Cerra: That area has to be the most secure.

Agnidipta Sarkar: Absolutely. And then like you said, the, I think the framework that I use, which I. I told you earlier as well, anticipate Withstand and Evolve actually has two main parts. It’s about anticipation. It’s about preparing for, oh

Hazel Cerra: yeah.

Agnidipta Sarkar: For an attack. So what you do is, yeah you first go and do an assessment as what we call as a breach readiness impact assessment, and you figure out what your current state is.

Agnidipta Sarkar: That’s the first recon that you need to do, right? Just like an attacker does recon, you go and do a recon on your enterprise and then you figure out, okay, so I have these things. Let me now do a model. Let’s, let me try and build models. Okay? So if the attacker were ransom hub and I have a web server that’s on the outside, it needs to be on the outside because that’s my business.

Agnidipta Sarkar: And it has a vulnerability, which I did not know it had until, Seesaw came up or somebody, came up with that vulnerability. But I can’t fix it because immediately because the business won’t allow that downtime. So I need to figure out a way that if someone were to exploit that, how far can you go?

Agnidipta Sarkar: Have I stopped and reduced that attack path so that. Should someone even attack that web server and that web server goes down, that person shouldn’t be able to go in. That’s what I need to ensure. That’s the modeling part. And then you take the modeling part and then you train the organization. Build, preach, ready playbooks.

Agnidipta Sarkar: That if this server goes down, if this is the indicator of an attack, then immediately the IT teams are going to alert A, B, C, D, and someone’s going to tell the CFO, you know what, we should be doing this now you should be telling this to the market. Someone should go and tell your let’s say SVP manufacturing that you need to tell your teams who are working on this floor to go and work on this floor.

Agnidipta Sarkar: Th this is digital. Very different from physical because you can’t see anything. So these plans need to be done well ahead in advance, so that when that attack absolutely happens, then you move to the second phase. The second phase is to withstand the attack, and most people think in terms of response, in terms of containment.

Agnidipta Sarkar: No one is thinking about withstanding, but that to me is the most important part because you want your business to work. Unaffected. Even when the attack is going on, even when the most unprecedented attack is going on. And the only way you can do that is like the example you gave. If there was an incident, you would make sure that your precedent is out.

Agnidipta Sarkar: That’s the first thing. That’s your first priority. The precedent remains unaffected. That’s what the business needs to focus on, that if there’s an attack, someone triggers, its cybersecurity. Teams get called in. The narrative in front of the media will be very different. Instead of saying we had a cyber attack and then in order in the, to save the interest of all stakeholders, we shut down the whole company.

Agnidipta Sarkar: Yeah. You now will go and say, we had a cyber attack. We are in operation, we are in continuous operation. We’ve got the best cybersecurity guys looking at the attacker, and we will, we will come back to you in certain period of time and let you know how we’ve dealt with it. So it gives confidence to the stakeholders that, yes.

Agnidipta Sarkar: This company is doing this and today, this breach readiness impact assessment is so simple. I come from a world where microsegmentation was a scare. It used to take 18 months to do microsegmentation Now.

Hazel Cerra: It

Agnidipta Sarkar: takes about. So I, if I remember correctly we, we recently did something like 10,000 assets in about four hours.

Agnidipta Sarkar: We could figure out what’s going on. Wow. That’s because we’re

Hazel Cerra: what’s the average on that though? What’s, what do,

Agnidipta Sarkar: lemme tell you how it works. So there are two ways. So typically if this intelligence were to work, you need an agent or a software agent onto the system, right?

Agnidipta Sarkar: That’s what usual method was. What we did was much smarter. We figured out that there is a way you can leverage an existing tool. So someone has an EDR, let’s say CrowdStrike, why should I go about putting another agent? I now build a relationship with CrowdStrike, and I’m gonna take the data that CrowdStrike’s already ingested.

Agnidipta Sarkar: They’ve been in the system for three years, four years, five years. They’ve got the network data far better than anybody else. So all that I need to do is ingest that data and build micro segments out of that. Okay. That’s why it takes so less time, and it could be mic, it could be CrowdStrike, it could be Microsoft Defender, it could be Sentinel One, whatever the next one that comes out.

Agnidipta Sarkar: The idea is that. Tomorrow’s ciso. In 2026 I wrote a a blog recently that in 2026, you should be thinking unaffected. How can I keep the business unaffected? You should not be thinking, oh, do I need an MFA? Of course you need an MFA. But when you think of investment like that, then you’re looking at it from a different angle.

Agnidipta Sarkar: Then you’re thinking, okay, I have 10 servers. I need 10 antivirus, I need 10 of this, I need 20 of that. Now, that’s a shopping list, but to your example of one large area with 10 different weddings going on, no one thinks about. How many guards do I need in the beginning? Unless they figure out I’ve got 10 weddings, I need to segment them out.

Agnidipta Sarkar: I need to make sure that the parts are very clear. Now that’s a very different approach versus, oh, I’ve got 10 weddings, so I need 200 guards. You really don’t need so much you can optimize. You can focus your investment in things that you need more than, things that you need less. But I think I spoke a lot that you got me thinking actually after you told me.

Hazel Cerra: I know that. And that’s what the convers, that’s why it’s so exciting that I could bring what I’ve learned, in the highest levels of protection. The Secret Service has over 130 years of protection experience. We’d, I dare to say that no one does it better than we do. And then when you make that comparison to cybersecurity, it’s just so similar.

Hazel Cerra: Yes. It’s so similar, and I feel that with the Secret Service, we’re just, years in advance of the trends that you are all facing now. And that’s what’s, again, when I made the comparison, it was like, wow, this is insane. It’s the same thing. It’s security and it’s just very basic things that we do in my agency that the profession the private sector is just starting to implement.

Hazel Cerra: So yeah, the microsegmentation, to me that’s a no brainer in my world. Okay. ’cause that’s just access control and that’s just having multiple brains.

Agnidipta Sarkar: Zero trust. It’s actually

Hazel Cerra: zero trust. Zero trust. Exactly. Zero trust. Which what we call is zero fail. Same thing.

Agnidipta Sarkar: Yes.

Hazel Cerra: Just like John kinder bag.

Hazel Cerra: His, the godfather of zero trust model.

Agnidipta Sarkar: Yes. And, there was this standard called NIST 802 0 7.

Hazel Cerra: Yes.

Agnidipta Sarkar: That’s got I think in clause 3.1. And like I told you earlier I’m good with standards. I, there was a time where you could wake me up and I would tell you which clause of 27,001 you need to think of, by clause number. So that’s why, and I’m referring to clause number. So in, in NIST three do in NIST 802 0 7, there is a, there’s a Clause 3.1, which tells you how you could implement zero trust in your enterprise. And it gives you multiple methods. It gives you how you can look at it as enhanced identity protection, how you can look at it through microsegmentation, how you can define software defined networks.

Agnidipta Sarkar: And you can bring in all of those, but it, but the basic thing that I like about that is the fact that you have to assume breach you. Unless you are doing that, you are not really investing. And that’s not the traditional method of thinking, oh, I need network security. I parameter security. I need this, I need that.

Agnidipta Sarkar: If you turn that around and if you say, let’s look at it from the perspective of how we are gonna do business. And how we would assume breach as we do business, how we assume, if we assume breach, then you’re looking at it from the perspective of being ready for the next P one incident. That right.

Hazel Cerra: You, you have to look at it as, like you’re the adversary. Like you have to think like the wolf. And if you apply that think like the wolf mentality, then you could see all the holes in your security plan and you could start working through those holes and how you’re gonna patch them.

Hazel Cerra: And, the basic foundation is what? Everything you, that you just said with the microsegmentation that’s just laying out the lay of the land. But then there’s still those other things that are going on that you still have to deal with. And that’s why I recommend highly to do that tabletop exercise because you have to Absolutely.

Hazel Cerra: You have to talk through all of that, talk through all of those problems. And then, once you do that and I highly recommend that you do that virtually. How many breaches that you were in actually happened in the office?

Agnidipta Sarkar: Initially, lots of them, because we used to be in office, lots of them.

Agnidipta Sarkar: But what happened over a period of time was that and I’m, and when I say lots of them, at that time, more people were in office. This was like 1990s and. Everybody was in office. Yes, it was

Hazel Cerra: an office environment.

Agnidipta Sarkar: Alright,

Hazel Cerra: so maybe after.

Agnidipta Sarkar: Yeah. Yeah. And the fun part was, and I know people are gonna laugh and when I say this, we had a firewall administrator who shut down the firewall after office work.

Hazel Cerra: Wow.

Agnidipta Sarkar: Yeah. Office is over. You guys go home. Why do you need to connect? Those were the times where, yes, everything used to happen in office, but

Hazel Cerra: yes,

Agnidipta Sarkar: later on as we transitioned into being more available, 24 by seven, things changed and that. Okay. Just like right now, everybody’s transitioning into AI and it’s all, it’s everything is so uncomfortable.

Agnidipta Sarkar: There are a bunch of guys who know a lot. There’s a bunch of guys who don’t know anything about it. There are a bunch of guys in the middle who are still working out what really need to do. We had the same ex experience ourselves, right? 24 by seven. We didn’t know what to expect. So once we started going 24 by seven, you’re right.

Agnidipta Sarkar: You don’t need to meet in person. In fact. In fact the tabletop exercises that people developed after that. And one of the biggest mistakes people do is that they discuss about events and then they improv, improvise on the response. And I have done many of those as well. And what I figured out, I say I’m just giving you an example from my days in HP that I was in, in, in a crisis management meeting and people were discussing about the tabletop exercise that they did.

Agnidipta Sarkar: And I asked them so what was the result? What did you find? They said, no, we are good. We decided to work from home. I said, hold on. Your business continuity plan doesn’t list that as an option. So what did you exercise? No. You know this gentleman who was pro the regional director of that location, he was in the room and he said, we are gonna work from home and that’s where we ended.

Agnidipta Sarkar: I said, no, that’s not how you exercise. Yeah. The way you exercise is that you need to exercise a plan that is implemented and that is repeatable. Because yes, you need to be comparable, repeatable, and hence predictable in the event something were to go wrong, you.

Hazel Cerra: That’s exactly right.

Agnidipta Sarkar: You cannot do on, just because you had a smart guy in the room.

Agnidipta Sarkar: It’s like designed for failure. You don’t want smart people. You want people who are trained, who are who’ve got it in their muscle memory to go and do the same thing. Over and over again. Every time it’s only then you reduce the error. That’s when you’re going to come up and say, you know what? My incident response plan is working because I’m able to do it.

Agnidipta Sarkar: Do the same thing every time for a different scenario. Yes. Now a hundred percent, that’s how it has to be. It has to be muscle memory. It has to be something that you practice on a regular basis. And if you think about it, in our schools, for our children. How often do they have a fire drill? Why do you think they do that?

Hazel Cerra: Because little kids, they need to be, yeah, they need to learn where they need to go if there’s a fire

Agnidipta Sarkar: and they’re better than us.

Hazel Cerra: Oh, absolutely. They do it on a regular basis, and unfortunately they do active shooter drills now, but they’re learning how to react when that kind of situation occurs.

Hazel Cerra: So if we could do this for our schools, why aren’t we doing that for the enterprises? Why aren’t we applying that same quarterly, mindset to. Applying like your reaction to a breach where all your teams are together. And what I was getting at with practicing the tabletop exercise is that do it in a virtual space.

Hazel Cerra: ’cause that’s more likely how it’s gonna come down happen.

Agnidipta Sarkar: Oh, it’s not happen at the

Hazel Cerra: office.

Agnidipta Sarkar: And you might have. You might have a security expert who’s across the world in, I mean your, if your attack happened in Australia, a security expert might be in the US or if your attack happened in Europe, a security expert might be in Singapore.

Agnidipta Sarkar: You, you don’t really know and it’s anywhere going to be. Over the wire. So yes it completely makes sense. But I know we talked a lot but we have, I would love chatting with you continuously. There’s more that we can discuss. But before we go is there any recent incident that comes to your mind that, if people have thought about all these things, then they might have been far better?

Hazel Cerra: I think again, it, they all have the same premise, which is social engineering, and it’s the human element. And I’ve seen so many different scenarios, so many different incidents. It’s hard to pinpoint it, one with the limited time that we have here. But there’s been things that I’ve seen just offboarding people where something gets missed.

Hazel Cerra: And then that person continues to have access to the enterprise. You know that’s something that really needs to just be. Solidified as an organization. Other things, it’s just not applying the controls, not teaching your employees security awareness. And one of the, some, the advice that I usually give is that teaching your employees about security awareness.

Hazel Cerra: Should be more personal to them, where you’re teaching them about security in general. Like

Agnidipta Sarkar: exactly

Hazel Cerra: how to protect, right? How to protect your wifi at home how to protect your bank accounts, how to protect on social media

Agnidipta Sarkar: across everything. Everything, right? One of the things that we bring to the table is the fact that it doesn’t matter whether you are on it.

Agnidipta Sarkar: Or industrial systems or the cloud the way you need to do this. Whole planning about being breach ready needs to be the same. You need to apply the same thing. It

Hazel Cerra: does

Agnidipta Sarkar: it, it does. But before, one last question before we go. Tell us about your current role and how exciting that is.

Hazel Cerra: Oh, thank.

Hazel Cerra: Yeah I’m really excited. Like I said I’m a former Secret Service agent, and I left a couple of weeks ago and I just joined Black Cloak and their mission is to protect digital lives, and I am the Director of Digital Security Convergence, and it’s a excellent role for me, like the perfect fit because I do believe that the way that the physical space is affected, it starts with the digital.

Hazel Cerra: Information, the digital information of things that are out there. So in order to protect executive these days it’s almost like that battleground that that people, I don’t think that enterprises are realizing that’s a new battleground, because adversaries, what they always do is they look for soft targets and you can no longer just protect the enterprise.

Hazel Cerra: You have to protect the executives that represent the enterprise. It’s very similar to what we do, right? We don’t just protect the White House, we protect the president. We protect him everywhere he goes. Why? Because he represents. The country. So it’s the same thing with black cloak. They found this gap, and I’m just mad that I didn’t come up with the idea, but I’m happy to be in an organization where I could still be mission oriented, because at the end of the day it’s not just protecting digitalized, but it’s protecting the safety of these people because there’s just a lot of, unfortunately unbalanced, people out there and that they are willing to harm someone for their own beliefs. And Black Cloak does it really well. They have what they put out was the Digital Executive Framework work. I’m sorry, the Digital Executive Protection Framework. And out of all of those various items in there they do they have a subnet of the majority of them.

Hazel Cerra: So it’s like a one stop shop, and most of it is that they’re protecting the devices of your executives because you know that when they leave the work and they go home, they’re very comfortable at home, just like we all are. We’re comfortable. So they get on their devices and they’re gonna start doing work, whether it’s, on their work device or their personal device.

Hazel Cerra: They’re gonna use their computers, they’re, and they’re all on the same network. And guess who’s on the same network? Their children, their spouses, and what Black Cloak does, it protects all of the devices of not just the executive but their entire family. And if they have a second home, they protect that as well.

Hazel Cerra: And what’s really great about it is that they have a 24 7 concierge white glove service. Of 55 members in US-based SOC that will initiate incident response or even just to entertain a question. So that I think is one of the most valuable assets that they offer, is that, holding the executive’s hand or their family member through anything.

Hazel Cerra: ‘Cause we’ve seen, I’ve seen a lot in the Secret Service. One of the crimes that was there was an uptick in sextortion. And we’ve seen a lot of that. And it’s, people, freak out when something’s happening to your child. I know I got a call from my doctor.

Hazel Cerra: That her son was being sex doted. And I thought, what’s wrong? And my doctor’s texting me, this is really weird. But that’s the kind of stuff that’s happening. So in order and to be in black cloak and to be an executive and when you have so much on your mind to be able to not have to worry about that and have that peace of mind where we can handle the incident response and take care of everything, I think that’s a huge, valuable asset.

Hazel Cerra: And the organizations are realizing that, and black cloak is, they’re. It’s very present. They’ve made a great name for themselves because the services are far, they’re uncomparable to anything else on the market. And that was one of the reasons why I came here, because I do believe in the mission.

Hazel Cerra: I believe in the work that they do. I did it. I could have gone to other companies, larger scale, but this is, I’m a mission person. And this felt, to me, protecting digital lives as a mission was something that I could stand behind.

Agnidipta Sarkar: Thank you so much. It was a yes, thank you. Pleasure talking to you.

Agnidipta Sarkar: And

Hazel Cerra: pleasure talking

Agnidipta Sarkar: to you too. And welcome to chaos because you’re coming from order the enterprise world is all of chaos because there are multiple interests. And you’d realize that it’s a, it’s, I would say you were in a nicer world. Before as competitors. I dunno

Hazel Cerra: about that. I dunno about that.

Hazel Cerra: No, we had chaos all the time.

Agnidipta Sarkar: No, that’s so you were in a situation where you had chaos in the organization that you built here, you’re going to find that the organization itself is chaos. That’s the difference. Okay, so let me stop recording. Thank you so much that

Hazel Cerra: you’re welcome.

Agnidipta Sarkar: That you talked to, that we talked and.

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.