Ron Schlecht is the founder and managing partner of BTB Security, an information security company headquartered in Bala Cynwyd, PA, with offices in Chicago, IL, and Austin, TX. Through a comprehensive approach that goes beyond the basics—the meaning behind the company’s namesake acronym—BTB Security helps clients detect emerging cyber threats, protect sensitive data, and defeat cyber criminals. The firm serves a wide range of industries—including financial services, education, healthcare, manufacturing, retail, and more—as well as government clients. BTB Security is listed on the Inc. 5000, where it has been named one of the nation’s top security companies (#23).
EDWIN WARFIELD: Tell us about your background. When did you get involved in cybersecurity? Do you approach the issue more from a business perspective or a technology perspective?
RON SCHLECHT: I actually started, if you go really far back, in law enforcement, and then some contract intelligence work. From there, I went into consulting. I had a really good opportunity down at KPMG in DC to do some penetration testing—it was all against government clients. Then I switched into doing more private security assessment-type stuff. And then was afforded the opportunity to work as the first security manager at BlackRock. Doing that gave me a different perspective. It was the other side of the table: instead of doing consulting, really owning the department, the organization, and growing it from the ground up.
From there, I bounced back and forth. I went from that back into consulting, grew myself professionally and technically, and then went back into consulting, building a practice with a few good folks. And then I jumped back into the CISO roles for Harleysville and then Penn National Gaming as well.
For me, it’s been a good mix of practical application of the technical pieces—not only doing the consulting, but then also sitting on the other side of the table and actually consuming some of those services. I think it gives me a little bit of a better perspective. It’s not just “do something with no background or experience,” but I’ve actually been through and understand some of the intricacies of running an organization and can empathize with the folks that need to do that—balance out where security comes into that business.
Q. BTB celebrated its 10-year anniversary last year. What were the early days at the company like?
When we initially started, we had non-competes with the companies that we were all working for. We started off just doing forensic examinations and incident response because it was the one thing that the companies that we worked for did not offer. We were fortunate in that respect that we were still able to pull in some clients that way and then we were not competing with any of our full-time jobs. Once we worked all of them off, we went back to what we were used to providing in terms of the assessment services—and these are the proactive assessment services, things like the ethical hacking or the IT risk assessments; things that people are compelled to do, or just do as part of their best practices.
As part of that, we realized that we were really good at doing the breach response work as well. We were very heavily involved with breaking into so many companies and our clients that when we had a client that came up with a problem, or they had a security incident that they needed help with, we were able to quickly detect how it was being done, because we had that flipped mindset of being the attacker. We knew what the next step was going to be, or we could at least get to the places of most evidentiary value because we had been in that situation before; we knew what our next step would be if we were attacking that organization, and could trace those steps back.
That was pretty close after we started doing those assessments. I think they go hand in hand, and still say it to this day to many clients: if you’re good at breaking into a company, you should be good at figuring out how people broke into a company. It’s different sides of the same coin but they go hand-in-hand.
Not until really a few years ago did we start to offer that managed detection and response service. That—as an interesting story—was actually because we were doing a breach response for a rather large regional bank. We were doing that incident response, we had built our own tools set around doing that, and had basically gotten into the point of understanding exactly how the attack was being carried out and what the plans were, quicker than we had been expected to do that. We were able to find exactly what was going on, figure out what the next steps were and put some protections in place so that it didn’t continue or didn’t get carried out. And in doing that, we had the client actually turn around and ask, “Can you just leave this stuff in place?”
We had talked about offering more of a managed security service, but not until that point did we realize that we actually already had the basis in terms of the technology to offer that. So, over the course of about a year, we refined that platform, operationalized what we were doing, and turned it into what was essentially the first version of RADAR.
Connect with Ron on LinkedIn