Sunday, October 13, 2002

[photo] Scott Snodgrass, owner of an information-technology consulting firm in Mason, has launched a second enterprise to fight computer sabotage.
(Michael Snyder photo)
| ZOOM |

G.I. Defense putting hackers on defensive

By Jenny Callison
Enquirer contributor

MASON — Scott Snodgrass has declared war on cyber-terror.

Mr. Snodgrass, owner of an information-technology consulting firm, launched a second enterprise early this year to help combat computer sabotage. The new business, G.I. Defense, reflects growing concern by governmental agencies and corporations about the security of their electronic data.

“If you care about loss of face, if you're concerned about disgruntled employees or corporate espionage, you need to protect your network,” Mr. Snodgrass said.

Rather than expand his existing firm, Geeks Inc., to encompass cyber-security, he decided to create a complementary company.

“Because information security is such a new market, a company needs to have that as its focus,” he said. “But we can cross-sell very easily.”

Scott Snodgrass spends most of his energies developing his twin companies, which are based at 7577 Central Parke Blvd. in Mason. But he has also made time to develop a new resource for small businesses.
Mr. Snodgrass and lawyer Mark Smith have helped form the Cincinnati Technology Council, an organization designed to help small business owners learn about technological advances that affect their enterprises.
The group, which numbers about 20, offers free seminars in fields such as technology law, security, patent law and intellectual property.
In late November, the council will present “Technology Law and What it Means to You.“
See the group's Web site for more information and registration, or call 229-7874.

The companies' organization is streamlined. Mr. Snodgrass maintains a headquarters, but contractors in both companies work independently. There is virtually no overlap between his techies and his analysts.

“We're keeping overhead low,” he said. “When times get tough, we'll survive, unlike the dot-coms. I believe in keeping greed and pride down, and enjoying life.”

So far, G.I. Defense has grown largely through word-of-mouth and through its sister company. But its owner is gearing up for a dramatic increase in demand as more organizations move to fight hacking, and as more money becomes available to governmental agencies.

Said Mr. Snodgrass, “The president has told us to batten down the hatches. As soon as the Homeland Security Bill is passed, the government will be issuing specifications for information security.”

To prepare, Mr. Snodgrass has worked to get G.I. Defense on the GSA provider list; he said that should happen by late October. The company also has formed an alliance with Sogeti USA, which is based in Dayton, Ohio, to provide that IT company's information security services.

“Sogeti USA is one of the top six in IT consulting,” he said. “They are in every state. Now we'll have about 10 sales reps in all 50 states selling G.I. Defense services. I estimate that our growth in 2003 will be at least 300 percent over 2002.”

Unlike many of his competitors, his company does not represent any one product, Mr. Snodgrass said. He maintains that his consultants look at a client's needs and recommend the security hardware and software that best suits that need.

“We don't ever want to get in the position of being in bed with a particular product,” he said. “And we're not just hardware and software implementation. We will train a company's employees on how to use them, and the importance of information security. Without employee buy-in, you can't ensure security.”

Just as training client employees is essential to the success of any information security program, ensuring that its own employees have the highest level of knowledge and ethics is crucial to G.I. Defense's credibility. All have military security clearance and have worked in the field for several years.

G.I. Defense's first step with a potential client is to do a vulnerability assessment, checking out the systems for ease of entry by the wrong person. The assessment results are clearly understandable, and sometimes shocking, to the client. Mr. Snodgrass remembers seeing a cyber invasion by a third-world government agency as he performed an assessment.

For protection, G.I. Defense recommends many layers of insulation.

“There is nothing that is hack-proof. Security is a process

of building defense in depth,” he said.

But “the harder it is for them to get through, the easier it is to track them and the more likely it is that they will give up,” Mr. Snodgrass said.

The majority of hackers aren't bent on terrorism or even theft, he said.

About 80 percent of hacking is done by what he calls “script kiddies,” young computer wizards who follow programs and learn to break into increasingly complex systems for the bragging rights.

But even such relatively benign entries leave a company or agency vulnerable. And the 20 percent of hacking that's not a cyber-joyride can be truly disastrous.

“There are many different ways in which al-Qaida has been using the Internet to affect the U.S. in negative ways,” Mr. Snodgrass said.

He has been working with the cyber-crime division of the FBI to shore up computer network defenses in the Tristate.


Tristate allies power up Bombardier
Waste charges add to car bill
- G.I. Defense putting hackers on defensive
As CEO, how much do you get paid?
Can Main Street revive Wall Street?
Winemaker's roots extend from fields
Tristate Business Notes
What's the Buzz?