From recovering seawater-immersed media to providing security to SMBs, learn how three IT consultants in Florida (two of whom are former NSA employees) are helping clients and students.
Fort Myers, Florida seems to have an inordinate number of people who have worked for the NSA. Most of these people appear to be — not unexpected — successful owners of businesses related to IT. Prime examples are John and Sue Benkert, both former NSA employees, who along with Gregory Scasny own CPR Tools.
CPR Tools, originally called Computer Peripheral Repair and Recovery Services, has been saving companies and individuals from data-loss angst since 1987. The Benkerts started working for CPR Tools in 2004 and in 2011, with Scasny, bought CPR Tools.
Over the years, the company has gained a reputation for retrieving what was thought to be lost data from memory devices. CPR Tools has recovered data from:
- Bubble memory
- Floppy media
- Magnetic-tape, solid-state, and optical media
- MFM/RLL hard drives
- Water- and physically-damaged media
Some of the more interesting recoveries involved media immersed in seawater for months, media charred in fires, media buried 8 feet underground for 10 years, and hard drives with badly-scratched platters.
One reason CPR Tools is successful is their incessant researching. John Benkert mentioned engineers at CPR Tools study every new memory technology, learn its weaknesses, and what type of recovery methods work. For example, when USB drives were first introduced, CPR Tools built its own as a way of understanding how the device worked.
Besides in-house data recovery, CPR Tools builds and sells the same tools used by company engineers to recover data or the opposite — to remove data from end-of-life memory devices — to businesses that want those capabilities in-house. Every piece of equipment they sell is designed and built in the US.
John Benkert, during a conference call, stated, "CPR Tools is different for many reasons, but there are three important ones I believe separate us from the pack for data recovery: price, discreetness, and our advanced capabilities."
Cybersecurity Defense Solutions
While helping clients (mostly small- and medium-sized businesses), the Benkerts and Scasny noticed clients more often than not wanted help with other IT issues, in particular those related to security. The Benkerts and Scasny saw an opportunity, especially Scasny, who is a scary-smart security expert — the type that always finds a way in during a penetration test.
So, in October 2014, the three started Cybersecurity Defense Solutions (CDS). "CDS was formed to help bring cybersecurity to all companies no matter what size," Scasny wrote in an email. "Our goal is to provide best-practice, easy-to-understand consulting, training, and security products for our clients."
FLITRAP and TVAP
CPR Tools has expertise building data-recovery hardware for data recovery, so it was a natural progression to build security implements, including FLITRAP and TVAP.
FLITRAP (Front Line Intelligent Threat Response and Assessment Platform): FLITRAP is a turnkey appliance consisting of a honeypot, intrusion detection system, and alerting system. FLITRAP seemed similar to other offerings, and I asked Scasny about that.
He mentioned that FLITRAP, right from the beginning, was designed for businesses having little to no in-house IT or infosec staff. "Our interview process allows us to pre-configure the device for the client before it is shipped out," explained Scasny. "The client has a true 'set it and forget it' trap to alert them or their contracted IT personnel of anomalous network behavior."
TVAP (Threat and Vulnerability Assessment Platform): "Our approach is hands on — most businesses are not sure what they need to be scanning or why," explained Scasny. "We gather information from the client even up to the point of scanning their entire network to find what is specifically on the network so that all vulnerable systems can be analyzed. We then configure TVAP using the data we accumulated."
In addition, CDS will run an Intrusion Detection Sensor (IDS) at the furthest point of ingress/egress on the network (typically on the LAN link of the firewall) for a pre-defined number of days. The IDS uses both signatures and anomaly-based behavior heuristics to detect threats that may already be on the network. "Since we have mapped the network in great detail, we know what traffic has no place on the client's network," added Scasny. "Doing so enables us to find insider threats and shadow IT operations on the client's network."
Paying it forward
During my visit, I saw how passionate the Benkerts and Scasny were about making a difference in their community — that really showed when discussing their intern program. Internships are offered to local college and high school students interested in pursuing a degree in "just about any technological field" said John Benkert. "Our goal is somewhat selfish," said Sue Benkert. "We certainly would love to find awesome employees, but we also believe — probably more so — that we can affect a change in attitude by getting students excited about data security."
Interested students are asked to submit a resume and partake in an interview; this is important to the Benkerts and Scasny. "This is typically the first time a student has created a resume and many times the first time they have been interviewed," mentioned Sue Benkert. "These two skills, resume writing and interviewing, are seldom taught anywhere, and it's a great experience for the students."
"Having worked on both the offensive and defensive side of computer networks, Greg and my unique backgrounds allow us to offer a different perspective than most," reflected John Benkert. "We truly believe that if we teach the basic principles to these students, it will become a habit they will pass on to others."