Steve Hope is the owner of CIAN Inc., a service-disabled veteran-owned IT security company that operates out of Peoria, Illinois, and Bowie, Maryland. A retired U.S. Navy officer, Hope discovered his calling on January 23, 1968—the day North Koreans captured the USS Pueblo, a Navy-commissioned ship carrying a large team of American cryptologists. That same year, Hope enlisted and went on to become a top cryptologist and linguist in his more than 20-year long military career. Today, he draws on that experience to stay a step ahead of malicious hackers and to bolster the defense systems of a variety of businesses. In addition to CIAN, he is also the president and CEO of several LLCs that focus on data center security and cloud computing.
Tell us a bit about your background.
I was born in upstate New York, in Utica. My family of nine moved to California at the height of the “westward ho!” movement of the early ’60s. My dad was a scientist/engineer that worked on sophisticated space agency equipment, such as the Lunar Excursion Module (LEM) and aircraft carrier landing modules. I graduated from Clairemont High School in San Diego, and immediately made the choice of enlisting in the U.S. Navy at the peak of the Vietnam War, [which I] selected over McDonald’s Hamburger University or being drafted.
While in the service for over 20 years, I received my Bachelor of Science in Arabic/Middle East studies and a minor in business management. I attended postgraduate school at the Defense Intelligence Agency in Washington, DC. I was the top Arabic and French linguist in the Navy for over 10 years running. My naval career took me to permanent assignments in Morocco, Spain and Greece, as well as various intelligence agencies in the Washington, DC area. I have three children, all of whom reside in the Washington, DC area.
How did you first become interested in cryptology?
I made my decision to enlist in the Navy at a time when the news was rampant, cresting that year with the assassinations of RFK and MLK, the Tet offensive, Vietnam War at its peak, Apollo 7 and 8 launchings, Nixon being elected and Russia invading the Czech Republic. A little-remembered event from that year was the capture of a “patrol boat” off the shores of North Korea and the taking of prisoners of war. The boat was full of naval cryptologists and linguists. My interest peaked, and the rest is history. They were released from captivity while I was in boot camp in San Diego, the same day I was selected to go to the Defense Language Institute in Monterey, California, leading to my career as the top naval cryptologist.
Describe some of your experiences in your military career.
I maintained a high-level security clearance, which makes my experiences, while memorable, classified. Generally speaking, I enjoyed the deployment rotation as mentioned above, being afforded the opportunity to live in Europe/North Africa, and the heightened responsibility of providing intelligence reports to the highest echelons of the government during peak times of international crises. I received many—in excess of 30—awards and letters recognizing my expertise and wings as a naval air crewman flying EP-3E and A-3 reconnaissance aircraft. These successes led to my being selected as the top Navy master training specialist and air force master instructor during my tour of educating cryptologists in Texas.
How did your military career lead into your business career?
My naval career allowed me to be at the forefront of the introduction of day-to-day usage of computers in the intelligence community and then to businesses. The leadership and people skills that were instilled in our daily routine were of paramount importance that led to creating an ability for me to lead and manage while instilling integrity and confidentiality in the workplace.
Tell us about the products and services offered by CIAN.
CIAN has evolved as rapidly, expeditiously and flawlessly as the computer industry since the late ‘80s. I incorporated the business in 1990, and at that time, we were involved in placing microcomputers on the desktops of small and medium-sized businesses. We replaced “dumb terminals” (wired monitors to mini and mainframe computers) with local processing at the desktop.
Our first major contract was our involvement with the Air National Guard Bureau at Andrews Air Force Base in Maryland. We were tasked with providing the Bureau a plan to deploy desktops to every fighter base in the country. Our plan was accepted. We created instructional materials and proceeded to set up the computers (remind you, the first that the bases had seen on the desktop), network them together and make them talk to each other. We selected and deployed a Banyan Local Area Network (LAN) (based on AIX/UNIX at each base). We actually provided instruction to the administrators and end users to show them how to use email and shared applications. Years later, we were instrumental in their change from Banyan to Microsoft Windows networks, and connected the LANs together to form a Wide Area Network (WAN). Concurrently, we guided many legal and medical offices in their efforts in getting distributed computing to the desktop.
These successes led to the opportunity to lead the effort of migration work—from Banyan VINES to Microsoft Windows—at major agencies in the Washington, DC area, such as the Federal Deposit Insurance Corporation and the Department of Treasury. Over 12 years ago, “migration work” pretty much shifted to the changing times of “now that everyone’s connected and talking to each other with bits and bytes, how do we prevent the ill-doers from infiltrating private networks and information?” We basically wrote the book on computer security relative to incident response and information assurance. We have created teams of highly trained and talented individuals that are certified and cleared to work the good side of hacking and computer information protection. We have developed computer appliances that can sit on the network and passively observe who is getting into your information and why. We take proactive measures to safeguard the sensitive information and protect it from malware.
The addition of data security, which provides for the confidentiality, integrity and availability of your information—hence, where the name CIAN comes from—to our lineup in 2000 came naturally, as we forever preached that the number one problem with connecting everyone together was that we were connecting everyone together. Without the proper safeguards in place, the wrong people can get to information you don’t want them to.
Most recently (2011), in keeping up with the ever-volatile evolution of computing, we opened up two data centers—in Peoria and Bloomington. These state-of-the-art facilities provide the much-needed physical security and uptime demands for our clients. This added capability provides colocation services, backup, massive data storage, redundancy, application services, managed networks and cloud services as technology further evolves into “IT as a utility.” There is no longer the need to have businesses build out a special room or rooms to house their IT equipment—taking up valuable office space—when we can provide a means of ensuring the correct physical equipment, air conditioning, temperatures, humidity levels, uninterruptable and redundant power from different substations, backup generators and multiple paths to the Internet.
Describe CIAN’s work for the federal government. Do you also work with clients here locally?
We continue to hold federal contracts. The workforce is split between Peoria and Washington, DC. We are a Service-Disabled Veteran-Owned Small Business, as certified by the Small Business Administration and the Veteran’s Administration—VetBiz. We hold the Navy’s SeaPort-e contract, the mandatory contracting vehicle to obtain support services to the U.S. Navy; the U.S. General Services Organization’s IT Schedule 70, a long-term contract issued by the U.S. General Services Administration (GSA) to a commercial technology vendor; and various agency contracting vehicles. In addition to our government work, we are the IT for many legal and medical facilities both in the Washington, DC area and central Illinois.
How difficult is it to land and maintain a contracting job with the federal government? What are some of the challenges of government contracting?
Landing is definitely more difficult than maintaining a contracting job with the federal government. Without a doubt, the competition is fierce and the regulations numerous. However, because we have specialized contracting vehicles in place, it facilitates our ability to procure federal government work. The bidding process for normal acquisitions is very time-consuming and labor-intensive. The federal acquisition regulations are numerous, verbose, and on occasions, ambiguous. Once we are in at a government agency, as either a prime or under a subcontracting agreement, we have no problem maintaining our positions, increasing our efforts, and solidifying the trust of the work ethics and professionalism required.
What are the greatest challenges for business owners in maintaining security and navigating this new, data-driven world?
As indicated above, the greatest challenges center on the fact that the world is connected. While convenient and expeditious, our form of communicating in this data-driven world sometimes allows us to be less security-conscious for the sake of that speed and convenience. All too often, business owners are concerned about competitors obtaining their information, or hackers ruining a database or selling their information on the street. They neglect the insider threat—which CIAN has focused on for the past couple of years—one of the greatest threats to businesses. The most damage to a business’ data and integrity can be done from within its own office space. The lack of implementing operational, network and physical security best practices attribute to the constant leak of information and destruction of a business’ data assets.
However, I feel these are not necessarily challenges, or rather are unnecessary challenges, because they can be controlled and mitigated with security awareness. Each quarter, my company hosts a free security awareness and training briefing as a community service. We are attempting to get the word out that even here in the Midwest, we are so vulnerable to exploitation of our information. Again, because we’re all connected and lax on our security standards. We stress the importance of good computing security practices.
Ninety-one percent of all successful exploits of late are the result of taking advantage of the user at the keyboard: the holder of your information. These exploits start with obtaining insider information either through phishing attempts or just recognition of known vulnerabilities in a company’s security practices. Key logging dongles and malware applications introduced unbeknownst to the business owner add to the complexity of ensuring a safe and secure information-sharing experience.
The lack of data classification also contributes to the challenges that business owners face—not only the severity of the information itself, but it should be defined and controlled as to who has access to what, where the data presides, how it is transmitted and who is responsible for its dissemination.
“The best defense is a good offense.” Describe this approach (from CIAN’s website) to network security.
All too often, businesses believe that so long as they have a good virus protection program or firewall, they are secure and protected against any infiltration. We take that a step further—in fact, our first corporate motto was “One Move Ahead.” Staying ahead of the bad guys, understanding the technology of hacking and securing networks beyond simple third party products, as well as employing network appliances to protect against exploitation, are all examples of the proactive measures CIAN takes with all of our clients.
We don’t sit back and wait for another exploit of vulnerabilities—be it a weakness in an operating system or application or the insider threat—we task them, test them and deploy proactive countermeasures expeditiously on our clients’ networks. Taking the offensive posture in protecting computing assets is of paramount importance. Training our employees in the latest techniques, hacks, schemes and infrastructure protection plays an important role in the operational readiness of our teams, as they live and breathe security 24 hours a day. We are the good-guy hackers—“white hatters”—who constantly test the boundaries and ensure information integrity. We scan thousands of underground sites every day in search of chatter relative to malware attacks and vulnerabilities.
Tell us more about your other companies. Are they affiliated with CIAN, or separate entities?
I started Office Automation Systems (OASYS) Limited (a Maryland C corporation) in 1990. As the name implies, it was formed to automate data management systems and automate the tasks being done at the worker-bee level. It is still active today and the linchpin of the other entities I’ve created as a result of evolving technology. Its mission is to provide network administration and support to small and medium-sized businesses that may not have an IT department, or in which we may need to augment their IT staff.
As we started a focus on security—securing the information that we administered or migrated for our clients—and as the technology world started to get connected and networks proliferated, we saw a need for a completely independent team of IT professionals: security experts. I formed CIAN Inc. in 2001 and opened a second office (CIAN Center Inc.) in Peoria in 2007.
In 2011, I created Empyrean Inc. The name was chosen because Empyrean is the highest cloud in the heavens. As current technology focuses on cloud computing, it was apropos. A5.com Inc. is a DBA (Doing Business As) alias owned by Empyrean Inc. It is the keeper of the gates to the cloud: data centers. As mentioned above, we have two data centers, with state-of-the-art technology.
Data Center Cloud Corporation is an Illinois corporation. I also own many LLCs: OASYS, LLC DBA SJH Holdings; Empyrean Holdings, LLC; Hope Leasing, LLC; CHAREM, LLC; and BroadOps, LLC.
What do you see happening in the technology world in 2013?
As the technology experts and customers alike figure out the correct definition of cloud computing and focus on IT as a utility, much like we do our gas, electric and water bills, I see information technology decentralizing out of the workforce and business locations and into the heavens. We’ve all probably used cloud computing whether we know it or not (Facebook, Gmail, Yahoo, etc.), but we see it going to a higher plateau. Peoria and Bloomington will see a rapid increase in fiber network distribution to the homes and businesses, thereby accelerating the infusion of cloud applications. Virtual networking, while it has been around and implemented successfully for years, will take on a more important role in cloud computing and business continuity. As local businesses pare down on their computer assets by consolidating and taking advantage of the cloud, productivity will increase and the headaches of internal network servers and computer processing will wane. iBi