If there’s a fire to put out in the Charlottesville, VA, area, you’ll probably find Alex Belgard there – whether it’s an actual fire or the cyber kind. As team lead of network and security for Crutchfield Corporation, Alex leads the security team for the privately held, online retailer that specializes in a wide range of electronics. In addition to more than 13 years in the information security world, Alex has been volunteering in fire/rescue and emergency medical services (EMS) for more than 18 years – just completing a two-year term as chief of the Charlottesville-Albemarle Rescue Squad this year.
A graduate from the University of Virginia with a degree in systems engineering, Alex joined Crutchfield in 2005, working as a web developer before transitioning into a security role. He is a CISSP and GIAC Certified Forensic Analyst and has led Crutchfield’s security team since 2013. Consistently in or near the Top 10 Sharers list, Alex is a strong contributor to the R-CISC community.
Here’s what Alex has to say about sharing with the R-CISC community …
As a relatively small company, we don’t experience the same volume of attacks and security issues that larger companies do, so we rely heavily on information shared through R-CISC to inform not only our day to day threat hunting, but also our strategic planning for defenses against up and coming threats. The ability to connect directly with other security professionals in the retail sector has given us great insights into common security challenges throughout the industry and how we can address them. The retail-specific focus of R-CISC means that we receive a high volume of actionable intelligence through R-CISC, while some of our governmental information sharing partners are more likely to share intelligence on issues that may only be relevant to other sectors such as energy or defense.
Finding Time to Share
At first, it was a challenge to keep up with all of the information coming in, but ultimately our participation in the sharing process has been a time saver for us. By being able to prioritize our work based on the high-quality intelligence shared through R-CISC, we were able to focus on the most common and realistic threats to us as a retailer, and it was easy to integrate sharing into our process as we hunt for threats. In a number of cases, we have been able to identify threat activity and quickly take action based on information shared through R-CISC, so it’s easy for us to justify maintaining a strong effort to share intelligence.