Please note: We’ve updated our Privacy Policy. Click here to review the changes and learn how it affects you.

Derek Nugent: “all companies should measure and track their security posture“


Oct 26, 2022

Originally posted on by the Cybernews Team.

As security threats continually evolve, simplifying IT operations as a whole becomes more crucial than ever.

Today, when cyber-attacks can no longer be stopped by antivirus software or firewalls, the importance of SecOps- a collaboration between IT security and operations teams- has started to rise. You must, however, understand what it is and how it can help when modernizing an enterprise before deciding whether or not to use it in your own company.

To help you find answers to these questions, we invited Derek Nugent, VP of Revenue at Difenda – a privately held SecOps-As-A-Service company, with over a decade of experience.

Tell us a little bit about your history. How did Difenda originate?

Difenda was founded in 2008 as a Canadian-based organization. At this time, we did everything from a managed security services perspective leveraging many different technologies.

But we got out of that business early on to focus on a more outcome-driven service model. This was key for us because more and more organizations continue to want outcome-driven services that are going to help them reduce risk and mature their organizational program.

So, in early 2019 we made the decision to solely focus and power our services with the Microsoft Security ecosystem. Now, we help our customers manage their Microsoft Security tools and help streamline response capabilities through automation so that we can protect our customer’s networks faster and wiser.

Today our growth model has led us to expand into the USA, experience 40% year-over-year growth in people, and double down on our capabilities with Microsoft collectively so that we can continue to be a valuable partner.

This year we have formalized our channel partner strategy program with the Difenda Build Program. By partnering with leading channel providers and Microsoft licensing resellers we provide a larger set of customers with unmatched cybersecurity services and solutions.

Can you introduce us to Difenda Shield? What are its key features?

The Difenda Shield is an integrated cybersecurity suite of consumable service modules that gives companies the tools they need to stay vigilant, agile, and collaborative in the evolving threat landscape. It is designed to provide customers with the capabilities to pick and close gaps based on their security operational program by leveraging their investments in technology.

The Difenda Shield platform offers enhanced security with a streamlined ‘SecOps-as-a-Service’ experience through highly automated and orchestrated processes based on integrations with Microsoft 365 services and other industry-leading technologies.

With the Difenda Sheild, our customers can respond to potential threats faster through Managed Detection and Response (MDR) for IT and MDR for OT and can minimize the window of opportunity for attackers with automated vulnerability management through our Advanced Vulnerability Management (AVM) services, and keep up with the constantly evolving regulatory landscape with a streamlined approach and frameworks with our managed Governance, Risk and Compliance (GRC) services.

Not only that but having our cybersecurity experts create and co-manage your Microsoft Security stack through our Difenda Shield services enables valuable automation and orchestration processes while also providing customers with increased visibility across their security environment.

What technology do you use to detect threats before it is too late?

Our modern four-step methodology consists of threat profiling, threat detection, threat hunting, and threat response, all of which are powered by Microsoft.

We also leverage leading technology like Anomali to provide additional context and insight that helps develop automation and integration capabilities to provide an increased amount of outcomes to customers.

How do you think the recent global events influenced the ways in which threat actors operate?

The pandemic opened a new area of business where organizations were working differently, such as remotely, which provided an influx of capabilities and access points where attackers were able to infiltrate their network. This is obvious when you look at the number of breaches organizations have faced in the past two years alone.

On the flip side, with constantly advancing technology, attackers have been able to leverage legacy technologies in critical infrastructure to maximize dollars and cyber warfare. Both the evolution of technology and the traditional thought processes around security that many c-suite executives tend to have contributed to the sophistication of how threat actors operate.

Additionally, the current economic uncertainties provide people with an increased amount of curiosity in finding alternative income streams. As we move into the upcoming recession we predict a substantial increase in cyber threats, attacks, and breaches, especially for organizations with outdated or legacy technologies as their core infrastructure.

In the coming months, the threat landscape will broaden to include a new generation of amateur attackers with a significant focus on profitable data. That is concerning because when recessions come the first thing companies tend to do is reduce people, such as IT or security. This is the opposite of what needs to happen which is why managed security services are going to be so important in the near future.

In the age of frequent cyberattacks, do you think small businesses and big enterprises should rely on the same security measures?

It all depends on the risk of the business. Yes, all companies should be aligning themselves with tools to measure and track their security posture. But some organizations have a bigger risk profile and it doesn’t necessarily have to do with company size.

What will be important is the ability for organizations to define their risk and their crown jewel data. Once companies know what they need to protect that insight will dictate how much they should be focusing on security.

Despite all the solutions and services available, certain organizations still struggle with upgrading their cybersecurity. Why do you think that is the case?

Today, security is a cost center, so when you allocate budget to something that does not generate revenue, unfortunately, it doesn’t equal money. Even in IT when you talk about how digital transformation is being deployed even though it’s a cost center.

But it’s because it is transforming the business helps to fastrack revenue. Cybersecurity will never do that. Unless there is a specific requirement like many licenses and certifications that make it a relevant revenue driver.

As work from home becomes the new normal, what do you think are the worst cybersecurity habits that can put not only an organization’s workforce but also its customers at risk?

Humans are and always will be the biggest cybersecurity risk to businesses because we are innately curious. Human curiosity is the worst cybersecurity habit because it creates distractions that threat actors feed on. Remote working only elevated human risk because when you are at home you have an increased level of distraction, eventually leading to mistakes.

That is why we see all this discussion around the importance of endpoint detection and response; businesses are looking to solve human error. Phishing attacks will always be the number one way into a business and the only way to mitigate that risk is cybersecurity awareness training and having an excellent security program that can mitigate the impact of breaches.

What new cyber threats do you think can become a prominent problem in the near future? What can average individuals and organizations do to protect themselves?

In the near future identity and access will be huge and many companies need to pay attention to this if they are not already. Controlling who and from where people can access company data will be a major factor in protecting our networks.

Additionally, vulnerability management and patching will continue to be the most significant risk to a business as it has been since IT started. Businesses will need to focus on creating programs around vulnerability management and taking patching seriously will be integral to moving forward. Many people forget that legacy equipment cannot be upgraded which creates increased risk because internal teams do not treat patching as a program.

IT teams regularly miss patching or system upgrades that can protect their environment. Unfortunately with the evolution of technology, businesses simply have too many technologies to make vulnerability management and patching a priority. This only further highlights how important it is to consolidate security services. Where there is consolidation, technology is easier to patch and maintain long-term.

For example, the old school mentality where businesses expect you to have a personal and work computer or laptop and phone. That needs to go. Having so many attack services for one person only makes it so much easier for attacks to happen.

Share with us, what is next for Difenda?

At Difenda we are all about changing the game in cybersecurity. Currently, consuming cybersecurity tools and services is a time-consuming process; a key focus for Difenda moving forward will be automation. We want to create automated patching capabilities.

Our goal is to make it easy for customers to consume our products and grow toward a “click of a button functionality and mentality. Want to help measure your security technology through a click of a button? Think of the Microsoft Azure Marketplace– that’s where they are going too.

Discover more about Difenda here.

Get more cybernews at

Our Microsoft Security Services