March 20, 2025 • 13 mins
I spoke with Edward Chick, the Chief Revenue Officer at NopalCyber, a managed security service provider that offers outsourced cybersecurity support, seeking to democratize enterprise-level security for law firms and organizations in other sectors. We discussed best practices to help law firm leaders identify cyber threats, mistakes they are making with their cybersecurity protocols, how often they should test and update their cybersecurity procedures, and where to leverage artificial intelligence and machine learning to enhance cybersecurity.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:01):
Welcome to Reinventing Professionals,a podcast hosted by industry analyst
Ari Kaplan, which shares ideas,guidance, and perspectives from market
leaders shaping the next generationof legal and professional services.
This is Ari Kaplan and I'mspeaking today with Edward Chick.
The Chief Revenue Officer at Nopal Cyber,a managed security service provider
(00:25):
that offers outsourced cybersecuritysupport, seeking to democratize
enterprise level security for law firmsand organizations in other sectors.
Hi, Edward.
How are you?
I'm well.
Hi, Ari.
Thank you for thisopportunity to chat today.
It's my privilege and I'm lookingforward to the conversation.
Tell us about your backgroundand your role at Nopal Cyber.
I have been in, uh, high techsoftware and services for decades.
(00:50):
I've worked with, uh,SAP, IBM, and Oracle.
I've also worked with smallercompanies, some startups, and
had some success taking them to alarger position in the marketplace.
I'm passionate about helpingcustomers with technology and
services get to a better place.
How is Nopal Cyber's approachto identifying and prioritizing
(01:12):
internal and external threats unique?
Cyber security is sometimes not seen as asimportant as it is because it's behind the
scenes and many people using technologyor engaged in business assume that
others are taking care of these things.
At Nopal Cyber, we have Come to seethat a lot of the complexity causes
(01:36):
organizations and business executivesto put it into the IT bucket.
So our business goal is to democratizecybersecurity, make it more
accessible, bring it forward in the.
Consciousness of business leadersand work with I. T. Professionals to
give them more support and resourcesto make them more successful.
We serve multiple industries, butwe have many decades of experience
(01:59):
in legal and a few other sectors.
What we've observed isthat the battle continues.
It's getting more severe.
And the value we bring iswe are tech stack neutral.
We work with the technology that.
Organizations have already invested,and in some cases heavily, some of those
technology platforms come with the toolsthey've already bought Microsoft or.
(02:23):
AWS and so forth.
The average is about 30 different cyberrelated protection tools that they use.
These organizations will findthat they may have thousands of
alerts and alarms going off daily.
And they're faced with a kind ofneedle in the haystack challenge.
How do they identify the most critical?
How do they resolve those issues?
(02:43):
And how do they get in front of them sothat they don't happen before the fact?
And there's an enormous pressure onIT, especially in the United States.
At Noble Cyber, we bring both theexpertise of the particular industries
these companies are in, like legal, butwe have the resources to work with all the
different technologies they're using andsupplement and strengthen their posture.
(03:04):
Which assets are most criticalfor law firms to protect?
Absolutely.
Everything we begin by helpingindividuals be more savvy, protect
their interaction with the technology,things like passwords and so forth.
But a lot of the bad actors are alsoattacking their website applications
or platforms, and they do this inorder to get at something valuable.
(03:26):
There are two places of truth inbusiness, the accounting systems
and the contracts they're managing.
These are formally places oftruth and legal practitioners have
their hands on one half of that.
And the bad guys know this.
So they see legal activity as a place.
to attack.
And we've observed midsize lawfirms do not have a sufficient
(03:49):
degree of protections.
Aside from being attacked,insurers that they have know this.
And the cost of cyber insurance,especially in legal, is very high.
And the coverage is actually reducing.
And so you're paying more for less.
And part of the Nopal Cyber value add iswe can strengthen the posture of these
companies and that can have an immediate.
(04:10):
Beneficial impact on reducing cyberinsurance costs and giving better
protections from those insurers.
The other phenomena that iscritical here are the regulators.
Even if an individual company isthemselves not heavily regulated
by say, the SEC, the customersthat they're working with.
May be regulated and we've seen in thepast six months and increasing exposure
(04:34):
mandated by the SEC to do a better job.
They have duty now to report if they haveconcerns and what we find in the legal
space is because lawyers are working withother firms, they are part of a community
of activity against a particular matteror just creating contracts, which may have
participants who are heavily regulated.
(04:54):
Of course, the insurancecompanies knowing this.
Increase the exposure becausethe regulators are mandating the
protections that the insurancecompany is going to cover.
So there's a network ofinterlocking dependencies.
We at Noble Cyber feel we can helpenormously in strengthening the
postures of these companies in orderto gain a better cost structure from
(05:16):
their insurers and of course be moreappropriately connected to the regulators.
What mistakes are law firm leaders makingwith their cybersecurity protocols?
They're taking it for granted.
These are good professional people,they have expertise in their area,
and they reasonably assume that IThave this in hand, and the fact of the
(05:37):
matter is that IT are under tremendouspressure, the bad guys are constantly
Changing their strategies and tactics.
And we don't really want to usethe sort of battle or war metaphor,
but there is a sense of that.
And we often see that generalcounsel and legal practitioners
don't offer their help enough.
(05:58):
They can be taking a leadershipposition and turn to IT on a regular
basis and say, how can we help?
How can I prioritize the exposuresagainst the particular tools I'm using?
How can I tell you more about mybusiness activity that would give you.
In I. T. And your chief securityofficers better visibility to
what's important to the business.
(06:18):
And we've seen that leadershipgives a sense of the prioritization
with budgets and the costs and alsoawareness of the regulatory exposures.
How often should law firms test andupdate their cyber security procedures?
Definitely not once a year.
Companies will do an annualpen test on their platforms
or some of their applications.
That's not really good enough.
(06:38):
We've seen organizations increasethis to quarterly, to monthly.
Our position is that all thesethings should be inspected 24 7.
The bad guys aren't waiting onan annual basis to do something.
So the exposures are permanent.
They're full time.
Legal professionals can play a very Ahelpful role in drawing attention to
(06:59):
it and making sure that they're up todate, they're trained, that they follow
the protocols for even simple thingslike changing passwords and so forth.
It is extraordinary how peopletake these things for granted and
everybody assumes the other guy isgoing to get hit and that's just
simply not what happens clearly.
It's like any good business practice.
The IT folks are.
(07:20):
In alliance with the rest of theorganization, they're supporting and
if leadership acknowledge that and givesupport to the individual security teams,
then everyone benefits that noble cyber.
We offer complimentary servicesto those organizations.
We can actually run the entire security.
Environment for an organization, orwe can compliment and supplement the
(07:42):
various teams that they have in place.
We see this as a kind of offensivesecurity position so that you
can get in front of issues beforethey happen, because we see a
lot more than an individual firm.
Might see, we can play a very criticalrole in giving a heads up to the
things they might not be aware offrom an offensive security posture.
(08:02):
And then we can be the helpneeded to actually do the defense.
Some organizations are not quitesure where they sit and we give
them a good sense of their position.
We do something called anattack surface discovery, which
will produce an outside in.
Analysis without any privileged accessto actually see what an organization
looks like as if a hacker werecoming in, we can share that result.
(08:25):
And then when we do engage, we offer ameans to leverage the tools they already
have, but we render all the alarmsgoing off into a single pane of glass.
With our reporting tools, our Nopal 360,we can make this available on people's
desktop and also on their mobile phone.
And that is the best practice, toalways have these protections in
(08:46):
place, have an awareness of wherethe attacks might be coming from,
and act quickly and effectively.
Legal, who have a larger view oftheir individual personal liability
as lawyers, but also the exposure ofthe company from a risk management
perspective, can be enormously helpful.
allies in this overallstrengthening of the posture.
(09:08):
How should legal organizations leverageartificial intelligence and machine
learning to enhance their cyber security?
Virtually every law firm, every legalpractitioner on the planet is today aware
of the benefits of various AI tools.
I've been in this spacerelatively early at IBM.
I was engaged, uh, in legalwith Watson over a decade ago.
(09:29):
And I've seen wonderful benefitsemerge from leveraging AI and
the pace of that is increasing.
But it also, raises some risks.
The bad guys are using AI to do hackingand render various cyber exposures.
But also the use of AI often involvesbringing in data from large language
(09:50):
models, for example, or using thirdparty tools and putting in privileged
content into the third party tool,which itself may not be fully secure.
Because lawyers and legalpractitioners Played such an incredibly
important role in an organization.
They're now actually raising the risks tosome degree, but in the use of AI, because
(10:11):
these are often federated systems, they'reoften using tools and data sources from
outside to get a business result, but thatopens a door potentially to further risk.
So part of the activityhere at Nopal Cyber is to.
Strengthen that posture and giveconfidence to legal practitioners
so they can render the, the benefitsof these, these new tools, but do
(10:34):
so in the confidence that they'renot creating additional exposures.
Our position is engage in thesenew innovative things, do so with
gusto and enthusiasm, get thebenefits, but have a very clear
eye on the cybersecurity realities.
How does a focus on cybersecurityhelp law firms drive innovation?
It will allow them to be more experimentaland try different approaches, and
(10:59):
they really should see cybersecurityexposure as a critical part of
the participation in innovation.
Cybersecurity is a critical elementto ensure that you're ready to
take on board new innovation.
How do you see cybersecurity evolving?
It's constantly changing every day,every hour, and trying to do all
(11:23):
this yourself is really a challenge.
The bad guys recognize that midsize firmsdon't have the resources to do this.
Well, our Business value prop is to helpthose organizations get to a stronger
posture in a way that is cost effective,and they would be typically unlikely
to be able to do themselves, and theyshould focus on their own business.
(11:46):
They should focus on whatthey're best at doing.
Another critical pieceof that is when they are.
engaging with their clients.
It's a good best practice to begina discussion with their clients
by saying everything they're goingto do for that client has cyber
security awareness baked into it.
Legal practitioners don't know muchabout cyber security and they don't bring
(12:09):
this up, but if they are more aware andthey bring it up in their engagements
to their clients, We've seen that itreally does improve the engagement.
It's another place of trust, andthe legal community trades in trust.
That's fundamental to that practice.
We see ourselves as helping organizationsbe better with their customers.
(12:31):
And then, especially to acquirenew customers, but even with their
existing portfolio of customers,some of whom they've worked
with for, you know, decades.
We've seen an engagement model wherethey go back to their customers and bring
forward the cybersecurity realities ina way that they haven't in the past.
It really goes down very well.
It's part of a larger customer carejourney and it's very powerful.
(12:53):
This is Ari Kaplan speaking with EdwardChick, the chief revenue officer at Nopal
Cyber, a managed security service providerthat offers outsourced cybersecurity
support, seeking to democratize.
Enterprise level security for law firmsand organizations and other sectors.
Edward, thanks so very much.
Thank you.
Thank you for listening to thereinventing professionals podcast
(13:17):
Visit reinventingprofessionals.
com or recaplandadvisors.
com to learn more
Welcome to Reinventing Professionals,a podcast hosted by industry analyst
Ari Kaplan, which shares ideas,guidance, and perspectives from market
leaders shaping the next generationof legal and professional services.
This is Ari Kaplan and I'mspeaking today with Edward Chick.
The Chief Revenue Officer at Nopal Cyber,a managed security service provider
(00:25):
that offers outsourced cybersecuritysupport, seeking to democratize
enterprise level security for law firmsand organizations in other sectors.
Hi, Edward.
How are you?
I'm well.
Hi, Ari.
Thank you for thisopportunity to chat today.
It's my privilege and I'm lookingforward to the conversation.
Tell us about your backgroundand your role at Nopal Cyber.
I have been in, uh, high techsoftware and services for decades.
(00:50):
I've worked with, uh,SAP, IBM, and Oracle.
I've also worked with smallercompanies, some startups, and
had some success taking them to alarger position in the marketplace.
I'm passionate about helpingcustomers with technology and
services get to a better place.
How is Nopal Cyber's approachto identifying and prioritizing
(01:12):
internal and external threats unique?
Cyber security is sometimes not seen as asimportant as it is because it's behind the
scenes and many people using technologyor engaged in business assume that
others are taking care of these things.
At Nopal Cyber, we have Come to seethat a lot of the complexity causes
(01:36):
organizations and business executivesto put it into the IT bucket.
So our business goal is to democratizecybersecurity, make it more
accessible, bring it forward in the.
Consciousness of business leadersand work with I. T. Professionals to
give them more support and resourcesto make them more successful.
We serve multiple industries, butwe have many decades of experience
(01:59):
in legal and a few other sectors.
What we've observed isthat the battle continues.
It's getting more severe.
And the value we bring iswe are tech stack neutral.
We work with the technology that.
Organizations have already invested,and in some cases heavily, some of those
technology platforms come with the toolsthey've already bought Microsoft or.
(02:23):
AWS and so forth.
The average is about 30 different cyberrelated protection tools that they use.
These organizations will findthat they may have thousands of
alerts and alarms going off daily.
And they're faced with a kind ofneedle in the haystack challenge.
How do they identify the most critical?
How do they resolve those issues?
(02:43):
And how do they get in front of them sothat they don't happen before the fact?
And there's an enormous pressure onIT, especially in the United States.
At Noble Cyber, we bring both theexpertise of the particular industries
these companies are in, like legal, butwe have the resources to work with all the
different technologies they're using andsupplement and strengthen their posture.
(03:04):
Which assets are most criticalfor law firms to protect?
Absolutely.
Everything we begin by helpingindividuals be more savvy, protect
their interaction with the technology,things like passwords and so forth.
But a lot of the bad actors are alsoattacking their website applications
or platforms, and they do this inorder to get at something valuable.
(03:26):
There are two places of truth inbusiness, the accounting systems
and the contracts they're managing.
These are formally places oftruth and legal practitioners have
their hands on one half of that.
And the bad guys know this.
So they see legal activity as a place.
to attack.
And we've observed midsize lawfirms do not have a sufficient
(03:49):
degree of protections.
Aside from being attacked,insurers that they have know this.
And the cost of cyber insurance,especially in legal, is very high.
And the coverage is actually reducing.
And so you're paying more for less.
And part of the Nopal Cyber value add iswe can strengthen the posture of these
companies and that can have an immediate.
(04:10):
Beneficial impact on reducing cyberinsurance costs and giving better
protections from those insurers.
The other phenomena that iscritical here are the regulators.
Even if an individual company isthemselves not heavily regulated
by say, the SEC, the customersthat they're working with.
May be regulated and we've seen in thepast six months and increasing exposure
(04:34):
mandated by the SEC to do a better job.
They have duty now to report if they haveconcerns and what we find in the legal
space is because lawyers are working withother firms, they are part of a community
of activity against a particular matteror just creating contracts, which may have
participants who are heavily regulated.
(04:54):
Of course, the insurancecompanies knowing this.
Increase the exposure becausethe regulators are mandating the
protections that the insurancecompany is going to cover.
So there's a network ofinterlocking dependencies.
We at Noble Cyber feel we can helpenormously in strengthening the
postures of these companies in orderto gain a better cost structure from
(05:16):
their insurers and of course be moreappropriately connected to the regulators.
What mistakes are law firm leaders makingwith their cybersecurity protocols?
They're taking it for granted.
These are good professional people,they have expertise in their area,
and they reasonably assume that IThave this in hand, and the fact of the
(05:37):
matter is that IT are under tremendouspressure, the bad guys are constantly
Changing their strategies and tactics.
And we don't really want to usethe sort of battle or war metaphor,
but there is a sense of that.
And we often see that generalcounsel and legal practitioners
don't offer their help enough.
(05:58):
They can be taking a leadershipposition and turn to IT on a regular
basis and say, how can we help?
How can I prioritize the exposuresagainst the particular tools I'm using?
How can I tell you more about mybusiness activity that would give you.
In I. T. And your chief securityofficers better visibility to
what's important to the business.
(06:18):
And we've seen that leadershipgives a sense of the prioritization
with budgets and the costs and alsoawareness of the regulatory exposures.
How often should law firms test andupdate their cyber security procedures?
Definitely not once a year.
Companies will do an annualpen test on their platforms
or some of their applications.
That's not really good enough.
(06:38):
We've seen organizations increasethis to quarterly, to monthly.
Our position is that all thesethings should be inspected 24 7.
The bad guys aren't waiting onan annual basis to do something.
So the exposures are permanent.
They're full time.
Legal professionals can play a very Ahelpful role in drawing attention to
(06:59):
it and making sure that they're up todate, they're trained, that they follow
the protocols for even simple thingslike changing passwords and so forth.
It is extraordinary how peopletake these things for granted and
everybody assumes the other guy isgoing to get hit and that's just
simply not what happens clearly.
It's like any good business practice.
The IT folks are.
(07:20):
In alliance with the rest of theorganization, they're supporting and
if leadership acknowledge that and givesupport to the individual security teams,
then everyone benefits that noble cyber.
We offer complimentary servicesto those organizations.
We can actually run the entire security.
Environment for an organization, orwe can compliment and supplement the
(07:42):
various teams that they have in place.
We see this as a kind of offensivesecurity position so that you
can get in front of issues beforethey happen, because we see a
lot more than an individual firm.
Might see, we can play a very criticalrole in giving a heads up to the
things they might not be aware offrom an offensive security posture.
(08:02):
And then we can be the helpneeded to actually do the defense.
Some organizations are not quitesure where they sit and we give
them a good sense of their position.
We do something called anattack surface discovery, which
will produce an outside in.
Analysis without any privileged accessto actually see what an organization
looks like as if a hacker werecoming in, we can share that result.
(08:25):
And then when we do engage, we offer ameans to leverage the tools they already
have, but we render all the alarmsgoing off into a single pane of glass.
With our reporting tools, our Nopal 360,we can make this available on people's
desktop and also on their mobile phone.
And that is the best practice, toalways have these protections in
(08:46):
place, have an awareness of wherethe attacks might be coming from,
and act quickly and effectively.
Legal, who have a larger view oftheir individual personal liability
as lawyers, but also the exposure ofthe company from a risk management
perspective, can be enormously helpful.
allies in this overallstrengthening of the posture.
(09:08):
How should legal organizations leverageartificial intelligence and machine
learning to enhance their cyber security?
Virtually every law firm, every legalpractitioner on the planet is today aware
of the benefits of various AI tools.
I've been in this spacerelatively early at IBM.
I was engaged, uh, in legalwith Watson over a decade ago.
(09:29):
And I've seen wonderful benefitsemerge from leveraging AI and
the pace of that is increasing.
But it also, raises some risks.
The bad guys are using AI to do hackingand render various cyber exposures.
But also the use of AI often involvesbringing in data from large language
(09:50):
models, for example, or using thirdparty tools and putting in privileged
content into the third party tool,which itself may not be fully secure.
Because lawyers and legalpractitioners Played such an incredibly
important role in an organization.
They're now actually raising the risks tosome degree, but in the use of AI, because
(10:11):
these are often federated systems, they'reoften using tools and data sources from
outside to get a business result, but thatopens a door potentially to further risk.
So part of the activityhere at Nopal Cyber is to.
Strengthen that posture and giveconfidence to legal practitioners
so they can render the, the benefitsof these, these new tools, but do
(10:34):
so in the confidence that they'renot creating additional exposures.
Our position is engage in thesenew innovative things, do so with
gusto and enthusiasm, get thebenefits, but have a very clear
eye on the cybersecurity realities.
How does a focus on cybersecurityhelp law firms drive innovation?
It will allow them to be more experimentaland try different approaches, and
(10:59):
they really should see cybersecurityexposure as a critical part of
the participation in innovation.
Cybersecurity is a critical elementto ensure that you're ready to
take on board new innovation.
How do you see cybersecurity evolving?
It's constantly changing every day,every hour, and trying to do all
(11:23):
this yourself is really a challenge.
The bad guys recognize that midsize firmsdon't have the resources to do this.
Well, our Business value prop is to helpthose organizations get to a stronger
posture in a way that is cost effective,and they would be typically unlikely
to be able to do themselves, and theyshould focus on their own business.
(11:46):
They should focus on whatthey're best at doing.
Another critical pieceof that is when they are.
engaging with their clients.
It's a good best practice to begina discussion with their clients
by saying everything they're goingto do for that client has cyber
security awareness baked into it.
Legal practitioners don't know muchabout cyber security and they don't bring
(12:09):
this up, but if they are more aware andthey bring it up in their engagements
to their clients, We've seen that itreally does improve the engagement.
It's another place of trust, andthe legal community trades in trust.
That's fundamental to that practice.
We see ourselves as helping organizationsbe better with their customers.
(12:31):
And then, especially to acquirenew customers, but even with their
existing portfolio of customers,some of whom they've worked
with for, you know, decades.
We've seen an engagement model wherethey go back to their customers and bring
forward the cybersecurity realities ina way that they haven't in the past.
It really goes down very well.
It's part of a larger customer carejourney and it's very powerful.
(12:53):
This is Ari Kaplan speaking with EdwardChick, the chief revenue officer at Nopal
Cyber, a managed security service providerthat offers outsourced cybersecurity
support, seeking to democratize.
Enterprise level security for law firmsand organizations and other sectors.
Edward, thanks so very much.
Thank you.
Thank you for listening to thereinventing professionals podcast
(13:17):
Visit reinventingprofessionals.
com or recaplandadvisors.
com to learn more
Popular Podcasts
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Therapy Gecko
An unlicensed lizard psychologist travels the universe talking to strangers about absolutely nothing. TO CALL THE GECKO: follow me on https://www.twitch.tv/lyleforever to get a notification for when I am taking calls. I am usually live Mondays, Wednesdays, and Fridays but lately a lot of other times too. I am a gecko.