Interview with Aaron Birnbaum
Founder & CSO @ Seron Security, LLC

Mr. Birnbaum has nearly 30 years of consumer and business sales, partnership, and marketing experience. He has worked with companies of all sizes – from Fortune 500 to startups and has extensive experience with a number of different industries. Mr. Birnbaum has the unique ability to initiate ‘win-win’ discussions, explain clearly and concisely how technology works in a granular ‘easy to understand’ level, and to work successfully with many diverse types of people. As Founder and Principal of CITM, Mr. Birnbaum helped a variety of small to midsize companies by developing business plans, marketing strategies, sales programs, and recommending new technologies. He has worked across a broad spectrum of industries and has personal relationships with many Fortune 500 companies including AOL/Time Warner, Amtrak, MCI/WorldCom/Verizon, Burger King, Citicorp, Coors Brewing Company, Hill & Knowlton, P&G, Coca-Cola, Bank of America, Weiden+Kennedy, Puma, and Nike. Mr. Birnbaum received his MBA from the University of Denver, and his BA in Communications from the SUNY College at Oswego. He has been an advisor and investor in several start-up companies across industries. Check out Seron Security here here.
Hi Aaron! Could you please introduce Seron Security and what led to your founding the company back in 2015?
Hi, I'm Aaron Birnbaum - I'm the founder of Seron Security, we're a cyber cybersecurity company based just outside Concord New Hampshire, about an hour north of Boston. The company was founded because a prior company I was at, actually, had been attacked, and luckily we were compliant with regulations so we didn't suffer any significant damages, beyond having the site vandalized. However, a company that I had started 10 years prior to that, and it really affected me - I was very upset, and I took it personally, and I really want to find out what had happened, why it had happened and obviously, make sure it didn't happen again. And I really dove into learning all about the way that these things happen, who does them, why they do them and the ways to prevent them. It kind of, not became an obsession, but it became a very big priority in my life. Years later, when I found myself in a different position, I needed to do something and I had been doing this for such a long time and been helping people out, that I thought it was just a natural progression. Started looking at smaller businesses, because they're the ones that are most likely to be targeted and trying to build a program to help them that wouldn't cost them a lot, but would still allow me and my company to make a decent living. And here we are, four years later - four and a half years later, and I love what I'm doing, it's a lot of fun and there's a tremendous, tremendous need for it. And the best thing I can say is: you could put a million dollars of hardware and software to protect your network, but the minute that Bob thinks he won World Series tickets, he's clicking the link and everything's for nothing. Thank you very much.
How did you build up your service offering and client portfolio when you first founded the company? Who were some of your first clients?
When I first started doing Seron Security full time and putting everything into it, a lot of what I did was continuing the things that I had done prior, which is: researching a lot, learning a lot about new problems, new threats, new vulnerabilities, but also new technologies that were continuing to come out to address these needs. And that's something that's an ongoing process. It's always learning, always talking about new things and meeting people, networking with people and talking about successes or failures. I've found the cyber security community to be very supportive of everyone, for the most part - that's the good guy. And when we first started, we looked at all of the different things that we thought a small business would need: anti-virus, anti-malware, software updating patching - a number of things. And so as we've gone on, we've listened to what people have said, and listened to what the community said as to what is important - and those are the kinds of things that we like to offer our clients: PCI compliance, for people to take payments and credit cards; security awareness training, to train people, because it's a very cost-effective way to to build a presence, to prevent any kind of malware infecting your system. Some of my first clients - one was actually my wife's hairdresser. She was getting a haircut, and the hairdresser asked her about what she was doing, and what I was doing, and she mentioned that I had started doing this and she said, "wow, I really I need someone." So there's definitely a need, it's just finding the right people.
What are some of the ways the security industry has changed, improved, or shifted since you first founded Seron Security?
Every industry is going to go through changes, as technologies improve or increase, or adoption of technologies increases across the world. A lot of people have become more vulnerable to security issues, but the other side of that is there have been a lot more high-profile, noticeable, damaging cyber attacks: Anthem Insurance, Equifax, Target, Home Depot - I could go on for days. In one aspect it's a very bad thing - obviously, for those companies and people involved - but on the other hand it's, in a twisted way, it's kind of a good thing. And not just for me, because it brings me more customers, but because people hear about it, and they think about it, and they're more aware of it, and they kind of stop and say, "Hey wait, maybe I need to take a look at what I'm doing. Maybe I need to protect my family, my business, my computer, my files - " whatever the situation may be. And in that aspect, I think it's a positive thing, if you could turn a positive from a negative that would be it. The other thing is that the security industry, it's become bigger. And by that I mean hundreds and hundreds and hundreds of different companies, not just consultants but hardware manufacturers, software manufacturers, and it's really become a very large industry, which also has its pros and cons. That's probably the two biggest changes I can think of.
What are some of the unexpected challenges that go along with running a security company?
Like any startup, it still - I would say it's still a startup in the early stages - they're the same kind of problems that I imagine a lot of different businesses have: acquiring clients, which actually is probably the most significant to me because I know a lot about this stuff, and I know that it's a serious problem, and I know that it could put you out of business in two minutes, but a lot of people don't seem to grasp that. And whether they just don't know, or they don't care, or they don't make it a priority, or they they don't think it will happen to them - the biggest challenge for me is really persuading people that: A) I'm trying to help them, and B) this is something they really need to do. A lot of businesses that I speak with ask, "Do you have general liability insurance?" And they say, "Of course we do, we're not silly." I say, "But you don't have any kind of cyber security insurance, any kind of plan. What you're gonna do if you get breached? How do you protect you, train your people?" There's a number of things that I think are very important, that they apparently either don't think are that important, or don't think that the value was there in what my company, or any other company in cybersecurity, provides. And again there's always a regular challenges of trying to find good people, keeping your customers happy, paying your bills, and trying to find time for your friends, your family and yourself. But yeah that's probably the biggest one.
What's next for your work with Seron Security? What are the main clients, partnerships and technologies you'll be focusing on throughout 2019?
It's interesting, there's a lot of new technologies that are coming out, there's a lot of different ways to protect organizations, to hopefully prevent attacks from getting any farther than the first line of defense. There's a lot of really interesting, neat things that are out there, but the biggest thing that we want to do - and we've really changed a lot of our business around this - is we really want to train people, because they're really the first line of defense, the last line of defense, and they're really the only ones that can cause some of the situations that we have. Ninety-something percent of incidences were caused by humans. When you think about it, a computer doesn't click a link on an email, or download something, or visit a bad website - it's always a human. And so, in order to be the most effective - and really, to get the most bang for your buck - the best thing that we believe is to train people: is to change the user behavior, such that they don't do these things - these risky behaviors -because they understand, "OK maybe I shouldn't be doing this." Or, "Oh, I should be doing this and I'm not." It really comes down to educating people - I mean, we've been working with some psychologists and some people to better understand why people do things, or don't do things. And we've really kind of come up with -nobody ever taught them how! Nobody ever said, "Hey this is how you should e-mail! This is what you should do when you see this kind of e-mail. These are the things that you should be thinking." So that's really where we're going in 2019 and beyond.