5 Questions with David Norris: CompTIA ANZ Cybersecurity Leadership Award Winner

A single cyberattack can be disastrous for an organization. Each day, 2,200 cyberattacks, or about one attack every 39 seconds, takes place. Many cybercriminals are experts at using advanced technology to cause maximum damage per attack. Cybersecurity leaders like CompTIA industry trainer David Norris, managing director, Nortec IT, are pivotal in preventing and mitigating cybercrime by helping both individuals and businesses leverage technology for better security.

The newly appointed chair of the CompTIA ANZ Community’s executive council, Norris has extensive experience working in cybersecurity. In the past he was a technical project team leader and programmer at Westpac and IBM. In 1992 he founded Nortec IT, a Sydney-based organisation that delivers peace of mind to small and medium-sized businesses through cyber threat defense.

Norris is passionate about bringing awareness to cybersecurity issues. One way he does this is by providing a weekly technology column for the Western Sydney Publishing Group. He also raises awareness around cybersecurity as a senior member and certified professional of the Australian Computer Society, as well as chair of the CompTIA ANZ Community’s MSP committee.

The Cybersecurity Leadership Spotlight Award is given to individuals who exhibit exceptional engagement and leadership in providing cybersecurity expertise and advancing cybersecurity resilience within the technology industry. Norris, winner of the 2023 award, outlines practical ways tech businesses and MSPs can improve cybersecurity, highlights pressing cybersecurity issues and explains what CompTIA can offer the MSP community. Read on to learn more.

What Are You Most Proud of in Your Career and What Helped You Get to Where You Are Now?

I have been in business for over 30 years. During this time, I have continued reinventing the company as technologies change. The thing I am most proud of is the number of juniors whose careers we have launched. Some have stayed with me for 20 years, while some have only a few years, but every one of them has established a successful career in technology.

In high school, my electronics teacher brought in a Sinclair ZX80. At the time, I was in year 10, and I was absolutely hooked. My teacher picked up on this, and his encouragement led me to a long career in technology. After working for a few larger companies as a programmer, I opened a computer retail store.

It was during this period that a local real estate agent approached me and asked if he could have a set monthly fee for IT support as he couldn’t budget the ad-hoc billing. Without knowing it, I became an MSP well before the term became common.

The subsequent, most significant impact on the business was joining a peer group; back then, it was HTG. Interacting with so many entrepreneurial business owners and listening to their stories was like getting hit by lightning. I now had other people to run ideas and concerns by. I encourage anyone to get involved in a peer group community.

I recently reinvented the business as a cybersecurity business. I am passionate about cybersecurity and informing anyone who will listen about cybersecurity resilience and risks around being insured correctly for a cyberattack. Getting recognized by my peers by awarding me the ANZ Cybersecurity Leadership Award is a fantastic honor. I am immensely proud. Also, recognizing my business by awarding it the Solution Provider Spotlight Award for leadership and innovation was an unexpected surprise.

Over the years, many people have challenged my ideas and mentored me. These people have come from vendors, distribution and peers. I owe them all a huge debt of gratitude. One of my peers challenged me to do a master’s of cybersecurity with him. One of the best decisions I ever made.

What Advice Do You Have for MSPs and Other Tech Businesses to Be More Successful in Cybersecurity?

I learned the hard way how critical cybersecurity is. One of our vendors was hit by a supply chain attack, which heavily impacted us. We thought we were well protected and locked down—until we weren’t. We also learned the hard way the loopholes and tricks insurance companies use not to honor the policies. It was a stressful and challenging time that I would not wish on anyone.

MSPs hold the keys to the kingdom of all their clients and are more and more often being targeted. MSPs need to ensure that their security stack is locked down. We learned a lot of lessons, and while it is difficult to protect yourself against supply chain attacks, there are processes and procedures you can put in place. Once you have your own company locked down, use these same tools for your clients.

Insurance is another aspect. Cyber insurance policies only cover your recovery, not your clients. Your clients need to have their own cyber insurance. Insurance companies do not understand our business. If there is anything in the policy that needs to be clarified, you need to challenge it before signing. In my situation, they read every page of my website and pulled out sentences they used to deny coverage, whether relevant or not.

Why Is Volunteering With CompTIA Important to You and What Goals Do You Have in Your Role?

Over my career, I have been mentored and interacted with a fantastic group of people. They have come from all areas of the channel. They have guided me, helped me grow the business and held me accountable. After 30+ years of experience in this industry, it is important to me to pay it forward and help mentor and guide the next generation.

Being part of CompTIA allows me to do this. For the last two years, I have been on the ANZ Executive Council. For the next two years, I am honored to have been asked to be its chair. I am also the chair of the ANZ MSP Committee, as well as a CompTIA industry trainer.

In Australia, CompTIA membership is skewed towards vendors and distributors. This is different to the other regions. My goal over the next couple of years is to raise awareness of the benefits of being a CompTIA member to the MSP market. There is so much CompTIA can offer MSPs, and with additional programs being introduced over the next year, I will work with the rest of the ANZ Committee and CompTIA to get the message out to MSPs.

What Cybersecurity Challenges/Trends Do You Want to Raise More Attention/Awareness for in Your ANZ Community Role?

A vendor in Australia commented that most of its MSPs have less than four staff members. At that size, it would be challenging for them to get up to speed on the importance of cybersecurity. Many MSPs in Australia are unprepared for what's involved in bringing their clients on a cybersecurity journey.

The most important thing is to get their own business secure, as they literally hold the keys for hackers to get into their clients. As an industry, we are heavily targeted. Why go after a single company when hackers can target the MSP industry and get access to thousands of companies? MSPs must look internally, identify risks and determine how best to protect themselves. Once their house is in order, they must look at their clients and implement the same protections.

I will continue to pass on lessons learnt through experience. Whether we do or not, our clients believe we have their cybersecurity covered. We need to be transparent with our clients about the risks around cyber resilience.

How Are You Working With CompTIA to Address Those Issues and Promote More Awareness?

I will work over the next couple of years to increase the awareness of CompTIA with MSPs, hopefully driving up membership. CompTIA can offer MSPs a range of benefits, including community interaction, marketing, sales, technical and industry papers and the CompTIA ISAO, to name a few. The CompTIA ISAO alone provides MSPs with a platform to gain information about best practices and recovery from cyber incidents.

Another program I plan to promote is the CompTIA Cybersecurity Trustmark. This is another initiative launching in Australia. My company is currently working through the process. Once complete, I plan to promote and assist other companies in gaining this Trustmark. It is a way to educate and ensure the MSP industry is across cybersecurity by ensuring they meet security criteria.