Sebastian Igreti knows something about security.
The entrepreneur left communist Romania in 1988 at age 11 for neighboring Yugoslavia, then crossed Austria clandestinely and walked through a forest to reach West Germany with his mother and older sister.
The family had been persecuted for their Baptist beliefs, obtained political asylum, and in 1990 settled in California with family members who lived there.
“We had an incredible opportunity to be here and it really drove me to want to make something out of this blessing, the opportunity” to live in the U.S., Igreti told the Business Journal.
They Made This
What he made in 2003 with Glendale High School friend and company co-founder Mark Perez was TechMD, essentially “an outsourced IT department” for clients. “That’s our bread-and-butter.”
Igreti is chief executive; Perez is president; each owns half.
TechMD has about 110 clients, averaging 75 or so workers—about the same as TechMD itself—some employing as many as 400. Revenue is at about $10 million a year, growing 15% to 20% annually.
Most of its employees are at company headquarters on Susan Street in Santa Ana, along with outposts in Europe and the Philippines, so it can offer 24/7 service.
It ranked No. 2 among midsized firms on this year’s Business Journal’s Best Places to Work list.
Igreti calls TechMD’s proactive—even aggressive—mode of managed IT, a “Chuck Norris approach” to threats. At a recent company conference with about 60 business leaders the homage to the 1980s action hero and martial artist, now featured in global internet memes, was even the title of one talk.
For a meeting a few months earlier, TechMD brought in an FBI agent to speak with clients, prospects, and staff.
Igreti said companies shouldn’t wait until they have a problem: general defensive measures should be permanently in place to prevent run-of-the-mill attack efforts and cultivate consistent safety and security for data and networks.
“Cybersecurity is very similar to physical security,” he said. “You have to have a layered approach. There’s no one solution that will prevent you from being hacked.”
“The landscape has only gotten worse” in recent years, he told the Business Journal. “We’ve got some level of attempted breach we’re having to fight off or deal with almost on a weekly basis.”
Even simple “user education” could help companies make huge strides.
“This is where a lot of businesses are failing, especially with phishing,” he said, referring to e-mail scam efforts that troll for responses from unsuspecting workers, trying to collect information that shouldn’t be shared. People “aren’t aware of what they need to look for.”
He points to studies showing more than 80% of hacking-related breaches are due to stolen or weak passwords, and two-thirds of small and medium-sized business in the U.S. and United Kingdom were hit by cyberattacks last year.
It’s “low-hanging fruit,” Igreti said. “User education is huge.”
TechMD simulates phishing emails it sends to clients’ employees—a form of friendly hacking known as “white-hat” or “ethical” hacking—“that users shouldn’t fall for.”
If they do click on something in the email they shouldn’t, workers are automatically enrolled in a training program to prevent an actual occurrence.
Other TechMD strategies include looking for aberrant activity on client computer networks, among other work.
“It is incredible how reluctant companies are to invest in cybersecurity until they get hacked,” he said. But “once they do, they find the money in the budget.”