At the quiet offices of Enterprise Risk Management, a cyber security firm based in Coral Gables, paranoia is a driving force.
ERM is a small, expert group of information security and risk assessment consultants that is constantly guarding against people who are out to steal information or money and penetrate computer systems at financial institutions, government agencies, hospitals, universities and other enterprises.
“Hackers aren’t just kids playing from their homes,” said Silka González, a CPA and computer expert who is founder and president of ERM. “They are professionals hired by criminal organizations and by governments. I’m paranoid … We’re at the tip of the cybercrime iceberg,” said González, who has worked in IT security and auditing for more than 20 years at companies such as PricewaterhouseCoopers, Diageo PLC and the American Bankers Insurance Group (now known as Assurant Solutions).
She pointed to constant news stories about hackers — often based in Russia, China and North Korea — who penetrate United States government agencies, conduct widespread industrial espionage and sometimes steal information on millions of credit card holders. Other types of security breaches — like employees stealing USB drives containing confidential information, lax procedures for handling customer account inquiries at banks or failure to comply with complex federal regulations — can mean big financial losses for a company.
“Some companies don’t even realize they’ve been hacked until we investigate,” said González, who also is an assistant professor at Florida International University, where she teaches a graduate level IT audit course. “And some are ashamed to admit that they have.”
ERM, founded in 1998, provides a range of services designed to identify, prevent and control cybercrime and breaches in security. The firm provides computer network and wireless penetration tests (ethical hacking), emergency responses to hacker attacks, digital forensics to find out how and why an information security breach occurred, risk assessment, cloud security and auditing of IT systems.
The ERM founder, who grew up on a coffee plantation in Puerto Rico, was interested in business even as a child. “At eight, I was an entrepreneur, growing vegetables on a little plot at home and selling them at the public market,” she said. González bought and repaired bicycles and raised three cows, which she later sold, to earn money. All this was to get enough money for a motorbike when she was around 12.
After earning bachelor’s and master’s degrees in computer information systems, González worked in IT security and auditing jobs at three large companies. Recognizing the importance of IT security, she decided to start her own company in Miami. “I got fed up with corporate life, took the $40,000 in my 401(k) account and started working alone from home,” she said. González called some of her former clients and started out with contracts from Bacardi-Martini, FPL and Banco Internacional de Costa Rica.
The bilingual ERM president used her limited capital to develop a brochure for her fledgling company, start a Website and hire her first employee in 1999, a year after the company was set up.