Steven Sciavolino on Cybersecurity Fundamentals

Critical Stats

LinkedIn: Check out his profile!

Started their cybersecurity journey in: 1995

Most passionate about (in cybersecurity): The consistent application of the fundamentals.

Favorite zero-day: CVE-2020-0601 (CurveBall)

Favorite song: Lady in Red by Chris de Burgh

Introduction

Steven Sciavolino is a seasoned cybersecurity leader and former FBI Special Agent with over two decades of experience protecting enterprises and government systems from sophisticated cyber threats. His career spans cyber operations leadership, software development management, and international security partnerships. Before joining the FBI, Steven built deep technical expertise in the telecom sector, working on FPGA/ASIC design and verification, switches, routers, and system integration, a foundation that gives him rare insight into both the offensive tactics hackers employ and the defensive engineering required to stop them.

Steven is a mover and shaker!

During his FBI career, Steven demonstrated exceptional operational leadership, managing up to five investigative divisions simultaneously and leading multi-agency cyber investigations with teams of up to 37 personnel. He forged critical development partnerships with IT organizations from overseas governments, extending his impact well beyond U.S. borders. For five years, he drove cybersecurity engagements across the healthcare sector, working with hospitals, insurance companies, medical device manufacturers, and research universities to strengthen security for the devices and systems patients depend on. When the COVID-19 pandemic emerged, Steven stepped up to lead FBI Cyber's engagements protecting vaccine development efforts. Beyond his professional accomplishments, he serves his community as a Volunteer EMT and instructor, embodying the protector mindset that defines his career.

Without further ado, we asked Steven our standard set of 5 questions to rule them all, and here are his responses:

Five questions to rule them all!

1. What is the biggest problem we are dealing with in cybersecurity?

The biggest cybersecurity challenge facing society and the business community is the constant and expanding attack surface created by anything connected to the Internet. State-sponsored actors target critical infrastructure, criminal groups deploy ransomware against organizations, and even individual households face attacks through vulnerable IoT devices. These threats can lead to network compromise, service disruption, and the exposure of sensitive credentials, including financial information. The scale and interconnectedness of modern technology make these attacks both pervasive and difficult to fully defend against.

2. How can we defend against an expanding attack surface?

We can address this challenge by consistently prioritizing fundamental cybersecurity principles across households, businesses, and critical infrastructure. This includes:

• Using strong password practices supported by password vaults

• Enabling multi-factor authentication

• Applying automatic patching

• Prioritizing updates for sensitive systems such as medical devices and operational technology

• Maintaining offline and off-site backups

• Enforcing least-privileged access

• Using VPNs and antivirus software further reduces risk.

Equally important is training family members and employees to be skeptical of texts and emails and to recognize phishing attempts as a primary attack vector.

3. What are three actions a CEO can take to protect their company from cyberattacks?

A CEO can protect their company by

1. Appropriately prioritizing the cybersecurity budget to ensure risks are fully addressed. Transform your security budget from a cost center into a surgical risk-mitigation machine.

2. Hiring and retaining qualified security staff, providing ongoing training, and investing in modern technologies that automate core functions such as network monitoring, vulnerability scanning, and patching.

3. Leveraging advanced tools, including artificial intelligence and machine learning, to improve threat detection and response speed, reducing the likelihood and impact of successful cyberattacks.

4. What are some of the best resources for learning more about cybersecurity?

My top three resources for learning about cybersecurity are:

1. Major software companies like Microsoft and Apple: Fun fact, their security updates often signal newly discovered vulnerabilities that attackers quickly attempt to exploit.

2. Government agencies like CISA, the FBI, and the NSA: They offer timely and critical resources via regularly published, actionable cybersecurity public service announcements.

3. Professional organizations such as Information Sharing and Analysis Centers (ISACs): They provide invaluable threat intelligence and collaboration opportunities for both critical infrastructure sectors and individual companies.

5. What is one piece of advice for those wanting to pursue a cybersecurity career?

One key piece of advice for anyone pursuing a cybersecurity career is to build a strong foundation in the fundamentals of computer systems, networking, and malware. Understanding how systems operate, how networks communicate, and how threats function provides the baseline knowledge needed to analyze and defend against attacks. Because cybersecurity is constantly evolving, mastering these core concepts makes it much easier to adapt, specialize, and grow as new technologies and threats emerge.

To infinity and beyond! And once we arrive, we should share this epic interview with everyone there!