Rob Fitzgerald is the president of The Lorenzi Group LLC, a digital forensics & data security company located in the Greater Boston area.
I would like to begin by asking you about The Lorenzi Group, what does your company do?
The Lorenzi Group is a digital forensics and data security consulting firm. Our digital forensic expertise comes into play when companies must address issues involving lawsuits, sexual harassment claims, blackmailed executives, threatened employees, fraud, theft, etc. The data security portion of our business includes implementing data security solutions, compliance & risk management, education, auditing, etc. We also recently launched an exciting new data monitoring service that identifies potential issues as they are happening, protecting companies and reducing risk. We have been told by industry experts that our monitoring service will change the way businesses manage their data security.
Overall, some of the hottest growth markets for us right now include medical, financial, defense, sales, and other markets that handle confidential information.
How did you get started in business?
Necessity. I was working for a start-up telecom equipment company. After we went public the telecom tech bubble burst and I was eventually laid off. I thought that with the skills I learned in technology and project management, I could advise business executives on how to save money by better managing their technology vendors. Over time the business model changed and we evolved into a digital forensics and data security consulting firm.
In a prior meeting, you mentioned how you came up with the company name The Lorenzi Group. I would love to have you tell that story.
I had been out on my own for a handful of years. We had grown from IT advisors to IT consultants – actually taking on projects and not just managing them. We had jumped into the computer forensics world a few years back and were running into problems. Specifically, my team and family were frequently harassed and sometimes threatened by our clients’ opponents. This was particularly surprising to me as we were only working on civil cases – we hadn’t begun to handle criminal cases!
Anyway, after some consideration, my team and I decided that a name change – to protect ourselves and to create a brand that distinguished our business was a good idea. The first name we came up with, we all liked. It was unique, different, catchy… and after trying to buy the website domain name, it proved to be an existing porn site! So we went back to the drawing board. Eventually, I asked the team if they were ok with naming the company “Lorenzi” after my family in Italy. An Irishman with an Irish family and an adopted Italian family is a long story that I will save for another day!
The team thought anything was better than what we had, so it was a go and we became The Lorenzi Group. As for me, the company name symbolizes my respect for the Lorenzi family.
I am always interested in hearing how someone’s life experiences have impacted their careers. Have you gone through any personal trials and tribulations? If so, any that you can share with us?
When I casually think about my life, it all seems fairly normal… boring even. However, that may not be the case. I lived overseas in Italy for high school, came back home to go to college, worked with high-tech start-ups, lived in the wild ride of the “dot-com” bubble – saw millions in stocks and options come and go during this time. In 2000, I had an accident that severed my right foot – was told I might not walk without a limp ever again. In 2001 the telecom bubble burst, I was laid off and decided to go out on my own. As the economy improved, we built an IT company, web-design firm, and electronic job board company… and then in 2004, computer forensics came along. As we recognized the potential here, we shed the other businesses to focus on computer forensics and data security (they go hand in hand).
In 2009, I contracted a condition known as Trigeminal Neuralgia. The entire left side of my face was in constant pain. It took months before the condition was diagnosed. The solution was brain surgery to repair the damage and protect the area. Unfortunately, it would be another 5 months after the diagnosis before I could have surgery. And then another 8 months of recovery. Between being sick and a weak economy, we almost lost the company.
Today we have brought the company back, added new services, added more people and with our proactive data security solution are working to become a national player in the digital forensics and data security market.
You worked in a family business, tell me about your experiences and how they have shaped your perspectives on business?
Not only did I grow up in a family business, many of my extended family owned family businesses too. I didn’t know it at the time, but my father’s company was in the high-tech space at the time. He owned one of the largest regional cable TV construction companies, building much of the infrastructure throughout New England and other areas.
Work was everywhere. As a young kid, I remember driving around with him for hours inspecting work, assessing projects, meeting with his employees, and fixing equipment. By high school, I was working for him – digging ditches, running cable, fetching coffee… whatever was needed. I had to climb ladders and have been stuck up in an extended bucket truck more than once.
He always had his office at the house so that he could be home at night. But work never stopped. It was always there and became integrated into our life. He would take calls on the weekend, meet with people early in the morning or after dinner, and… well, work and life mixed together was just normal.
My dad knew everyone and knew how to get everywhere. He built relationships with people and looked to help people out and they appreciated it. At the same time, he wasn’t afraid to say no or stand up for something he thought was right… which gave him even more credibility.
I remember reading my first “business” book. It was a hard cover book that my father received as a Christmas gift and I still have it. It is “What They Don’t Teach You at Harvard Business School” by Mark McCormack. Mark was the founder of IMG, a sports agent consulting group. I have read that book many times over and still like to open it up from time to time.
Today, spending time with my family is very important to me. I am usually working at the breakfast table before everyone is up and while we are eating breakfast. Like my dad, I want my kids to see me working and to learn the value of hard work and perseverance. I think the only way to learn that is to see it in action. I usually don’t mind them listening to me on a call or asking me questions about work because I feel it is a positive way to connect with them, help them understand their future possibilities, and teach them real world application of math and science and interpersonal skills.
Who are your typical clients?
Historically, our clients have been litigators or the parties they represent. With our new Active Network Monitoring service, we are now selling directly to businesses as well as litigators, general counsel, accountants, IT consulting firms, and other business advisors.
Although our client base is wide across industries (medical, financial, professional services, manufacturing, high-tech, bio/pharma, etc.), our clients typically want 3 things: tighter security around data, to meet or ease regulatory requirements, and/or improve employee productivity which directly affects their bottom line. Interesting fact: if aggregate employee productivity increases by 15 minutes a day the organizations bottom line will increase by 2-3%! This directly affects both small and large businesses.
The business world is in a strange new place right now. We are realizing that “set it and forget it” security no longer works when it comes to protecting data, we are pushed to create employee handbooks detailing employee/employer responsibilities, and we are being pushed to give employees more corporate leeway by allowing them to work from home. At the same time, corporate espionage is on the increase, hackers are trying to break in to any network they can, and employees (and employers) are jumping ship left and right. All of these forces put a huge strain on corporate operations.
We have spoken with prospects that want to use Active Network Monitoring (ANM) but are afraid of the reaction from employees and prospects that think Active Network Monitoring is not necessary. Prospects from both of these camps will soon face the painful reality that life without data monitoring can get very expensive.
Understandably, our best prospects (and clients) are the companies that had previously hired us for our digital forensics expertise. Once they go through litigation – the time, the money, and the emotional upheaval they face – they are more than willing to prevent it a second time by using our service. An attorney friend pointed out to me that now our ANM service is commercially available, companies that don’t use data monitoring to protect their data and employees will risk being sued for failure to provide the service (think sexual harassment claims – you could have protected me if you were monitoring company communications).
To sum it up, our clients range from small offices to large organizations looking to identify issues and protect their business.
What does it cost to implement data monitoring service?
Some of the competitive solutions we’ve found available to clients involve hundreds of thousands of dollars up front… along with the cost of hiring and training employees to manage these solutions! The cost for our subscription based model is $20/mo per machine, so it easy for our clients to roll our ANM service out according to their needs and budget. Also with us, implementation is a 10 minute transaction.
How have you built your business? On referrals, networking, advertising?
Trial and error. I have continually looked for ways to improve our offerings, provide value, and make a fair profit. Often, what I am offering is on the cutting edge of solutions so much of my time has been spent educating our market on the offerings and value. A large majority of our digital forensics business has been sold on word of mouth and referrals. Attorneys rarely have time to waste on activities that are not billable. As we would work with one attorney, the company name would spread within the firm as well as to their colleagues at other firms as they looked for referrals.
I have spent a significant amount of time and money using a PR firm to expand our exposure, which has also increased our business.
In the past advertising has not been effective, however, I believe with our new Active Network Monitoring service, that will change and advertising may play a larger role. Mostly because there is a wider audience, not just litigators, that are interested in what we offer.
I would like to spend a few minutes discussing digital forensics and data security. Can you share with us some information on the Who, the How and the Why behind all the hacking, data theft and other forms of Internet crimes?
Dennis, you bring up a good question because American’s concept of cybercrime is distorted. Many people remember seeing the movie “War Games” with Matthew Broderick. They think of the “hacker” as a young-gun nerd, one-man show. In most cases, where there is a single individual involved they are not “hackers” in the sense of the word that you and I know, but have some computer skills and know how to download programs from the Internet and use search engines, like Google, to quickly obtain information. The person involved may well be a disgruntled employee; in fact, it might surprise people to learn that we see all the time in family businesses that the perpetrator was a family member.
There are some groups of hackers who fit the nerd profile; however, when someone refers to “organized” cybercrime, we are talking about organized crime syndicates such as the Russian mafia. These cybercriminal groups are true vultures. It used to be that cybercriminals referred to stealing your financial information or social security information. Today they will steal everything. Seriously. They will copy and sell your medical information, sell your pictures and videos to clip art, royalty free photo share services, as well as sell images of your face or body to pornographers. These criminals will take your songs, cooking recipes, and word docs and sell them too. They will steal your address book and sell information to catalog companies and spammers. If they can copy the software product activation codes from your computer, they’ll steal those too!
So, the most important thing we need to do is shift our mindset on what hacking is and who is affected, because everyone is affected. I am not saying this to scare people, make them run from the internet. I am saying this because if we educate people on what is really out there, we can educate people on how to be safe.
This is an important point, that most people just nod their heads at and never think about again… cybercriminals are not individuals, it is not “you versus him” in the battle for online security. Cybercriminals are organized and trained professionals that work together (think “you versus them”) to steal data.
Here’s an analogy that works well:
If the internet were the ocean and your computer was a boat to cross the ocean, you would still want to know, need to know, how to swim, what to do in a storm, how to fend of sharks and pirates.
Human beings have been sailing the ocean for hundreds, if not thousands, of years. As they learned more about the ocean they adapted and created the best ways to navigate the ocean.
As computer users, we are simply captains on a ship looking for the next port, wanting to protect our cargo.
Cybercrime is insidious. It is fast, it is easy, and it is repeatable.
I imagine a lot of companies do not even know that their data is being stolen. What are some of the telltale signs a company should be checking?
I would state that most companies do not know their data is being stolen. Using traditional “set it and forget it” security, it is almost impossible to determine when data is being improperly accessed or taken. However, there are some simple steps that companies can take, using the tools and resources they currently have that can help them manage and monitor activity.
- Educating employees on proper data security
- Monitoring log-on and log-off logs
- Classifying data by “not that important”, “important”, “critical”, and “super secret” and restricting employee access rights of this data by role (not everyone needs to see everything).
- Reviewing firewall logs and application usage
- Staying diligent these (listed) activities, even when some other important matter needs to be handled
You just mentioned a term I haven’t heard before. Would you explain what “set it and forget it” security is?
“Set it and Forget it” security is our biggest competitor! It is the idea that a business can install antivirus software, antispyware software, a firewall, and use passwords on their network and everything will be fine. This is no longer true. Don’t get me wrong, we still need to do all of these things, but this is the beginning, not the end, of data security. Businesses need to realize that they should be as diligent on their user activity and data security as they are on their general ledgers! For many businesses today, the loss of information can cost more and be more harmful than the loss of a major client.
Are the victims of cybercrime typically targets of opportunity or targets of choice?
The key word in this question is not opportunity or choice; the key word in this question is target. Victims of cybercrime are targets. In the past, hackers didn’t personally know their targets. The attacks were all about opportunity. As hackers became organized and began to share information, choice began to emerge. Today’s criminal hackers will do whatever they can to get the information they want. As criminal hacking targets shift from government entities to individuals and now professional organizations, I believe that more often than not the hackers use a “data mule”, someone on the inside, to help them.
So, what exactly is a data mule? How do you stop one?
A data mule is a person that works for the criminals but has direct access and/or knowledge to a targeted organization. These people do not have to be technically savvy, but that doesn’t hurt. We have seen jilted employees, contractors, ex-employees and ex-contractors, vendors’ employees, executives, people in the IT or Mail or Creative departments. What the hackers are looking for is someone that either has physical access to the building or technical knowledge of the targeted computer network.
The number one driver behind people becoming data mules is greed. Being a data mule, especially if they are not on the IT team (and therefore unlikely to be suspected), is a low risk, high reward venture. “Jenny in the Mail room, Joe in Accounting who has a hard time turning on their computer. There is no way THEY could have been involved. Maybe they downloaded a virus or something, but they are the victim.”
However, Jenny and Joe are perfect for being data mules. No one is going to suspect them, they are technically inept, so basic technical questions won’t seem suspicious (in fact, people will feel they are helping Joe and Jenny, helping protect the organization… and making their jobs easier, by educating Joe and Jenny on data security and the computer infrastructure.
However, greed isn’t the only motivator. We have seen people act out of desperation, frustration, fear, manipulation, and even ignorance. A few years ago, criminal organizations began paying college students to “save a tree, help the recycling effort”. These students would be paid for as many bundles of paper they could collect and recycle. They would be given suggestions on where to find excessive paper – junk mail to students (often free credit card offers and medical forms), old applications the colleges were throwing out, mail and forms from the registrars, bursars, and other college offices. Every Saturday, someone would drive to campus to pick them up and pay them cash. Most of these students had no idea that they were being manipulated into collecting personally identifiable information (PII).
Other instances we have seen include employees with a spouse out of work, a sick child, or their house about to be foreclosed. We have seen instances where people are told their loved one owes thousands of dollars in gambling or drug debt and that if they “just do this one time” their loved one will be off the hook and the slate will be wiped clean.
Previously I commented that cybercrime is insidious. It really is this insidious. In my opinion, corporate America has a potential epidemic on its hands if organizations wait too long to take control of the situation.
So, what can we do about cybercrime in the workforce?
I think we need to educate employees on the effects of cybercrime, educate employees on properly protecting data, begin proactively monitoring devices and networks of anomalies, and stay diligent on both employee education and device activity. We believe that education is so important that we spend upwards of 30% of our time educating organizations on identifying and properly valuing their intellectual property (IP).
In addition to being a big believer in employee education, I equally believe it is important for companies to practice due diligence. I think it is important for companies to know where their critical data is, identify who should be accessing that data, and be educating their team on how to protect information. These conversations can be heavy… difficult even. This is especially true in environments that have long-standing employees. It is another one of the reasons; companies reach out to us to be that messenger.
Do you see the international markets as an important growth opportunity?
The answer is yes and I am glad that you brought it up becomes I see myself becoming more involved in companies who like mine are looking to expand abroad or overseas companies looking to enter the US market. I am happy to collaborate where I can; however, if the company happens to be from Italy even better as I welcome the opportunity to work on my Italian!
Rob Fitzgerald is president of The Lorenzi Group LLC. www.thelorenzigroup.com If you would like speak with Mr. Fitzgerald, he can be reached at (866) 632-9880 or by email at rfitzgerald@thelorenzigroup.com.
Dennis – Great article on Rob and The Lorenzi Group. I think you captured Rob’s drive and expertise very well. I’ve known and worked with Rob for 10 years and I’m very impressed with the way he has successfully grown his business. Rob is a business leader who is always working to help other people. He is to be admired for his hard work and dedication to his business, his family, and his friends.
Rob
Can you conduct demonstrations of your Active Networking Monitoring Service? What is the best way to see how it works?
Jason
Thank you for an interesting story about the evolution of a company, how you defined a unique niche market, as well as a compelling personal story of overcoming adversity.
Which elements in greater Boston’s business/entrepreneurial culture do you see as having contributed to your company’s evolution?
Excellent piece about Rob and his company. I didn’t realize how active a company needs to be to protect their data — I was under the (wrong) mentality of “set it and forget it.” It seems evident to me that increased data security is only going to get more attention by the market as more and more data is stored online.
One thing that struck me was how use of the software can help increase employee productivity? How does the services at the Lorenzi Group accomplish that and would increased employee productivity be a by-product of Active Network Monitoring?
Thanks!
Richard
I am excited to see so many people interested in what we are doing. This area of business is exploding, not only in Boston, but across the country. Richard’s comment is very common among executives. There has never been a way to effectively measure employee productivity in front of a screen – in fact, the most common method today is through typing – WPM (words per minute). However, with the use of the mouse, speak to type programs, and copy and paste, this does not capture the right info. We have many exec’s come and discuss security, not understanding that we every day, week, or month, we can compare how much time was spent at the screen and what applications were used. Additionally, with analysis, we can show how 1 employee can complete a task faster (possibly through the use of “copy and paste” or macro’s). This analysis allows companies to ID best practices and train employees to those methodologies.
Richard, feel free to call me to discuss further. — Rob
Laurisa, thank you for the comments. Metro Boston has been fantastic for our business. I am continually blown away by how many people are out there developing something new or better. The passion and mental energy that flows at networking events here is top notch. And I have found a strong sense of camaraderie and support among entrepreneurs in Boston. People are willing to grab coffee to discuss ideas and make introductions… and that is a powerful support system.
Jason, Thank you for your comment. The best way to see how the service works is to try it! We offer 2 week free trials and is it simple to install. The feedback in those 2 weeks is often enough to help a business significantly. And if a prospect decides our service isn’t for them, we are uninstalled and out of there in minutes! The trial really is “no strings attached”. — Rob
Rob,
A more than impressive piece on Lorenzi Group’s contribution to mitigating corporate risk.
Data assets are equal, if not more valuable to a company’s well being than human capital, depending on the business.
You are helping solve two critical business problems out of the gate and subsequent monitoring offerings (be them custom or off the shelf) with solid co. relations and the reputation you have made for your team, “You’ve only just Begun”.
I envision play for your applications across many sectors, whereby compliance is mandated and the risk of not engaging in relations with partners like Lorenzi, too great to ignore.
Enjoy the ride of helping companies succeed,
One ANM at a time!
Continued Success,
Pam A. Hill
Dennis,
An outstanding article on a local company working to assist others in our constantly changing technological business environment. It sounds like Mr. Fitzgerald has figured out a way to help companies solve two issues at once, protects its assets and makes its human capital more productive.
Your article/interview helped me understand the need to be looking at my company’s data security in a much different light than I have been and explore what the Lorenzi Group has to offer. I will be going to their website next and most likely be in contact with them.
In addition, the background questions you posed let me see that Mr. Fitzgerald is a person who is extremely hard working, continues to keep forging ahead and someone I would want to work with.
Thank you,
Rob Bowdring
Hello Rob,
I gotta tell you, that’s a lot of information…but VERY USEFUL INFORMATION THAT IS!…Sometimes people take for granted security in the computer, that is a much bigger risk in terms of feeling secure. Your awareness is priceless. Thanks for the “heads up”…Keep it up!
Rob -
You list the financial services industry among those you presently service. Could you provide me with a brief success story or an example of a issue you’ve resolved that’s unique to the industry?
Thanks, and best wishes on continued success. Rich
Excellent article, both informative and inspiring! As someone who works in IT and Data Security, I see the incredible need for what The Lorenzi Group has to offer. Rob’s unsurpassed work ethic and attention to detail will propel this company and their products to the next level. The fact that the company has survived the economic upheavel of late is remarkable. Add to that Rob’s personal health issues and one could expect a formula for disaster. The facts speak for themselves: The Lorenzi group is a company with an array of supurb products built on a foundation of integrity, technical acuity, and sound leadership. I look forward to reading articles about how The Lorenzi Group helped corporations in the fight against cybercrime! Linda Deane
Rob
This is a great article about you and the valuable service you provide. As a business partner/ reseller of your Active Monitoring service, we are excited about promoting your service as an add-on to our current security services for both our small business clients and residential clients. Besides improving the protection of valuable data, using active monitoring for identifying areas to improve productivity has a lot of potential.
After reading your background, I see that you have the tenacity and persistence to accomplish whatever you set your mind to. I am proud to be associated with you and your organization.
Dave Ehlke
Rob:
What a great article. You should be very proud of this profile. It accurately represents your persistence and your desire to make your customers happy at all costs.
You are a pioneer in the Active Monitoring Market. Every business owes it to themselves to seriously take a look at Active Monitoring. It will keep them safe and save them money. They will quickly find things that they did not know about their company and how people use computers and data within the company. Potential customers will benefit from your managed active monitoring service as it removes the burden of understand all of the data and places it on The Lorenzi Group to report on important events.