DigiCert is a digital trust provider of choice for leading companies around the globe, enabling individuals, businesses, governments, and consortia to engage online with confidence, knowing their digital footprint is secure. Pulse 2.0 interviewed DigiCert VP of Engineering Avesta Hojjati to learn more about the company.
Avesta Hojjati’s Background
What is Avesta Hojjati’s background? Hojjati said:
“I’m the Vice President of Engineering at DigiCert, where I lead the advanced development of a suite of cybersecurity products, including embedded/IoT device security and post-quantum cryptography (PQC) solutions. I’ve always been focused on securing people and organizations from online threats. I came from Iran to the U.S. 18 years ago because I was identifying system vulnerabilities, which was illegal in Iran. I received my Bachelor’s, Master’s and Ph.D. while also working full-time on real-world problems.”
“I’ve authored over 20 journal/conference papers and I’m the inventor of 30 U.S. patents, both granted and pending.”
“For the past eight years, I’ve been involved in solving the problem of post-quantum cryptography, something that many people didn’t realize was going to be a problem. Over the past two years, I’ve been educating organizations about crypto agility, developing solutions, and working with standards groups and regulators.”
Favorite Memory
What has been your favorite memory working for the company so far? Hojjati reflected:
“There are many standout moments at DigiCert, but one that I’m especially excited about is our patent program because it reflects a major area of the company’s focus, as well as a key effort for me personally.”
“This past year was an extraordinary one for our patent program at DigiCert. We started 2023 with a goal of submitting 20 patents. Our commitment to innovation and excellence helped us surpass that target by 160%, with a total of 32 patents filed across several key technology areas including quantum, encryption, machine learning and AI, and IoT. We’ll be continuing this momentum and we’re already working on submitting patents in several strategic topics this year.”
Core Focus
What is the company’s core focus? Hojjati explained:
“At DigiCert, we deliver comprehensive solutions to help organizations secure their digital infrastructure. DigiCert ONE is our platform for digital trust and it provides organizations with centralized visibility and control over a broad range of public and private trust needs, securing website, enterprise access and communication, software, identity, content, and devices.”
Significant Milestones
What have been some of the company’s most significant milestones? Hojjati cited:
“During FY2024, we closed a record total of new bookings in Q4 as well as a record number of patents filed. We signed new strategic partnerships with Oracle Cloud Infrastructure, TD Synnex, and Deutsche Telekom.”
“DigiCert successfully conducted 31+ compliance audits (no small feat), leading the industry and showcasing our commitment to global security and trust standards.”
“We hosted the first annual Digital Trust Summit in Las Vegas with over 300 attendees, and published the 2024 State of Digital Trust Report.”
“DigiCert recently announced World Quantum Readiness Day which will take place on September 26, 2024. The initiative focuses on the critical need for current security infrastructures to adapt to the imminent reality of quantum computing and we’re taking a lead in educating and preparing organizations.”
Issues Threatening Digital Trust
What are top issues threatening digital trust? Hojjati explained:
“There has been significant growth in Gen AI in the past year, with early adopters focusing on its capabilities to generate vast amounts of audio, video, text, and other content. While Gen AI offers immense potential, it also brings security concerns. Threats like AI deepfakes are increasingly prevalent on social media platforms, posing a significant risk, especially during election periods.”
“It’s evident that AI has the potential to erode trust in our media, communications, and critical technologies. To mitigate these risks, proactive planning and action are imperative starting now.”
“Another pressing issue is the advent of quantum computing technology, poised to revolutionize various fields such as materials sciences, drug discovery, financial transactions, and climate change research. However, these advancements also present challenges to digital trust and encryption. Experts predict that post-quantum computing could render leading cryptographic security algorithms vulnerable.”
“While organizations are acknowledging the risks associated with post-quantum computing, they’re not prepared. A recent report by the Ponemon Institute revealed that 41 percent of organizations believe they have less than five years to prepare for these new challenges. Surprisingly, only 23 percent have a security strategy in place, and only 30 percent are allocating budget towards post-quantum readiness.”
Post-Quantum Cryptography
How should organizations prepare for post-quantum cryptography (PQC)? Hojjati noted:
“We recommend three key areas:
1.) Conduct a thorough assessment. Organizations should scan all applications and systems currently utilizing public key cryptography. Leveraging a trusted certificate discovery service can offer a real-time overview of an organization’s certificate landscape. Furthermore, organizations must review the components within their communications and hardware systems, such as Hardware Security Modules (HSMs) and Trusted Platform Modules (TPMs), which may rely on cryptography. In DevOps settings, it’s crucial to review code signing processes for potential vulnerabilities to emerging sophisticated attacks.
2.) Implement automation for efficiency gains. Organizations should be equipped to swiftly and comprehensively replace outdated cryptographic assets. Automation plays a vital role in addressing new challenges promptly. Manual crypto asset updates are impractical for large enterprises, making a robust automation manager essential for efficiently deploying numerous certificates across cloud or on-premises environments.
3.) Conduct readiness tests. Cryptographic elements are often spread across various applications and environments, underscoring the importance of interoperability testing to enhance crypto-agility. Before scaling up cryptographic algorithm updates, it is critical to test the interoperability of infrastructure and applications thoroughly.”
