New owner of Canadian ransomware negotiating firm expands its mandate

Two of Canada’s best known names in cybersecurity are teaming up again, this time to lead a firm specializing in post-breach remediation.

Daniel Tobok and Ed Dubrovsky, formerly the founder and managing director respectively of the Toronto-based incident response firm Cytelligence, are now behind Cypfer, which is moving from focusing on ransomware negotiations into post-incident recovery consulting.

Both men left Cytelligence recently, after staying with that firm following its acquisition in December, 2022 by insurance and consulting giant Aon plc.

Early last month Tobok announced he had bought Toronto-based Cypfer. A few weeks later he announced that Dubrovsky has joined the company as managing director.

Dubrovsky has led international security consulting practices as well as being a chief information security officer (CISO) and chief operating officer.

“We’re about recovery post-breach,” Tobok said in an interview from Miami, where he now makes his home.

“There’s a very big gap in the market today. When companies get breached, nobody is assisting them to get up and running after an incident. Our whole strategy is to build the largest global organization that will handle post-breach remediation.”

Cypfer has 52 employees in Toronto. Tobok hopes to soon add 30 in Miami, which he said has become a big tech hub. He also plans to open offices in Europe, the Caribbean and South America.

“Florida has about six major universities,” he said, “with very robust cybersecurity programs. That’s one of the reasons we chose Florida as a base. Miami is also great because we can get international flights. New York is extremely expensive.”

Cypfer founder and president Jason Kotler will stay with the company as president. Dubrovsky will be responsible for strategy, execution, innovation and growth.

“Once somebody gets breached … their biggest problem is, when they recover, to make sure their data is secure so they don’t get re-infected with ransomware, their credentials are not compromised and they can actually operate properly,” Tobok said. “That’s been a very big problem in the industry because people can re-install software, they can re-install hardware but…