I was always into computers growing up. More on the IT side. As a high school kid, I worked at a juice company, doing mostly network administration. In college, a computer science major. I also was a resident assistant, and while I was helping move a resident into the dorm, I met a father who worked as a Department Head for Mitre. In our conversation, I asked him what he did. He told me he was an Information Security Engineer and that sparked an interest. He said that he did a lot of the things I was currently studying but with more of an emphasis on security.
I already knew my way around a network and how to build apps, but security was a whole new frontier. Curious, I then downloaded apps in my dorm room and played around with concepts of security. I was intrigued with the ability to do something about it -- and that was the moment I got interested in it. I moved to the DC area after college to work for a State Department contractor. Security was an undertone of IT, but not really a big part of it. I then reached out to my contact at Mitre who invited me to interview. I took the opportunity to take my skill set from generalist to information security engineer.
At the time, I considered the Department Head at Mitre my mentor. He was responsible for getting me into a much different field. I would go into work early just to get a cup of coffee with him and ended up spending a lot of time with him, because I valued the relationship. I was a sponge; I looked for every opportunity I could find. At Mitre, I accelerated the pace at which I could learn. The company had a lot of smart people who are experts in their fields. And thanks to that time, and opportunity, I became an expert in my field. There are plenty of problems and there are people that specialize in those problems; but new problems occur all the time. At Mitre, I became the owner of a new field -- which was the ability to secure cloud and web-based apps. I got to teach classes on this subject and was brought in to a lot of government agencies to give advice.
We - the other founders and I - believe that organizations need security operations as scalable as attackers to close the gap between compromise and detection for immediate response or, even better, to get ahead of their attacks. ThreatConnect was founded to shift this paradigm by addressing cybersecurity’s lack of automation, analytical tools, and actionable insights. To that end, here are the three top security problems ThreatConnect is trying to solve:
1. To help drive organizations to make informed decisions about what they are doing well and where they can improve. And to facilitate the ability to make that knowledge not just meaningful from a strategic perspective, but also to drive day-to-day decision making at a more rapid and accurate type of way around the threats that the organization faces.
2. To help the organization distill the goals and business drivers for a security program into a technology that helps facilitate the processes to help make these informed decisions.
3. But probably the most tactical, is the ability to help organizations automate parts of those processes to free up the humans across the security organization to do their jobs; to take a process-oriented view of those goals and coordinate resources, be they humans or apps, across the entire business process. By automating the processes, there is visibility into what is working and not working, so businesses can seek continual improvement.
I am a proponent of using data and intelligence to inform decision making. And one of several sources of data is community sharing. In terms of information sharing: the speed at which ISACS/ISAOs are improving has increased in the last year or two; standards such as STIX/TAXII have been a facilitator of technologies being able to interact in an automated way; and people being the most important asset in the idea of sharing what they know, have been more receptive and thus willing to participate in information sharing communities.
However, the true sharing or real power of information sharing will come when devices and the tools used by security professionals (from business to government) are capable of automating processes to move data in a secure and validated way, into a communal repository for subsequent analysis, enrichment, and decision making.
One thing we at ThreatConnect are striving to do is to bring down the barrier of entry to a cyber career. For example, we have high school interns, we are speaking at college campuses, working with college classes, and creating training and providing that training to the community in order to create a cybersecurity professional who is capable of performing the requirements of many of our customers without having advanced degrees and/or tens of years of experience.
There is a deficit of qualified people, but if you look at job postings they ask for someone who has a MA in Electrical Engineering, which does not allow someone to go to trade school and then go to work.
I’d like to see in security -- similar to many other aspects that businesses operate -- more equivalent levels of staff. Not everyone needs to be on the same level, if the work processes, as well as the ability to manage and train staff appropriately, are in place. Right now, most security organizations don’t have that infrastructure in place. When organizations don’t have an understanding of their goals and processes, then they don’t know who to hire, and they are likely to hire a multi-position staffer. But if organizations had a better handle on the type of worker they needed, they might be able to hire, as an example, a high school graduate with a 100-hour course. We have this idea that we need all experts. But I would urge people to think about their requirements and processes to know what level of professional they actually need.