Chief Technology Officer – Vigilant by Deloitte
1) You were a Political Science major in college. How did you get interested in a career in cybersecurity?
Long story short... When I graduated, there were no jobs in international relations, my field of specialty. It was the end of the Cold War and the draw-down was occurring. Having run a fairly decent FIDOnet node as a hobby, I decided to start spending time in technology from a career perspective, which was great given that 1993 was when things really got rolling for the Internet. For me, the pure excitement of being able to design, build, and successfully operate technology platforms was irresistible and incredibly rewarding.
After spending a decade designing, building, and operating networks, I began to note that the problem space around technology was rapidly shifting from the purely technical challenge of getting things to work reliably, to one where the introduction of technology itself was introducing risks that were not being accounted for in how businesses were operating. This situation created a problem space that presented a new set of interesting challenges that I was immediately drawn to and the best part was, working in that space, I was able to heavily leverage knowledge I had acquired from building and running networks.
2) Cyberattacks once were stealth. Today they make international headlines. What's changed?
I'd say that the early "stealth" factor in cyberattacks was driven primarily by the fact that the public and the media were unaware or had not yet recognized how moving so many different aspects of our business and personal lives onto the Internet was changing the risks that companies and individuals face. The sad fact was that because no one actually understood what "digitizing" our lives was really going to mean, there was little to no attention paid to the incidents that did occur early on and the effects of those incidents that were felt by only a relatively small number of people. Consequently, they weren't necessarily headline-making from a perception perspective.
Today this perception has changed as technology has put the consequences of that digitizing literally in our hands, our businesses, our lives. Cyberattacks have real, tangible effects on the way we conduct our daily lives on a personal level: the inability to get access to money, the impact of not being able to take advantage of the instantaneous communication capabilities we now take for granted, and the loss of personal privacy across almost all aspects of our lives are just some examples of the impact cyberattacks can have and how those impacts are felt by individuals. These effects result in newsworthy events. Businesses similarly face significant impacts from cyberattacks that are reflected in real terms like profit and loss due to the amount/size/percentage of business conducted online, and those impacts, likewise, result in newsworthy events where before they may have not have been simply because they were not understood.
3) What are the top motivations for today's cyberattackers -- financial, fame?
With the exception of hacktivism, many motivations for cyberattackers are primarily the same as they are for criminals operating outside of cyber... money, revenge, or the acquisition of something someone else has. Due in large part to the anonymity and lack of physical requirements around crime afforded by digital technologies, tracking down and prosecuting these crimes is relatively difficult, which changes the risk/reward equation to one where a criminal is more likely to be successful and not get caught. Likewise, the barriers to entry for cyberattackers is relatively low, and we've seen them get even lower recently with things like ransomware-as-a-service business models, where the criminals don't have to be experts in all aspects of the crime to be successful. These criminal business models make it easy and simultaneously lower the risk, which may be an additional enticement for some who otherwise would not have engaged in that crime to begin with.
4) What do today's Fortune 500 boardrooms get right -- and wrong -- about managing risk?
I believe the biggest positive shift for the leadership in most companies over the past several years has been towards understanding that "virtual" (in terms of the digital economy) translates to real business risk that has to be addressed – in other words, they've realized it's not just about computers anymore. This recognition has hit home for most large companies as they've shifted their business models away from more traditional means to models where significant portions of their business are now conducted through online means; even if it's just in support of getting the business services portion (HR, benefits, shipping, AP/AR, etc...) of their organizations to a more efficient and cost-effective place. They've begun to recognize those additional risks and include them in their plans, which is something worth "getting right."
5) How does Farsight's Passive DNS data help organizations better leverage their existing security investments?
Integrating Passive DNS data into systems responsible for providing visibility – those that help organizations manage their cyberrisks -- provides additional context around threats that an organization would not otherwise have, or would have to spend significant effort in getting. Driving context into security events is a level-1 security operations function that can take significant effort to accomplish – it is expensive. As automation and orchestration matures within the security operations space, it will be critical for organizations to be able to easily integrate multiple and disparate data sets, including Passive DNS, to support the reduction and/or elimination of that
level-1 manual effort and reduce their overall costs. Not only does Farsight's data provide significant context to events (and ultimately, potential threats), but the way Farsight provides that data to drive that context and visibility makes it easier to get that job done.