I sat down with our newest executive to talk cybersecurity, machine learning, and why now is the perfect time to join iovation
After being a part of Tripwire’s growth and success for over a decade, why join iovation now?
Tripwire is a great company, but I wanted to try something different after 17 years. iovation is at the size and phase of its life that excites me – moving from a single product to a portfolio of solutions, which for someone who is passionate about bringing new products to market is extremely compelling.
Hackers have become amazingly sophisticated these days and most high-profile breaches are often the result of people masquerading as a trusted entity, causing irreparable harm to brands and their customers. The root cause often comes down to the intersection of fraud, identity and authentication and iovation is at the forefront in developing solutions to meet these new challenges.
What are the most interesting advancements happening in cybersecurity today?
Few functional areas in IT have grown and evolved as fast as security. The nature of a successful security program requires that IT not just keep up with the rest of the business but can also see ahead of the curve. I’m particularly interested in the intersection of machine learning and large scale data analytics, creating greater public awareness around the need for layered security, and helping define the next standards for security, privacy, identity, and portability.
What does the domain of cybersecurity look like in five years?
In five years, security will become even more “embedded” in how systems and new components are designed, driven by the proliferation of connected devices, along with the security and safety risks they inherently introduce. With this, security will become more seamless and frictionless, with an even greater focus on design and how security is baked into the user experience. We’ll also live in a world of microservices and “business-driven” security controls. Hopefully, this world will also make it considerably more difficult for to spoof identities, especially as it concerns e-commerce.
What’s one thing you tell CISOs and CIOs on communicating cybersecurity risks in the board room?
I talk a lot about the business as a cross-functional team. It's not just a business or an infosec concern - each one informs the other. It’s also critical to gather consensus and agree on what is most important and then match the shape of your investment and effort to the shape of your risk. In essence, you need to focus on the things you can control in order to protect what’s most important.
Is the hype around AI warranted?
Not yet. Artificial Intelligence is still a lot like an awkward teenager – a lot of energy and passion, but not much finesse. The challenge is that we’re automating processes that are immature and only partially understood. This just makes it faster for organizations to mislead themselves, giving them a false sense of confidence and wasting resources on dead end investigations.
We understand you’re a big fan of podcasts…What’s on your podcast play list right now?
A few of my favorites include:
- The Cyberwire podcast
- The Charles Tendell Show
- Mac Power Users
- Planet Money
- Cycling 360
- The No Agenda Show
Is there a place in the comic book genre for a cyber threat hunter?
Only if it is a lot like Mr. Robot. The problem with a lot of cyber threat hunting is it looks a lot like “typing under the influence of caffeine.” Adding the real-world intrigue of criminal elements in the physical world (e.g. Car chases, guns, and dramatic intrigue) would be necessary to sell comic books.