Throughout 2019, this mini-series will interview leaders from around the globe to discuss areas of cybersecurity. The purpose is to help students and those new to the industry gain perspective and guidance from professionals in the field. These interview insights aim to kick-start or re-energise your career journey in cybersecurity.
In this month’s feature, Brian Kelly, Chief Security Officer (CSO) of Rackspace, shares his story about:
I was fortunate to participate in a fellowship program in Washington, DC for one year. I jokingly say fellows are cheap labour in D.C. because government officials often know where you are. Fellows are typically tapped to write speeches and perform various research activities. I never knew what I may be approached to support; however, I was fortunate to have an opportunity to spend time with the United States (U.S.) Department of Defense to discuss information warfare. At that time, we were asking some very fundamental questions:
These are his insights. How would you characterise the early days of cybersecurity? Kelly starts with his time at Trident Data Systems: This was a smaller company that operated with a low profile because of their service within the intelligence communities. What I enjoyed most was their philosophy to take care of the customers first and the business will take care of itself. As part of the effort to support the foundation of the AFIWC, they also developed the first-ever intrusion detection system (IDS) called distributed intrusion detection system (DIDS). Similarly, they helped to develop technology widely considered as the predecessor to the security event incident management (SEIM) solution. DIDS was built for and used by the AFIWC for the government’s first cybersecurity operations center referred to in the early days as AFCERT (Air Force Computer Emergency Response Team). The opportunity was intriguing because I could take my theoretical cybersecurity knowledge and apply this in practice with AFIWC. We built tools and deployed processes to detect and respond to threats while training our cybersecurity analysts. How had your cybersecurity journey progressed after your time in D.C. and at Trident? Kelly pauses and explains: This was also around the time the financial services sector was working aggressively to respond to this new threat. They understood it was only a matter of time before the sector witnessed a serious cybersecurity attack. This news came in 1998 as Citigroup was one of the first to publicly acknowledge a cybersecurity attack had occurred. I was watching the financial services sector struggle to manage this rapidly emerging threat. I realised it was time to transition to the private sector, and the most logical place to focus my energy was with financial services on Wall Street. For two years, I supported and delivered solutions as part of Deloitte's Enterprise Risk Services group – specifically focused on cybersecurity. Looking back on this time, there were only a handful of vendors providing cybersecurity services. This is incredible to think how much the industry has changed over the last twenty years. How did you identify and evaluate the next step in your cybersecurity journey? Kelly examines and highlights: Near the end of my tenure with Deloitte, I eagerly wanted to build my own cybersecurity threat intelligence company – an immature space in 2000. Cybersecurity professionals assumed the U.S. government had all the answers as to the activities of other nation states and threat actors. I found there to be a lack of actionable intelligence for private companies. With this, I assumed responsibility as the Chief Executive Officer (CEO) of iDefense – one of the first Cybersecurity Threat Intelligence companies in the country. Our goal was to deliver timely and actionable intelligence to the private sector so these companies could focus and invest their time on deterrence and resilience, while making effective use of their limited resources. As one of the first private threat intelligence companies, iDefense provided technical and non-technical research with fact-based data on cybersecurity threats such as, but not limited to, malware and bigger-picture human factors like nation-state threat actors. Looking back at your time with iDefense, what would you recommend to someone considering starting their own cybersecurity firm? Kelly reflects upon an early challenge he experienced as CEO: Public sector skepticism quickly arose within the industry that a company could provide cybersecurity threat intelligence services outside of the U.S. government. I would go to the White House and other government agencies to discuss iDefense’s research. Although hesitant initially, they soon came to realise that a private company, working within the law, sometimes had greater flexibility and access to produce needed intelligence. This played out with the work we did around Russian-organised crime. This research in particular seemed to break down the government’s resistance to private sector intelligence. While we demonstrated our value and flexibility to support both the public and the private sectors, the industry struggled to understand how organisations could best leverage this intelligence information. Today, there are many threat intelligence solutions that can plug directly into an organisation's processes and serve as an integral part of their cybersecurity operations. We realised we were laying the groundwork for future generations of cybersecurity threat intelligence. How do you envision the cybersecurity space evolving? Kelly reverts to his days in D.C., at the AFIWC and with Trident. He reflects on some of the early technologies and the amount of innovation that eventually found its way to the commercial sector. One of the first commercial intrusion detection technologies was called NetRanger, developed by the WheelGroup and led by former AFIWC and Trident team members. We understood at this time that this technology was desperately needed in the private sector. Coincidentally, WheelGroup was purchased by Cisco where the NetRanger technology contributed directly to the family of intrusion detection solutions that continue to serve the marketplace. Many Trident team members also went to work with other early cybersecurity companies such as Symantec, whom shifted from an early antivirus company to a more comprehensive provider of cybersecurity solutions. They were one of the early “managed service providers” offering Security Operations Center (SOC)-type services following their purchase of a company called Riptech. It is interesting to consider all the ties back to the AFIWC. Each year, the number of people that jumped into the industry were doubling and tripling because of increased investment. There was a need and thirst for new ideas, innovative approaches and transformative technologies in the early 2000s. We recently completed another RSA Security Conference – the largest in our industry. It is amazing to me how much the event has grown, and the extent of the innovation and investment made in the cybersecurity industry. While this level of focus and innovation is exciting, there are unintended consequences. Most notably is the perpetuation of single point solutions which contributes to unnecessary complexity. We need to break away from many of these point solutions and take a fresh look at new, less complicated architectures and solutions. Although I have a bias, I was pleased to see more focus on what I believe to be new and promising approaches:
What concerns you the most about cybersecurity? Kelly quickly responds: The amount of technical debt carried by companies. We cannot replace technology overnight. This is more complicated than I originally thought; however, I am still bullish on the cloud industry. Many companies have discovered they no longer need to be in the IT business. It is too complicated, resource intensive and expensive. Cloud providers can deliver their IT products and services so that the company can focus on their core business. Companies can approach any cloud provider and gain access to infrastructure, compute and storage overnight with access to any enterprise application suite on a utility-use basis. This is evidenced by hundreds of new companies that have been ‘born-in-the-cloud’. What excites you the most about cybersecurity? Kelly emphasises three areas: The evolution of managed and hybrid services, the extent of innovation and many rewarding career opportunities. Managed services. This is an area of opportunity for cloud service providers. This is different from typical managed services in that often the provider does not manage the customer’s workloads but rather only the monitoring. In this traditional model, when the provider detects abnormal behaviour, they generate an alert and often frustrates the customer because they may lack the resources, skills or be equipped to appropriately respond. What is unique about cloud managed services is that the provider can wholly monitor the environment and manage the workloads simultaneously. For example, if the provider identifies abnormal behaviour, they can act if instructed by their customers through a PAA (pre-approved actions) or similar agreement. How cloud service providers view managed services is different than the traditional managed services models. I do not believe these traditional models are in decline as there are numerous customers that operate large, complex IT workloads without the necessary cybersecurity expertise. As more organisations migrate to the cloud, we will notice the security monitoring and response operations shift to the service provider. This will allow an organisation to take advantage of a full-spectrum of monitoring and response capabilities with utility-based pricing. Innovation. The cybersecurity industry can be proud of the good work that has been done over the past two decades. Yet, we must recognise the times are changing and by perpetuating these past solutions, we further contribute to complexity – the enemy of cybersecurity. Somewhere, similar spirit and opportunity for innovation that we witnessed in the early AFIWC days exists. I truly believe this opportunity now rests with the cloud industry. I am encouraged by the tremendous cooperation from cloud providers to tackle common problems while exploring new solutions. Senior cybersecurity professionals from all the major cloud providers meet quarterly to share and discuss challenges and opportunities of mutual interest. Rewarding career opportunities. This is an exciting time for people coming up or looking to get into cybersecurity. You should pursue this path if this is of interest because of the potential for a very rewarding career with numerous opportunities well into the future. As we see today, every university is competing with their own version of a cybersecurity program. I could not be more excited for our next generation of cybersecurity professionals. In conclusion, this month’s post was brought to you by Brian Kelly, Chief Security Officer (CSO) of Rackspace, where he:
Please be on the lookout for next month’s issue of Decoding Cybersecurity: Interview Insights with Leaders as the journey continues. Please leverage the comment box below to suggest future topics or guests, provide feedback or share with others.
0 Comments
|
AuthorElliot is a Senior Manager in the EY Cybersecurity practice. Elliot enables organizations to build in risk thinking from the onset, enhancing global innovation with confidence. He leads global teams to reduce response times and minimize the impact of security incidents by building and operating mature security, logging, monitoring, alerting, and incident response practices. He successfully led response to and recovery from complex security incidents, such as data exposures, third party compromises, and vulnerability exposures, by coordinating across large enterprises through effective incident response procedures to minimize business impact. Archives
April 2020
Categories |