Accelerating the Next Era of Security

Over the course of my thirty-plus year career of building, vetting, and operating cybersecurity products, I have observed many different shifts in our approach to tackling hard cybersecurity problems. Recently, I have come to the realization that a new shift is underway and the market has not yet caught up.

During my sixteen-year run at Booz Allen Hamilton, there were very few cybersecurity products in the market. As a result, I had the opportunity to build many different cybersecurity products and deploy them for use on many projects across the defense, intelligence, and commercial sectors, both domestically in the United States and internationally. It was a wonderful journey that greatly expanded my understanding of the diverse challenges in cybersecurity.

In the early 2010s, when Bank of America presented me with the chance to address their cybersecurity needs as their head of cybersecurity R&D and, later, as their Chief Security Scientist, I jumped at the opportunity. However, the market had radically changed by then. Though I planned to build products, most of my time became dedicated to filtering through cybersecurity vendors that knocked on my door instead. Indeed, I found myself fielding so many cybersecurity vendors on a daily basis that vetting their solutions practically became my full-time job.

I loved it.

Speaking with entrepreneurs and, where I could, shaping their ideas, was exhilarating. Over the years, I have had thousands of these conversations and they have allowed me to discover better ways to problem-solve in the cybersecurity space. It should be noted, however, that this did not come without accompanying pain points.

The cybersecurity market, flush with new ideas, brought forth so many products and capabilities that managing and understanding what all these vendors actually did became a difficult problem in and of itself. My inbox began to overflow. The number of inbound requests for a “quick 15-minute meeting” rapidly became overwhelming. How can one’s brain not go numb after hearing—for the fifth time—about how all your cybersecurity problems can be solved with military-grade AI-enabled dark quantum blockchains?

Thankfully, I had the luxury of working alongside an awesome team and an abundance of resources dedicated to reviewing these vendors and testing their products. I could only imagine the amount of pain and suffering that my peers without time, budget, or personnel had to endure.

It was this pain point that led me to develop the Cyber Defense Matrix, which I used to organize the vendors vying for my attention. This framework provided a simple way to sort through many vendors and understand where they fit in the cybersecurity ecosystem. More importantly, once I mapped several vendors to this framework, it revealed important gaps – controls gaps that pointed to unaddressed areas in our security program and market gaps offering potential opportunities for entrepreneurs.

As an advisor to many startups and venture capital firms, I have had many brainstorming sessions to devise approaches for closing these gaps. Across all these sessions, I have consistently found my time with Israeli entrepreneurs to be the most rewarding. The combination of brilliant minds, a culture of questioning everything, and an ever-present existential threat have produced an entrepreneurial community that is in a league of its own with out-of-the-box perspectives and truly novel approaches to problem-solving.

The global cybersecurity challenges we face continue to evolve rapidly and grow in significance. With the rise of destructive attacks, we are entering into a new era where we will face irrecoverable attacks and traditional security solutions will no longer apply. Approaches such as the D.I.E. Triad in my DIE Resiliency Framework offer alternatives, but we need more ways to easily implement these ideas. We need more out-of-the-box perspectives, and we need to accelerate the journey from novel to mainstream.

With this goal in mind, I am pleased to announce that I am immersing myself in Israel’s cutting edge world of cybersecurity innovation, having joined YL Ventures as their newest CISO-in-Residence. YL Ventures is a seed-stage venture capital fund that exclusively invests in Israeli entrepreneurs, and their highly selective investment process is very much aligned with my vision for what the industry needs moving forward. The fund focuses on entrepreneurs tackling core problems in cybersecurity and constantly challenging the status quo. Better yet, they zero in on Israeli talent, a group stemming from a culture that encourages such challenges and never takes security at face value or for granted. What is best of all, their exclusive focus on early-stage entrepreneurs will allow me to help shape how these brilliant startups approach tackling hard problems in cybersecurity.

Moreover, given the market realities of COVID-19, cybersecurity leaders will need to find ways to replace two capabilities with one without losing their security footing against increasingly persistent cybercriminals and sophisticated intruders. Like brakes on a car, CISOs will need dependable security capabilities that work alongside the business to enable them to move faster.

To this end, I look forward to taking an active role in YL Ventures’ ideation support system, working alongside entrepreneurs who may not have even yet formed a concrete idea to help them pinpoint exactly what my peers require. My role will also afford me the opportunity to help amplify my strategic and tactical support to YL Ventures’ existing portfolio companies as a proud contributor to their superb value-add support.

Though current circumstances bar me from meeting with these founders and my YL Venture teammates in person, I will be exploiting remote communication tech to its fullest so that I may start this new adventure immediately. I cannot wait to see what it brings.