Sign up for my newsletter to see more interviews with the biggest names in cybersecurity.
This week I was lucky enough to sit down with the legendary Ted Schlein for 15 minutes when he came to Penn. I told him I had read all of his blog posts and listened to all of his interviews and he jokingly told me I probably had too much free time (granted). See the awesome interview below!
How valuable was your time at Symantec in making you a great cybersecurity investor?
- It was very useful because I got in at the ground floor, just as cybersecurity was becoming commercial. It was important that I helped commercialize the antivirus because that gave me great experience with some of the products that are still used today. I invested in Internet Security Systems, my first investment, because I had worked on the antivirus and I saw how useful intrusion detection systems would be.
Obama has made threat information sharing the pillar of his cybersecurity policy, however surveys demonstrate reluctance in the private sector to share information with the government. Do you think that information sharing is a key part of a successful security architecture and do you see the public and private sectors working closely on this in the future?
- Information sharing is great in theory but it’s hard to convince all parties to share their information. The fact that he has reduced the liability for organization that share their threat information is a big step but I don’t think that it goes far enough in making sure that organizations can’t be punished for any information obtained once they share it.
- The best thing about all of this is that Obama has made cybersecurity part of the public discourse. He had a summit in Silicon Valley with some of the biggest CEOs and by introducing this legislation and announcing these executive orders, he has initiated the conversation on these issues and I think that’s the biggest value.
We’re reading more and more about the insider threat in organizations–whether that be a disgruntled employee stealing some information after he got fired or just non-malicious human error which we know causes 60% or data loss in organizations. How should organizations be looking to protect against this insider threat?
- The insider threat is tough because you have an authenticated user doing something that they’re not supposed to be doing. I think this is an area where some of the companies doing behavioral analysis and looking to detect anomalies could really be useful.
You’ve said that there’s room for consolidation in the industry, because companies don’t want a different security provider for all of their security needs. If you were a big PE firm looking to execute on this strategy, what would a successful rollup look like?
- I would start with Palo Alto Networks and FireEye and then buy a few more companies.
What do you think they’re lacking that you would look to tack on?
- They provide mostly network security products and they could use an endpoint piece.
You’ve been very persistent in declaring network security a necessary evil and saying that companies should be focusing on data security. Are CEOs getting this?
- Not really. Network security is still a big deal to them. Until recently, security was always an afterthought for the CEO. It took Target’s CEO being fired for CEOs to wake up to this. The mindset used to be, let’s build products and worry about the security aspect later. Now companies are realizing that security has to be baked into the whole development of their products.
- The biggest misconception in enterprise security is that “because cyber is such a pervasive problem, surely every businesses and organization is as highly and effectively organized around cyber as is possible.”
- Even among the biggest financial services firms, there are security issues, namely overconfidence with their current systems and a large bureaucracy that paralyzes security decision-making and slows reaction to threats.
- Some CIOs at large companies claim that Information Sharing and Analysis Centers (ISACs–the entities that collect and distribute shared threat information) often don’t help them, because these companies are able to gather large amounts of information themselves and act on it before it becomes public.
- Others claim that ISACs can be useful, but that “industry network connections and industry associations” are still the best way of gathering threat information.
- Though the headline sounds like a broken record, there’s a lot of good stuff in this article.
- After acknowledging that the bad guys have breached your network, you need to protect your data via encryption and deploy access/identity management solutions. This will solve 75% of your problems.
- The next step is to protect your company’s “crown jewels” which good companies do through “lots of interior firewalls and network segmentation,”
- Trustwave is probably best known as a SAAS business for compliance management but now provides end to end security solutions and boasts 3mm business subscribers.
- The biggest investor in Trustwave was FTV Capital.
- Russia was responsible for what has been called the “worst ever hack on a federal agency.”
- U.S. representatives will meet with China this week to discuss China’s state-run hacking which China employs for financial gain. Previous attempts to engage the Chinese government on this issue have failed because China was able to point to documents leaked by Snowden demonstrating that the U.S. is engaging in similar action.
- Government officials say that encrypting phones such that only the user can unlock them (even Apple can’t), is a safety issue because it disables them from being able to perform a warranted search on criminals.
- Tech companies argue that creating a way for the government to access this data introduces a weakness that hackers can exploit.