I first met Brian Contos, CISO of Verodin, when he ran sales engineering at ArcSight, Inc., where I was a member of the Board of Directors. He later became the Chief Security Officer and, in my opinion, the chief evangelist for ArcSight and its products. He was extraordinarily effective in this customer facing role, and he started a podcast series at that time. I was one of his first guests on that podcast for ArcSight. In 2007 Brian and I, along with two other cybersecurity subject matter experts, co-authored a book titled Physical and Logical Security Convergence.
Brian and I started this interview with a deep dive into my 57-year history in the Security and Intelligence worlds. It is a fun little journey into the work that I did at NSA where I was fortunate to be able to lead a number of organizations in research, development, science and technology, information assurance, and the intelligence and analysis efforts against the then Soviet Union. I completed my career at NSA as the Deputy Director of the Agency. From there I went to Silicon Valley where I became the CEO of Cylink, Inc., a public company specializing in cybersecurity technology including encryption, authentication, and public key infrastructure. For the past 15 years, I have served as a director on the boards of a number of successful cyber and physical security companies.
This interview concentrates on the massive changes in cyber threats over the last 15 years and how well the security industry has coped with those changes. Perhaps the most significant change was the 2008 discovery of the first-time use of the Advanced Persistent Threat (APT). These advanced malware attacks were first discovered in DOD networks that were not connected to the Internet, thereby testing and proving that alternate delivery mechanisms could be used to place the malware. This “land, expand, and connect” type of attack has been a powerful weapon in the hands of hackers, criminals, and nation states.
Another development was the large-scale use of Distributed Denial of Service (DDoS) attacks against customer and business facing websites and networks. Still, another very effective type of attack has been phishing, which essentially weaponizes emails and email attachments to collect credentials of unsuspecting users by misdirecting them to malicious websites or other mechanisms of collecting their login IDs, passwords, and other personal information.
Cybercrime has now become commonplace, and the monetization of cyber attacks has become routine. Ransomware, which encrypts the targeted data resources of the victims, is also a growing and malicious form of cybercrime.
In summary, the means and methods of attacking the users of the Internet has mushroomed over the past 15 years and the security industry is having a hard time keeping up. The cyber solutions available in the marketplace today are all too often point solutions that are not integrated and often leave the seams between products as permeable channels for attacks.
Check out the podcast to listen to our full conversation.