An IT team can invest millions in security – in firewalls, encryption, applications, etc. – and still not be any closer to understanding the true security posture of their organization.
Know My Company
Tell us about your journey into the Intelligent tech industry. What galvanized you to be a part of Cavirin?
I’ve been involved in some aspect of networking for over 30 years, starting with the military working with the Defense Data Network (DDN), a precursor to today’s military networks and probably the first internet. On the commercial front, my first role was at Cisco in Europe in the mid-90s, and since then, with various companies, both large and small, in the security, cloud, and SDN spaces. My roles have always been marketing and/or product management.
At my previous company, I saw the power for the first time of a hybrid-cloud deployment, along with continued security concerns. Cavirin combines security and the hybrid cloud and is able to take advantage of the incredible growth in this space, coupled with the need for more intuitive approaches to security.
How is Cavirin different from other Cyber Intelligence platforms in the market?
Our strategy is to focus on the business outcome, vs the underlying technology.
An IT team can invest millions in security – in firewalls, encryption, applications, etc. – and still not be any closer to understanding the true security posture of their organization. This is the CyberPosture that we talk about, where, as a CSO or CISO, for example, I need to understand where I have gaps, where I need to be, any changes that have occurred over the last day, for example, and how to make necessary changes.
We have the concept of a ‘golden posture’ which defines where the organizations need to be, on a scale of 0-100, where 100 is perfect, where they are, and what they need to do to improve. And, this info needs to be actionable both to DevOps as well as understandable by the board. There are companies in our space that do only cloud security, or look at the on-premise infrastructure but don’t combine the two with scoring. We believe we are unique in this approach.
How do you prepare for an AI-driven world as a business leader?
The key is understanding where these capabilities are deployed, the applicability of a particular approach to the business at-hand (as there are so many), what companies are moving the needle, and where they can help solve our customers’ security concerns. We’ve got some of this today, with our ability to prioritize remediation efforts and guide CISOs to the golden posture I just mentioned. But it is only the beginning, and I see capabilities outside of the company that we could easily adopt. Google’s AI efforts, for example.
One point I’d like to clarify is the statement that AI will put millions out of their jobs. Sure, there will be some displacement, but new opportunities will open. In the past, people said the same about industrialization, globalization, and automation.
What is a CyberPosture Score? How could businesses rely on Cavirin to build their risk readiness using this metric?
Building on what I mentioned, the CyberPosture score reflects the security posture of the organization, both on-premise and across one or more public clouds. It represents the inverse of risk, much like a credit score. And, the composition of the score follows the same types of actions that a hacker goes through to infiltrate an organization.
We look at assets/resources, assess threats, sometimes using intelligence from third parties, we identify weaknesses, evaluate controls, determine the likelihood, and then analyze the impact. Not a bunch of tables and separate signals, but a single score. As I mentioned, in our space, we are unique in doing this.
How does Augmented Reality unlock the possibilities of image-based conversation, including for videos?
If I understand the question correctly, I see two areas. One, in which the viewer is more passive to a video, but via AR, additional content is displayed.
A sports game, for example. Or a news show with additional data as an overlay. This of course only moves that additional content from the screen to the AR experience.
The goal here will be to add to the experience, and not distract. The other possibility is two-way communication, with additional content added via AR. For example, colleagues discussing new product offerings. This moves this content from the desktop, and hopefully, the ease of use will be better than most current web conferencing platforms.
Could AR/VR intelligence solve key security issues in IT businesses?
Not really, as it is just another way of interacting with the data. You need good data, and that comes from good software, algorithms, and knowing what to look for. I think it will help humans better interact with the data, and maybe glean relationships quicker than a 2 or 3D graph on the desktop, but I’d think that ML/AI will have more of an impact.
What are your top predictions and must-watch AR-related technologies for 2018-2022? How much of these technologies would be influenced by socioeconomic trends?
It is a bit of a chicken and egg. Outside of industry, making AR really accessible will require a new generation of hardware as well as software to take advantage of it. Once that nut is cracked, the floodgates open, and one of the real benefits can be education. Bringing a more immersive and exciting experience to students. I know some of this exists today. For example, I have the Oculus Rift at home, and in conjunction with Google Earth, one can travel anywhere in the world (and beyond).
Think of the next iteration, available on the desktop, of being able to go back in time. Alas, I don’t think there is a single device even in Los Gatos High. It will take time, but it will happen.
What’s the “Good, the Bad, and the Ugly’ about Big Data and Cyber Intelligence — How do you prepare for these situations at Cavirin?
The good is the potential of using large databases of threat intelligence and user behavior at your disposal, with a goal of spotting trends and preventing future breaches. The bad is that the hackers have access to the same information, and are using the same AI/ML techniques. We hope that our product places the analyzed data in the hands of the good guys as soon as possible, helping to combat the bad actors.
Do you think “Weaponization of IoT Technology” is a possibility?
Yes, and there are two parts of this weaponization!!!
The aspect usually covered is IoT hacking, where, for example, parts of the energy grid can be taken over and used for malicious intent. True, the utilities are spending a lot of effort here, but they have a way to go. The recently released US National Cyber Strategy document is a good baseline on official positions. The second, more distant but scarier aspect, is the offensive use of IoT. I remember back to a Black Mirror episode, Hated in the Nation, that was especially disturbing.
The Crystal Gaze
What other AR/VR start-ups and labs are you keenly following?
We’re probably all following Magic Leap due to curiosity, some of the retailers are installing AR kiosks, and you could consider Apple to also be in the AR space. I’ve loaded iOS 12 which has some of this but haven’t yet tried it out with the exception of the measuring app. To be honest, over a year ago, we purchased the Oculus Rift.
Yes, an early adopter.
In fact, I was also was an early purchaser of the Leap Motion device. Every month or so I turn it on, and check for any new experiences. Google Earth is still my go-to, but the overall experience has soured me to an extent wrt the current crop of platforms. You probably need another generation in terms of portability, resolution, cost, and quality of the VR experience to really make a foothold in the home.
Which industries you think would be fastest to adopting AR platforms with smooth efficiency? What are the new emerging markets for AR technology markets?
Notwithstanding my response above, I’m a firm believer in the utility of AR in industry, and in fact, it is gaining some great traction. We have vendors specializing in certain areas – medicine, heavy manufacturing, energy, etc. These were some of the earlier uses, and in some cases, an AR experience is now almost a requirement. Aircraft maintenance, as an example. I can see AR and VR extending down into other industries. Take security, for example.
Today’s trade show demos will, in fact, result in useful capabilities within a few short years.
What’s your smartest work-related shortcut or productivity hack?
I use shared documents quite a bit, not only for collaboration but to track tasks and keep a running record of past outcomes. But, I do this mainly using spreadsheets vs any specific productivity programs. I’m also a fan of large displays with multiple windows open.
Tag the one person in the industry whose answers to these questions you would love to read:
Thank you, David! That was fun and hope to see you back on AiThority soon.
Technology executive with 25+ years experience leading teams that include product/solution marketing, product line management, vertical solution marketing, business development, advertising, branding, AR/PR/IR, and social/new media marketing. Diverse experiences across large, medium, and small organizations, both public and private, spanning networking, security, cloud, and SaaS. Strong track record in shaping the brand and defining the product, developing the technical and solution strategy, setting the vision for overall company positioning, striking and nurturing technology partnerships for innovative joint ventures, and exploring pathways to break into new markets that include SDN, converged infrastructures for data centers, and cloud security. Greatest strengths include establishing and growing company/business market positions in hyper competitive markets, leading strategy and implementations of organizational turnarounds, building best-in-class teams and change management
Cavirin protects your digital assets across the enterprise hybrid cloud by delivering CyberPosture Intelligence. We permit enterprises to maintain their ‘golden security posture’ via continuous visibility, automated scoring against the widest set of industry best practices, regulations, and benchmarks, and remediation leveraging predictive analytics and by integrating security into the DevOps cycle.