Interview with Steve King
Email interview held on 12th September 2017 – as follows between Alan Radley (questioner) and Steve King (relator):
1. What are your thoughts on the current state of cybersecurity, both for organizations and for consumers?
Frightening and getting worse. Organizations react by doing one or a combination of the following things:
2. Hire a CISO, spend hysterical amounts of money acquiring a whole lot of Cybersecurity technological point solutions to try and address every potential threat vector on the planet and then even more time and money trying to integrate them and tune them to each other
3. Hire a MSSP and pretend they are doing what is necessary without understanding what the MSSP can and cannot do
4. Install some anti-virus on the perimeter and hope for the best
Consumers react by
1. Doing nothing
2. Signing up for LifeLock or some other ID theft monitoring service
3. Install anti-virus and/or some Cybersecurity defense software/service on their home PC
Virtually none of these responses will assure that they won’t be successfully hacked. At least in the case of the companies willing to invest in Cybersecurity, there is a chance that many of them will be able to detect intruders before the breach. But the bad guys keep getting better at what they do and we keep falling further behind.
2. What – in your estimation – are the reasons behind the many computer security breaches/failures that we see today?
The cyber-attack technologies and threat vectors continually improve and the defense technologies cannot keep pace. Modern malware is poly-morphic and meta-morphic and only through advanced network analytics can they be detected prior to a breach. Most companies do not run advanced network behavioral analytics.
Soon, the cyber-attackers will be relying on artificial intelligence and machine learning algorithms to develop dynamic work-arounds the defense measures they encounter on the way toward a breach and will be able to successfully evade all of them. We have no equivalent technology dominating the enterprise defense paradigm. We are just now building AI and ML into some of the Cybersecurity technologies that are on the commercial market, but like with everything else, we are well behind our attackers.
This phenomenon goes to the maturity model around the four pillars of Cybersecurity where in every category of Education, Technology, Information and Economics, we are trailing and falling further behind. We have to spend 100x the cost of an exploit kit. We offer Cybersecurity degrees in only a fraction of our schools. We keep flogging outdated technology in the market in order to get some kind of a return on our venture capital investments. We know virtually nothing about our attackers, where they come from and which techniques they will use next.
3. Where do you go to find your “science” of cybersecurity?
I combine empirical observations from the front lines of Cybersecurity experiences our company and our customers share in the defense of their information assets on a daily basis with logical reasoning. I wrote a book on the topic. Information security is a science in that all behavior including human can be modeled based on Bayesian statistics and Frequentist probabilities. Our platform relies on those principles to create dynamic threat models and detect anomalistic behavior.
4. Do you recommend a particular cybersecurity blog that our readers could follow?
5. What keeps you up at night in the context of the cyber environment that the world finds itself in?
The lack of leadership at the top in business and in Washington. We are on the brink of a national and corporate calamity and no one is responding in kind.
Thank you kindly Steve King for taking the time out of what must be a busy schedule to answer our questions in such a purposeful way.
Interviewee: Steve King,
COO, CTO, Netswitch Technology Management,
Lincoln Law School of San Jose.
Steve King – Biography
Steve has over 20 years of computer industry experience in information, cyber and data security technology, software engineering and product development. Extensive experience with Enterprise Information Security Services, Business Intelligence, Content Management, Systems Development and Integration (SAP, Oracle, PeopleSoft, JD Edwards, Lawson and Siebel), Network Engineering and Web application development. Venture-backed startups, global information security, security architecture and security operations.
As a co-founder of the Cambridge Systems Group, Steve led the marketing effort for ACF2, which would become the leading Data Security product for IBM mainframe computers. As a direct result, Steve is now known as the God-father of Information Security.
Raised over $42m in Venture Capital.
Recently created Securli®, the market-leading Advanced Threat Security-as-a-Service platform solution in the World.
~ Grew a $42m Software and IT Services company
~ Created market-leading enterprise data security and information security products
~ Built and trained sales teams that sold over $180m in software/services
~ Led software engineering for three successful content management products
~ Created market-leading imaging products for business process automation
~ Managed on- and off-shore product development for BI and Data Warehouse software
~ Managed over 450 professionals and 7 large data centers throughout the US
~ Served as CIO for companies in the Computer Manufacturing and Health Care sectors
~ Published author of business books on Retail Web-marketing Strategy and Data Security
~Investor in, ran Marketing for and is currently serving on the board of ConnectAndSell
Worldwide marketing, partner marketing and corporate development experience.
Multiple patents issued encompassing contextual semantic search technologies, web-enabled multimedia audio transfers, and database smart query processing.