Credit: Neustar Security Services Michael Smith is the Field Technical Director of Neustar Security Services
Michael Smith is CTO at cyber security firm Neustar Security Services, which gives him an insider’s view of the role of hype in the industry.
Cybersecurity is constantly in the news as a result of relentless attacks by ransomware gangs and the threat of black hackers being used by Kremlin gremlins to cripple Ukraine’s infrastructure. However, the expected Russian cyber war in Ukraine has not materialized so far.
Cyber attacks like SolarWinds, JBS and the Irish Health Service have put the need to strengthen digital defenses front and center for many top executives. Cybersecurity hype has soared as a result.
Looking at Google searches over time, it’s clear that the trend is only going up. Global Google for “cyber security” has grown every year since 2013.
Investment in the industry has grown in tandem with cyber security hype on Google searches. Venture capital (VC) investors pumped just over $1 billion into the industry across 130 deals in 2013, according to new data from research firm GlobalData on July 28. Over the following years, annual investment increased year on year, albeit with a slight decline in 2020.
However, investment levels recovered in 2021. VCs backed cybersecurity companies to the tune of $26.3 billion across 729 deals last year. The level of investment seems to have fallen slightly this year. So far this year, investors have only added $9.4 billion to the coffers of cybersecurity companies.
The decline could be part of the overall contraction in the tech industry that we’ve seen over the past six months. Tech stocks fell and startups suffered a downturn during that period, fueling fears that the tech bubble could burst.
It remains to be seen whether the bursting of the technology bubble will affect the hype surrounding cybersecurity.
In this, the latest in our CTO Talks series, Smith talks about the cyber-security hunt, his past as a Russian translator for the US military, and the joys of blowing things up.
Eric Johansson: Tell us a little about yourself – how did you end up in your current role?
Michael Smith: I had various detours – I joined the army at 17 to escape my home state of Idaho and worked as a Russian translator and intelligence specialist for eight years. From there, I moved into Linux system administration and Local Acceptable Noncompliance Program (LAMP) stack programming during the Dotcom era as CTO of an e-commerce startup, before moving to Washington where I spent 10 years working in several hybrid roles that included security management, risk and compliance.
Where did your interest in technology come from?
I started programming in the late 1980s and after my early experiences, I really wanted to do a computer related job in the military, but there weren’t many options at the time so I looked for outside experience. While stationed in Germany, I taught myself system administration, and when I left active duty, I volunteered at the local Linux User Group and fixed all kinds of systems every Thursday night, sometimes until midnight. I turned that into my first IT job.
What do people get wrong about cyber security?
It’s a constant losing battle. Cybersecurity is the intersection of security, cost, and usability, so the space is designed to be in constant conflict with one side or the other. The first step to recovery is to admit that you will inevitably make mistakes or that there will always be a gap in your security, so it’s about finding a balance between values, not perfection.
How to separate hype from true innovation?
The cybersecurity industry is known for its hype cycle. Every year there is a new trend which is usually recycled technology with a new color and a bunch of stickers. For me, I look at what the use cases are and the problems that this technology solves – that’s how you cut through the hype.
For example, we just introduced a separate infrastructure for authoritative DNS that solves some interesting problems by using two different infrastructure providers. DNS is a very mature technology and it’s a fairly abstract set of use cases that are hard to visualize, so it’s very tempting to fall back on ‘hype’ to explain it.
What is the most important thing happening in your field right now?
Control effectiveness and log analysis are everything. With problems such as detection of advanced web-crawling robots, you are required to scan artificial intelligence (AI) or machine learning (ML) with ‘cheat code’ to get detection and blocking in real-time and at scale. I’m really interested in that bridge from ‘new technology’ which is pervasive but requires more resources, to older technology which is much smaller and faster – that’s where cyber security is going.
What advice would you give to other CTOs?
There are two types of leaders in any organization, those who are position leaders and then the unofficial group of leaders that we in the military lovingly call the “E4 mob” and what Gene Kim calls “The Rebellion” in his book “The Rebellion”. Unicorn Project. Find those leaders – technical leaders, architects, people with organizational knowledge – and point them in the right direction. They can mobilize each other for great justice if they have the right support and can become a phenomenal resource for you to find out what is really going on inside the organization.
What is the most surprising thing about your job?
Right now, I’m surprised at how quickly I’ve settled into my role now that I’ve been in it for three months. One day I woke up and looked around and now I’m that old school infrastructure and web application guy who knows a lot of stuff and people look to me for advice and experience. It’s just like the commercials: “We know something because we’ve seen something.”
What is the greatest technological challenge facing humanity?
“IT security geek challenges aside, something I think about a lot is that the digital divide also coincides with the income divide. This is an area of work with a higher demand for staff than our ability to create workers and this has led to higher wages for my colleagues all around, of course everyone’s experiences are different. Everything goes back to the re-education and training of displaced and/or technologically redundant workers. This affected my hometown and my family in several ways. I think boot camps have their place here as well as traditional education.
What’s the weirdest thing you’ve ever done for fun?
I used to be an infantryman, so I had some interesting experiences with things that go “boom”. I remember the day they handed me a C4 block and said, “Today we’re going to teach you how to blow a door.” I literally thought to myself “31 years of life, 13 years in the military, all culminating in this one day when things go ‘wired’.”
In another life you would be?
I really wanted to be a fisheries biologist when I was younger. In high school, we didn’t study math or English, but we had classes in all kinds of outdoor activities, from fly fishing to white-water kayaking to mountain biking.
I have always been fascinated by water. I volunteer with the Healing Waters Project to teach fly fishing to veterans and have about 270 dives and about 100 macro photography dives. I use my hyperfocus skills to take pictures of 5mm long creatures like nudibranchs and shrimp on the ocean floor.
GlobalData is the parent company of Verdict and its sister publications.
Comments are closed.