Cyber Security Executive Talks Startup Success, Busy Market

The July 23 edition of “Task Force 7 Radio” was loaded with insight on cyber security startups, as well as assessments of the Internet of Things (IoT) and cloud computing. Show host George Rettas was joined by Board Director/Advisor, and GTM Consultant, Chris Kenworthy.

Kenworthy began his “Task Force 7 Radio” discussion by outlining his extensive experience with startups in the security space. He said it dates back to 1993, when he dealt with SSL and, later, modems. At which point – and after two stints with RSA – Kenworthy worked with VPNs, vulnerability management, and worked alongside McAfee for nine years. His experience has also included: mobile security, mobile apps, services for SOCs, threat modeling and IoT.

In his role, Kenworthy can join a startup as a full board director or advisor, where he helps define and simplify products as they go to market. He said a number of companies will sink just based to their go-to-market (GTM) strategy.

“All startups don’t succeed,” Kenworthy said on the air. “Some companies can explain their technology better than others… (My advice is to) get in front of customers, or in front of peers, as much as you can. No matter your position, networking is what is going to advance your career in cyber.”

He continued: “Learn from your peers, and share as much as you can. I can’t emphasize that enough – cyber is a very sharable field.”

The Architect

As for the most sought-after position in cyber security, Kenworthy said it’s likely the so-called “security architect.”

He said: “These are people that are the most senior, the most experienced, and have grown up in the ranks.”

They’re architects inside the company that help in a cross-discipline manner. They are true security experts and can go across the company to help with high-level initiatives. For example, the “architect” might assist DevOps or reconfigure the network to block risks from IoT.

This person is also a “good target for vendors to be talking to,” since they know everything about the business and its challenges

Crowding

This market happens to be “insanely crowded,” Kenworthy told Rettas. It has driven a record number of “growth players,” thus meaning that companies are “stepping into” cyber security, or startups are entering the space. Kenworthy cited the RSA Conference count of approximately 600 exhibitors, much higher than the 300 mark in 2008.

“Expanded technologies make more ideas seem valid,” the “TF7 Radio” guest said. “Artificial intelligence and all the other buzzwords out there: People are looking at this and saying, ‘Aha, I have what it takes to solve the problem out there.’ They think they have the secret sauce that’s better, but so many of them fall short. Some (products) may be technical, but not easy to use.”

Venture Capitalists

Adding to the subject, Kenworthy said, “(Many) companies tend to be VC-funded. There are more VCs out there than ever before, and more that have stepped over to cyber practices… They’re all looking for the next unicorn.”

Nevertheless, success could hinge upon the GTM strategy – so, sales, marketing, pricing, positioning and promotion. Kenworthy said many startups can’t get out of the gate because they take early funds and inject it into the technology. Then, when they’re low on money, they try to figure out how to bring the product to market.

See Related: Cyber Expert Discusses Risk Assessment, Proper Skillset

“(These) startups didn’t think about GTM, what to do to sell,” he said. “(These folks are) proud of their technology, and they should be… But, you can’t underestimate what it takes to get it right.”

The “TF7 Radio” guest even opined that approximately half of the cyber security startups out there cannot survive longer than five years.

The Kill-Chain

The cyber security executive said on the program that once security professionals began their info-sharing initiatives, the market started to see some improvement. But then came the Lockheed Martin kill-chain model.

“That was when we all woke up and realized the difference between a hack and a breach,” Kenworthy said. At that point, folks in the space began to realize they needed to pull some disparate technologies together.

Then, startups began to see where they fit on the kill-chain. “VCs were going crazy,” Kenworthy said. “Everyone had good ideas. We were overwhelmed with new technology.”

Cyber Security ‘Bulge’

Kenworthy veered away from identifying the space as a “bubble,” much like the housing industry. Instead, he called it a “bulge.”

“A bubble implies a pop, which would be sudden,” the “TF7 Radio” guest said. “Instead, it’s a bulge: It grows out a little bit and then we grow into it as a market. It’s a numbers game – there are thousands of companies out there, and the market can’t absorb all of that. Of 20-30 startups, each of which are trying to do something similar, a couple will succeed. A couple will be bought, but the majority will not.”

Where do these startups add real value, though?

“There will always be a few big winners…either in new spaces or companies that move into the ‘meat and potatoes’ spaces…” Kenworthy said. “The next layer of startups, their exit can still be ‘successful’ but not as big. They might be acquired by somebody bigger and become a feature in their product. A few of the others will just fade or get sold for pennies on the dollar.”

Cloud, Apps & IoT

In assessing the space, the “TF7 Radio” guest labeled cloud security, application security and IoT as the “hottest areas.”

In discussing the cloud, he said it may help companies to think of the “old CIA model with confidentiality, integrity and availability.”

“That runs you through the checklist,” he continued. “But it’s all still evolving. Do strong due diligence, though, and talk to vendors, ask them questions…”

On apps, Kenworthy said the security side is driven by “digital transformation.”

“It’s a big word and we’ve all heard about it,” he said. “In a nutshell, it involves digital assets that used to be tactical that are now a part of the survival of every business.”

He said the “transformation” is making all kinds of companies step up and embrace digital technology. As such, software developers have stepped into the limelight as well.

See Related: Data Privacy Expert Defines 'Moving Target Defense'

On IoT, Kenworthy simply said, “It’s huge. It’s everything.”

“IP connectivity adds so much operational value; the industrial side of things is booming, and often thought of less,” the guest added. “…Industrial people and cyber people are meeting in the middle. The benefits of connectivity are excelling way faster than security can address the risk implications (though).”

He continued: “Everything that connects to a network becomes operational and controllable. At the same time, the risk to companies is just now being felt.” He cited lateral movement attacks emanating from an IoT device such as a security camera as a true concern.

“Shutting down building operations, interfering with industrial systems, power grids and air traffic control – those are real threats,” he said. “It gets as complex as a nuclear power plant (too). They’re connected one way or another. And we really haven’t addressed that security issue.”

‘Pain Points’

“IoT is one pain point,” Kenworthy said, “but there are plenty of others. Startups should seek to solve ‘real pain’ with smart and simple products. There are too many products out there that are ‘cool,’ but rely on a security architect to make them work. The ‘cool factor’ is exciting, but companies want results.”

Successful products “do a lot of the thinking for you,” he continued. “Until the red light goes off, you don’t need to have the architect do anything at all… You should show that your product will decrease their workload. Then the architect can become your greatest ally.”

Kenworthy closed the show by discussing the hype in cyber security, addressing the talent crisis and suggesting that, of course, it is an exciting time to be in the space.

The "Task Force 7 Radio" recap is a weekly feature on the Cyber Security Hub.

To listen to this and past episodes of "Task Force 7 Radio," click here.

Connect with Kenworthy on LinkedIn, here.

Be Sure To Check Out: KPMG Cyber Director Outlines 'Expert Generalist,' Unified Data