Clear Minds - Clear Hearts - Clear Mission

In my career, I’ve had the opportunity to work with some amazing startups led by innovative thinkers, driven by an unwavering commitment to their missions. I’m so proud to say, Claroty ranks at the top of the list. 

Let me explain… 

The mission focus of the companies I work for is incredibly important to me. I may be a Marketing professional – and in infosec circles we are loathed almost as much as (more than?) an insider threat – but I come from a long line of individuals that dedicated their lives to the protection of others. In my own small way, I want my professional life to parallel that commitment. If you’ve ever been (un)fortunate enough to have a conversation with me outside the W at RSA, or the Real World Suite at BlackHat, I think you’d agree that it is the mission above all else that drives me. If you haven’t had that opportunity; see you in August? 

I was responsible for Marketing at NetWitness (acquired by RSA) where we pioneered the concept of full packet capture and session recreation. The concept was simple yet elegant – if you record every packet that traverses the network, the work of the adversary is incapable of being hidden. Like the Ragu of forensics, “It’s in there!”

I worked for them at the dawn of the Intellectual Property theft pandemic, and the visibility that we gained over a couple of years into the attack vectors used by nation-state adversaries led me straight to my next adventure. Spear-phishing was and (ugh) still is the primary attack vector of the adversary. I wanted to do something to change that reality. Everybody was talking about cyber-pearl harbor and I was out there yelling about “digital Chinese water torture!”   

I took a ground floor opportunity with Invincea (acquired by Sophos). I was thrilled by the idea of building something but more importantly was drawn to the idea that we might be able to revolutionize endpoint security and take the spear-phishing attack vector away from the adversary. I spent 4+ years there banging my head against the wall at every new breach disclosure headline – from the private sector to the public – which all seemingly originated with spear-phishing. We pushed the needle forward for sure but the market as a whole still struggles to combat a threat that arguably led to the theft of hundreds of billions of dollars worth of intellectual property.

When the time came to leave Invincea, I knew exactly what I wanted to do and I went straight to iSIGHT Partners (acquired by FireEye) to do it. I realized that protection alone would never change the paradigm, that business and security leaders needed a real-time, real-world understanding of the motives, methods and intent of their adversaries. They needed threat intelligence that could help inform them to the threat over the horizon, help them prioritize response to the threats they were seeing in the present, and help them drive the right investments and strategies to combat both. 


A Moment of Claroty…

I realized that I wanted to focus the next phase of my career on the Industrial Control System/Operational Technology (ICS/OT) front late in 2014. iSIGHT had acquired Critical Intelligence – the brain child of Bob Huber and Sean McBride (awesome, insanely impressive dudes that came from Idaho National Labs - INL) – and with it a focus on threat intelligence for the Critical Infrastructure domain. 

Spending just a few hours talking with these two had me convinced that: 

a) the threat was evolving from theoretical to probable 

b) the state of readiness in ICS/OT security was far worse than its (not very good) IT counterpart. 

In 2014, as part of our intelligence work, iSIGHT disclosed the activities of a Russian state-sponsored cyber espionage team we dubbed Sandworm Team. The disclosure made international news as they were utilizing a zero-day that impacted every version of Windows stretching back to Windows 95. The day after the disclosure though, is when the real wake-up call occurred for me. Trend Micro analyzed our disclosure and compared it to some research they were doing – finding that the team had developed targeting capabilities for GE and SIEMENS industrial control systems. They were probing US Critical Infrastructure. This prompted an alert from ICS-CERT to the Energy sector but did little to wake folks up to the growing threat.

In 2015, when the Ukraine outage occurred and iSIGHT concluded that it was the work of Sandworm Team, I realized where I would be heading next – to a company that could help rapidly change the security posture of the ICS/OT networks that run the world’s critical infrastructure. 

After iSIGHT Partners was acquired by FireEye, I spent a good amount of time working to help raise awareness in Government and to convince the world of the need to focus on ICS/OT security. I’m proud to have worked with folks like Sean McBride and Dan Scali to release a report on the woeful state of vulnerabilities in the sector. When the time came to move on, I wanted to be closer to the action from a defensive perspective… 

And so I met Amir Zilberstein and Galina Antova – two of the co-founders at Claroty – and I knew beyond a shadow of a doubt that I was going to dedicate the next chapter of my life to their mission. 

The team at Claroty is top notch. They’ve lived in the ICS/OT domain, they have unique experiences that help them understand the minds of our adversaries and the steps needed to outpace them.  Their passion for the mission is boundless, their view on the threat is complete, their desire to bring about change before the worst scenarios can be realized; admirable, visionary, timely.

I came to Claroty because there is no more important work in the field of cyber right now than driving a rapid, exponential advancement in the security posture of industrial control networks. I believe that the threat is at our doorstep and that for any that still need convincing, the second Ukraine incident should be enough proof. But leaving alone the cyber-war scenarios – I believe that criminals are coming to this domain and that it is only a matter of time until they use ransomware to hold industrial networks hostage. 

AND – I believe that unlike what we’ve experienced with massive Intellectual Property theft, where the impact has not always been immediate – when these threats finally manifest themselves, the results will reverberate and will shock our economic stability. 

I’m so proud of this team.  Our mission, capabilities, technology, philosophy of working as a partner with our clients – all of these things led to Dave DeWalt joining as our Chairman, to Rockwell Automation selecting us as a partner and to our finalist position in the RSA Innovation Sandbox

I’m on a soapbox because I want you to know that we’re here – that we have a serious mission driven focus -  and I think we need to talk.