Hackers always seem to be one step ahead of cyber-defenders
But one step is all they are allowed. It's my job, and the job of other CTOs in the cyber-security industry, to keep pace with hackers and, if we're lucky, beat them to the punch, providing a solution for a problem or risk as soon as it's discovered, when it's still a true zero-day risk.
I, and others in my role, certainly have our hands full. The massive ransomware attacks of the first half of this year–Wannacry, Petya, and others–made 2017 the worst year for cyber-security ever. A report by NTT Security said that cyber attacks were up 24% globally during Q2 2017 over the same period a year earlier. Even worse: Hackers are becoming more adept at spreading malware once the “proof of concept” is validated, as cyber-criminals seek to take full advantage of their weapons before mitigation tools can be developed.
My job is to stop them–by examining what they are doing and responding as quickly as possible with a solution.
As a CTO with a background in academia, I work using the scientific method–examine the problem, develop a range of solutions, examine the IP to make sure it's not something that's been developed yet, and build a prototype. After that, it's the decision of the company on whether or not to go ahead and develop a product and to market the solution to current and new customers. The development of a unique IP for the company is crucial to our business model, and it's something I do almost every day; the right IP positions us to quickly develop a solution when there is a demand for it, and it gives us a leg up on the competition.
And the competition is stiff; just as hackers try to outdo each other with ever more unique and outrageous exploits and attacks, so do cyber-security firms try to be first to market a solution to a problem or develop a solution before there’s a problem in the first place. In that sense, Secret Double Octopus has an edge over many others; we are the only company using secret sharing, in which authentication and security data is sent via multiple routes between devices and servers, and most of our solutions are based on that, so when we need to develop a new product, I already have an important component of the IP wrapped up.
Just last week, for example, we discussed a further breach in Whatsapp, and wondered whether the time had come to market a solution for the ongoing breaches in that program and other social media programs. We've already developed the technology to do that – the question is whether or not the time is right to begin marketing it.
Being a woman in a male-dominated industry
Not that we have the solution to everything; there are a lot of cyber-security firms pursuing solutions to cyber-attacks and exploits as soon as they are discovered, and there are plenty of firms that are larger and better funded than we are. My personal philosophy on missed opportunities: There are always new ones coming along. Hackers provide new opportunities every day, and unfortunately there is more than enough work to keep us and all the other firms busy for a long time to come.
To some, the fact that a woman would have so much influence in a firm in a very male-dominated cyber-security industry might seem odd – but truthfully, I have never felt any discrimination or outright sexism, whether in the lab or the boardroom. Sure, there have been the surprised looks the first time a colleague or customer met me, but once that initial ice is broken, it's business as usual, with those I meet with giving me the respect I deserve as a professional.
In the 21st century, it’s fair to say that the doors to the research lab and even the board room are wide open for women; the law, custom, and social morés have made discrimination a thing of the past, for the most part, The question for many women is not “can they” based on external issues - it’s “can they” based on their own feelings. Many women will not apply for a top-level position unless they fit the job requirements to a tee - and then some - because they fear discrimination, or just don’t believe in themselves enough. Men, on the other hand, often feel confident enough to take on a job that they may not have all the qualifications for - because they feel more confident about themselves and their abilities.
Whether it’s due to past discrimination, education, the way their parents raised them, a lack of support in school, or any other reason, it's not always clear why many women feel this way, but that women are not as confident as men when it comes to top jobs is clear, at least to me. The only way to overcome this, I have found, is to evoke that same high level of confidence that a man would have. And never be afraid to try and grab the brass ring; nobody is getting any younger, and there's no way to know when, or if, an opportunity will present itself again. The worst they can say is no, but that’s their loss. Tough break, for them!
About the Author
Shimrit Tzur-David is the CTO of Secret Double Octopus.