Hi, everyone, Ed Amarose here. Welcome to our video interview series. And I'm here with a very good friend of mine, Kirsten Bay, who is the president and CEO of a very cool cyber security company called Cyber adAPT. >> Hello. Welcome. >> Thanks, nice to be here. >> Hey, you live on two coasts. You live on the West and East Coast. >> The best of both worlds. >> Is 1A your main apartment like on an airplane going back and forth? >> Yeah, I generally say I domicile on American Airlines and then just reside in other places, so yes, exactly. I just need a mail stop on America and then my life would be simpler, so. >> Well, I'll be darned. The life of a tech company executive, right? It's tough going back and forth. Hey, tell us about yourself. Tell us how you came, sort of your life journey to this very cool job. >> Well, lots of people describe themselves as serial entrepreneurs but I don't say that, I say that I'm a serial student. And it helps mitigate the crazy sounding part of my career because I've been through many different iterations and running a cyber security company. I was just in a car and someone said, so you must be an engineer. No, I majored in English and German literature with subsetting German philology and so never the twain shall meet. Right? Had you told me well those many years ago I'd be running a cyber security company, I would have thought, you're crazy. Right? But it really is about loving to learn and so I've had a variety of different experiences in financial services, in manufacturing, and it's taught me a lot about business, which is what I love, I love complexities of business. And I had the opportunity to work with someone on a built in security model book and I didn't know anything about security. But it was about econometrics and how do we value data for loss and it was so intriguing to me. And I really saw the opportunity to use understanding of business policy and business symetrics to integrate in cyber security. About twelve years ago, that was really in the beginning stages of how we start to look at solving risk problems in cyber security and I was hooked. I was hooked because I met these people who all really want to solve a really hard problem, who were all intellectually curious, and I was offered the opportunity to go on this journey which was partly academic and partly just a journey which was how do we solve this problem. And I got to grow up and mature in an industry that was growing and maturing. And so went through policy, worked for intelligence side of the business, and helped integrate intelligent reporting into enterprise worlds. And then got to Cyber adAPT where we have tried to bring it all together and help people be faster and smarter at beating the adversary who is pretty fast and smart. >> Did you find that the multi-disciplinary background that you had, did that kind of helped you as you were introduced to these new topics? I'll bet the others felt ike you were bringing maybe a different perspective to the problem, is that how it went down? >> Absolutely and what was really nice about it, especially having worked in financial services world, it's a very different world, right? It was a very collaborative model and people were very excited to introduce a new way of thinking into the world of cyber security. But one of the things too, I was a little bit older by the time that I got into this environment from when I started out in my early career. And I was young when I graduated from college, so I actually was a division head but couldn't rent a car, because I wasn't old enough yet to rent a car. And so I was very, very serious, which I can still be pretty serious, but I felt like I had to be smarter, faster, everything because I was the youngest person, right? And so when I got into this world, I just was passionate and excited about this. And as much as having this cross-disciplinary approach to the problem, which was very important, but I'd also let the enthusiasm shine through and my desire to really be part of a solution. And I found that that was probably the bigger hook than anything was people were like, I love this, this is so exciting to have someone who is willing to roll up their sleeves and do this. And that was from the FBI to all these other places in DC and it helped me really be true to who I am really as a person and realize that that really propelled my success as well. I was being true to myself. >> That's awesome. Now, tell us about Cyber adAPT. What are some of the things that you do? What's kind of the value proposition of the company? And maybe you can give a little bit about what it's like to run a cool company like that. >> Well, the basic premise of our company is detection. And there are lots of network traffic analysis type companies and this is a really burgeoning area of cyber security. But for us, it's leading it from a threat centric approach. And the reason for that is because we all came from this threat intelligence world, and while we did really interesting work and had very interesting data, people really struggled to consume it into their environment in a way that they could be rapid in consuming it and rapid in deploying it into their environments. So when I had this opportunity to look at a technology that looked at live traffic passing up to a hundred gig backbone, so massive backbones, massive networks and not dropping a packet. I saw this opportunity to marry the outside, live in the wild attacks with the inside the network to really solve the question of what does it mean to me. That's what customers want to know. I had to solve a problem fast and then I acquired a mobile security company to tack onto that because the purpose of network traffic analysis is to have visibility. But you can't have visibility if half your traffic or more, like laptops, tablets, phones, people at home, in Starbucks, wherever, they're all outside, off premise. So what I wanted to do was create the same level of visibility that an in-network type of solution would give you and attach that outside so that now you have full packet capture. All your off-premise devices and inside and provide rapid response integrating intelligence. >> That integration of mobility and attack detection is pretty unique in the industry. I haven't seen too many companies doing that. I thought it was cool when I saw you'd gotten integrated with Winn Shorthouse Original Group. >> That's right. >> Winn's an old friend of mine. >> That's right. >> Some good technology there. Was that an easy thing to integrate for you? >> It took us about a year. And so initially, we were able to kind of cobble it together, we would stick one, an ethernet or a LAN to one side to the other box and pass the traffic. Now we've released this fully. >> The connectors in the beginning and now it's better if you don't have to do that. >> It is and so now we just released our skwiid platform. And skwiid is the detection within all these connectors, all built in to one unified, >> So squid, meaning big head, a lot of tentacles? Is that the idea? >> We wrap our arms around the things that [LAUGH] >> Hey, that's good. Poor squid always get a bad rap. Now they finally have a purpose in cyber. >> Yeah they have a purpose and also developing visibility in those dark areas where you can't see where the squid lives, right? In those dark regions of the world. >> It's a metaphor. So tell us about running a tech company. Is it kind of challenging at times? Is it fun? Challenging? Hard? Great? >> It's all of those things and. >> When it comes to mind first like you're playing word association, what were the first [SOUND]? >> This is my life's dream, I was one of those weird kids who was, I'm going to be a CEO and people thought I was crazy. So to be able to say that I do the thing I dreamt of doing is really exciting. It can be really scary, because there are definitely times when things aren't going as super well as I'd like them to be going. And there are those moments of doubt, right? Is this thing that I have dreamt for and worked for my whole life, is it wrong? And so it's really learning how to balance what you know in your heart and to be able to say I can't, those seeds of doubt have to be quiet right now and I'm going to solve this problem. But it's remarkable and exciting to be able to, my team talks about division and how much they love division and to have people say I love to be here because we're solving a problem and I'll do anything I can to make this company successful. Those are the things that are sort of the intangibles of leadership that people don't talk about when they run companies, which is you get to help people realize their potential and see potential in other people as well as a vision of what you can do to solve the problem. And I think that that's the best gift that I could have in my life. >> And cyber is so much harder because of this threat that's changing so dramatically. It's not like you're manufacturing plumbing parts or something. It's not a static kind of business that we're all in. It must be tough to layout strategic direction and to build plans and roadmaps. I'm not really sure what the threat's going to be next year, could be some crazy global catastrophe or could be nothing, and you have plan, I would imagine that makes it hard. >> It's challenging and it's also challenging because we're doing something, as you say, that really no one else has done. >> Right. >> And so we've managed things like how do you build a database that can store two years worth of metadata to correlate events that are passing at 20 gig and how do we do that, pass live traffic at 20 gig. And then [INAUDIBLE] firewall, we're pushing other traffic at the same rate, alerting and trying to bring all that together in one solution and hoping. Right? That that's the right vision. And in addition to then we have research teams that are continually looking at what's the strategy to bring in that data, to understand that data, is it user behavior analysis, is it traffic analysis, is it intelligence products. The reality is it's all of it, right? And so you have to move through the stack of prioritization of how do you develop those things and in which order to bring the most positive solutions for the customer as fast as possible and then continue to augment as we move forward in our plan. So it's a lot of juggling and trying to make sure you're on the right track. And then the teams get frustrated because you have false starts sometimes. When you're not entirely sure what the solution is or you think you do but you're building something that's new and there have been times in the company when it's like, this was terrible, I'm like, well, we didn't know, now we know. So it's a really interesting experience. >> Yeah, I know your firm is growing because you're building out your team. When you're hiring, say, a young person coming in. What are some things you look for? If you were interviewing a person coming who was eager and wanted to be part of your team, and you're starting that interview process, is there a couple things that you're looking for in youngsters coming into the business? >> Curiosity, intellectual curiosity. And the desire to be part of something where you're willing to take a crack at it three or four times recognizing that you're going to hit some of those brick walls as we have. And having the patience to be able to pivot on those things, and so for us, what we find fascinating about our journey is that the network piece, people understand but we realize that it's just enough different that even our own people internally kind of have to go on this journey of, that makes perfect sense, I get it. And then we give them one of our little tests to kind of just assess that we're talking about the right way and they missed two or three to help people really get on the right path, this is why it's differentiated. And that's really where for people to be curious about how do we continue that differentiation is I think essential. And so understanding things like network analysis but also in the case of compromise, motivation and adversary. Trying to think about how do we continue to integrate those things to be faster and thinking about on the macro scale of how does that impact a government or a company, and understanding business and how to prioritize for companies because it's not enough just to understand the bad guy. >> Wonderful advice. Well, listen, on behalf of our whole learning community, I want to thank you for stopping by our campus here in Brooklyn. >> Thank you. It's a pleasure to be here. >> On a nice day. >> Yes, indeed. >> You and I got to take a little stroll through Brooklyn. >> That's right. Colorful place. >> Wonderful to see you. Thanks so much for coming by. >> My great pleasure, thank you. >> It was great. >> Such a pleasure, thanks. >> And we'll see you next time.
