Thursday, September 6, 2012

FBI's Top Cyber Lawyer Steven Chabinsky Joins CrowdStrike as SVP of Legal Affairs and Chief Risk Officer

I am delighted to announce that Steven Chabinsky is joining the CrowdStrike team on September 10th, 2012.  Steve most recently served in the highest-ranking civilian (non-law enforcement officer) position in the FBI’s Cyber Division.  Steve will be assuming the role of SVP of Legal Affairs and Chief Risk Officer (CRO) for CrowdStrike.  In this role, Steve will be instrumental in addressing complex cyber security issues faced by our customers as well as helping to manage privacy and risk matters for CrowdStrike. Steve is leaving the FBI after a long and extremely distinguished career.  He is excited to continue his vision for changing the private sector’s cyber-security model to increasingly focus on adversary deterrence, threat discovery, and threat mitigation.  Steve will employ the same focus and passion at CrowdStrike he has demonstrated repeatedly over a 17-year career at the FBI. Similar to Shawn Henry, Steve is the second senior executive to join CrowdStrike after a distinguished FBI service record.

Pushing The Envelope

For more than ten years, Steve has helped shape and draft many of the most significant U.S. national cyber and infrastructure protection strategies including the Homeland Security Act of 2002, the National Strategy to Secure Cyberspace of 2003 and, in 2008, National Security Presidential Directive 54, which includes the Comprehensive National Cyber-security Initiative (CNCI).  As I have written in prior blog posts, CrowdStrike is on a mission to fundamentally change the way organizations think about security.   We are working night and day on some of the coolest technology I have personally been involved in creating; however, technology alone is not going to solve all of our collective security problems.  Pushing the envelope in “Offensive” security or “Active Defense” is the next key step in our industry’s evolution.  What better person to help advance the full range of actions that can be taken against cyber threat actors, without overstepping legal boundaries, than the former top cyber attorney for the FBI?  In his new role, Steve will directly assist CrowdStrike’s Services and Intelligence customers respond to the legal aspects of a breach and assist General Counsels in evaluating all their legal options, including liaising with law enforcement.

Sharing Intelligence Is Key

Steve is an expert on cyber law and cyber intelligence and has testified numerous times in front of Congress.  He served as chief of the FBI’s Cyber Intelligence Section where he organized and led the FBI’s analysis and reporting on terrorism, foreign intelligence, and criminal matters with a cyber threat nexus.  In this capacity, Steve also helped shape the public/private partnership of sharing critical threat information by helping to develop InfraGard into a national program.  Today InfraGard is an association of over 50,000 individuals across critical infrastructure sectors in each of the 50 states who are dedicated to building trusted relationships and sharing security information and intelligence, which is key in dealing with targeted intrusions.  Steve will play a critical role for CrowdStrike in extending the successes he has achieved in the government by helping to foster the trusted and actionable sharing of security intelligence across targeted industry sectors.

Privacy and Risk

Steve will oversee and manage CrowdStrike’s privacy and risk strategies as we evolve our big data platform.  In his new role, Steve will report directly to me and advise the company on all cyber legal, privacy, and reputational issues across the business from product development to execution. Steve’s tremendous experience and knowledge while at the Bureau in managing information sharing, compliance, and risk issues in a myriad of cyber security areas makes him an ideal addition to our already stellar team.   Steve will also help navigate the complex set of privacy laws that will allow CrowdStrike to offer the most robust Intelligence and Consulting Services to our customers.  This is really important to me because we are currently assisting some of the world's largest organizations in responding to sophisticated targeted intrusions that require a broad knowledge of appropriate legal responses. 

The Way Forward

I believe in Steve’s vision and strategy to help CrowdStrike and its customers better protect themselves.  Our mission is too important to ignore the legal complexities of cyber security law and the legal responses companies can take to raise the financial, organizational, reputational, and legal costs to the adversary.   I feel as if we are in the early days of a cyber revolution where companies can choose to stop taking daily body blows from determined adversaries and take aggressive action to deter and create a hostile environment for the enemy inside their own networks.   While there are no silver bullets or miracle “security programs” that can fix all of the challenges we face, legal “Offensive” security is the right way forward to flip the inherent asymmetry in cyberspace, which currently favors the attacker, into the defender’s favor.

Thanks again for all of your continued support and encouragement!

George

For daily updates on our mission, you can follow me on Twitter @george_kurtz, and you can follow CrowdStrike via Twitter @crowdstrike .


We continue to seek out world-class programmers, designers, incident response consultants, malware researchers, and intelligence analysts who have strong skills and experience. If you think your experience matches up, please send your resume to
mission@crowdstrike.com.

Steve Chabinsky - Full Bio

Prior to joining CrowdStrike, Steven Chabinsky served as Deputy Assistant Director and as the highest-ranking civilian (non-law enforcement officer) position in the FBI's Cyber Division.  In that capacity he helped oversee all FBI investigative strategies, intelligence analysis, policy development, and major outreach efforts that focused on protecting the United States from cyber attack, cyber espionage, online child exploitation, and Internet fraud.  For over ten years, Mr. Chabinsky helped shape and draft many of the most significant US national cyber and infrastructure protection strategies, to include the Homeland Security Act of 2002, the National Strategy to Secure Cyberspace of 2003 and, in 2008, National Security Presidential Directive 54, which includes the Comprehensive National Cybersecurity Initiative.  Between 2007 and 2009, Mr. Chabinsky served in the Office of the Director of National Intelligence (ODNI) in various capacities, including Acting Assistant Deputy Director of National Intelligence for Cyber, Chairman of the National Cyber Study Group, and Director of the Joint Interagency Cyber Task Force.  In these roles, he led national intelligence efforts to coordinate, monitor, and provide recommendations to the President of the United States regarding implementation of America’s cyber strategy. Prior to his ODNI tour, Mr. Chabinsky served as chief of the FBI’s Cyber Intelligence Section where he organized and led the FBI’s analysis and reporting on terrorism, foreign intelligence, and criminal matters having a cyber threat nexus. 

Mr. Chabinsky joined the FBI in 1995 as an attorney in the Office of the General Counsel where he initially focused on employment law and personnel litigation.  In 1998, Mr. Chabinsky was selected as the Principal Legal Advisor to the multi-agency National Infrastructure Protection Center (NIPC) and became Senior Counsel to the FBI's Cyber Division upon its creation in 2002, during which time he rose in prominence as one of the nation's foremost authorities in the complex areas of cyber law, surveillance law, information sharing, and privacy.  Mr. Chabinsky played a prominent role in the national expansion of InfraGard, a critical infrastructure partnership between the private sector, academia, and government agencies.  Mr. Chabinsky helped develop InfraGard from an organization with roughly two hundred unvetted members located in three cities into its current size of over 50,000 vetted members meeting in over 85 cities.  Between 2002 and 2003, Mr. Chabinsky also served in the White House Transition Planning Office for the creation of the Department of Homeland Security, overseeing all legal issues associated with standing up DHS' Information Analysis and Infrastructure Protection Directorate. 

Prior to joining the FBI, Mr. Chabinsky worked as an associate attorney in the law firm of Simpson Thacher & Bartlett in New York City practicing complex litigation including insurance and reinsurance contract disputes, class action product liability, and internal investigations.  Mr. Chabinsky clerked for the Honorable Judge Dennis G. Jacobs (now Chief Judge) of the United States Court of Appeals for the Second Circuit and holds his undergraduate and law degrees, both with honors, from Duke University.  He has testified before the House and Senate, and is a frequent keynote speaker and guest lecturer.  His ideas have been featured in print news media, he has appeared on radio and television, and he is the author of the article "Cybersecurity Strategy:  A Primer for Policy Makers and Those on the Front Line," published in the peer-reviewed Journal of National Security Law and Policy.  He is the recipient of numerous awards and recognitions, including the National Security Agency's bronze medallion for inspired leadership, the ODNI's bronze medallion for Collection, and the Rank Award of Meritorious Executive conferred by the President of the United States for unwavering leadership and sustained extraordinary performance.  In August 2012, Mr. Chabinsky was selected as one of Security magazine's "Most Influential People in Security."


Thursday, August 16, 2012

Hacking Exposed 7: Changing the Game

Summer time in the internet security community tends to be hot and busy, and this summer has been no exception for many of us!  It was great to see many of you at Black Hat in Las Vegas recently as my new company CrowdStrike continues to attract worldwide interest and is blossoming daily. We really appreciate everyone’s support and interest in our mission. However, this blog is not about CrowdStrike, it is about continuing the tradition of helping to educate and connect with the security community. It is with great pleasure that I announce the release of the seventh edition of Hacking Exposed: Network Security Secrets & Solutions.
 
A lot has changed since the first edition of the Hacking Exposed series was written in 1999. Besides having a little bit more hair than I have today, it was a time before the term targeted attacks even existed.  Persistence was a novelty, and a virus wrecked your computer rather than sucking out billions of dollars of intellectual property from your company.   The attacks were numerous and varied, and there was a much smaller pool of attackers coming at your digital defenses.  It was before Metasploit even existed, and netcat and Back Orifice were the best Remote Access Tools (RATs) around.  Fast forward 12 years and we live in the age of the constant cyber adversary. If you step back and really analyze the current environment, the adversary’s tools and techniques have not really evolved all that much. Netcat, once the Swiss army knife of the skilled pen tester, has been replaced with Poison Ivy. Pass the hash is now automated, and lateral movement within a network looks like a carbon copy of Chapter 4 Hacking Windows.

So as the seventh edition of Hacking Exposed hits the shelves this summer, our new daily reality is that targeted attackers are attempting to rain on your picnic at the beach by attempting to kick digital sand in your face.   Hacking Exposed was designed to provide that extra confidence builder that every good guy needs to help understand how to fight the cyber bully attempting to plant a flag on your digital beachfront.  The increase in stories over the last three years alone about the wholesale loss of intellectual property is startling. As our own Shawn Henry, President of CrowdStrike Services says “It is time to stop taking punches, and let's change the game.  It’s time for a major shift in the way we secure our networks, and Hacking Exposed 7 can help you return the pain to your cyber adversary.” More than ever there seems to be a growing and unified agreement in the security community that today’s information security teams absolutely must have an inside track on the ways to beat the adversary and change the game.

So What’s New In the 7th edition?

We spent many late nights making sure the series is armed with the latest cutting edge information.  We updated each chapter to get rid of the old and focus on the new.  Some of the new items include:
  • Addressing Targeted Attacks also known in some circles as Advanced Persistent Threats (APT).
  • Embedded Hacking a topic near and dear to my heart.  This section includes techniques used to strip circuit boards of all its chips and reverse engineer them.
  • Database Hacking We added an entire section on hacking and protecting your most precious commodity data.  Hey, it is all about the data, right?
  • Mobile Hacking We dedicated an entire chapter to mobile hacking, which couldn’t be more timely in today’s ever connected society.

Lastly, we have created a new website to help accompany the latest release of the book: www.hackingexposed7.com.  Along with the new website, we have geared up our CrowdStrike team to provide quarterly webinars with exciting topics that are relevant to the community of security professionals we serve.  

The first webinar hosted by CrowdStrike will be on Wednesday, September 12th from 11am PT/ 2pm ET and will be a one hour format titled
Hacking Exposed: Mobile Targeted Threats The Next Wave of Attack.  This session will focus on mobile threats that have been observed in the wild and the next wave of threat actors. It will conclude with a demo of a seamless targeted attack against an Android ICS device.  I hope you can join Georg Wicherski and myself for this informative webinar. Georg is one of THE top mobile security researchers in our space. You may be familiar with his work if you attended Charlie Miller's recent Black Hat talk.

I am looking forward to continuing both doing Hacking Exposed Live seminars and giving live Webcasts that focus on timely and relevant information.  I will leave you with a quote from a good friend of mine, Patrick Heim, CISO of Salesforce.com
“I once heard an avid video gamer say, ‘If you are not moving, you’re dead!’ Use this book to move your security game and stay alive.”  That exact sentiment conveys the pride I feel being involved with the Hacking Exposed series and giving back to the community so that you can “change your game” and live to fight another day!

A big thanks to all the contributing authors who helped make this the best Hacking Exposed yet!

For daily updates, you can follow me on Twitter @george_kurtz.

To join our Hacking Exposed 7 mailing list and receive updates on the latest webinars, please sign up directly at www.hackingexposed7.com website.

Monday, May 7, 2012

Two Stellar New Board Members - One Common Mission


Gerhard Watzinger and Denis O’Leary Join the CrowdStrike Board of Directors

One of the things that I have learned during my time working for large and small companies is the need to have the right leadership at all levels of your operation.  I have seen first hand the value a powerful Board of Directors (BOD) can bring to an organization and the long-term impact on shareholder value they can have.  Today, I am delighted to announce that Gerhard Watzinger  and Denis OLeary have joined the BOD of CrowdStrike, in addition to our main investor Patrick Severson from Warburg Pincus.   Gerhard will be assuming the role of non-executive Chairman of the Board.

From October 2007 - March of 2012, Gerhard Watzinger served as the Chief Strategy Officer and Executive Vice President at McAfee, where he was responsible for guiding McAfee's global business strategy and development.  Gerhard helped accelerate the international expansion of McAfee and directed the company through numerous successful mergers and acquisitions, which resulted in record revenue growth and increased market share.  His most notable accomplishment was directly architecting the sale of McAfee to Intel for almost 8 billion dollars, which is one of the largest technology deals in the history of IT.  Gerhard and I arrived on similar paths, and joined McAfee via acquisition.  Gerhard was the CEO of SafeBoot, a leading enterprise security software vendor for data encryption and user authentication, which was acquired in 2007 right before they were about to go public.  I can’t tell you how excited I am to be collaborating with Gerhard again.  He has vast experience in helping to build, run, and scale large and small companies.  Given his extensive international background, he has the most global experience of any executive I have had the privilege of working with in my career.  I know he is superbly suited and equally excited to provide the necessary strategic guidance on the roadmap and evolution of CrowdStrike via a combination of organic and inorganic growth models.   Gerhard is one of the rare gems in the business world that possesses a combination of ruthless tactical execution and visionary strategic planning skills.  Frankly, he was one of the main reasons McAfee was so successful over the past few years. 

Denis O’Leary, is presently managing partner of Encore Financial Partners, Inc., a firm focused on the acquisition and management of U.S. based banks.  Previously he spent twenty five years at J.P. Morgan Chase & Co, and served as the Chief Information Officer (CIO), Director of Finance, Head of Retail Branch Banking, and Managing Executive of Lab Morgan (a unit focused on strategic equity investing in technology), becoming a member of the company’s nine - person executive committee when it was established in 1997.   Prior to the acquisition by Intel, Denis most recently served on the Board of Directors of McAfee where I had the privilege to work with him.  As an experienced CIO who was in charge of running one of the largest IT shops on the planet, his experience is invaluable in helping guide us on delivering technology and services that meet the needs of the most demanding enterprises.  Moreover, his experience as a public company board member at both Fiserve and McAfee will aid in growing the company both domestically and internationally.  Most startups at this stage of our life cycle don’t have the opportunity to attract individuals who serve on public company boards, but when I approached Denis about our vision, he immediately saw the opportunity to build a transformational security company.

The addition of these two individuals to our team provides CrowdStrike with amazing depth in the boardroom. Gerhard and Denis have stellar credentials; however, what is most impressive is that they each share a common vision, mission, and purpose for CrowdStrike.  Each of these leaders bear time tested battle scars that will help us adjust and sharpen our roadmap to address today’s security challenges.  Like me, they too share a common vision for creating a company focused on bucking the status quo.  More importantly, they are the “A team” that will continue to help us attract “A players” from around the globe.  Things just got a little more interesting...

I also want to thank everyone who has reached out to us and inquired about joining CrowdStrike; it has been truly humbling and awe inspiring.   We continue to seek out world-class programmers, designers, incident response consultants, malware researchers, and intelligence analysts who have strong skills and experience.  If you think your experience matches up, please send your resume to mission@crowdstrike.com.  Keep up the good fight!

Tuesday, April 17, 2012

CrowdStrike launches CrowdStrike Services, Former FBI Top Cyber Cop Shawn Henry joins as CrowdStrike Services President

In my previous post I announced the launch of CrowdStrike - my new security company. Utilizing Big-Data technologies we are focused on helping enterprises and governments protect their most sensitive intellectual property from targeted intrusions. Today I am proud and honored to announce that Shawn Henry has joined CrowdStrike as the President of our newly formed professional services subsidiary – CrowdStrike Services, Inc.  Shawn was the Executive Assistant Director of the Criminal, Cyber, Response, and Service Branch of the FBI.  Shawn recently retired at the end of March of this year and he decided to start a new chapter in his already honorable service career.  While at the FBI, he was responsible for all criminal and cyber investigations worldwide, as well as international operations, and critical incident response. Because of Shawn's work, and for his leadership position in enhancing the FBI’s cyber capabilities, he received the Presidential Rank Award for Meritorious Executive in 2009. While Shawn has spent his whole adult life with the FBI, in the last two years in particular, he has seen an incredible increase in persistence and determination from nation state actors attempting to steal intellectual property from many of our largest corporations and government institutions.  

When Shawn announced his retirement and his move into the private sector, there was wide speculation about where he would land because of his long-term service with the bureau and his continued day-to-day mission in chasing down and apprehending the adversary.  Shawn had many compelling offers and a wide array of noble positions to consider upon retirement from the bureau.   CrowdStrike is honored to have him on our team and we know that Shawn is solidly behind our important mission.  We have spent months looking for the right person to run our services organization, and bar none he is the absolute best candidate because of his leadership, integrity, and passion.

Shawn has seen first hand the devastation from a multitude of adversaries across many sectors and knows what needs to be done.  Like Shawn, I know there are too many national policy issues to solve and that in many cases the “free market” can address the complex adversary problem far better than the government alone. Collectively we share the same view that industry can’t rely on the government alone to address the problem of targeted intrusions.  At CrowdStrike we do not mince our words about our abilities to use our advanced intelligence technology to bring the fight to the front door of the adversary, increase their cost of operations, and assist our customers in responding to and mitigating targeted attacks and intrusions.   As the adversary adjusts and realigns their tactics on a daily basis, we also strive to stay a step ahead of them.  We are relentlessly focused on addressing the threat and continually update our playbook to enhance not only our own strategy but to also enhance the existing capabilities that are currently in play with our collective customers.  

The formal creation of the Services arm now sets in stone the last gem of our “Triple Crown” and lays the foundation to further assist our customers with our complete offering. Our Services division, lead by Shawn, will be staffed with security practitioners that come with an unmatched pedigree of experience in information security and professional services delivery know-how.  Our Intelligence team led by Adam Meyers will be the glue that binds our Services and Technology offerings led by Dmitri Alperovitch, Founder and CTO.  Our offerings will provide an unparalleled strategic intelligence advantage over the adversary and will enable our customers to eventually encompass high-order attribution characteristics that easily rival the best collective intelligence agencies of the 21st century.
Thus, while we currently have our team focused on creating cutting edge technology to address the problem, we must build out a world-class services organization to immediately focus our professionals in helping organizations respond to the incidents that are bludgeoning them on a daily basis while providing the base compound to our intellectual “glue”.  Our initial service offerings are focused on the following:

  • Enterprise Adversary & Malware Assessment
    • Identify unknown compromised systems and data exfiltration channels, determine attribution and motivation of the intruders, along with providing cyber counterintelligence strategies to respond to future intrusions
  • Incident Response Services
    • On demand based retainer service designed to empower enterprises with experienced and professional tactical response teams  
  • Response and Recovery
    • Triage based service designed for enterprises to contain and recover from specific malware incidents or targeted intrusions
  • Malware Researcher/Staff Augmentation
    • Augment and assist your existing team with advanced capabilities in targeted attacks, malware research, and reverse engineering
  • Computer Incident Response Team Augmentation (CIRTA)
    • Supplement your response team with computer forensics examination, malware analysis, incident management, and litigation support capabilities
We are already engaged performing services for some of the world's largest companies and helping their teams respond to sophisticated targeted intrusions. What truly differentiates us from others is our ability to identify the adversary, their motivation, and their various tactics, techniques, and procedures.  While the malware they use may change, their tradecraft is remarkably static.   

Our goal is to build a team where we can instill confidence in our customers and provide leading edge analysis.  CrowdStrike Services is staffed with security practitioners with broad years of experience in information security and professional services delivery. Currently, we are in the process of hiring additional consultants that have deep technical experience with computer malware threats, reverse engineering, and forensic investigation of networks in various areas like the financial, government, military, telecommunications, and industrial sectors.    Shawn will be responsible for growing our services division into a global powerhouse with a laser focus on response, incident management, and incident prevention.   Similar to what I created and built with our services organization at Foundstone, our goal is to be the absolute best in the industry, and we will be relentless in our execution of this goal.     If you are interested in joining CrowdStrike Services and working with an exemplary team, please submit your resume to mission@crowdstrike.com. If your organization has the need for incident response and forensic services and you are tired of dealing with the attitude of the “old-guard,” please email us at services@crowdstrike.com.  We will get back to you immediately.  

To hear from Shawn directly please click here to visit his blog post and video.

Thanks again to all of you for all your support and encouragement that has poured in since our announcement in February, we truly appreciate it.   If you would like to keep up with the latest news on CrowdStrike please follow us on Twitter @crowdstrike.

Wednesday, February 22, 2012

CrowdStrike launches in stealth-mode with $26 million Series A round led by Warburg Pincus

As I mentioned in a previous post, I was delighted to announce that I had joined Warburg Pincus, a leading global private equity firm focused on growth investing, as an Executive in Residence. So far my time as an EIR at Warburg has been fantastic. The past few months have exposed me to many new companies and technologies that really got my creative juices flowing and pushed me to get back into the start-up game with Warburg Pincus as my partner.
Today, I am proud to announce the stealth-mode launch of my newest venture that I co-founded with Dmitri Alperovitch (CTO) and Gregg Marston (CFO) – CrowdStrike. CrowdStrike is a security technology company focused on helping enterprises and governments protect their most sensitive intellectual property and national security information. Utilizing Big-Data technologies, CrowdStrike is developing a new and innovative approach to solving today’s most demanding cyber-security challenges. CrowdStrike’s core mission is to fundamentally change how organizations implement and manage security in their environment.
Why CrowdStrike:
The seemingly daily barrage of disclosures about companies that have had their crown jewels stolen in recent years reinforced a key principle for us – these companies don’t have a malware problem, they have an adversary problem. Many just don’t know it. Today’s attacks are sophisticated, targeted, and long ranging in scope. Unfortunately, almost every security solution focuses on the tens of thousands of pieces of malware, exploits, and vulnerabilities that are seen in the wild every day. Yet, those are just the interchangeable and, in many cases, disposable tools that the adversaries use to achieve their ultimate objective – theft of intellectual property, trade secrets, and other business proprietary information.
As many of you know the security industry is building “Maginot-line” style of defenses – attempting to prevent all adversaries from getting inside the perimeter of the network or host system. More importantly, a well-financed, trained, and highly determined attacker will always get in. More than likely, they are already in. There is no silver bullet that will stop a determined adversary, so while the security industry attempts to build bigger fences, the enemy is bringing higher ladders to the fight. Moreover, the industry continues to focus on the malware or exploits which is akin to focusing on the gun as opposed to the shooter committing the crime. The person or organization pulling the trigger (or deploying the malware) is the one that you ultimately need to focus on. The type of gun or ammunition they may be using is interesting, but in most cases not strategically relevant.
Based upon investigations we have led, such as Operation AuroraNight Dragon, and Shady RAT, and knowing the limitations of existing technologies, we are horrified at the amount of IP being stolen and financial damage inflicted every day. It is evident that we are dealing with economic predators who are systematically destroying value in countries around the world. Even worse, we may very well see the enemy engage in destructive and disruptive attacks designed to take down critical infrastructure or modify key processes and data in a covert undetectable fashion.
The Missing Link: Attribution & Raising the Costs to the Adversary
Attribution is the key strategic piece missing from all existing security technologies – providing the answer to the “who?” vs. the “what?” Knowing who is after your IP is critical in determining what assets you want to protect and how. Protecting everything is impossible – you may as well be protecting nothing. However, knowing the enemy is the first step in the process of determining the priority of allocation of scarce resources to defend the key assets and tailoring your response to the Tactics, Techniques and Procedures (TTPs) of the adversary. Knowing their capabilities, objectives, and the way they go about executing on them is the missing piece of the puzzle in today’s defensive security technologies. The key to success is raising adversary’s costs to exceed the value of the data they may be trying to exfiltrate and the only way to accomplish that is by forcing them to change the way they conduct the human-led parts of their intrusions, such as reconnaissance, lateral movement, identification of valuable assets, and exfiltration. Other parts of the operation, such as vulnerability weaponization, malware delivery, and command and control can be mass-produced and changed at will with little cost. However, attackers are creatures of habit and while they are fast to change their weapons, they are slow to change their methods. By identifying the adversary and revealing their unique TTPs (i.e. modus operandi), we can hit them where it counts – at the human-dependent and not easily scalable parts of their operations.
The CrowdStrike Mission:
As the President and CEO of CrowdStrike, one of the most exciting aspects of this new venture for me is assembling a “dream team” of security visionaries to address this important mission and challenge. Our team is comprised of people who are “big thinkers” that have the technical prowess to execute and carry out our mission goals without the encumbrances that face legacy security solutions. Our team of visionaries are the rebels who believe the current state of security is fundamentally broken and want to do something about it. More importantly, these are the patriots who are tired of seeing our intellectual property and competitive advantage wiped away under the thinly veiled cover of an Internet address. The recent stories surrounding Nortel provide a shinning example of how the adversaries can embed themselves into a multi-national organization for the better part of a decade without detection while systematically accessing their most coveted intellectual property. If we sit back idly and do nothing about these types of attacks, we certainly face a crisis of epic proportions and economic consequences that we have yet to fully comprehend. CrowdStrike does not accept the status quo, and we intend to do something about it. If you share our passion and vision about this crisis, and believe you have what it takes to join our fight then please send an email to mission@crowdstrike.com. We are looking for kick ass coders, consultants, and experts who like us have been fighting and responding to nation-state targeted intrusions.
I will leave you with one final thought. The ancient Chinese military strategist Sun Tzu in his teachings emphasized the need to “know your enemy”. For if “you know your enemy and know yourself,” he wrote, “you need not fear the result of a hundred battles.” Isn’t it time we apply these simple time honored lessons in the cyber security battlefield of the twenty-first century?
If you would like to keep up with the latest news on CrowdStrike please follow us on Twitter @CrowdStrike.
If you are attending the RSA conference next week, you can look for us at the following events we are speaking at:
Monday February 27: America’s Growth Capital 8th Annual Information Security Conference
Wednesday February 29: RSA Conference