You’re not only the CEO of Tempered Networks, but also the co-founder. What were the reasons behind starting up the company? The company was founded to commercialize novel technology, originally developed at Boeing in order to create a highly secure networked environment for mobile production tools. A key reason why I’m so bullish on our technology is that we are addressing a fundamental problem in IP communications: Trust. It turns out that adding encryption to communications is the easy part. Adding trust, on the other hand, is a confounding problem. First, access to apps and IPv4 communications are both tied to the same piece of information: the IP address. We do not have a cryptographic identity to use for communications, which is why we have to login to every “secure” application like banks, email, and medical records. Second, there has been no good way to manage trust relationships. You might argue that the communications are still encrypted. But with whom are they encrypted? Does it matter if you encrypt your password over the network if it goes directly to an adversary? Attribution on the Internet is nearly impossible. The browser-based trust model of hundreds of trusted CA certificates does little to assert trust and assurance for the underlying communications. Tempered Networks exist to address this perplexing problem. How does Tempered, which is based on the technology of Asguard Networks, differentiate itself from rivals in the industry? Tempered Networks takes a completely different approach over other security alternatives. We are able to fix the problems associated with IP communications by shifting the model from IP address routing to a system based on trust between cryptographic identities. Our approach is based on a newer protocol, Host Identity Protocol (HIP), in concert with a scalable orchestration engine. This combination enables our customers to ‘cloak’ their business critical networks, communications, and any high value asset. We do this by enabling our customers to deploy encrypted networks with military-grade security at Internet scale, which requires very little human effort to provision and maintain. Orchestrating trust–at scale–between these identities is vital and a prerequisite to ensure business critical infrastructure is safe. While no two days are alike in the IT space, what sorts of duties are you responsible for as CEO at Tempered? As CEO, I get to be involved in a variety of things – sales and marketing, product development, finance, etc. I believe an effective start-up CEO is someone who specializes in being a generalist and I work to both hire the best of the best and be able to substitute in their roles when necessary. What hard and soft skills do you require as a CEO? I believe the most important skill for a start-up CEO is to be a fast learner. Things change so quickly in the technology business, and we need to stay abreast of changes, their implications on our business and be willing and able to rapid adjustments when necessary. Tempered is still in the early stages of its growth trajectory, having only been launched in 2014. What goals or objectives do you have in mind as the company embarks about its next phase of growth? Our goals for the next phase of growth revolve around our focus on the enterprise. We are building our team, partner ecosystems, and product features that will enable us to serve our traditional customers in critical infrastructure and also meet the needs of the enterprise. Tempered offers to help businesses prevent network attacks. Are businesses generally aware of the cybersecurity risks they face around the clock? While the cyber-security threat landscape is changing very rapidly and businesses are increasingly aware of the issues, it’s our overall observation that in both business and government, the risks are vastly underestimated. And, a vast majority of those who do recognize the risk, have ‘thrown in the towel’ for two reasons. First, the problem is so daunting—across technology, people and processes–they don’t know where to begin, and second, there’s no clear accountability and consequences for the majority of organizations. What common mistakes do companies sometimes make that could leave them susceptible to getting into trouble on the cybersecurity front? A common mistake we see is companies believing all they need to do is go through a ‘process’, and once the process is completed, they’ll be secure. Nothing could be further from the truth. That’s analogous to installing an alarm system in your house and never ‘arming’ it. In today’s environment, maintaining a high degree of network security is an ongoing process that requires continuous effort and vigilance. Another common mistake is that many IT professionals believe they are safe because they have security products in place and an army of security staff to support them. All the big brands that have been hacked fit that profile. The big problem amounts to human error and scaling resources to meet the complexity of maintaining all these security systems. How should a company go about building a corporate culture that emphasizes cybersecurity awareness, and who should lead the charge? At Tempered Networks we talk daily and share stories about the consequences of a security breach. Given how wide-ranging the consequences can be, I believe cyber-security awareness and the need for vigilance has to begin at the top – it needs to be a priority for the CEO, and everyone else in the organization. To build a culture that prioritizes cyber security you must have an effective awareness program that educates all people across an organization so everyone understands how they can protect the organization’s information assets. At Tempered Networks, since our argument is that people are a big part of the security problem, it stands to reason that people should be part of the solution. When it comes to potential network risks, what prevalent trends should businesses be aware of? It goes without saying that as we explore the increasing number of attack vectors, more and more vulnerability types are being discovered. Attacks specifically targeting crypto implementations will be the hardest to analyze and the hardest to fix. I also predict that passwords will continue to be a major problem. The fact is that enough passwords have leaked where we now have an excellent statistical model of passwords, making password cracking easier than ever before. We need to work on eliminating passwords. Given your expertise in the IT space, what advice would you give to a college or university student planning to enter the industry post-graduation? Regardless of the specific discipline they pursued, I would encourage them to have an understanding of their discipline within the context of security, because increasingly every aspect of IT will have to consider security.
