[redacted] (the company’s actual name is [redacted], Inc.), a cyber defense company, has just appointed a former Deputy Director of the National Security Agency to the company’s board. William Crowell has been active in the field of public and private information security for decades.
I spoke with William Crowell about today’s biggest cybersecurity threats.
This interview has been condensed and edited for clarity.
Karen Walker: You have a lengthy and impressive resume in the information security industry.
William Crowell: I was at the National Security Agency. I was involved in technology there and worked to lead us from the analog world into the digital world.
It became essential for me to learn about the latest technologies, particularly software and mathematics technologies. I would travel and visit startups back in those days. If they had a product that I thought could help us solve a problem, we put together a minor contract to modify their product to meet our needs.
I eventually left the Agency and went into aerospace. I’d been a technically oriented manager, but there I also learned about finance and other management topics.
When I went back to the Agency, I saw technology as being critical to keeping the Agency vibrant and relevant. I eventually retired, and a mentor, Bill Perry, former Secretary of Defense, asked me to come to Silicon Valley and consider a few jobs. I started as VP of Product Management at a public company and eight months later became the CEO. I’ve served on numerous boards since then, with something like 12 exits. I’ve been a venture partner at Alsop Louie since 2012. I’ve also served as chair of the Director of National Intelligence Senior Advisory Group for seven years under three Directors.
Walker: A fantastic career so far. And you’ve done an impressive job of threading the needle between public and private and staying current on both.
You’ve seen a lot of changes in security and cybersecurity. What are the major threats that you see now? How does [redacted] address those? What attracted you to the company?
Crowell: [redacted] is focused on helping small and medium-sized businesses be more secure. Max Kelly, Facebook’s first chief security officer and NSA/US Cyber Com official, founded it. One of the reasons they attracted me is that their excellent understanding of the technology of cybersecurity and of what you can do on a practical level. I often make a quip in speeches that the cybersecurity industry is a thousand points of light and no illumination.
There are no single solutions to cybersecurity issues. Therefore, the people who can bring the most to the market and succeed are those that can integrate several solutions into a whole that addresses the most significant problems.
The biggest problems today? Phishing accounts for probably 80% of the means of getting into a network. Ransomware is another big problem because it has such a devastating effect on businesses. And there are very few easy solutions. Malware, particularly the APT (advanced persistent threats), is probably the third. Everything else is kind of old but still works.
We have such a severe shortage of cybersecurity people in this country and, for that matter, worldwide. It’s a significant challenge. We need to develop more cybersecurity talent in this country and it doesn’t have to be college graduate talent. There are lots of 12- year-olds who have shown they can attack systems. I bet they can defend them as well.
Walker: As a [redacted] board member, how will you influence the company to address some of those issues?
Crowell: My first responsibility, of course, as a board member is governance, and I have a lot of experience doing that.
But what makes me feel a bit rare is that I do understand cybersecurity at a very technical level. I’m already in the process of having technical sessions, where I dig deeper into the things that they’re currently doing and the products that they are working on to help them do their job better.
The third way is that I still have access to a lot of what’s going on in the national security arena and trying to deal with the nation, state and cyber-criminal aspects of cybersecurity. I can bring knowledge of threats and threat responses to them that are unclassified.
Walker: One of my cybersecurity clients said, “It’s not a matter of whether or not people are going to get in. What you need to know is what are they doing once they’re in because it’s almost impossible to keep people out.”
Crowell: That’s exactly right. And I believe that because of the shortage we have of cybersecurity specialists and because of the vastness of the attack surface and the vastness of the attackers, we’d better start bringing automated tools to the game. We’ll never keep up otherwise.
Walker: As you look back, was there a moment that you thought was pivotal when you knew that your career was moving in that “up and to the right” direction?
Crowell: I always envisioned myself as being a manager who knew technology. Many of my colleagues questioned the first part of that – they might have even doubted it – but they certainly asked whether or not I could be deep in the technology.
I took over an organization, and they were processing very complex astrophysics data. I went to my bosses and said, “I need a computer. And I know where I can get one. It’s only $10,000 and I will solve this problem.”
They said, “That’s just nonsense, you can’t solve the problem for $10,000. We’ve got this million-dollar computer down in the basement. We’ll get you a bunch of programmers, and they’ll program this thing, which will solve the problem.”
Well, I went to a friend in the White House who sent a letter on White House stationery that said, “You really need to give this guy that $10,000 and he’ll solve the problem.”
They gave me the money, and two weeks after the computer was delivered, I had learned enough advanced software to build an astrophysics program that eliminated a two- year backlog in the data that the analysts were processing. I solved a problem that they had never been able to solve before.
I’ll add one more thing. My career moved up and to the right when the same guy who got me the $10,000 went to the NASA SOC (operation center) for the re-entry of Skylab. He had two supercomputers at NASA working on the problem. By then, I was working on an Apple II and a TRS 80.
I took the software that I had written back when I had solved the huge technical problem and applied it to the Skylab problem. Every day he would write my forecast of where Skylab was going to land, and his location of where it was going to impact. When it came to earth, he was 6,500 miles off. I was only 50 miles off.
Walker: Those are excellent stories, Bill. Thank you for sharing them. And thank you for your service to our country and for all the good you’re doing now in cybersecurity.