Advancing transparency and accountability in the cybersecurity industry
NSS Labs, the Texas-based company that specializes in testing the world’s security products, has a new CEO. Jason Brvenik, the company’s CTO since early 2017, took over the role from Vikram Phatak, the company’s founder.
But, as Brvenik told Help Net Security, the company’s strategic priorities remain unchanged: their mission is to advance transparency and accountability in the cybersecurity industry.
“If you look at the dollars being spent to improve cyber protections versus the dollars being lost, the industry is not hitting the mark yet in addressing real world needs. But there are a number of positive efforts happening across the industry and there is a focus being put on solving problems at scale,” he points out.
“The good guys may not solve all problems for the industry but if we can continue to make progress and ensure vendors are bringing better products to the market, we can make it that much harder for attackers. At the same time, we would be remiss to think these problems can be solved overnight and we would be remiss in believing the claims made by marketing departments. The gap between marketing claims and delivery is far too large in our industry right now,” he opines.
Therefore, NSS Labs’s continuing aim is to make it easier for C-Suite executives and information security professionals to make the right security and investment decisions.
From CTO to CEO
Brvenik, who previously occupied technology and leadership roles at Sourcefire and Cisco, joined NSS Labs as CTO in January 2017. He was recruited to grow the testing programs and deliver customized proof-of-concept testing and product selection for enterprises.
This role also included many operational elements of the business that were well beyond the technology itself, he notes, and provided a lot of new opportunities to work closer with leaders across the industry to help identify and address the gaps that exist in security today.
“Engaging with and solving complex multidimensional technology challenges isn’t very different than solving for complex multidimensional business challenges, it just has different inputs and outputs,” he says.
But although his role has changed and he’ll have to hand off some things to other leaders, he thinks that, given the nature of the company’s business and his love for technology, he will always have a connection to it.
“The leaders I admire the most are those that lead by example and do not let the challenges distract from the opportunities,” he says. “I believe that creating a positive environment where transparency and openness is encouraged facilitates growth for everyone in the organization. Our industry is extremely fast paced so I encourage everyone to maintain focus on the mission and embrace questions as the opportunity they are.”
Advice for those aspiring to enter the C-Suite
His advice for those in the infosec industry who aspire to enter a leadership role one day is to be open and adaptable to change, to embrace it, and to use it to learn.
“Adversaries are smart and always innovating and unencumbered by the constraints we ordinarily face in business,” he points out. “Security professionals at all levels must be prepared for a lifetime of learning about new attack techniques, vulnerabilities, technologies and much more. Don’t be afraid to step out of your comfort zone and take on the challenging assignments. Be curious about how things work and ask questions. Always keep learning and become an expert in it. The best investment you can ever make is in yourself.”
At the same time, they must remember that a business is rarely in business to deliver security.
“Do not let the pursuit of security cause you to lose sight of the business. Take interest in the fundamentals of the business and your company’s go-to-market strategy. Apply your expert skills in learning to the business. Remember that customers matter most and in security your direct customers are most often the employees. As a leader your employees are the key to delivering on your mission and the business, and you can’t have a business or security without them. Spend as much time as you can listening to and talking to customers as their feedback can uncover the most powerful suggestions for improving and growing your business (securely, of course).”