Tanium CEO’s Refreshingly Honest Take on the State of Internet Security

[unable to retrieve full-text content]

On Tuesday, the wood-smoke air of California’s wildfires descended on the Bay Area as cybersecurity professionals gathered at the Palace Hotel for an industry event.

I spent the morning interviewing Orion Hindawi, CEO of Tanium, the world’s highest privately valued cyber startup (worth $ 3.75 billion at last appraisal in May), for a fireside chat at his company’s second annual conference, Converge 2017. Hindawi has a no-nonsense approach to business–a suffer-no-fools attitude that landed him in the sights of a couple of unflattering stories about his management style earlier this year. (He later apologized for being “hard-edged.”)

On stage the chief exec delivered his peculiarly unvarnished view of the state of Internet security. “The idea that we’re going to give you a black box and it auto-magically fixes everything, that’s a lie,” Hindawi told the audience. (One could almost hear a wince from part of the room seating his PR team.) “All I can tell you is we can give you better and better tooling every day. We can make it harder for the attackers to succeed. That’s the best I can offer.”

Hindawi is a realist through-and-through. His outlook is perhaps best summed up by his response to a question about whether he subscribes to a glass-half-full or glass-half-empty view of the cyber threatscape. His reply would become a running joke for the rest of the conference. He said simply, “It’s just a glass, dude.”

Other tidbits of wisdom from Hindawi: not all hackers are Russian spies (the majority are lowly criminals). Unsecured Internet of Things devices pose a risk to everyone. And sometimes cyber insurance is the way to go when old systems are all but impossible to patch; the decision boils down to managing “operational risk, like earthquakes,” he said.

Hacking is not a dark miasma that penetrates all things, although it can sometimes feel that way. Companies, like Tanium, that are building the tools to swing the balance back in defenders’ favor without over-promising provide hope. Enjoy the weekend; I will be heading north of San Francisco, visiting friends who, luckily, were unharmed by the area’s recent conflagrations.

Robert Hackett

@rhhackett

[email protected]

Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach me via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.

THREATS

Always use (advanced) protection. Google debuted an opt-in mode for high-risk users who wish to lock down their accounts on services such as Gmail, Google Drive, and YouTube with extra security. (Paging John Podesta.) The feature requires people to log-in using a special USB key (or Bluetooth dongle for mobile devices), it prevents third-party applications from accessing your Google data, and it adds beefed up malware-scanning of incoming documents. This author plans to sign up.

Gather ’round the good stuff. Pizza Hut warned customers that their personal information and payment card data may be at risk after hackers gained access to the company’s website and app for a 28-hour period starting on Oct. 1. An estimated 60,000 customers are thought to have been impacted. The company is offering victims free credit monitoring for a year.

Unicorn? More like Duo-corn. Duo Security, a Mich.-based cybersecurity startup whose tools help companies manage people’s digital identities, said it raised $ 70 million at a $ 1.17 billion valuation (including the capital raised) this week. Th round catapults the firm into “unicorn” territory, the swelling ranks of private firms occupied by young guns valued at $ 1 billion or more. Alex Stamos, Facebook’s security chief, recently praised Duo as the maker of his favorite cybersecurity product.

KRACKing Wi-Fi. A couple of Belgian researchers published a paper containing proof of concept code that exploits vulnerabilities in the way cryptographic keys are exchanged over Wi-Fi, allowing hackers to steal people’s data. Big tech companies like Microsoft issued a patch for the so-called KRACK bug on Oct. 10, Apple is in the middle of testing patches for iOS and macOS, and Google, whose Android 6.0 devices are the most vulnerable, said it would release a patch in early Nov.

Cyber insurers are going to get Mercked. Cyber insurers might be on the hook to cough up $ 275 million to cover damage to drugmaker Merck as a result of a June cyber attack, dubbed “NotPetya,” according to one firm’s forecast. The companies at issue have not yet disclosed figures themselves.

Surprise! It is depressingly easy for penetration testers to break into places where they are not supposed to be.

Share today’s Data Sheet with a friend:

http://fortune.com/newsletter/datasheet/

Looking for previous Data Sheets? Click here.

ACCESS GRANTED

Boycotts are hardly an option: To opt out of a credit score is to opt out of modern financial life itself. As Equifax’s now former CEO Richard Smith testified in October, if consumers were allowed to abandon the credit system, it would be “devastating to the economy.” The better answer is systemic reform to the credit oligopoly.

–Fortune’s Jeff John Roberts and Jen Wieczner explain what practical recourse consumers and regulators have when it comes to dealing with the major credit bureaus in the wake of a massive data breach at Equifax.

ONE MORE THING

The adventures of John Titor. Namesake of a bygone Internet hoax, “John Titor” claimed to be a man sent from the future to retrieve a portable computer. Titor sent faxes to an eccentric radio program, Coast to Coast AM, that specialized in the paranormal. Here’s an oral history of that running joke; the pseudo-scientific explanations of time travel are delightful.

Tech

Scientists Studied the Daily Lives of 1,000 CEOs. Here's What the Best Ones Did

Absurdly Driven looks at the world of business with a skeptical eye and a firmly rooted tongue in cheek. 

I adore it when I read fine articles that tell me all great CEOs get up at 5 a.m., eat two boiled eggs, swim butterfly better than breast stroke and sleep only three hours a night.

You’d think, wouldn’t you, that at least some CEOs do things their own way because, somewhere deep inside, they’re still individuals.

Still, scientists need to find common traits upon which they can get grants and sell books. 

(Yes, of course I’m kidding. They need to make speeches too.)

I was moved, therefore, by a group of scientists from deeply venerable institutions such as Harvard Business School and one of my alma maters, the London School of Economics, opining on what makes a great CEO.

Writing in the Harvard Business Review, they explained that they examined the day-to-day lives of 1,000 CEOs, in order to understand whether boiled eggs really did have that much influence.

Yes, I made up that last part. 

I’m not, however, going to make up the conclusions from this study.

“Our evidence suggests that hands-on managerial CEOs are, on average, less effective than leaders who stay more high-level,” say the scientists.

I pause for your shock, your horror and your aghast grunts of glee.

It seems that the CEOs who didn’t meddle in every detail of every decision were, on the whole, a touch more successful that those who floated in the ether, said important things at the occasional company meeting and appeared a lot on CNBC.

I fear that there is no one formula. Any more than there is no one formula for losing in the MLB playoffs. Why, look at the Washington Nationals. They find different ways every time.

I worry, though, about this research.

You see, it “used machine learning to determine which differences in CEO behavior are most important.”

Ah. Oh. 

The algorithm was, apparently, agnostic. How odd. I generally find that algorithms tend to worship the God that created them.

Still, in the end the machines concluded that, in essence, some CEOs were down-in-the-dirt meddlers, while others enjoyed “relatively more interactions with C-suite executives, personal and virtual communications and planning, and meetings with a wide variety of internal functions and external stakeholders.”

The parts of the researchers’ conclusions I enjoyed most were their description of what CEOs did all day.

Many an employee would really like to know.

Well, CEOs spend 25 percent of their days alone. On the driving range, you might imagine. Or reading self-help books.

But here’s the part that made me reach hurriedly for a very fine glass of Cabernet Sauvignon: 10 percent of their days are spent on “personal matters.”

That’s not “personnel matters.” I can only guess it’s getting their hair coiffed and buying the odd yacht or two.

The researchers seem to lean the way of leaders — rather than managers — as the more successful CEOs. They do concede, however, that some businesses need a CEO who pokes their nose into everything. 

My own conclusion, then, is that the most successful CEOs are the ones who takes a look at a company and then realize the sort of CEO this company actually needs.

And then deliver on that insight.

I should add that, in my experience, some of the most successful CEOs have been the ones who knew how to negotiate themselves a vast payoff, just before the excreta sailed inexorably toward the fan.

But it all depends how you measure success. Naturally, these researchers tended to look at painful concepts such as productivity and profitability.

Leader CEOs seem to have engendered greater rises in productivity. 

Does that mean that people preferred to work for the leader type? I suspect so. They weren’t butting into their business so often, I imagine.

Tech

Zuckerberg, Cook and Dorsey join 80 other CEOs in protest of North Carolina anti-LGBT law


Tim Cook, Jack Dorsey and Mark Zuckerberg have teamed up with over 80 CEOs, as well as the Human Rights Campaign (HRC) and Equality NC to add their signatures to a letter calling for the repeal of House Bill 2. Chad Griffin, president of the Human Rights Campaign identified some of the talking points within the letter. “Discrimination is bad for North Carolina, bad for America, and bad for business,” Griffin said in a release. “These business leaders are speaking out because they know this attack on lesbian, gay, bisexual and especially transgender North Carolinians isn’t just morally wrong —…

This story continues at The Next Web


All articles