Ted Miracco of Cylynt: 5 Things You Need To Know To Tighten Up Your Company’s Approach to Data Privacy and Cybersecurity
Include phone-home technology that can gather pertinent telemetry data on who is using the applications. This technology will tell you if your software is used illegally and will report back usage details such as where, when, and how often your products were used illegally. This data can be used as strong evidence in a revenue recovery negotiation or to prevail in a lawsuit. As mentioned earlier, the same usage data gathered on customers can also be used to drive renewals and increase customer satisfaction.
As a part of our series about “5 Things You Need To Know To Tighten Up Your Company’s Approach to Data Privacy and Cybersecurity”, I had the pleasure of interviewing Ted Miracco, co-founder and CEO of Cylynt, a leading software-as-a-service (SaaS) provider of anti-piracy and software license compliance technology.
His high-technology experience spans 30 years in defense electronics, RF/microwave circuit design, semiconductors, electronic design automation (EDA), and cybersecurity. Prior to Cylynt, Ted was a co-founder of EDA company AWR Corporation, which was acquired by National Instruments in 2011 and became part of Cadence Design Systems in 2020. In addition, he has worked with several Fortune 500 software companies, including Cadence, and startup company EEsof Inc., which was acquired by Hewlett Packard in 1994 and is now Keysight Technologies. Ted holds a B.S.E.E. from Carnegie Mellon University.
Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?
I grew up in upstate New York, a part of the country where IBM was the Google of its time. My dad was an engineer working at IBM, so I was exposed to computers at an early age because as kids we visited IBM often and played with the computers, and I had a couple internships there while attending Carnegie-Mellon University. The seed was planted for me at a very young age that engineering was what I wanted to do. I was also inspired by the early Apple computers, Steve Jobs and Steve Wozniak, and Atari video games, which was a big driver for wanting to develop software and technology. However, rather than work for a big company, like IBM, I wanted to go to California and pursue the entrepreneurial career path.
Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.
I was the EVP and co-founder of AWR Corporation, an electronic design automation software startup that develops software used to design wireless products like cell phones and network equipment. I discovered early on that the company’s intellectual property (IP) was being pirated and used illegally, and that this was significantly impacting the bottom line.
We set about finding a way to track unauthorized use of the company’s software to try to identify and pursue the pirates in order to secure our IP and recover some of the lost revenue. This loosely structured side project turned into a huge success that resulted in one of the first successful U.S. lawsuits against a global Chinese electronics company that was using our software illegally to design cell phones.
The reason we were able to prevail was that we had solid evidence through a technology we had developed called phone-home technology, which reports back detailed information on who was using the software illegally, when, where, and how often. I became something of an anti-piracy crusader. When my company was acquired by National Instruments in 2011, I joined forces with a cybersecurity expert, Chris Luijten, who had helped me in my pursuit of piracy at AWR to create an anti-piracy and license compliance startup called SmartFlow Compliance Solutions, which has now become Cylynt.
Can you share the most interesting story that happened to you since you began this fascinating career?
The successful lawsuit against the Chinese electronics company was the impetus that really propelled me into cybersecurity. AWR software is high-end, expensive software used to design all kinds of communications products and was experiencing a tremendous amount of piracy. In addition, loyal customers were having difficulty competing against other companies who were using our software illegally and saving the overhead cost of purchasing and supporting the software and thus undercutting prices.
Our customers were struggling against the huge electronics companies in China that were the largest infringers of our software. The development of our in-house anti-piracy solution, resulting in AWR being one of the only U.S. companies to successfully litigate against a large multinational Chinese company, was a huge part of my new career path and the driving force behind Cylynt. It was the inspiration for getting into cybersecurity and anti-piracy — to protect software developers’ IP and their customers from unfair competition. Our success has also been the inspiration for some of the biggest global software developers to adopt Cylynt and develop anti-piracy and license compliance programs. It inspired Synopsys, the biggest EDA software company to become a Cylynt customer, and later take action and win a landmark case against a major U.S. data communications company.
None of us are able to achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?
Without a doubt, the mentor who has helped me the most is Chuck Abronson, co-founder of EEsof, an electronic design automation software startup that was subsequently acquired by Hewlett Packard, then spun off as part of Agilent Technologies, now Keysight Technologies. I joined EEsof in my early 20s and it was a huge adventure watching the company grow. Chuck is a serial entrepreneur who has had several successful startups before and after EEsof. He was a great leader and believed in teamwork and camaraderie, which made working for EEsof fun and challenging. He was also a valuable advisor to me when I was starting AWR.
Are you working on any exciting new projects now? How do you think that will help people?
The original anti-piracy software developed at AWR and commercialized through SmartFlow has grown dramatically and we have recently begun focusing on a second use for the data collected by the technology. We have developed very sophisticated analytics for the usage data collected through our software that are proving to be an important source for maximizing the revenue from sales and driving customer success. The telemetry data Cylynt software gathers provides a 360-degree view of the customer base so salespeople can monitor activity and identify trends, activations, renewals, opportunities for upsells, and more, as well as assist customers in getting the most value for their investment. This has become extremely valuable during the pandemic with conferences and trade shows cancelled and sales and support people unable to travel and meet with customers in person.
Another new value has to do with software-as-a-service (SaaS). SaaS companies get immediate feedback and visibility into their customers’ use of their products. On-premise software vendors haven’t had that ability until Cylynt usage analytics were introduced.
What advice would you give to your colleagues to help them to thrive and not “burn out”?
Work life balance is critical. I am a huge proponent of self-care. Health, diet and exercise are critical for functioning at a high level for long periods of time. Take care of your sleep, food, body and recreation.
Your career is a marathon not a sprint and, if you are going to be successful over the long haul, take care of your health. You also have to enjoy what you do, and the people you work with, so hire wisely and be a team player.
Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry, as it is today, is such an exciting arena. What are the 3 things that most excite you about the Cybersecurity industry? Can you explain?
- Pace. We’re living in interesting times with rapidly moving space and dynamic energy. Cybersecurity is invigorating to me as the challenges are different every day.
- Right against wrong. It is a constant battle involving gamesmanship between white hats and black hats trying to stay one step ahead of each other.
- You have to have a mission and sense of doing the right thing. The lines are clear between the good and bad guys. Customers are depending upon you to perform in order to protect and serve them. A sense of right and wrong is a strong driver to succeed.
Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for?
From a military perspective, cybersecurity is definitely the new battlefield because it transcends physical borders. Future military conflicts will be fought in cyberspace.
It is also an economic battlefield. Companies that can protect their ideas and IP have long-term viability. Those that can’t protect their IP are extremely vulnerable. Historical examples are GE (IP was compromised in many industries) and Morotola, dominant in communications at one time but lost a lot of its IP through theft.
If you look at threats to the environment, health and politics, technology can be unleashed and a lot of good can come out. Wrongdoing and disinformation and misinformation can undermine things that are important to society.
Do you have a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?
We have a saying in the industry: There are two kinds of companies — those that have been breached and know about it and those that have been breached and don’t know about it.
Cylynt helped a company that moved from not knowing to knowing. It is like pulling on a thread and discovering a serious problem with access to information. We stopped a potential major theft of source code through unauthorized access coming from another country. Once the company did the investigation into the breach, it was not able to determine how long it had been going on, what had been taken, or what had been compromised, which left it in a precarious position.
The takeaway was that you have to have traceability on IT systems so you can see what is being downloaded and pulled off the servers. In this case, the barn door had been open for a long time, which compromised the ability to ascertain what had been taken and where it went. However, we helped close the breach, and the client identified the culprits and secured access to key source code moving forward.
What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?
Human weakness plays a key role in the threat of cybersecurity, but social engineering is easily controllable. Companies spend lots of money on sophisticated tools, but don’t pay attention to small things like protecting their passwords and authentication.
The biggest weaknesses that need to be addressed are human weaknesses. At Cylynt, we do a lot of employee training to be aware of obvious breaches, password hacking, and malware. Our most important tools are training employees to “think before they click” and using simple tools like LastPass from LogMeIn for password protection and two-factor authentication (2FA) on all our critical systems.
How does someone who doesn’t have a large team deal with this? How would you articulate when a company can suffice with “over the counter” software, and when they need to move to a contract with a cybersecurity agency, or hire their own Chief Information Security Officer?
It comes down to math. You need to look at the worst case scenario of a breach and the implications of it in terms of risk assessment and cost benefit analysis. If a company could potentially end up in bankruptcy because of a data breach, it needs to look at possible scenarios and likelihoods.
I do not recommend taking risks. Typically, the biggest threats to a company don’t come from competition, but from a data breach. If a data breach will have minimal impact, then there is no reason to spend a lot of money on security. If you have valuable data you need to build a vault around your most valuable pieces and the vault should be appropriate for the value of the IP. Put the crown jewels in one place and build a strong wall around it, rather than putting everything you have in a long perimeter with a weak defense. Isolate what’s critical and valuable from what is less important, then you can cost-effectively address whether you need outside help from a cybersecurity agency.
The scope of what you need will depend on how much is critical to protect.
As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a lay person can see or look for that might indicate that something might be “amiss”?
- When computers or cell phones start behaving erratically, talk to IT. Bring in professional help early. These problems don’t go away, they just get worse.
- Think before you click. Those who click first and think later end up with problems. The key thing malware wants people to do is click. When in doubt, don’t open.
- Check unknown or suspicious incoming email addresses to make sure the email is really from that person by right clicking on the email address. As I said previously, this is where employee training is so important.
After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?
Bring in an independent third party. Fresh eyes are important for doing an assessment of the situation. An independent investigation is money well spent. From a legal perspective, it provides an independent opinion and assessment of the situation. People within the company have their own perspectives and a fresh perspective is valuable.
We have found that the GDPR and CCPA are good first steps in terms of adding clarity to data privacy and have been long overdue. Clear lines of what you can and can’t do need to be respected and adhered to.
Laws have added more clarity as to what is OK and what is not. The challenge is that there is no consistency. There are laws all over the world that are not necessarily compatible with one another.
Our tech has the ability to alter settings based on local legislation to ensure our customers are in compliance with those local laws. You can’t hardwire privacy settings. You need to be able to dynamically change them to adhere to changes in privacy laws. GDPR is a de facto standard and most legislation resembles it.
What are the most common data security and cybersecurity mistakes you have seen companies make?
We see a lot of mistakes in the area of data privacy where companies, particularly in mobile apps, are super aggressive in collecting data they have no rights or reasons to collect. On the other hand, we see developers of valuable software intellectual property that are not adequately protecting it based on misunderstanding the differences between “consent” and “legitimate interest,” particularly in regard to the GDPR legislation.
Software companies have the rights to protect their IP from piracy, and it’s important to verify that users are properly licensed to protect legitimate customers, detect counterfeit software, identify malware and this all falls into the broad category of legitimate interest. The most important aspect of data privacy is transparency, and companies that have clear end-user license agreements can both respect privacy and provide IP security when they combine legal expertise with the right technologies.
Since the COVID19 Pandemic began and companies have become more dispersed, have you seen an uptick in cybersecurity or privacy errors? Can you explain?
Our data shows that there has definitely been an uptick in software piracy of anywhere from 20% to 30% since the work-from-home orders went into effect in March. Clever hackers are taking advantage of so many employees of companies that develop IP working from home and remotely accessing their company’s network and are cracking even the strongest online fortresses to steal software companies’ IP.
In addition, employees working from home are downloading illegal copies of software from the internet that they need for their job but have not been provided with out of the office. Finally, workers that have been laid off and are suffering financially are buying cheap illegal software to work independently from their homes.
IT had its hands full before the pandemic, and now the challenge is even greater with a completely distributed workforce operating on unsecured hardware and software platforms.
Ok, thank you. Here is the main question of our interview. What are the “5 Things Every Company Needs To Know To Tighten Up Its Approach to Data Privacy and Cybersecurity” and why? (Please share a story or example for each.)
The theft of IP in the US remains a systemic threat to the economy, inflicting an estimated cost in pirated software and theft of trade secrets that is more than $600 billion annually and growing.
It’s not just a problem for U.S. software companies — it’s a global problem and the piracy is not limited to just China and Russia. It is essential for any company developing IP to be rigorous about protecting it. Cylynt recommends the following five tips:
- Host all or part of your software in the U.S., as well as your manuals. This provides jurisdiction for your company to seek legal remedies and recover lost revenue in U.S. courts, typically easier and more successful than legal action in foreign countries.
- Include phone-home technology that can gather pertinent telemetry data on who is using the applications. This technology will tell you if your software is used illegally and will report back usage details such as where, when, and how often your products were used illegally. This data can be used as strong evidence in a revenue recovery negotiation or to prevail in a lawsuit. As mentioned earlier, the same usage data gathered on customers can also be used to drive renewals and increase customer satisfaction.
- Make sure your policing efforts are timely and you are serious. Be aware of statutes of limitations that can prevent you from recovering for unauthorized use in the past, particularly if you knew and did not act immediately. Repeated “nice” letters and repeated threats with no follow-up generally don’t work. Remember that “crying wolf” may cost you credibility and money. Say what you mean and do what you say.
- Prioritize your efforts to get the most bang for your buck. Not all software pirates are equal: limited resources and competing interests make some pirates more attractive than others. Look for a target that is more vulnerable and more easily persuaded to become a paying customer or that has U.S. contacts. Look at reputations: Is the target’s management reputable and likely unaware of the piracy? Look for low risk/high reward. Is the pirate a frequent user with fewer resources to fight? Is the pirate located somewhere that will be difficult and expensive in which to litigate?
You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. :-) (Think, simple, fast, effective and something everyone can do!)
Let’s just play fair and stop cheating the system. The world is a better place and the game of life is more fun if you just play by the rules. We are seeing too much of that win at any cost mentality, and this has infected society from governments, to major league baseball to the destruction of the environment. The world is on fire because leaders are saying it’s ok to break the rules, and this cannot go on.
Technology can cut two ways. Either bots can be harnessed to promote disinformation on social media and we can face a dystopian future based on false information. Alternatively, we can wake up and just start playing by the rules. Science and technology are the keys to good economic decisions and good economic decisions are based on facts and data, and this can lead to a better more sustainable future.
Play fair. We should have learned this in kindergarten.
How can our readers further follow your work online?
Engage with Cylynt at:
Phone: (424) 278–9990
This was very inspiring and informative. Thank you so much for the time you spent with this interview!
About the Interviewer: Jason Remillard is the CEO of Data443 Risk Mitigation, Inc. (Publicly Traded as Symbol: ATDS). Data443 is a leading Data Privacy and Security company with over 40,000 customers worldwide. Formerly of Deutsche Bank, TD Bank, RBC Bank, IBM, Dell/Quest Software, TUCOWS and others, Jason has been in information and data security for over 30 years with customers in virtually every country in the world. Trusted to deliver — All Things Data Security — he is leading the charge in bringing data privacy as affordable, deployable and realistic solutions that every business owner can take advantage of.