Seeing Through New Eyes
I first encountered Team8 six years ago. By that point I’d spent a few years serving as head of information security innovation at a big international bank. The position itself was new; I’d had to define the role and decide what to do in it. The answer I came up with after a fair amount of thought was that innovation had to be about more than playing the security game better, or playing it with better equipment. It had to be about changing the rules of the security game to eliminate structural disadvantages — and create structural advantages — for the defenders.
Changing the rules of the security game requires understanding those rules; in particular it means understanding how the rules affect attackers as well as defenders. One of the long-established rules of the security game was “you can’t make users jump through too many security hoops, because it will confuse them into making mistakes, or annoy them into turning security off.” And for a long time we thought, “if you can’t make users jump through security hoops, you can’t make attackers jump through security hoops either.”
Team8 didn’t fall into that trap; they realized that attackers weren’t using the same tools as the legitimate users. Attackers use attack tools — and they use them to see things that are invisible to regular users. And that means you can change the rules of the security game by putting all the security hoops in the invisible part of the system. Attackers will have to jump through them if they want their attack tools to keep working, but regular users won’t even see the hoops. Team8 created a company, Illusive Networks, based on that insight.
“Changing the rules of the security game to eliminate structural disadvantages — and create structural advantages — for the defenders”
Thinking of security problems from the attacker’s perspective is one road to innovation — and the attacker’s perspective is probably the best-known part of Team8’s DNA. The attacker’s perspective gives Team8 an innovation advantage over other security startups and other startup foundries, but in six years of working with the company, I’ve come to realize that the attacker’s perspective isn’t an end in itself. It’s a means to an end, and the end is “thinking more broadly.” The attacker’s perspective is one way, but not the only way, to see problems in new ways by seeing through new eyes.
And that’s why I’ve joined Team8: to be a set of new eyes through which the future of cybersecurity can be seen. I’m here to add my perspective to the attacker’s perspective. You’ll be hearing and reading more of my perspective in the coming months and years; I won’t burden you with a manifesto just yet. But you can be sure I’ll be looking closely at how the rules might be different, and how the world might be different. Team8 is built to ask those questions and to act on the answers.