Robert Herjavec, founder of IT security firm Herjavec Group and a star on the angel investment reality show “Shark Tank,” says security workers will become increasingly specialized as technologies tied to sub-fields such as identity and access management become more complex.
“The level of complexity is increasing and becoming narrower,” Mr. Herjavec said in an interview with CIO Journal on Thursday. “In the past, if you knew security you could work on identity, you could work on firewalls, you could work on architecture. Because all those areas are growing and becoming much more complex, I need silos of knowledge.”
More repetitive processes will continue to be automated while humans are elevated to more sophisticated tasks that involve bringing context to complex situations, he said. Humans will always be part of the process, he added, as attacks continue to evolve.
CIO Journal spoke with Mr. Herjavec on Thursday. Edited excerpts below:
How have you seen the cybersecurity market evolve over the last six months, and where do you see interest building now?
The interesting thing about cyber is every startup could be the next big one. So you have this constant balance, and that’s partly because the attacks are always changing. The established player defends something that might not be an issue in the future. So that becomes very challenging.
As the market becomes really complicated, things like identity and user behavior analytics becomes really critical. The idea of protecting you is kind of becoming a little passé. Before I protect you, I have to authenticate you. If you can work anywhere from any device anywhere in the world, how do I know it’s really you?
We’re always going to have best of breed versus established players. What makes it harder today is there’s something like (hundreds of) new startups every year in security, and they’re all getting funded. What’s going to happen to them? There’s no way they’re all going to survive. So if I’m an enterprise customer, what do I buy? It’s not enough to buy technology that solves a problem. I have to buy tech that solves a problem from a company that’s going to be here in two years.
You said the managed security services market is quite fragmented compared to others. How so?
A few years ago, the market was really just about compliance and logging and basic security, and now the market is splitting. The growth is happening across all sectors, but now it’s really splitting between the high end, the middle and the low. On the low end, you have typically your small and medium-sized businesses. You have speed to market, you very repetitive process, I come in put in and put a black box in your environment, I collect a certain amount of logs, and I give you some level of basic security. My main driver is compliance or a certain level of basic security. I’m typically doing it in the cloud, I don’t want anything on premise, I’m not getting customized reports.
At the other end of the spectrum, you have a high level of complexity, you have some cloud apps but also a lot of on premise, and you have extreme customization. My alerts and the way I secure my environment is different than yours.
Then you have something called MDR (managed detection and response), which is a niche within managed services that takes care of your endpoints. That market says you don’t need any of that other stuff, I’m just going to put in a box at the endpoint and protect your perimeter and your endpoint for you.
Are third party services on the rise because companies can’t access enough of their own talent? Are they dealing with too much complexity?
Both. The level of complexity is increasing and becoming narrower. In the past, if you knew security you could work on identity, you could work on firewalls, you could work on architecture. Because all those areas are growing and becoming much more complex, I need silos of knowledge. My security architect can’t do firewalls, and my firewall guy can’t do identity and so on. And I had a hard time getting people in any of that.
What does that mean for the security organization?
(At Herjavec Group), three years ago we were 175 people, and we’re now 300. A year and a half ago, we didn’t have dedicated identity and privileged access people, today we have 20 people who do nothing but that. That may not sound like a lot, but some of our large enterprise customers have a handful. It’s harder to find people with that level of skills.
What role will emerging technologies like blockchain play in security and identity?
There’s three huge buzzwords in all of security, including identity: automation, orchestration, and blockchain. All three are going to have massive effects on our industry and have far-reaching, long term effects. But none of them are going to change anything in the next 18 to 24 months. There are pockets of tech within all those areas, like orchestration (connecting disparate tools and systems and streamlining security processes) that will have some effect. But on a wide scale, we’re going to be doing security two years from now like we are today. We still need human beings, there’s still a high level of customization required. But it’s coming. The question becomes, when it comes, will the next level of attacks be identified?
We’re automating processes that we know now, and that’s always a challenge because we’re making an assumption that new attack vectors will follow a certain set of rules that we can identify. Human beings are great at unknowns. We’re very good at seeing something we’ve never seen before and putting context around it. Machines are great at repetitive tasks. I think the repetitive tasks go away. I think over time we get better at that, but that level of context will always be there because the attacks will change.
Originally posted on wsj.com