We learned about the latest Tanium products and heard thought-provoking views on everything from artificial intelligence to quantum computing. Throughout the day, we saw three major themes emerge.
(Tanium CEO Orion Hindawi (right) with Fortune’s Robert Hackett at CONVERGE17.
CONVERGE17 got off to a rollicking good start yesterday, with 600 Tanium customers and partners joining us at San Francisco’s historic Palace Hotel for a day of general sessions, in-depth breakouts and hands-on labs.
Our general session speakers covered a wide range of topics – from the latest Tanium product news to thought-provoking views on everything from artificial intelligence to quantum computing. Throughout their presentations, and in our conversations with attendees today, we saw three major themes emerge:
- It’s time to face the hard truths about cybersecurity;
- It’s time to find new ways to communicate with boards and C-level leaders about the existential threat attackers pose to our way of life; and
- It’s time to prepare for a future loaded with Internet of Things devices, autonomous vehicles and a host of other technologies that will transform how we live and work.
Here’s what we learned.
Facing the hard truths about cybersecurity
Tanium CEO Orion Hindawi served up a healthy dose of reality in his fireside chat with Fortune’s Robert Hackett, busting through the myth that technology alone can fix the world’s cybersecurity challenges. “The idea that we are going to give you a black box that’s ‘automagically’ going to fix everything and you’ll never get breached is not true,” he said. “Anyone who tells you that is lying to you.”
Indeed, sometimes those tools can be turned against you, as New York Times cybersecurity reporter Nicole Perlroth noted in her presentation “This is How They Tell Me The World Ends.” She pointed to her recent article about how cybersecurity software was used to spy on people working in the U.S. government. “The big takeaway is that security software is a really good spy tool,” she said. “We’d be idiots not to use it, but on the other hand it has really deep access to your systems, and if someone wants to use it for silent signature searches, they can use it for silent signature searches.”
So, what’s an organization to do? According to Hindawi, practicing good security hygiene is one place to start. “We need to patch our computers, figure out where our data is and start protecting it,” he said. “Do I think it’s going to get solved? No. But we can make it harder for attackers to succeed.”
Understanding the business dynamics that prevent organizations from performing basic cyber hygiene tasks, like patching, is also key. “One of the biggest reasons people don’t patch is the business line doesn’t want an outage,” said Hindawi. Nobody in IT wants to be the one who knocks out a business-critical application for a week because of a patch gone wrong. But, “If I can allow you to apply a patch in three minutes and remove a patch in three minutes [if there’s a problem] the amount of risk you’re incurring is lower. If we give better tooling to our customers, the likelihood of a weeklong outage can be reduced.”
Asked by Hackett if he takes more of a glass-half-empty or glass-half-full view of the cybersecurity landscape, Hindawi responded “It’s just a glass, dude.” He added: “Where we are is people are getting breached constantly and it’s painful, we need to concentrate on not being there.”
Talking to your board about cybersecurity
Hulu founding CEO Jason Kilar drew from his own experiences to reflect on the No. 1 mistake he’s seen C-level and board-level executives make in thinking about cybersecurity. “They think it’s not worthy of their position,” he said during our fireside chat. “There’s a lot of C-level executives in this world today who assume someone in their organization is responsible and it just stops there.”
Kilar suggested less than 3% of board members across the globe are in any way conversant, let alone experts, on the topic of cybersecurity. “People in those positions are scared because they don’t know anything about it, they’re more ignorant than they should be and they don’t want to reveal it,” he said. “Our job is to educate our board members on why this is important to our company and what we’re doing about it.”
Even if you don’t personally have access to your board or to senior executives in your organization, there are ways to get your message heard, according to Kilar. One way is to adopt the Amazon practice of writing five- to six-page narratives. “You might not find yourself in a board room, but if you write a narrative that gets sent out in the packet that’s distributed before a board meeting” it can have a significant impact. Wondering what to write? Kilar said: “Educate your board and senior level leadership about what your job is, exposures to the company and what you’re doing about it. My best counsel is to write the best five pages of narrative you’ve ever written in your life about why this is important, what you’re doing about it and how others can help you.”
Kilar also suggested getting customers involved in conveying the importance of cybsersecurity to your senior leadership. “Poll them. Bring them in as a panel of sorts for executives,” he said. “If that doesn’t work, go work for another company. If leadership doesn’t care about what customers care about, don’t work there.”
Although the challenges of educating senior executives and board members may seem daunting, it’s worth bearing in mind that CISOs and other cybersecurity leaders have more organizational clout now than they did even a few years ago. “The CISO has, at the board level, never been more influential,” said Perlroth. “Boards are continuing to seek out the expertise of CISOs, there is no longer a wall between the board and the CEO and the CISO. In breaches, it’s not just the CISO who gets fired anymore. It’s the CEO who is losing their job as a result of some of these breaches. I don’t think the awareness has ever been where we are today.”
And, if you’re in a leadership or board position, Kilar had some advice for you as well. “Be a damn good listener. Be empathetic. Put your ego and smarts to the side. Don’t jump to conclusions and just listen.”
Facing the future
Marc Andreessen and Peter Diamandis started their freewheeling and thought-provoking conversation by talking about “the acceleration of the acceleration of change.”
The question, of course, is how we’ll adapt to all the changes that loom. “I don’t think the world realizes how fast things are changing,” said Diamandis. “I view it as a tsunami of change. Humans don’t like change.”
Andreessen noted that the pace of change is accelerating in some sectors, and not so much in others. “The rate of technology adoption in the economy and in the world varies a lot by sector,” he said. When we see sectors such as retail, e-commerce, media and communications undergoing massive transformation, “we think the rest of economy must be working like that.” But, if you’ve paid a college tuition bill, or had a health issue, or bought a house recently, you know those sectors have very little technology adoption relative to other industries. In these and other cases, “we need a level of technology but also a level of institutional reform.”
While acknowledging the heavy lifting ahead, Andreessen is optimistic about a future chock-full of autonomous vehicles, artificial intelligence, Internet of Things devices and the magic of quantum computing. He sees these and other technologies leading to job growth, improved living standards around the world and the expansion of education opportunities in underserved populations. And that’s a vision of the future we can all feel good about..
More from Tanium CONVERGE17:
Got questions? We’ve got answers. Join the conversation today and connect with your peers and Tanium technical experts in our Tanium User Community.
About the Author: Scott Rubin is Chief Marketing Officer at Tanium, where he is responsible for marketing, communications, public affairs and public policy. Prior to Tanium, Scott was a partner at the venture capital firm, Andreessen Horowitz, where he advised portfolio companies on their communications and brand strategies. Before joining Andreessen Horowitz, Scott was a director at Google, where he served on both the public policy and communications teams, most recently managing global corporate communications.