The cybersecurity market is certainly dynamic. As Ron Gula, founder of Gula Tech Adventures points out in this interview, new names are cropping up wherever there’s a need, in “personal commodity business or large enterprise business or even technologies that help the government stay secure.” Current cybersecurity investment trends point toward a market that will continue to evolve in order to stop the emerging threats. The central questions that led to this cybersecurity trends interview were an interest in “Where is the market going” and “how does that market look in terms of maturity.”
To answer these questions, government policy, industry leaders, and adversary behavior have to be examined closely. Cybersecurity is, by nature, a reactive business. Organizations like Gula Tech Adventures and SightGain are focused on innovating new methodologies, technologies, and approaches to cybersecurity in order to stay ahead of cybercriminals and work toward a world where sensitive data is secure and out of the hands of people who would use it to do harm. Watch the full cybersecurity trends interview below.
Want to learn more? Check out SightGain’s product page about our revolutionary continuous readiness platform and Gula Tech Adventure’s programs to find out how these two companies are paving the way for a more secure future.
Christian: Morning. Christian Sorensen, founder, and CEO for SightGain. We’re here at the Data Tribe studios. I just want to take some time with Ron Gula, the founder of Gula Tech Adventures, and get his perspective on the market. Thanks for joining us today Ron, really happy to have some time.
Ron: Good morning, thanks for opening up the doors of Data Tribe.
Christian: That’s great. So tell us a little bit about Gula Tech Adventures, what you guys are focused on and trying to do with that?
Ron: Thank you. So Cindy and I, this is our third company. The first one was Network Security Wizards Intrusion Detection, and it was Tenable network security co-founder and we helped people kind of figure out their vulnerabilities and compliance issues. And what we wanted to do at Gula Tech Adventures was try to invest in that next generation of cyber people out there that protects the country in cyberspace, but also do a little bit of policy work, and do a good bit of philanthropy work. That’s why we call it an adventure.
Christian: That’s awesome. We’re here at Data Tribe Cybersecurity Studios. In kind of the nexus of cybersecurity and whatnot, what’s got you excited about what’s happening here locally as well as in the market?
Ron: We’re very happy to be investors with Data Tribe, not only here in Maryland, but it’s kind of tapping into that oil of people we have around here, right. All these cyber developers, people who are leaving the government, the intelligence communities, and moving on into industries. I’m really happy about that. What I’m also really happy about is that the nation is really kind of moving forward in terms of understanding cybersecurity as a risk to great nation-state struggles. We’ve got quite a bit of assets in the region, right. We’ve got the National Security Agency, we’ve got Cyber Command, but we also have some really amazing companies. There’s Tenable with Source Fire here. We recently had IronNet go public, so the entire ecosystem around here has really come along in the last couple of years.
Christian: With that, you’re starting to see more connectivity and more catalysts happening. Do you anticipate that continuing on, or where does that continue to go, or is that going to be more and more here, or spread out even more regionally or nationally?
Ron: So interesting because cyber is such a hot topic right now. People recognize it’s not only important, but it’s potentially a good investment. There’s a lot of new money that’s coming in. Three or four years ago we would have spent some time talking about how does Maryland or the DC or Virginia area compares to New York, Boston, or the west coast. But now it’s all about having great ideas. What can you do that’s going to really create a logo because nobody wants to switch out their major vendors, so what can you do that’s going to create a logo, a new market, a new solution to a problem that’s going to really enable problems being solved, whether it’s in your personal commodity business or large enterprise business or even technologies that help the government stay secure.
Christian: We’re in the readiness business, right? That’s the market that SightGain is in. I guess, what have you seen with both Tenable and some of the other investments in that larger marketplace happening? Where’s that market going and what’s starting to resonate with customers and resonate with that sort of approach of breach and attack is in that area, and exploitation and automated red teams, that kind of stuff. But where’s it going, how’s that market look in terms of maturity as well as then follow on?
Ron: It’s such an interesting space to be in because Tenable is the leader in sort of figuring out all of your problems, right? They call it cyber exposure. But at the end of the day, it’s really up to you to do something about that. At the end of the day, it’s really still hard to figure out am I still secure? As an industry, we really don’t know what’s the final way, are you secure or not. One of the things I like about SightGain is you guys have taken Mitre Attack, and really instrumented, what do I need to train my people, right now based on my environment? That’s a great example of sort of another way to answer, are you secure. Another company in our portfolio, it’s kind of in that space, a little bit more on the simulation of malware side of site, where they can basically say hey, let’s take reveal ransomware, let’s take dark side, and let’s create a way for people to QA their network and see if their defenses are there. That’s another way to figure out if you’re secure. I bet you if we had this interview four years from now, there might be yet another way because this market and the threat just keeps moving.
Christian: Since we’re here in the DC area, one thing that DC is good at is making regulations. Some of those are compliance frameworks that people have to abide by, whether it’s NIST or others on the commercial side. Do you see that kind of coming together down the road where we’re going to require, or the government’s going to require things like breach and attack, or exploitation, verification, happening in compliance frameworks where those are kind of beyond compliance at this point?
Ron: It’s such an interesting time because I think regulation should be more inspirational than the minimum baseline. I’ll give you a good example. In the recent NDAA, there was text verbiage in there that said you have to measure how well you respond to discovering malware and backdoors on your network. It’s completely different than minimum vulnerability standards, or two-factor authentication, that sort of thing. So I’m very happy about that. On the other hand though, when you look at where could we be doing more leadership? I’d love to see things like the Security Exchange Commission tell public companies you need to have somebody on that board who’s a technology master, who’s a cybersecurity master, right? Because right now we have this very financial way of looking at things, and when you have an entirely financial way of looking at things, you don’t understand systemic risks. You have things like colonial pipeline. So I think the government could be more proactive in understanding this is a technology problem, but it’s also behavior and public perception problem.
Christian: That’s one of the interesting things that we see too is, taking this kind of approach where you’re actually testing against the actual exploits that are out there, really opens people’s eyes to are we protected or not? And then that can inform really, a high-quality way, your measures of risks. We’ve seen our customers kind of respond really well to that because it’s in those financial terms, but using that traditional measure of risk that they need to to have those conversations between the C-Suites and whatnot. Last question, do you anticipate on the policy side for Gula Tech Adventures, figuring out or helping to shape that policy environment to inform, all right, here’s what’s working and make sure we’re marching in that direction as opposed to continuing to do stuff that we know is not necessarily working?
Ron: One of the things I like about Gula Tech Adventures is we’re not a think tank, we’re not a lobbyist. But we’re basically giving money to people and our expertise, that can be a form of investment. It can be a form of our competitive grants for the non-profits, it can be in the form of doing things on the political side. Having a consistent message in all three of those areas really helps us be fairly effective at giving some of that advice. It’s a lot of stuff I’d love to see the government do. I’d love to see them be a bit more proactive and open about how bad the cyberthreats really are, doing a little bit more to name names. But also, I’d like to pick some wins. I don’t think it’s just by luck that we’ve been able to recover keys from like colonial ransom, right? So if there’s a hero at the basement of Cyber Command or the NSA somewhere, I think that person should be getting whatever kind of cyber star we can give that person by the President of the United States. That’s the kind of stuff I try to inspire when we have the opportunity to share that kind of information with our politicians.
Christian: I love the pragmatic approach, right? Let’s figure out what works and let’s do that more. We appreciate your time today and getting together with us, and spending a little time to let people know what’s on your plate, what you guys are looking at, what you’re excited about. Thanks for your time today Ron.
Ron: Thanks for the opportunity. Keep up the great work at SightGain.
Christian: Thank you, appreciate it.