Don’t quit your cybersecurity job

A few big ideas for fixing cybersecurity

When it comes to the challenge of cybersecurity, "things are going to get worse before they get better."

That was the message today from former CISA Director Chris Krebs, who spoke at the Black Hat security conference in Las Vegas.

• Krebs, who’s now a founding partner at consulting firm Krebs Stamos Group, said he recently polled a number of people in his network on whether they believe things are going to get better or worse for cyber defense in the next few years.
• "The general responses were, 'Bearish in the short term, bullish in the long term,'" he said.
• The low barrier to entry for attackers and the difficulty of securing increasingly complex IT systems were two of the issues cited by Krebs.
• Software vendors and the government are also exacerbating the problems, he said.

Providers of "core" technology must do a better job of releasing products that are secure from the get-go, Krebs said.

• "Software remains vulnerable because the benefits of insecure products far outweigh the downsides," he said. "Once that changes, software security will improve."
• Looking ahead, vendors ought to put a higher priority on the greater good.
• "Yes, it may impact the bottom line of your security services business," Krebs said, without citing any vendors by name.

The federal government also must start operating differently to make the sort of progress that's needed on cybersecurity, according to Krebs.

• Right now, he noted, there are still way too many agencies for security teams to potentially interact with (something I covered in my article on CISA yesterday).
• "Instead of going to five or six different agencies, make the front door clearly visible. And as I see it, that's CISA." Krebs said he's concerned that a "slowdown" in funding for CISA is likely from Congress, though.
• It's worth exploring the idea of pulling CISA out of DHS to become a sub-cabinet agency that can operate on its own, Krebs said.

AWS, Splunk and many of the biggest names in the cybersecurity industry had an idea of their own to share at Black Hat today. The coalition announced the Open Cybersecurity Schema Framework — a specification that aims to make it easier to integrate data feeds from different security products, which is a key goal for many security teams.

— Kyle Alspach (email | twitter)

SPONSORED CONTENT FROM MICRON

Chip shortage could undermine national security: The global shortage of semiconductors has impeded the production of everything from pickup trucks to PlayStations. But there are graver implications than a scarcity of consumer goods. If the U.S. does not ensure continued domestic access to leading-edge semiconductor manufacturing, experts say our national security could suffer.

Read more from Micron

Cloudy with a chance of IPO

Although the broader tech industry might be reeling a bit from inflation and consumer angst, private cloud companies are worth more than ever, according to the latest Cloud 100 report from Bessemer Venture Partners, Forbes and Salesforce Ventures. The value of the top 100 private cloud companies soared to $738 billion this year, up 43% year-over-year.

A notable chunk of that value, at $116 billion, can be assigned to productivity and collaboration companies like Figma, Airtable and Notion. In fact, out of the top 10 Cloud 100 companies, nearly half are productivity or collaboration companies.

Typically, the Cloud 100 would point to companies poised for imminent IPOs, but a tricky macroeconomic environment this year has shaken that up. Falling stock prices and lowered valuations don’t bode well for IPOs: Multiples are down from 34x ARR last year to just 30x this year.

Although now may not be the time to go public, private companies with good financial discipline should be able to wait it out. That’s the plan for Airtable, CEO Howie Liu told me a few weeks ago. The company just raised $735 million last December and plans to keep much of that cash on reserve.

Notably, like Airtable, all of the companies on Bessemer’s Cloud 100 list raised their last private round before the downturn and (for now) are still holding on to their valuations. But how these companies manage their cash moving forward could define who goes public next.

— Aisha Counts (email | twitter)

Around the enterprise

Avaya’s poor quarterly results shocked investors Tuesday, but new CEO Alan Masarek told CRN that he believes the communications company is quickly shifting its business to the cloud.

Cisco’s Talos cybersecurity division acknowledged that login credentials belonging to one of its employees had been compromised, and said it hasn’t found any evidence that the attacker had gained access to any critical information or systems.

SPONSORED CONTENT FROM MICRON

Chip shortage could undermine national security: To ensure American security, prosperity and technological leadership, industry leaders say the U.S. must encourage domestic manufacturing of chips in order to reduce our reliance on East Asia producers for crucial electronics components.

Read more from Micron