Aviva Zacks of Safety Detectives had the unique opportunity to interview Rich Hale, CTO of ActiveNav, who told her all about his RAF experience and how it influenced his cyber career.
Safety Detectives: What has your journey to cybersecurity been and how did your experience in the Royal Air Force help shape your career?
Rich Hale: I’ve worked with the Royal Air Force and some others. I’m an aeronautical engineer by my original profession—went to university and got my degree in that. I joined the Royal Air Force doing the things you’d expect—supporting operations around the world: the Middle East, the U.S.—deploying bombers and fighters and supporting those in operations.
I found my interests were not in engineering operations, so I sought a change. I deployed to Texas in the U.S. to get involved with aircraft procurement, which was a normal undertaking to introduce our new capability to the Air Force. I found that I got excited more by the change activity rather than the engineering itself and that caused me to look more broadly at what was out there in the Air Force, at what projects were available.
The most exciting project to me was the largest information and technology migration the British military had ever undertaken—a defense information infrastructure change. I got involved as an end-user, responsible for how we were going to exploit and use the information in the system. I had no background in information or technology at all outside aircraft, and I was taking it from a very pragmatic perspective. But I did need to understand and know about data to protect the Air Force’s interest and allow the Air Force to make the best out of that data. So, I was attacking it from a very different perspective, and I became particularly aware very quickly that as the guy in the Air Force headquarters, I had no idea about my organization’s data—none. And I had no way of getting a sense of it either.
I had units spread around the world and there was no way of understanding that information, so I set out to understand how I could implement something that would enable me to get a global view of the data and enable my organization to do the same so that we could get a sense of what we had, where we had it, what it looked like, and what we needed to do about it. And that’s the beginning of the story.
SD: How does ActiveNav keep its customers’ data secure?
RH: Given that I changed my Air Force career to this one, we’re perhaps a little bit different from some of the other technologies you’ve looked at. Our job is to provide and enable customers to understand what data they have at scale. And I think, most importantly, to put it in a business context so they can visualize that data and then act on it so that they’re looking after it appropriately.
I’d contrast that to what I think is an understandable pattern in cybersecurity today which is we talk about bolting the gates: the perimeter-defense like data access management and data loss prevention. But fundamentally, that doesn’t pay enough attention to what data is inside the perimeter. So, our job is to provide customers with a holistic picture of all their data and enable them to understand the nature of that data, understand the risks and the value, and connect that with the end-users and the business so that they can have what we call good data stewardship.
That for us is the root of making sure that one understands and takes a responsible view on what data you’re holding and how you’re looking after it for its entire lifecycle, rather than simply bolting the doors and managing those exit and entry points.
SD: What verticals use your company’s services?
RH: We are what we call a horizontal play. We serve and have customers in just about every vertical you could imagine. But if you think about those that are more common for us, there are some drivers that tend to have people buy and consider our software.
Lately, of course, data privacy is the key issue everyone has in mind, but I will generalize more and say it’s about anyone who has some driver around regulation and compliance, security, privacy, healthcare, financial services. If you look at the government, we have a very significant military and civil customer base. They’re driven by things like freedom of information, management of records, and similar acts. So those guys are all looking at data from stewardship management and security perspectives. And I’ll just add on top of that—because we take a picture of all of our customers’ data and enable the customer to understand more about what it is, we have customers that also look at the value-add side of data. I think this is an important contrast.
Sectors like natural resources, oil, and gas, or mining come to us because there’s value in their data, so they are looking to understand how they drive operational efficiencies and new opportunities out of their unstructured data. The uniqueness about how we attack the problem is because we understand that data enables our customers to develop the ways of dealing with data from a security and compliance perspective, but then repurpose those skills into adding value to the business.
SD: How does your company stay ahead of the competition?
RH: For us, particularly in the security market, it’s about managing data holistically. We know that we do compete with security providers who attend to some data loss prevention, securing data access management, and the like, and we tend to view that as a very IT-centric perspective and respond to that as well. Looking at the problem from a completely different direction gives us a very different take and we compete based on understanding the data.
For us, it’s about the range of repositories we connect to and the way we connect the information to the end-users. We try and understand how we could build a customer a really clear path from the insight that we provide initially through to action and ensuring that we’re really connecting that beyond just the scope of IT.
Lately, we’ve been building some of that into a new cloud offering and the key point about that cloud offering is to really enable the customer to climb out, avoid the massive costs of implementing similar technologies, and reduce the barrier to entry and quickly provide a single pane of glass on all the customer’s data so that they can understand if it’s healthy. It’s important to recognize that the perimeter defenses will fail. And so, once insiders or external attackers get inside a business perimeter, the extent to which you were doing a good job of looking after that data and minimizing that data appropriately, has a strong bearing on what gets leaked and what gets lost as well, and we approach it from that perspective.
I think the other point I’d make is while first and foremost we’re a software company, we have an excellent support and customer success team who is well-versed in how you solve these problems. And I think we add that on top of our proposition to our customers very well.
SD: How is the COVID-19 pandemic changing the way we’re handling cybersecurity nowadays?
RH: I’d love to be more sophisticated, but everyone went and did what they had to do. They’ve massively transformed their patterns of working. They’ve made workforces remote when they weren’t necessarily intended to be or never thought about being remote. Everyone has managed to slam the needle over from one way to the other and make that happen. And in a way, everyone is coping with that change. Throughout the whole process, the social engineering attacks that organizations face have always been the biggest threats to business in my opinion.
And now having made that change with everyone working remotely and coping with that impact, I think it’s important now that everyone looks back a little bit and asks themselves how their users are operating at home and how they are engaging with that blur between the personal and work life. I think it’s important for organizations to attend to the people part of the picture.