Published on: December 5, 2024
Richard Struse, the CTO and Co-Founder of Tidal Cyber, is a pioneer in the cybersecurity industry, renowned for his contributions to Threat-Informed Defense. With a career spanning decades, Richard has developed and co-founded pivotal frameworks like STIX and TAXII, which revolutionized cyber threat intelligence sharing. At Tidal Cyber, he leverages his expertise to simplify Threat-Informed Defense for organizations, enabling them to navigate the dynamic threat landscape with confidence. In this SafetyDetectives Q&A, Richard shares insights into Tidal Cyber’s growth, the integration of Breach and Attack Simulation (BAS) tools, and the evolving needs of cybersecurity teams in 2025.
Can you share a bit about your background and your current role at Tidal Cyber?
Happy to. Currently, I am the Chief Technology Officer (CTO) and Co-Founder of Tidal Cyber, which was built to bring Threat-Informed Defense to enterprises more efficiently. Throughout my career, I realized I like to build things, which drove my roles in the development of new approaches and solutions in cybersecurity for the past decade.
Outside of my role at Tidal Cyber, I am known for the creation of the Structured Threat Information eXpression (STIX) and Trusted Automated eXchange of Indicator Information (TAXII) cyber threat intelligence (CTI) sharing standards, which allow organizations to broadly share detailed information about cyber threats.
I also co-founded MITRE’s Center for Threat-Informed Defense (CTID), where I worked with many enterprise cybersecurity organizations to further the state of Threat-Informed Defense globally. In this role, I helped create many resources and approaches that undergird advanced Threat-Informed Defense.
From there, Rick Gordon, Frank Duff and I saw a gap and created Tidal Cyber to make Threat-Informed Defense easier and more impactful across organizations. Coming from MITRE, we were uniquely positioned to understand the MITRE ATT&CK knowledge base and both the benefits and challenges of using it within security organizations at scale. We’ve used that perspective to build a platform designed from the ground up to deliver unprecedented visibility to security teams.
Earlier this year, we interviewed Tidal Cyber’s CEO and your co-founder, Rick Gordon, on key trends in the industry and recent company enhancements to its Enterprise Edition platform. What kind of momentum has the company seen since May?
At Tidal Cyber, we are always looking for what’s next and what will make intelligence more efficient so that security teams can do their jobs. This is why, in October, we released a feature that integrates test results from Breach and Attack Simulation (BAS) tools and other testing sources into our Enterprise Edition platform. This provides our users with critical context regarding the results of testing within their environment, helping them prioritize their testing program for the greatest impact.
Following that, we received a strategic investment from two financial institutions, USAA and Capital One Ventures. These investments are a testimony to Tidal Cyber’s ability to deliver results for some of the largest and most sophisticated organizations around the world. We’re using those funds to build on our incredible growth in 2024 as we will expand engineering, sales and marketing activities as well as continue to enhance the company’s free Community Edition, supporting over 3,500 security professionals globally.
As we look toward 2025, we will continue to evaluate the threat landscape to provide strategic insights into threats that impact our customers and give them the information they need to make the most of their security stacks and defend their networks against the most sophisticated actors. We’re also making some major strategic product investments, expanding the platform to address key news use cases identified by our customers. And, as always, we will continue to enhance and extend the platform to continue our leadership position as “the” Threat-Informed Defense platform.
How do test results from Breach and Attack Surface (BAS) tools complement Threat-Informed Defense strategies? How can security teams improve their defenses by leveraging this data?
BAS tools can be an integral element of Threat-Informed Defense. The results from BAS give security teams the empirical insights they need to elevate their confidence around the organization’s threat intelligence capabilities and defensive measures to ensure they are optimally aligned with the defender’s particular environment. BAS tools provide security leaders with the ability to measure the efficacy of their defenses against specific adversary behaviors.
The combination of Tidal’s platform with data from BAS tools is powerful because Tidal puts those test results into context, helping users make sense of the detailed information that BAS tools provide. In addition, Tidal can help users understand and prioritize where testing is needed most to help users have justifiable confidence in their defenses.
As 2024 comes to a close, where do you anticipate security and threat intelligence teams will need to shift their focus in 2025 to stay ahead of evolving or emerging threat vectors? How is Tidal Cyber helping address these threats?
As we discussed in a recent blog post, 2025 will continue the trend of rapid evolution of TTP use by adversaries. This means that security teams will face a continuously evolving landscape of adversary activity and will need to make sense of that day in and day out. Without automation, security professionals will be increasingly challenged to answer some of the most basic questions that organizations need to answer, starting with “How effective are our defenses against these changing threats?” and “How can we improve our defenses – today?”
We continue to see talented CTI teams struggle to deliver the insights that they know are most important to their organizations and then have those insights turned into action across security as a whole. Here at Tidal, we’re focused on ensuring that the work that CTI teams do is translated into actionable insights that are usable across security functions, including the SOC, security engineering, detection, hunt and red/purple teams. Ultimately, it’s about doing everything we can to help ensure that defenders have as many advantages as possible against an ever-evolving threat landscape.