Published on: August 22, 2024
In our latest interview, SafetyDetectives had the privilege of speaking with Dr. Vincent Berk, Chief Strategy & Revenue Officer at Quantum Xchange. With a PhD in machine learning and a wealth of experience in cybersecurity, Dr. Berk has been at the forefront of blending cutting-edge technology with security strategies. During our conversation, he shared insights into the evolving landscape of cryptography, the importance of crypto-agility, and how Quantum Xchange is pioneering quantum-safe solutions to protect against the emerging threats posed by quantum computing. Dr. Berk’s deep understanding of the industry’s challenges and his innovative approach to cybersecurity make this interview a must-read for anyone looking to stay ahead in the ever-changing world of digital security.
Can you tell us a bit about your role and your journey in the field of cybersecurity?
My background is that I started out with a PhD in machine learning, which is really intriguing because that’s super hot these days. But back when I got my PhD, absolutely nobody cared. It was neural networks—an academic curiosity at best. What do you do with that? You either become an academic or try to figure something out in the industry. So, I started a company in the field of behavioral anomaly detection, applying machine learning to network traffic. That’s how I ended up in the field of cybersecurity, combining my interests in machine learning and cybersecurity.
Over the years, I’ve been in different roles—Chief Revenue Officer, Chief Strategy Officer—but at heart, I’m a technologist. In cybersecurity, I always aim to open people’s eyes to the art of the possible. Hackers are detectives in their own right, trying to find holes or cracks in your systems. We’ve seen crazy things like side-channel attacks and ways people think of leaking data.
What are Quantum Xchange’s flagship features and how does it stand out in the cybersecurity field?
Quantum Xchange started as a way to deal with the quantum computer threat to encryption. When you look at encryption, multiplying two numbers is easy, but figuring out what numbers were multiplied is much harder. Quantum computers make that process efficient, putting cryptography at risk. Quantum Xchange was founded to bring quantum-safe cryptography to the world—a cryptography resistant to quantum computers.
As we started selling quantum-safe encryption, we found that most CISOs and enterprises weren’t thinking much about quantum computers or algorithms but were interested in their progress. So, we created a tool called CipherInsights, which gives visibility into the cryptography in use across a network. It inventories everything—protocols, keys, certificates—so you can see exactly what’s being used and where.
Can you explain the importance of crypto-agility in modern cybersecurity practices?
Crypto-agility is a term that’s been thrown around a lot. In the old days, we had RSA, a form of encryption that’s been around for about 40 years. Today, we’re seeing dozens of potential future candidates that are much younger and less proven. We’re betting that these new algorithms will stand the test of time, but we don’t know for sure. Agility means building our networks, systems, and policies in such a way that we can switch from one algorithm to another as needed. It’s about having control and the ability to adapt.
Cryptography is full of single points of failure. We’ve been using one algorithm and one software implementation. Even if your algorithm is bulletproof, you might end up with a faulty implementation. Agility helps us move away from these single points of failure, allowing us to adapt quickly if an algorithm is compromised. It’s crucial for CISOs to start thinking about agility as they prepare for the future.
What role does continuous monitoring play in maintaining robust cryptographic security?
Continuous monitoring is critical in cryptographic security. Many people look at cryptographic risks as a point-in-time issue, taking a sample and then considering their system secure. But hackers operate in real-time, and if you’re only taking snapshots, you might miss an attack. This is why network intrusion detection quickly moved to continuous monitoring—so you’re always watching.
For instance, take LDAP authentication—it’s ubiquitous, and if not continuously monitored, it can be a significant vulnerability. Continuous monitoring ensures that cryptographic processes like this are always secure, adapting to new threats as they emerge. It’s essential to avoid the single points of failure that are all too common in cryptography today.
What are the biggest challenges enterprises face when it comes to securing their communications and data?
One of the biggest challenges is the myopic, tunnel vision that we see—a herd mentality. People don’t always explore the art of the possible in terms of what the risks to their organization are. Every business is different, with different data requirements, software packages, and missions. Security needs to be tailored to fit the business mission, and it’s the job of the CISO to do some really good, honest, independent thinking to figure out what the unique security challenges are and then architect a solution for that. That’s probably the biggest challenge I see.