FireEye CIO Colin Carmichael shares his insight into the changing landscape of cybersecurity, and how the company uses cutting edge technology and human...
The first two decades of the 21st century have borne witness to dramatic and unilateral change of a scope and scale seldom seen before. Ubiquitous mobile devices, the rise of artificial intelligence and the sweeping digitalisation of the global landscape have, even in the last decade, brought about dramatic and constant reinvention of the way businesses operate. In few places is this transformation more pronounced than the field of cybersecurity.
From sophisticated phishing attacks and ransomware to high-profile data breaches, perpetrated by nation-state funded groups of cyber criminals, and direct interference in democratic elections, the war against digital crime has never been waged more fiercely. Colin Carmichael, CIO of leading cybersecurity firm FireEye, lives and works in the heart of this conflict. “We live and breathe on the front lines of cybersecurity every day here at FireEye,” he says. “FireEye is called into the biggest breaches all over the world. We see, first hand, what's going on and what the bad guys are up to.”
For the past 15 years, FireEye has fought tooth and nail against the machinations of cyber criminals, relentlessly protecting its customers from the impact and consequences of cyber attacks. Carmichael himself came to the firm in 2016, having previously worked in “every function of IT you can think of: hands on coding, managing people, building data centers, building applications. You name it, I’ve done it,” he laughs. Carmichael cut his teeth at Californian technology giant Sun Microsystems, and later held senior roles at Amazon and Polycom. “The one role I avoided for most of my career was security, because back in the day it didn’t excite me.” We sat down with Carmichael to find out what changed his mind, get his insight into the complex and dangerous world of cybersecurity, and discover how FireEye is fighting the war against increasingly sophisticated and capable bad guys.
“Security certainly has changed a lot,” recalls Carmichael. “Back in the day, it was simply a case of making sure you had the best firewall and DMZ structure out there to secure the perimeter. Then, if that perimeter was totally secure, you just got on with your life.” In previous decades, the motivations behind cybersecurity breaches weren’t as clearly understood, and even major technology firms like Sun Microsystems saw competitors looking to steal intellectual property (IP) as the primary risk when it came to cyber espionage. “Today, no one’s safe. Every industry is at risk of being attacked for multiple different reasons,” says Carmichael. “There are obviously still attempts to steal IP, but there are also financial attacks, people who want to ‘bring you to your knees’, ransomware and phishing are off the charts – there’s a whole industry of adversaries out there, and they are very, very sophisticated.” This increase in sophistication, Carmichael maintains, is the leading driver behind the unending innovation cycle at FireEye. “The bad guy used to be thought of as a teenager in dark glasses and a hoodie,” he chuckles. “Today, that’s not the case. There are organized Advanced Persistent Threat groups – that are typically nation state driven – as well as organized crime groups out there. It’s a war.”
Carmichael and FireEye are as close to winning that war as anyone, but the process is a constant battle to stay one step ahead of the bad guys. “You have to continuously innovate. When you identify a new vulnerability – a new attack vector for those bad guys – you’ve got to be able to respond immediately,” he says. As technological security measures become increasingly airtight, users are being targeted more and more as weak points in security systems. According to Carmichael, ransomware attacks are on the rise. “It's not unheard of nowadays for CEOs to get emails that look very much like a normal communication from inside their network. It looks like it's come from a legitimate source, and they're moving so fast that they just click on a link or respond saying ‘yeah, I approve this.’ Then, that email launches some bad stuff in the background,” he explains. “Ransomware is the biggest growth area right now. Humans are humans, and sometimes you need to repeat that message several times before it sinks in.” Both in its relationships with clients and internally, FireEye promotes a continuous education cycle in order to keep security awareness at the highest possible level and constantly strengthen “one of the weakest links in the chain.”
While humans are increasingly the weakest point in a company’s cybersecurity armor, FireEye uses people as its most effective defensive asset. “FireEye’s major differentiator is what we call intelligence-led security,” says Carmichael. It is the company’s view that technology alone isn’t enough to combat cyber attacks, and that ‘hands-on front-line expertise, combined with innovative technology,’ is the most effective defense. Top level cybersecurity professionals are essential to FireEye’s business model, making the process of attracting and retaining the best possible talent a critical objective for the company. “There are 3.5mn open positions in the cybersecurity world today. That’s an absolute dearth of talent and everyone's scrambling for it,” Carmichael says. “There are a lot of experts in the cybersecurity world who would love to come and work at places like FireEye, but that doesn’t change the fact that we’re constantly working to figure out how to educate our people and how to partner better with universities that have curriculums focused on cybersecurity, so we can get new blood and a new generation of graduates coming out into this field, who are prepared to walk into a job on day one.”
One way in which FireEye is helping its clients compensate for a shortage of cybersecurity talent is its new Expertise On Demand service. Given that “insufficient and under-skilled staff increases team workload, leading to burnout and attrition as well as increased business risk,” according to the company, Expertise On Demand allows companies to utilise FireEye’s vast expertise as a remote service, in exchange for prepaid units including training, capability development, and custom intelligence. The progression towards service-based products is something FireEye has been embracing for several years, moving from hardware appliances to a service-based cloud model. “We still have customers that prefer the old appliance, we have customers that are now much more software driven, and we’ve got a lot of customers who are migrating fully to the cloud and don’t want to manage anything in terms of their network. They would rather have their cloud on AWS or Azure or just want a SaaS application,” says Carmichael.
Looking to the future, the war against cyber threats is only going to escalate, and FireEye will escalate along with it. “We'll continue to evolve our products and our business, whether that's through organic growth or acquisitions,” predicts Carmichael. “We know we've still got areas we want to offer capabilities in and, internally, my drive is to develop systems that actually get IT out of the way of the business and allow the business to go at the speed of business.” As a veteran of IT and cybersecurity fighting on a daily basis against sophisticated and organized threats, Carmichael admits the world “is a scary place, but an interesting one nonetheless, and one that FireEye will continue in its mission to relentlessly protect our customers.”