Ben Johnson is co-founder and Chief Security Strategist at Carbon Black, a partner of M.Tech. In his role he spends the majority of his time meeting with prospects, customers and partners to discuss cybersecurity strategy both with Carbon Black products and also across the stack. We caught up with him to talk about working for the NSA, the security industry and where he sees it evolving before his keynote at RSA Conference Asia Pacific & Japan: The Pyramid of Protection: Rethinking Layered Security.
RSAC:Can you provide some background on how you got into the info security industry and how you ended up where you are today?
Johnson: I saw the movie Enemy of the State and immediately applied to the National Security Agency here in the U.S. Once I started working at NSA, being fully immersed in information security, I was hooked. From there, it became a question about how I could learn the most and how I could most effectively enable cyber defense. I spent several years in the defense and intelligence community and ultimately decided to switch to looking at doing cyber defense in the commercial world. We were doing incident response and said, “you know, there’s a much more effective way to do IR.” We invented Carbon Black in 2010, and are now a company of 600 people. Now I travel all over meeting with incredible security teams and partners to educate, learn, and collaborate, hopefully taking lessons learned back to our product and engineering teams.
RSAC: What excites you the most about working in the info security industry?
Johnson: The infosec industry is exciting because it’s always evolving, we will never be done improving, and it’s one of the only industries where you get to fight the bad guys. We have to try to blend productivity, privacy, and risk mitigation all while interacting with new technologies and environments. It’s a tough challenge but one that forces each of us to produce.
RSAC: What would you like to see change/happen in the industry over the next 12 months?
Johnson: I would like to see cyber defenders spend their time much more wisely. Most security professionals spend so much time on actions or tasks that are not adding security utility—that time isn’t being spent to truly make the organization safer. We need to enable more effective use of the time of our information security warfighters. Until then, we don’t have a chance of reducing attacks
RSAC:If you could pick one thing that has made the most impact on your career and where you are today, what would it be?
Johnson: Never stop learning. There’s so much to learn, so much to understand. You have to learn about technology, about IT, about computer science. Then you learn about new security issues, tactics, exploits, vulnerabilities, and products. You see new campaigns and threat actors. It’s all about continuous self-improvement and the drive to affect more change. Make sure you spend your time with your hands dirty in the trenches truly learning what’s going on before you decide to pursue a management or consultant role—you need that first-hand knowledge if you want to really accelerate your opportunities.
RSAC:How do you think the industry can come together even better to share ideas and innovations?
Johnson: The security industry and the security community are two different things. This needs to be understood. And on that point, there needs to be more open sharing. Share what tools are working, share how you’ve crafted your security stack and how you staff your team to leverage that stack. Show what works and what doesn’t.
Threat intelligence sharing and breach disclosure can provide value, but we need to get more open with how we are defending and more importantly, why we decided to defend that way. That’s when the security industry becomes more like the security community and we all collectively defend in more effective ways.
RSAC: Explain what your session will be about at RSA Conference 2016 APJ in three words.
Johnson: Defending more effectively.