Cybersecurity: Use It Before You Lose It

The Prime View invited Troy Kitch, Vice President of Enterprise Solutions at Malwarebytes to share his expert view on cloud security, innovations, the cybersecurity market growth potential.

Troy, during your career, you have been a part of Veritas, Verisign, Oracle, and now Malwarebytes. Can you talk about your career progression and your roles in these organizations?

When graduating from Cal Poly, San Luis Obispo, I thought I was going to go into agricultural business and help feed the world. I live in between California’s fertile North coast and Silicon Valley. While interviewing with agricultural companies in Santa Cruz County, I was also opportunistically interviewing with technology companies. I ended up landing a job at Seagate Technology’s software group and started writing press releases and internal communications. 

At that time, in the late nineties, there was a big economic boom with a lot of high-flying IPOs. The software group that I was a part of was acquired by Veritas, which ultimately was purchased by Symantec. I steered my career towards cybersecurity because, like agriculture where everyone needs to eat, I learned that everyone needs great security to protect themselves and their organizations. 

Troy Kitch

Vice President of Enterprise Solutions

From public relations to product marketing, and then later into product management, I have always enjoyed being close to the product.

I enjoy taking challenges that customers have and building unique solutions to those problems.

So that took me through a number of security companies, where I land today as Vice President of Enterprise Solutions for Malwarebytes. I am honored to help cybersecurity professionals protect their organizations against today’s sophisticated attacks.

You’ve got a long career in the cloud security space at Oracle. Could you please share your insights on how cloud security has evolved over the last 5 to 7 years? Do you think it’s a stable and mature area, or do you expect to see many changes and innovations there in the following years?

If you look at the security market today, we’re still evolving. The evidence is seen in the many small companies that are getting into the cybersecurity space. At some level, the cloud has broadened security challenges and increased the market’s potential. Now we’re securing the cloud, we’re securing how organizations interact with the cloud, and we’re protecting employees’ systems as they access Software as a Service (SaaS) and Infrastructure as a Service (IaaS) applications.

The cybersecurity market is still hot and growing, while at the same time the evolution is leading to additional consolidation.

Large organizations are acquiring smaller organizations that are focused on niche cybersecurity protection, detection, or remediation. 

Furthermore, I anticipate the majority of organizations around the globe will be cloud-focused, and use a lot of cloud-based cybersecurity solutions. For our industry, that means rapid evolution by creating new security technologies to protect cloud-based services, containers, and workloads. We’re going to see a lot more automation and a lot more simplicity – the cybersecurity market needs creative, automated solutions where machines protect organizations—as opposed to individuals manually trying to protect organizations. We just can’t keep up with the number of automated threats and attacks today.

At Malwarebytes, I see you have a new product for home users, a VPN service called Malwarebytes Privacy. How do you differentiate it from many other VPN offerings on the market? And do you aspire to be a one-stop-shop for the security services for individual users?

Malwarebytes VPN is a consumer-focused product. With a single click, our next-generation VPN helps protect online privacy, secure WiFi connections, and delivers speeds way faster than older VPNs. Traditional VPNs can slow down your connection.

Malwarebytes Privacy uses a newer and faster VPN protocol so you can get all the benefits of a VPN with less lag. We’re unique in using this new technology.

We offer faster VPN services for our customers and they can bundle it with the Malwarebytes Premium solution. 

Going back to your question of whether we are looking to be a one-stop-shop for all cybersecurity? There are so many pieces to cybersecurity—between firewalls, encryption, data loss prevention, or intrusion detection—we’re not looking to be the one-stop-shop. We’re focused on consumer challenges and their needs for simplicity and powerful protection, detection, and remediation. We don’t want a lot of knobs and dials for people to work on because those can create complexity. Instead, we’ve created an effective security solution that’s easy to use for everybody working and playing from home today. 

And then on the business side, we have award-winning Endpoint Protection (EP) and Endpoint Detection and Response (EDR) solutions for organizations. We carry over what we’ve learned on the consumer side and leverage machine learning to create solutions that automate a lot of security complexity out of the equation.

For organizations that do not have the security expertise in their organizations, but still want something equally effective and relatively easy to use, Malwarebytes is a great choice. 

With the Covid-19 pandemic, companies moved their workforces to remote work. How has Malwarebytes responded to these challenges? 

We’re an international company. We have workers in the US, Estonia, Ireland, and other parts of the world. Malwarebytes did what a lot of our customers did: switch overnight from a partial work-from-home environment to a complete work-from-home mode. Nobody has been in the office since April of 2020. 

We had noticed a lot of our customers facing similar challenges associated with all-remote work mode. First of all, they had to get laptops or workstations for their employees. While some organizations were already prepared—employees had mobile devices, and antimalware software installed on their endpoints—others were either completely or partially unprepared. We witnessed the increasing market for laptops, and a lot of organizations had to install software on them and get their employees up and ready. Unfortunately, in many cases, many employees have had to use their personal devices that are oftentimes unprotected.

In a situation like this, the workforce becomes a lot more vulnerable to security breaches where they’re connecting through their home Wi-Fi, using default passwords, and in many cases not implementing identity access controls. Their endpoints don’t have antivirus or encryption on them.

To protect their data, we saw an increase in organizations that were purchasing Malwarebytes to protect their remote workers. 

We’ve also seen an increase in our EP and EDR solutions for servers. So, we’ve seen a lot of growth and a lot of tremendous feedback from our customers that we’re doing the right things.

I’d like to also touch on career development for young people. How can cybersecurity, a seemingly complex industry, attract more talent?

I think that education is one of the key pieces in helping young students understand what cybersecurity experts do. Of course, with many different segments of the market, there are a lot of different roles in cybersecurity, from marketing products to developing products to selling those solutions.

Nevertheless, it’s true, we don’t have enough cybersecurity experts available on the market. Organizations today are struggling to hire experts and train them to do all that’s required to implement security controls across the organization. 

In my opinion, the key to solving this problem is by cultivating specialists from different backgrounds. Diversity is important. We start with education where existing cybersecurity experts help train and educate young people who are excited about the opportunity. For example, I am a Certified Information Systems Security Professional (CISSP) and have educated children from kindergarten through eighth grade as part of my membership with ISC2 (International Information System Certification Consortium). The ISC2 is there to help educate and facilitate the education of new students that are interested in the cybersecurity industry. 

We need to show how exciting the cybersecurity industry can be. When you go back to historical evidence of secret communications, there’s so much history behind nations’ secrets and the spies that try and steal them. The same thing happens today, only it’s largely all cyber-related. We need to be educating the importance of protecting data, while showing that it’s an exciting industry to work in.

In your opinion, what can companies do to increase their employees’ cybersecurity awareness?

There’s this concept of the weakest link in a chain – if you’re strong everywhere except for this one link, it can bring the whole system down.

Employees are often the weakest link because we can be socially manipulated.

For example, we click on hyperlinks in emails and unknowingly download malware. We give out private information on phone calls. We’re social animals that want to help others. We’re curious. We can be easily manipulated with these social engineering attacks, and therefore it’s very important to educate employees about them.

A great method to educate your employees is to present them with real-life scenarios. Send out test email attacks to see how your employees respond. See if they click on those links and then educate them through the process so that they are more wary next time during a real attempt. You can run employees through other scenario training videos on how to protect themselves and their organization. Of course, you also want to put on Malwarebytes EP and EDR solutions as well, to protect endpoints.

Troy, thank you for the interesting conversation and your insights on the cybersecurity industry development trends!

Stay tuned for the next interviews!