I recently sat down with Gary Robinson, an entrepreneur in cyber security (with a startup called Uleska) as well as being a European Board Member of OWASP. Gary will be chairing OWASPs’ main European conference, AppSec EU, in Belfast on 11th-12th May.
Gary gave us the good, bad and the ugly about cyber security.
TW: What are the important trends in cyber security?
GR: There’s a massive skills shortage right now. Not only do cyber security experts have a 0% unemployment rate, there are estimated 1 million open recs for unfilled global jobs in cyber right now. We’re in high demand.
TW: Why are skills in such short supply?
GR: I believe that universities need to step up their training in cyber. It’s possible to graduate with a CS degree (computer science) with only the bare minimum of exposure to security.
TW: What threats are you protecting against?
GR: We already know how to solve every security problem that exists. One example, SQL injection, is still being used to hack organisations such as Talk Talk, although we’ve known about it for a decade. OWASP tells developers how to protect against SQL injection attacks for free.
The problem is time, and money. Teams don’t have enough resources to secure every application, so they are picking and choosing customer-facing apps, while not securing other – possibly back-end – systems. Right now businesses might only secure 5 – 10% of their applications.
The rate of software being developed is increasing and human skills cannot keep up to secure it. This is why I launched Uleska, as a lifeline to software teams, so they can proactively secure applications while they’re building them, instead of as an afterthought.
TW: Let’s talk about what Uleska can do.
GR: Uleska addresses securing the software on the first, and every day of the project, instead of on the last day.
This improves time to market, reduces the chances of being hacked, and reduces the cost of securing product. We’re building an initial product with money from TechStart NI, and have filed a patent with help from Invest NI. Uleska gives companies the security requirements, code toolkits, and automated security tests, specific to the project they are creating.
TW: What stage is Uleska?
GR: We’re finalising our first product now. We’ve taken part in two UK cyber-security accelerators, Hut Zero in London and CSIT Labs locally, to ensure that a) we’re solving a real pain our customers are seeing and b) no one else is solving it this way.
TW: Is it challenging to be an SME in the cyber security space?
GR: Yes, mainly due to privacy – people don’t want to shout about their vulnerabilities or attacks that have happened. You can’t just ring up a bank’s CISO and ask about their cyber security problems.
Microsoft or IBM might be privy to information due to their existing relationships, so privacy can be a challenge when you’re a smaller start-up in this space.
TW: What edge do entrepreneurs in security have over industry giants?
GR: Big players might have better access but smaller entrepreneurs can be more nimble. We come up with a brand new idea, or way to solve the problem, and when the solution is proven, then we can get traction.
TW: Are the bad guys one step ahead?
GR: There’s more money in hacking than in building protective systems, so yes, in that sense, they are. The only way forward is to build great security software. Thankfully there’s a huge amount of innovation happening in the cyber security industry, and the hope is that will tip the balance in favour of protection.
The biggest risks right now are phishing attacks and insider attacks. Around 55 – 68% of attacks are coming from an organisation’s own employees – either unwittingly or intentionally.
TW: Where do you want to be in five years?
GR: Our vision is to make security less of a hassle, and something that any team can apply easily. When we make it more affordable for our customers to secure their products, then we’ll all be safer when we turn our computer on.