In this episode, Patricia Muoio, Ph.D., Partner at SineWave Ventures and Former Chief of Trusted Systems Research Group, National Security Agency, sheds light on the cybersecurity technology landscape and emphasizes the need to develop technologies that are attack agnostic. Some of the questions driving the discussion include: a) what progress has been made in the development and use of cybersecurity technologies? b) What does it mean to be attack agnostic? c) how near or far are we from taking the burden off people trying to protect themselves from different cyber attacks? and d) the ideal government and industry partnership model to develop innovative solutions.

Time Stamps

02:34 -- How about sharing with listeners some professional highlights?

04:12 -- I'm really intrigued to learn about your career trajectory, considering that you got your doctorate in philosophy, so was it on the liberal side of things?

05:35 -- What's your assessment of the cybersecurity technology landscape?

08:12 -- During our planning meeting, you said, "we need to be able to develop technologies that are attack agnostic." Please expand on that.

12:50 -- While you're saying that it doesn't matter how the hackers get into your system, wouldn't I want to know how they are conducting the attack to be able to prevent it from happening in the future?

14:54 -- If I'm a developer listening in on this conversation, what should be some focus areas for new technology development? And if I'm a consumer of these technologies, how should I approach cybersecurity governance?

27:23 -- Will there ever come a day when I could be as carefree as possible, and click on anything I want, knowing that there is technology that will not allow the perpetrators to exploit that and do damage? Will we ever get to that world?

31:57 -- What is your assessment of the government-industry partnership?

38:19 -- Please share some final thoughts and key messages for the listeners.

Memorable Pat Muoio Quotes/Statements

"I think that many problems like endpoint protection, network segmentation, authentication, encryption are essentially solved. There are technologies that do these kinds of things and do them well."

"I think where a lot of the work needs to be done is making these technologies work together and work appropriately for the system in which they are used."

"We need to be able to develop technologies that should be attack agnostic."

"What it means to be attack agnostic -- you stop attackers from getting in, you stop them from moving around, you stop them from getting out, exfiltrating your data, or encrypting your data, executing their payload in any important way. And the details of how they choose to do them, the shape of the malware they choose to execute simply doesn't matter. What matters is that these actions can be identified in the system and stopped in a more general way."

"Users ought to know when less is more."

"I think people need to be careful to understand when risks that sound very very different in their effect, are actually the same in their cause, and that their solution space needs to address the causes and not the effects."

"As these technologies develop, as people become more comfortable with the notion of self- protecting self-healing systems, we will be able to take some of the burden of the users."

"Understand solutions that are based on your system, and not concentrated on what the attack looks like; but what is my system and more importantly, my business workflows, what do they look like, and build solutions that protect them, and not solutions that are based on...