CyberWire Daily - Ryan Kovar: Everyday, assume compromise. [Strategy] [Career Notes]
Episode Date: December 5, 2021Distinguished Security Strategist at Splunk, Ryan Kovar, shares his journey that started in the US Navy and how it contributed to his leadership in life after the military. Cutting his teeth as sysad...min on the USS Kitty Hawk, Ryan worked as a contractor following the Navy. At Splunk, he leads the SURGe research team to solve what he calls the "blue collar for the blue team problems". He works hard on incorporating diversity of thought. Ryan notes, "I've been doing cybersecurity or IT now for over 20 years and of that 20 years of knowledge, only about five years of that knowledge is really relevant. You can't sit on your laurels in this industry." We thank Ryan for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024. These traditional security tools expand your attack
surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security. Thank you. My name is Ryan Kovar, and I'm a Distinguished Security Strategist at Splunk.
I think when I was growing up, what I wanted to do was be a history teacher, primarily.
Computers were really something that I just did video games of and ended up getting into because I joined the Navy.
I tried to join the Air Force, and they said, you're not very good at math, so no thank you.
And I tried to join the Army, and I said, well, I really just want to drive a tank. That seems fun.
They said, no, you have to be in military intelligence
or chemical warfare.
And I said, neither of those sound appealing.
And then I went to the Marines and they said,
well, you'd be a rifleman.
I said, well, that doesn't sound fun.
So finally I went to the Navy and they said,
sure, you can either do photography
or work with radios and computers.
I said, well, radios and computers might be fun.
So I ended up joining the Navy
and then focused on computers while I was there.
I was actually a system administrator on an aircraft carrier.
So I was on the USS Kitty Hawk out of Yokosuka, Japan.
And I really cut my teeth as a Windows NT-40, Unix 5.5, and Exchange 5.5 system administrator.
And that's where I really got into computers. And I was also in charge of the cyber warfare defense for the 5th and 7th Fleet during the invasion of Iraq in 2003,
which mostly meant I put in ackles into a firewall.
And that's kind of my first taste into cybersecurity.
At 22, you know, I had 20 plus, 20-ish people working for me, you know, multiple millions of dollars equipment, thousands of users, and not something that most 22-year-olds have.
I left the Navy and then actually worked at the time called NCIS, which was National
Criminal Investigative Service, which was very confusing being in the Navy. So I went out there
for a week to help them actually with Exchange 5-5 and securing that system. And they ended up
giving a work visa and I stayed for another four years. It's been a very interesting journey i think i feel like it's fairly unique when i talk to folks
i moved to back to america and i completely left the public sector and got a job working at kbmg
they were doing big data before we had the word big data i started working for them as a sysadmin
and doing basic security work for them and while while I was there, I really got into security and decided that I was really interested in this idea of an active adversary doing malicious things.
And I wanted to focus my career on that.
I started working with the compliance team.
And while we were doing that, I realized that, hey, we really needed to boost our security.
So I helped build out the first SOC that they had and also simultaneously build out one of the first NOCs and learned how just to do enterprise monitoring. And oddly enough,
I tried to actually buy Splunk at the time, but they were too expensive for our budget.
My wife was accepted to a PhD program in the UK. So we actually moved back to the UK.
And while I was there, I found out that master's programs in the United Kingdom don't have an
undergraduate requirement if you can show professional development over the course of your career.
So I was actually able to get a master's degree in cybersecurity while I lived in the UK without a bachelor's degree.
My best friend from the Navy called me and said, hey, I'm starting up a nation state hunting team at DARPA.
And would you like to help run that with me?
So we actually moved back to the US and I worked at DARPA for four years
running a nation state hunting team.
We did a lot of research and development
and that was wonderful.
When my wife finished her PhD program,
she said, hey, I need more flexibility
than working in D.C.
We basically said, where can we go?
And I've been using Splunk at the time
and Splunk said, hey, we'd love to have you come on.
And since COVID happened,
obviously I've been at home a lot more. And then we also just, based on our experience around solar winds,
we kind of realized that there was a need for a team of researchers to really focus on solving
what we affectionately call blue collar for the blue team problems. So that kind of led to the
security research team called Surge here at Splunk.
Now our days are really spent around finding research projects that we think will help the every person of security and trying to create it in a consumable way.
You know, actually, to be perfectly honest, we're really inspired by CyberWire for a lot
of that, of just how the short, sweet notes that you guys put out every day and every
week and trying to look at how we can do similar things to help folks
and get them on their way for their security journey.
One thing about being in the military is you get a lot of leadership training.
I personally find that I think it could probably be described most generously as a benevolent dictatorship.
I like to take a lot of input, but I do believe that at the end of the day, someone has to make a decision and someone has to lead an organization.
We do a lot of things that we really need to find a better word for it, but affectionately called murder boards,
things that are, we really need to find a better word for it, but affectionately called murder boards, where people bring up ideas and we kind of really work the devil's advocate side of every
aspect of it. And it's not intended to be criticism. The idea is that every day you can do better.
And there's a motto that we have on our team of fail less, which is not intentionally negative.
It's actually comes from our background in Blue Team, which was assume compromise.
Every day, assume compromise and that your job is to find that compromise.
The only failure that I believe in
is not sharing your failure.
I've given whole presentations on my failed research
and the idea being that,
hey, I've done this.
I've used a scientific method.
This is my approach.
This is what the outcome was.
You don't need to go down this route.
We can use this to build to go a different direction. The other aspect that we work very hard on is diversity of thought. We have a variety of different people, variety of
genders and all different things coming in there to make sure that we're getting a diversity of
thought and output before we kind of pull together as a team and execute. I've been doing cybersecurity or IT now for over 20 years.
And of that 20 years of knowledge, only about five years of that knowledge is really relevant.
You can't sit on your laurels in this industry.
Like, what you knew yesterday can be completely extinct tomorrow.
The biggest thing that I take pride in now is less the work that I've done than the people I've helped influence.
I think the most rewarding aspect of my career in the last five years has been mentoring and working with people new to the industry.
What I do try to do is do a lot of advocating, where I look at it more of, I think you're phenomenal,
and I'm going to make sure that the door is open for you and provide that feedback
and make sure that people
are taking you seriously
and giving you any advice I can.
That has been more rewarding to me
than probably any of the ephemeral
technological victories
that I've had over the last 20 years. Hey everybody, Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe. I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected. Thank you. me. Now at a special discount for our listeners. Today, get 20% off your delete me plan when you
go to join delete me.com slash n2k and use promo code n2k at checkout. The only way to get 20% off
is to go to join delete me.com slash n2k and enter code n2k at checkout. That's joindelete me.com slash N2K, code N2K.