CyberWire Daily - Satya Gupta: Rising to your contribution. [CTO] [Career Notes]
Episode Date: April 17, 2022Co-founder and CTO of Virsec, Satya Gupta shares his story of how he has over 25 years of expertise in embedded systems, network security and systems architecture. He also talks about how a colleague ...of his told him something that resinated with him, he said " that was really a remarkable statement that I heard from that person. You rise to the point where you can actually contribute." He also discusses how he got into the startup atmosphere and how different scenarios in his life helped to lead him to the successful man he has become in the cyber community. We thank Satya for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024. These traditional security tools expand your attack
surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security. Thank you. Learn more at zscaler.com slash security. I grew up in India. My father was a civil servant and at that time it was really hard.
We had two other siblings.
My mother was insisting that we go to the very best school because education was at a very high premium in our household.
There were times when they had to sell some books to be able to meet expenses.
It was very clear to me that I had to go and become a doctor or an engineer.
And certainly doctor was out of my league
because even if I had to go into a biology lab and dissect a frog and all,
I'd probably end up fainting before the frog had a knife in its belly and all.
So I decided I'd be an engineer.
One of the biggest challenges of going into an engineering school in India is to,
everybody's aspiration is to get into this very famous school called the IIT.
And because my brother had topped that school, you know,
it was pretty much my goal to be able to go and get through that same school.
I actually went to higher education in the US.
So from India, I kind of did another master's degree
in the University of Massachusetts.
And right after that, I went to work for GM.
And I quickly realized that I wasn't really cut out
to be one of the 700,000 employees
that GM had at the time.
And I really wanted to do something meaningful, you know, something that allowed me to sort of express myself a whole lot better and solve some really big problem for, you know, the industry.
So I kind of quit GM and I went to work for myself.
And, you know, there was many ventures that, you know, startups that I actually went through.
One last one that I did
was really made a huge difference.
The big thing that we did out there
in the startup was that
we kind of suddenly
used some really cool technology
to be able to make a huge change.
So instead of having
one megabit of bandwidth
or two megabits of bandwidth,
we were up to 100 megabits and in the case of businesses, up to gigabit of bandwidth or two megabits of bandwidth, we were up to 100 megabits.
And in the case of businesses, up to gigabit of bandwidth.
So, you know, that made me think that we have to sort of keep working with things
that will change people's lives rather than solving incremental problems.
You know, there's no fun in doing that.
And I had the mental fortitude and the educational background
to be able to go
look at some really hard problems.
One thing that really inspired me
at that point in time,
you know,
it was just a casual sentence
that was uttered by a colleague
while it's stuck in my brain
for posterity, I would say.
in my brain for posterity, I would say.
So the colleague said that people rise to their level of incompetence.
And that was really a remarkable statement that I heard from that person.
You know, you rise to the point where you can actually contribute.
And when you think that you are done here,
that you cannot contribute anymore,
that's where it all ends and all, right?
But in reality, the sky's the limit.
It's almost like a storybook startup scenario here.
I was visiting a colleague who was a professor in the University of Massachusetts.
He and I sat down
for coffee at a Starbucks. And as we
were sitting for this coffee, I
realized that there were these big
cyber attacks going on.
And it just so happened I
opened the conversation with him and saying,
hey, did you notice this new cyber attack?
And here are these big
dominant cyber companies at the time
who were releasing
signatures every 10 minutes. And millions of machines were going down over the last few days
because of this very nimble attack. It was one of those, you know, worm-like attacks that was
taking machines down by the millions. Something he said struck me as, you know, we're not really
looking at root causes out here. We're kind of looking at symptoms. Every time a new attack
happens, we try to figure out
what's going on with that particular attack.
It's like playing a game of whack-a-mole.
A new attack shows up, you kind of
stomp on that little arcade game.
So every day,
350,000 new
pieces of malware get created.
We're trying to classify every piece
of malware. To me, that are trying to classify, you know, every piece of malware.
And to me, that looked like a big joke out there.
At that point in time, I came up with this whole thought process of what I now describe as first principle.
I had a couple of meetings with the professor again,
and we came up with five or six guiding principles
that we call first principle.
The very first principle was, we must be able to protect an application
from being abused, even if it is vulnerable.
The second principle was milliseconds matter.
The third principle that was involved out there
was that vulnerabilities are the key.
The fourth principle was that, you know,
I shouldn't really expect people to hand me their source code
so that
I can look at it and be able to figure out where the vulnerabilities are. And the last very important
thing was, if I look at a server, there are hundreds of processes out there. I cannot go and say I can
see I'm going to protect only one or two and I'll leave the rest to open. It's like saying, hey,
in my home, there are these five doors and I have a cop standing on door number one,
but the other, you know, you're on your own.
So those are the five first principles that we said we must adhere to in our solution.
And I'm very happy to tell you that, you know, it's been a long, arduous journey.
Our customers are now beginning to see that, is the only way to protect the vulnerabilities.
You have to be able to make sure the vulnerabilities are like that bad lock that you hang on your door
that cannot be abused even though the lock may give up.
You'll still be able to protect, make sure that the doors are strong enough to not give up.
And now, more than ever, customers are beginning to see that
you're now able to make sure that the application stays within its guardrails.
And the attacker is not being able to sort of derail the train and make that application do things that they want.
Assemble the very best people, be able to leverage their brain power and that's my style of functioning you know we want to be able to have the very best people in the team and also
leverage their thinking power and be able to this is how we you know as a collective we become better
and you know it's crazy you know as entrepreneur, you have to be a little bit crazy. Because, you know, you have to have this dedication to be able to, you know, keep going down, wake up every day and keep yourself motivated.
But it's really fun too.
You know, you have to be able to dream big.
And you have to have the fortitude and the mental courage to be able to hold on to that.
If you really believe in something, go for it.
And also dream big.
Make sure that you're not solving one problem,
but you're solving things that will make a name for it,
which will have things that people will remember,
this is how it should be done.
Accepting the status quo and doing it the same way
that people have been doing it for the 30 years
that may have gone by.
In the cybersecurity industry, we see that.
And by thinking big,
we are able to make people understand
what is different,
what is it that's different that we're doing
and how their lives will get better.
Dream big and work with dedication.
And now a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.