A (0:02)

You're listening to the Cyberwire network.

B (0:04)

Powered by N2K CISOs and CIOs know machine identities now outnumber humans by more than 80 to 1. And without securing them, trust, uptime, outages and compliance are at risk. Cyberark is leading the way with the only unified platform purpose built to secure every machine identity, certificates, secrets and workloads across all environments, all clouds and all AI agents. Designed for scale, automation and quantum readiness, Cyber ARC helps modern enterprises secure their machine future. Visit cyberark.com machines to see how.

A (0:56)

My name is Ryan Kovar and I'm a distinguished security strategist at Splunk. I think when I was growing up what I wanted to do was be a history teacher primarily. Computers were really something that I just did video games of and ended up getting into because I joined the Navy, I tried to join the Air Force and they said you're not very good at math, so no thank you. And I tried to join the army and I said, well, I really just want to drive a tank. That seems fun. They said, no, you have to be in military intelligence or chemical warfare. And I said, neither of those sound appealing. And then I went to the Marines and they said, well, you'd be a rifleman. I said, well, that doesn't sound fun. So finally I went to the Navy and they said, sure, you can either do photography or work with radios and computers. I said, well, radios and computers might be fun. So I ended up joining the Navy and then focused on computers. While I was there, I was actually a system administrator on an aircraft carrier. So I was on the USS Kitty Hawk out of Yokosuka, Japan, and I really cut my teeth as a Windows NT 4.0, Unix 5.5 and Exchange 5.5 system administrator. And that's where I really got into computers. And I was also in charge of the cyber warfare defense for the 5th and 7th Fleet during the invasion of Iraq in 2003, which mostly meant I put in ACLS into a firewall and that's kind of my first taste into cybersecurity. At 22, I had 20/20ish people working for me. Multiple millions of dollars, equipment, thousands of users, and not something that most 22 year olds have. I left the Navy and then actually worked at a defense contractor in San Diego doing a very similar job. And they said, hey, we have this one week opportunity in London supporting the UK home office at the time called ncis, which was National Criminal Investigative Service, which was very confusing being in the Navy. So I went out there for a week to help them actually with exchange 55 and securing that system. And they ended up giving me a work visa and I stayed for another four years. It's been a very interesting journey, I think. I feel like it's fairly unique when I talk to folks. I moved back to America and I completely left the public sector and got a job working at kbmg. They were doing big data before we had the word big data. I started working for them as a sysadmin and doing basic security work for them. And while I was there, I really got into security and decided that I was really interested in this idea of an active adversary doing malicious things, and I wanted to focus my career on that. I started working with the compliance team, and while we were doing that, I realized that, hey, we really needed to boost our security. So I helped build out the first soc that they had and also simultaneously build out one of the first NOCs and learned how just to do enterprise monitoring. And oddly enough, I tried to actually buy Splunk at the time, but they were too expensive for our budget. My wife was accepted to a PhD program in the UK, so we actually moved back to the UK. And while I was there, I found out that master's programs in the United Kingdom don't have an undergraduate requirement if you can show professional development over the course of your career. So I was actually able to get a master's degree in cybersecurity. While I lived in the UK without a bachelor's degree, my best friend from the Navy called me and said, hey, I'm starting up a nation state hunting team at darpa, and would you like to help run that with me? So we actually moved back to the US And I worked at DARPA for four years running a nation state hunting team. We did a lot of research and development, and that was wonderful. When my wife finished her PhD program, she said, hey, I need more flexibility than working in dc. We basically said, where can we go? And I've been using Splunk at the time. And Splunk said, hey, we'd love to have you come on. And since COVID happened, obviously I've been at home a lot more. And then we also just based on our experience around Solar Winds, we kind of realized that there was a need for a team of researchers to really focus on solving what we affectionately call blue collar for the blue team problems. So that kind of led to the security research team called Surge here at Splunk. Now our days are really spent around five finding research projects that we think will help the Every person of security and trying to create it in a consumable way. You know, actually, to be perfectly honest, we're really inspired by Cyber Wire for a lot of that. Of just how the short, sweet notes that you guys put out every day and every week and trying to look at how we can do similar things to help folks and get them on their way for their security journey. One thing about being in the military is you get a lot of leadership training. I personally find that I think it could probably be described most generously as a benevolent dictatorship. I like to take a lot of input, but I do believe that at the end of the day, someone has to make a decision and someone has to lead an organization. We do a lot of things that are. We really need to find a better word for it. But affectionately called murder boards, where people bring up ideas and we kind of really work towards devil's advocate side of every aspect of it. And it's not intended to be criticism. The idea is that every day you can do better. And there's a motto that we have on our team of fail less, which is not intentionally negative. It actually comes from our background in blue team, which was assume compromise. Every day, assume compromise, and that your job is to find that compromise. The only failure that I believe in is not sharing your failure. I've given whole presentations on my failed research. And the idea being that, hey, I've done this, I've used a scientific method. This is my approach, this is what the outcome was. You don't need to go down this route. We can use this to build, to go a different direction. The other aspect that we work very hard on is diversity of thought. We have a variety of different people, variety of different genders, and all different things coming in there to make sure that we're getting a diversity of thought and output before we kind of pull together as a team and execute. I've been doing cybersecurity or IT now, for over 20 years. And of that 20 years of knowledge, only about five years of that knowledge is really relevant. You can't sit on your laurels in this industry like what you knew yesterday can be completely extinct tomorrow. The biggest thing that I take pride in now is less the work that I've done than the people I've helped influence. I think the most rewarding aspect of my career in the last five years has been mentoring and working with people new to the industry. What I do try to do is do a lot of advocating where I look at it more of I think you're phenomenal, and I'm going to make sure that the door is open for you and provide that feedback and make sure that people are taking you seriously and giving you any advice I can. That has been more rewarding to me than probably any of the ephemeral technological victories that I've had over the last 20 years.