CyberWire Daily Podcast Summary Episode: Ryan Kovar: Everyday, Assume Compromise [Strategy] [Career Notes] Release Date: July 27, 2025

Introduction

In this episode of CyberWire Daily, host N2K Networks interviews Ryan Kovar, a distinguished security strategist at Splunk. Kovar shares his extensive journey in the cybersecurity realm, emphasizing the pivotal strategy of "assuming compromise" in daily operations. This conversation offers valuable insights into his career trajectory, leadership philosophy, and the importance of continuous learning and mentorship in cybersecurity.

Early Career and Military Background

Ryan Kovar's foray into the world of computers began unconventionally. Initially aspiring to be a history teacher, Kovar's path took a decisive turn when he joined the Navy. His early military career was marked by diverse roles, ultimately focusing on computers and cybersecurity.

• System Administration: Kovar served as a system administrator aboard the USS Kitty Hawk out of Yokosuka, Japan, where he honed his skills with Windows NT 4.0, Unix 5.5, and Exchange 5.5 systems. "I really cut my teeth as a Windows NT 4.0, Unix 5.5 and Exchange 5.5 system administrator," he recalls (00:56).

• Cyber Warfare Defense: During the 2003 invasion of Iraq, Kovar was responsible for cyber warfare defense for the 5th and 7th Fleets. This role introduced him to the foundational aspects of cybersecurity. "That's kind of my first taste into cybersecurity," he mentions (00:56).

Transition to the Private Sector

After his military service, Kovar transitioned to a defense contractor role in San Diego, continuing his work in cybersecurity. A short-term assignment in London with the UK's National Criminal Investigative Service (NCIS) led to a significant career development.

• International Experience: "We ended up giving me a work visa and I stayed for another four years," Kovar shares, highlighting the international dimension of his early career (00:56).

Building Foundations in Cybersecurity

Upon returning to the United States, Kovar ventured into the private sector with KBMG, where he played a crucial role in developing foundational security infrastructures.

• Establishing SOC and NOC: "I helped build out the first SOC that they had and also simultaneously build out one of the first NOCs," he explains (00:56).

• Enterprise Monitoring: His efforts in enterprise monitoring underscored the importance of proactive security measures. "We really needed to boost our security," Kovar notes (00:56).

Academic Pursuits and DARPA Experience

Kovar's commitment to advancing his expertise led him to pursue a master's degree in cybersecurity in the United Kingdom, even without an undergraduate degree, leveraging his professional experience.

• Advanced Education: "I was actually able to get a master's degree in cybersecurity," he states, reflecting on his academic achievements (00:56).

• DARPA Role: Reuniting with a Navy colleague, Kovar joined DARPA to run a nation-state hunting team, focusing on research and development in cybersecurity. "We did a lot of research and development, and that was wonderful," he shares (00:56).

Current Role at Splunk and Formation of Surge

Since joining Splunk, Kovar has been instrumental in establishing the Surge security research team, dedicated to addressing "blue collar for the blue team" problems.

• Inspiration from CyberWire: "We're really inspired by Cyber Wire for a lot of that," Kovar acknowledges, appreciating the podcast's role in disseminating concise and actionable security information (00:56).

• Research and Development: The Surge team focuses on creating research projects that aid security professionals, ensuring findings are consumable and practical. "Our days are really spent around finding research projects that we think will help every person of security," he explains (00:56).

Leadership Philosophy

Kovar's leadership style is shaped by his military background, emphasizing decisive action balanced with team input.

• Benevolent Dictatorship: "I do believe that at the end of the day, someone has to make a decision and someone has to lead an organization," he articulates, highlighting the necessity of clear leadership (00:56).

• Murder Boards and Devil's Advocacy: Kovar describes the use of "murder boards" within his team to rigorously evaluate ideas from multiple perspectives. "The idea is that every day you can do better," he states, fostering a culture of continuous improvement (00:56).

Core Principles: Fail Less and Assume Compromise

Central to Kovar's strategy is the mantra of "fail less," derived from the principle of assuming compromise in security.

• Fail Less: "The only failure that I believe in is not sharing your failure," Kovar emphasizes (00:56). He advocates for transparency in setbacks to facilitate collective learning and innovation.

• Assume Compromise: Kovar underscores the necessity of always operating under the assumption that systems are compromised, prompting proactive threat detection and mitigation. "Assume compromise, and that your job is to find that compromise," he advises (00:56).

Emphasis on Diversity and Continuous Learning

To foster a robust security environment, Kovar prioritizes diversity of thought and the continual updating of knowledge.

• Diversity of Thought: "We have a variety of different people, variety of different genders, and all different things coming in there to make sure that we're getting a diversity of thought," he explains (00:56). This approach ensures comprehensive problem-solving and innovative solutions.

• Continuous Learning: Acknowledging the rapidly evolving nature of cybersecurity, Kovar states, "You can't sit on your laurels in this industry like what you knew yesterday can be completely extinct tomorrow," emphasizing the importance of staying current (00:56).

Mentorship and Influence

One of the most fulfilling aspects of Kovar's career has been his role in mentoring emerging cybersecurity professionals.

• Mentoring Philosophy: "The biggest thing that I take pride in now is less the work that I've done than the people I've helped influence," he shares (00:56). Kovar focuses on advocating for newcomers, ensuring they receive the support and opportunities needed to thrive.

• Advocacy and Support: "I think you're phenomenal, and I'm going to make sure that the door is open for you," Kovar affirms, highlighting his commitment to nurturing talent and fostering a supportive community (00:56).

Conclusion

Ryan Kovar's journey through military service, private sector roles, advanced education, and his current position at Splunk exemplifies a deep commitment to cybersecurity. His strategic emphasis on assuming compromise, coupled with a leadership style that values diversity, continuous learning, and mentorship, offers a roadmap for aspiring professionals in the field. Kovar's insights underscore the critical importance of proactive security measures and the cultivation of a collaborative, resilient cybersecurity community.

Notable Quotes:

• "I really cut my teeth as a Windows NT 4.0, Unix 5.5 and Exchange 5.5 system administrator." — Ryan Kovar (00:56)

• "The only failure that I believe in is not sharing your failure." — Ryan Kovar (06:15)

• "Assume compromise, and that your job is to find that compromise." — Ryan Kovar (07:45)

• "You can't sit on your laurels in this industry like what you knew yesterday can be completely extinct tomorrow." — Ryan Kovar (07:30)

• "I think you're phenomenal, and I'm going to make sure that the door is open for you." — Ryan Kovar (08:00)

Timestamp Key:

• 00:56
• 06:15
• 07:30
• 07:45
• 08:00

Note: The timestamps provided correspond to the transcript segments where the quotes appear.