Nguyen, Winslow: “Security is a journey, not a safety net.”
Phuoc Nguyen, a guy I was standing next to on Fifth Avenue watching the street’s Comic-Con crowds last month, might turn out to be a caped hero himself. He’s a cyber crime-fighter. “You could say cyber criminals are just like Comic-Con,” he said. “People dressing up to deceive.”
Nguyen is chief financial officer of a cyber security firm right in downtown San Diego. “You’re living in one of the three cyber-security capitals,” he said, “San Diego, along with Washington DC and San Antonio, Texas. And San Diego has the edge.”
According to Markets and Markets, a — you guessed it — market research firm, the global cybersecurity market is growing by leaps and bounds. It will be worth $156 billion by the end of this year.
“But the question is where this industry will settle,” says Nguyen. “Remember how Detroit became the world capital for automobiles? And Silicon Valley became the it place — excuse the play on words — of the computer industry? Well, in the cybersecurity world, San Diego’s looking good: even four years ago, the total economic impact of cybersecurity workers in San Diego was $1.5 billion.”
Wow. That’s the equivalent of 3.3 Super Bowls. Or 8.5 Comic-Cons!
I thought about that after the Capital One fiasco (they let slip the personal details of 106 million customers), which follows a long line of similar events. Could the country’s pain be San Diego’s gain?
San Diego is certainly bulging with robust young companies vowing to fight the hackers, phishers, and ransomers. Nguyen and partner Ford Winslow’s company, Ice Cybersecurity, is one.
They concentrate on cyber security for the health industry and “life sciences.”
Up here on Bankers’ Hill in shared office space, Nguyen and Winslow come across as missionaries, pressing companies — especially smaller companies — not to ignore the threat. But they realize how daunting the whole challenge can feel. Nguyen says a surprising number of companies have already been blackmailed by hackers, and have ended up privately paying the ransom to keep their reputations intact.
So what are they doing about it? Winslow says he has invented an algorithm that helps small companies arm themselves against cyber-invasion.
“My invention makes it easy for, say, medical companies to exchange confidential medical information. I invented the core algorithms that make security simple for companies to deploy.” He words this carefully: “So for example, with Capital One, if there was a development group that accidentally left test data out in the public arena, that would be a common scenario.”
He’s fighting human carelessness, in other words. “So you need to integrate the people and the process. Our algorithm tells you in your language what you should do. The alternative? Hire people to be security professionals. That can be expensive.”
One of their contracts has been to put a protective wall around the 211 social services help line. “We’re securing data so the neediest in our community, whether they need food, rents paid, gas bills paid, or medical help, can safely send their information to a community service provider and be helped immediately. We make sure their info will remain secure. We definitely feel good doing this.”
So what about the rest of us?
Winslow’s advice is surprisingly basic. “Change your passwords regularly, and don’t click on random attachments.”