More than a year ago, long before Russian hackers tried to influence a presidential election, Keeper Security CEO Darren Guccione argued that the United States needs to treat the nation’s cybersecurity as if we were at war. Guccione made the assertion after tens of millions of U.S. citizens had their personal information compromised in the summer 2015 hack of the federal Office of Personnel Management.
Today, he says, we are at war, and the U.S. government and private sector must mobilize much the way government and industries did during World War II in order to fill millions of cybersecurity jobs in years to come.
He is confident President Trump will have a positive impact on the nation’s growing talent shortage in cybersecurity, but Guccione may be in the minority there. Roughly three of four data scientists and security experts believe cybersecurity will get worse during the Trump administration, according to a survey by Christian Science Monitor last fall in the wake of the presidential election.
The cybersecurity prowess of the Trump administration has been called into question in recent weeks, following administration officials’ have private RNC email addresses, the President’s use of an unsecure Android phone, and the hacking of senior administration officials, including cybersecurity advisor Rudy Giuliani.
Keeper Security provides password management and digital vault services to 100 million customers, according to a company spokesperson.
This interview has been edited for brevity and clarity.
VentureBeat: Do you still think the nation’s cybersecurity talent shortage requires a mobilization on par with the kind that took place before World War II?
Darren Guccione: I do, I think it’s a pervasive issue and action item, and I think that President Trump has cyber at top of mind without a doubt. We’re talking about adding five million jobs in this sector in the next five years. In any industry, that is just an enormous undertaking, and when you look at how many specialists are out there, there’s nowhere near that. So some will have to be brought in [to the United States] through H-1B programs, but hopefully we will have the majority of that homegrown. You need the best to do this the right way, because there’s a cyber war going on right now, and the United States is the main target of that war, without a doubt.
VentureBeat: So you believe we’re already at war?
Guccione: Absolutely, and I’ve been saying this for the past two years. We’re constantly under attack by hackers. You don’t have to go very far beyond the headlines from week to week to read about state-sponsored cyber terrorism. We’ve seen China do it, we’ve seen Russia do it. We saw this with Office of Personnel Management where 40+ million records were stolen. We saw this a few months ago with that massive DDoS attack. The United States as a whole and the government absolutely have to bolster this. Hackers are becoming far more pervasive, they’re state sponsored, they’re at the genius IQ level. It’s been reported that the Chinese government has no less than 30,000 IT experts that work for the government, and that’s all that they do is hack third parties. The way of the future is cyber.
VentureBeat: Corporate and state-sponsored espionage has been happening for a long time, but after the presidential election are you worried that democracy is at risk in the future with hacking if cybersecurity issues aren’t taken care of?
Guccione: I’m not a politician but, in my mind, democracy is a set of values and an overall state of mind, not something that’s tied to us having strong or weak cybersecurity practices. I think President Obama said something about democracy being potentially denigrated by the lack of cybersecurity strength, and I think I understand what he’s saying by that.
I think it comes down to focus. It can be a massive distraction if you’re trying to keep a democratic organization together, then you have this cybersecurity issue come in at a 45-degree angle and drill a hole through that, then yes, that democratic process is at risk. So I do understand what his view is on that.
There’s hacking to get information or a top secret military aircraft, then there’s something more radical like taking down a power grid. These things are now top of mind and they absolutely should be. I mean I’ve been saying this for two years and trying to educate the public but this is a huge problem. Unfortunately, unless you’re the one who’s been breached, you don’t think too much about it. It’s the same mindset that a lot of people have when you tell them they should buy life insurance or they should buy disability insurance. We have to think about securing our digital legacy and our digital assets. Our digital lives are the most sacred things that we have outside of our physical lives, and we have to protect those things.
VentureBeat: There are the unverified allegations that there has been contact between the Trump campaign and Russian government trying to cultivate the president for years, according to the dossier published by BuzzFeed. Do you have any concerns about the Trump administration’s ability to deal with the cybersecurity shortage?
Guccione: I don’t have any concerns. From what I’ve heard on TV and read in the news, it sounds like cyber is a top initiative for him. Before he got into office he had some of the titans of the tech industry in New York to meet with him. He knows that cyber is top priority. He absolutely knows it.
When I hear things about Trump and Putin potentially collaborating together or colluding to shift elections, I just sit back and sort of chuckle. That’s not the issue. I don’t involve myself with politics. All I care about is securing the digital assets of our customers. Every single person out there in the United States deserves digital privacy. Every single person, not just people but obviously entities, enterprises, both in the private and public sector, and today that is at risk.
In my mind, the government needs to be reformed in a very large sense, not just with state of the art military aircraft but with cybersecurity protection and safeguards, and hiring the absolute best software engineers and experts that money can buy. They should have the best people, and they don’t have the best people across the board, and it’s obvious. I’m not here to bash it, but look at all the different breaches out there and look at the scale and the scope of the security breaches, and it’s pretty obvious.
VentureBeat: There’s been a resurgence in interest in personal security these past weeks and months. What do you think are some of the simplest things a person can do to take care of their personal digital security?
Guccione: Well, first and foremost, 63 percent of the time whenever there’s a breach, it’s due to either weak passwords or poor password management policy, meaning a person is using a password that’s too easy to understand or too easy to come up with or figure out. It’s too simple. We recently published an analysis of the top 25 passwords that were used in 2016 in a password study. We took a sample size of 10 million passwords and said what are the top 25? Of the 10 million passwords that we analyzed, 5 million of them are one of the top 25 common passwords.
You protect yourself by using high strength random passwords containing letters, numbers, and symbols, with a length of at least eight characters, and you use a password manager, so every website and app that you have contains its own random unique password.