Workload and Application Security Blog

Behind the Scenes: A Conversation with Virsec’s New VP Public Sector

Written by Virsec | Jun 2, 2021 3:07:15 PM

Virsec continues to grow rapidly, attracting top talent and investors alike. We recently announced that Kevin Jones has joined Virsec as VP Public Sector and Corporate Development. Over the course of his career, Kevin has led Public Sector and government strategies in increasingly senior positions with CrowdStrike, SkyHigh Networks, Symantec, and Clearwell. His demonstrated talent at opening new territories while disrupting the competition made him the perfect choice to accelerate and grow Virsec's Public Sector security offering. Kevin shared his views on the current state of cybersecurity in the Public Sector and what attracted him to the opportunity with Virsec. 

--------

As an advisor to Virsec for the past year, I’ve watched the cyber landscape metamorphosize, exposing areas of vulnerability deep within the server workload that were promptly disrupted by nation state and rogue cyber actors.  Most notably, the SolarWinds, Hafnium/Microsoft and Colonial pipeline hacks happened because existing security solutions and policies were circumvented, allowing attacks to execute within trusted applications running in trusted environments.  

I see an urgent need to evolve the public sector discourse around cybersecurity. The reality is that in many instances, our country is losing the cyber battle.  There’s a reason senior government officials are calling this period a “digital dumpster fire.” Intruder sophistication seems to far outpace industry solutions.  As the devastation rises, so do cyber budgets—but to what effect?  $150 Billion is spent annually on cyber solutions, yet cybercrime is expected to cost over $10 Trillion annually by 2025.  Is the cyber industry broken?

It’s Virsec’s belief that the conversation must evolve beyond probabilistic methods based on past events, heuristic analysis, and future predictions via AI and ML.  Too often, the conversation stops at resiliency, with agencies asking how they can recover from an attack and hopefully retain 80-90% functionality in the aftermath.  While Disaster Recovery (DR) conversations are still important, we’re missing a lot by not pushing the conversation into the realm of “prosiliency,” a term describing the ability to operate at 100% in situations of total chaos. 

Our government deserves better.  We need to evolve past the 2.0 cyber conversation to a 3.0 cyber conversation that enforces no adversary dwell time instead of minutes, hours, or days. Sophisticated adversaries are researching extensively and cranking out ‘O-Days’ faster than ever, but agencies are still fragmented in their approach to cyber.  

Virsec is filling that critical gap by providing application-aware workload protection from the inside. That is, Zero Trust at Runtime. Virsec technology provides guardrails around application workloads to ensure that they execute only as intended. Any deviation from normal is instantly detected, treated as a threat, and stopped regardless of threat source, type or prior knowledge. By only allowing correct execution from within the workload, Virsec is focused on precise, deterministic protection. 

Supporting our government application workloads across OT/IT, on-prem and cloud environments is a key focus of Virsec’s as we work to evolve the conversation of what’s possible in cybersecurity and help protect our nation’s critical infrastructure from within. This mission is why I joined Virsec, and I am eager to dive in.