As vice president of Public Sector Solutions Engineering at Trellix, Bobby New leads field readiness programs, operational excellence and objectives and key results management for the company’s Public Sector Solutions Engineering teams. He holds a wealth of experience in the information technology field, and throughout his 27-year career, he has served in roles at Dell, Unisys, Novel and FireEye, which merged with McAfee Enterprise to establish Trellix in late 2021.
In a recent Executive Spotlight interview with ExecutiveBiz, New discussed the foundational ideas behind Trellix’s creation and the ways in which they have shaped company values and talent acquisition. He also shared his thoughts on today’s cybersecurity landscape, which is characterized by a wide array of emerging threats.
Tell me about Trellix’s culture. What aspects of the company do you think are contributing most to its success while helping to attract and retain top-level talent?
When we put Trellix together as a company, we knew that we had to have a fresh approach. We knew security could be different – fast enough to keep up with dynamic threats, intelligent enough to learn from them, constantly evolving to keep the upper hand while being built around an open, tenacious, curious and fun culture. Everything we do, our values, beliefs and behaviors, are what I think contributes to attracting and retaining top-level talent.
For example, “curious” is considered a core value for our entire Trellix organization, meaning that curiosity is not just a fleeting trait but a fundamental guiding principle that influences decision-making, behavior and interactions.
Curiosity is embraced as a core value here at Trellix in multiple ways. The concept emphasizes the importance of continuous learning, and our team actively seeks opportunities to expand their knowledge, explore new ideas and stay informed about industry trends. A culture of curiosity fosters innovation. Being curious encourages individuals to question the status quo, think creatively and seek new solutions to challenges. It promotes a mindset that is open to experimentation and improvement. Curiosity is also linked to adaptability. Those who are curious are more likely to embrace change, as they are eager to understand new perspectives and adapt their approaches based on evolving information. As a core value, curiosity contributes to strategic thinking. Curious individuals and organizations actively seek insights into market trends, customer needs and emerging technologies, allowing them to make more informed and forward-thinking decisions.
Considering “curious” as a core value goes beyond simply acknowledging it as a trait; it positions curiosity as a foundational principle that shapes the culture, mindset and actions of individuals and organizations. It is one of many reasons I believe we attract and retain top-level talent here at Trellix.
In your opinion, what makes Trellix a place where the best and brightest want to work?
At our Trellix core, we embrace what we call “Soulful Work.” We have all seen the inspirational posters, shirts, online memes and laptop stickers that say: “find a job you love, and you’ll never have to work a day in your life.” At Trellix, we live that motto out every day with Soulful Work, which refers to engaging in activities or professions that align with one’s passion, values and deeper sense of purpose. It goes beyond mere job responsibilities and involves finding fulfillment and meaning in the work one does.
For example, I come from a family of public safety members for as long as I can remember. I have been running into the heat of our issues, not away, and my Soulful Work is solutioning cybersecurity for our number one cyber target, the federal government. In most cases, Trellix solutions are the last line of defense for our customers to protect themselves against cyberattacks from various sources, including nation-states, criminal organizations and hacktivists, and this is my passion. It gets me up in the morning and brings butterflies to my stomach. The best and brightest also want a place where they can see that their passion contributes to the greater good of society and that provides them with the opportunity to do meaningful, Soulful Work that enriches people’s lives and helps them blaze their own career trail.
What do you think is the biggest threat facing U.S. cyber systems today, and what can be done to protect against that threat?
Over the last 27 years supporting the federal government in securing their environments, my answer has stayed roughly the same. It depends, as the biggest threat to one agency is not the same as it is for another agency. One thing to note is that the cybersecurity landscape is dynamic, and new threats emerge over time. Threats can come from various sources, including nation-states, criminal organizations, hacktivists and individual hackers, and the threat depends on their motives. There are state-sponsored cyber attacks, in which countries engage in cyber espionage, cyber warfare or cyber crime to gain a strategic advantage or disrupt U.S. systems. An example would be Russian state-sponsored cyber threats to our U.S. critical infrastructure.
There are also ransomware incidents, where attackers encrypt data and demand payment for its release. These attacks can target critical infrastructure, government agencies and businesses. Ransomware remains the “malware king,” but smaller digital adversaries are emerging more prominently – such as Agrius, Bl00dy, and FusionCore.
Cyber adversaries may exploit vulnerabilities in the supply chain, compromising software, hardware or services that are essential for U.S. operations. One of the biggest examples here is the SolarWinds breach in 2020.
Cyber espionage, the theft of sensitive information, intellectual property and government secrets through cyber means, remains a significant concern. One of the biggest examples here is China’s highly organized approach to intellectual property theft has now matured into the most sustained, scaled and sophisticated theft of intellectual property that we have ever seen.
There is also the emergence of malicious artificial intelligence with “Script Kiddies” and generative AI tools like ChatGPT that can help threat actors small and large overcome considerable challenges. With greater efficiency, they can now scale faster and improve targeting. The development of Blackhat large language models, a ChatGPT knockoff designed for cybercriminals, already exists. The acceleration and sophistication of phishing attacks in recent years suggest bad actors are already starting to leverage some of these tools.
What can be done to protect against these threats is a great question that every chief information security officer works on answering daily. The older theme of defiance in depth still rings true today and the zero trust industry initiatives that all agencies are working through will go a long way in combating these and other threats. However, cyber breaches are inevitable as the threat actors only need to be right once. We, as defenders, must be right 100 percent of the time with the targets increasing daily. Therefore, if attacks are likely and increasing, the root of the issue really lies in whether an agency can detect an attack quickly enough and respond comprehensively and rapidly enough to minimize its impact.
One of the most effective approaches an agency can take to prepare for a breach is to accept its inevitability and start shifting spending and strategy to cyber resilience over avoidance. Cyber resilience should become part of an agency’s DNA to survive and minimize a breach attempt.