Dan Skinner, head of federal go-to-market at Material Security, began his career nearly three decades ago and has since garnered a wealth of technical and leadership experience. From working as part of a team at Network Solutions in the earliest days of the Internet to driving the development of the worldwide public sector division at Wickr (later acquired by Amazon) and many companies in between, Skinner has helped numerous clients bolster their security posture.
In a recent Executive Spotlight interview with ExecutiveBiz, Skinner assessed the ways in which the cybersecurity landscape has changed over the past few years and shared his insights on the role of the cloud on this transformation.
Migrating to the cloud inherently means an increase in digital assets and infrastructure, and a decrease in physical assets. How do you think cloud has changed the cybersecurity paradigm as traditional organizational perimeters expand and even disappear?
We had a paradigm shift from perimeter security to identity being the new security boundary, meaning protection needs to spread out to individual user accounts. In the past, organizations had security through obscurity, which worked because everyone had a different physical network setup. As organizations continue to move to the cloud for efficient cookie cutter solutions, individual entities are looking more and more alike, which creates a substantial threat. For example, all Microsoft 365 instances are nearly identical, so if an attack is developed and gets past Microsoft Defender, then an adversary has a global target base. Case in point, just a few months ago in December, the National Security Agency warned that the Russian FSB hacker Star Blizzard was launching attacks against Microsoft 365 customers on a global scale.
What opportunities can be unlocked with the cloud, and how do you think those opportunities will change the federal landscape?
The cloud is very flexible and very fast. This allows us to experiment with new techniques quickly and fail fast, or widely deploy them at a rapid pace. The cloud also gives us ‘automotive parts’ style choices. If the alternator keeps breaking, you can opt to choose a different vendor that offers a different partner number but does the same thing and might be a more effective solution.
Can you talk about how cybersecurity has impacted or changed the national security paradigm? What new trends or shifts are you seeing at the intersection of cybersecurity and national security, and how are those trends influencing the public sector today?
I’m seeing a shift in the culture toward people taking cyber security more seriously, with what I like to call ‘tone at the top.’ For example, the White House released an executive order allowing the U.S. Coast Guard to enforce cybersecurity at its ports and empowered the Coast Guard to deter threats being broadcast from vessels near our coast line. Now, the coast guard can monitor and inform the crane owners that they ‘shall’ remediate vulnerabilities, whereas in the past they could only recommend that the crane owner ‘should’ remediate a vulnerability. This type of proactive engagement helps protect the citizens and natural habitat along our coast lines.
Do you think the United States’ cybersecurity efforts are keeping up with demand? If not, how can we accelerate and broaden cybersecurity?
I think we are getting there and are in a much better place than we were 30 years ago, when phone hackers, or “phreaks,” were portrayed showing off their skills as they attempted to “hack the planet” in the movie Sneakers.
Today, I’m seeing more and more programs to train new cybersecurity talent, and we are getting better ‘tone at the top.’ For example, a recent Executive Order released on Feb. 28 mandating that data hoarders not sell U.S. citizens data to other countries sends a strong signal that shows we are starting to think about the root cause of attacks, what specifically needs to be protected and the scale at which we need to think about enforcing cybersecurity, privacy and data loss prevention.