Running Counterclockwise

As I look back on my career and how I ended up in the field of cybersecurity, two major events stand out as being key drivers.

The first is a revolution and the second is 9/11.

When I was 10 years old, my country, Iran, went through a theocratic revolution that made it impossible for my family to safely stay there. I was forced to leave the comfort of my home and family and head west, first to England, and eventually to the United States, Los Angeles to be exact, where my family ultimately settled down.

The upshot of this displacement and my childhood adventures is that I have a different perspective than many, especially when it comes to making professional decisions- a subject I explore in a TEDx talk.

At an early age, I was forced to adapt to new circumstances, absorb new perspectives and take some unusual chances. Along the way I learned that risk often leads to opportunity- especially if you can put the fear of failure into perspective. That is, if you can learn to distinguish between failing, which is often a necessary part of any ultimately successful journey, and being a failure.

This mindset is essential in cybersecurity, where we are working to protect an environment that is actively fighting against us, to safeguard an Internet that was built to promote openness rather than security, and to outsmart an adversary that is sentient, committed and asymmetrically advantaged. While defenders have policy, laws and social norms to abide by, the adversary is unconstrained. They have to be right only once to break in; defenders have to be right every time to be stop them. Needless to say, there’s lots of risk-taking and failure involved as we try to accomplish our goals as defenders.

In order to thrive, you must be able to adapt, learn from mistakes quickly and absorb and learn from diverse perspectives, including the attackers.

Building a durable business in this industry is not for the faint of heart.

This mindset is also what empowered me to take up the challenge of this industry shortly after September 11th and actually because of it. At the time, I was living in Los Angeles. I was asleep when American Airlines Flight 11 hit the North Tower, but was quickly awakened by a phone call. For the next few days, like most Americans, I stayed home and watched in horror as the events of that day were replayed over and over again and we all tried to make sense of what had happened and how exactly our world had changed.

I knew I had to find a way to make my contribution to global security. Government service seemed like the most obvious route, but there was nothing in my background that made me a natural fit for a government job. Still, my husband and I both submitted our resumes to the White House through their website. He got a call. I did not. I had to find a different way.

At the time, I was a venture capitalist in Los Angeles, focused on investing in retail and media technology companies. My professional career to that point had involved being a lawyer, a consultant, an entrepreneur and now a venture capitalist. I have an undergraduate degree in English literature and as a lawyer at O’Melveny & Myers, had practiced corporate and entertainment law. As a consultant at McKinsey & Co., I worked for healthcare companies, media companies, and technology companies. I had never touched the world of security. But my lack of experience did not get in the way of my desire for finding my way in.

Neither did the passage of time.

Still actively hunting to find a role, in early 2003, I learned about a group of people, including the former head of the NSA, the former head of the CIA, and the former Dep. Director of DARPA, coming together in Washington D.C. to create an investment community response to 9/11. They were starting a private equity firm called Paladin Capital Group with a mission of finding and investing in the most advanced technologies for global security. The idea was to find dual use technologies that would serve the needs of governments as well as businesses. They were looking for a partner who would run their deal teams and investment process. After a few meetings, they asked me to join their team. I had no background in national security, the defense industrial complex, or the intelligence community so of course I said, “Yes!” I was taking a risk — leaving the California VC community and the high return potential of the sectors I understood — and in that risk lay the opportunity to do good, and to do well.

And taking the risk paid off. During the almost ten years I spent at Paladin Capital Group, I was exposed to an amazingly diverse array of people and industries — everyone from the military, civilian government, policy, technology, and entrepreneurial worlds. What all of us shared: a vision and desire to leave the world safer than we found it.

Over the past 12 years, I have worked in the cyber security market in three roles: first as a venture capitalist at Paladin seeking out the best teams and the best solutions, then as the Chief Strategy Officer of Endgame, Inc., a venture-backed growth stage company, and now as Chief Strategy Officer of one of the largest companies in the cyber security market.

While the roles and companies have been different, the lessons have been consistent. We can’t solve cybersecurity challenges alone, or with a group of people with the same background and thought process. Success in this industry demands diversity — teams that approach problems by drawing on disparate experiences and expertise, working together to find workable solutions. It will also require new modes of thinking and behaving — the active cooperation of government and industry, of competitors and partners. We will have to rethink our approach to talent and to government service. We will have to rethink how we create and store data, how we think about issues of privacy, the role of law, policy and regulation, and ultimately what we connect to the Internet and what we don’t.

Admiral Grace Hopper in an interview once said, “The most damaging phrase in the English language is ‘We’ve always done it this way!’” To prove the point, she had a clock in her office that ran counterclockwise. That is the mindset our industry must embrace as we take on our modern security challenges.

Taking this challenge on is not for the faint hearted, but the opportunity for those who come to it with the right mindset is immense.