This post is based on an interview with Bryson Bort.  It is part of our series of interviews of OODA Network members. Our objective with these interviews is to provide actionable information of interest to the community, including insights that can help with your own career progression. We also really like highlighting some of the great people that make our continued research and reporting possible. For the full series see: OODA Expert Network Bio Series.

Career Progression: Bryson was one of those geeks who enjoyed taking things apart and breaking them.  He took naturally to computers.  After he graduated from West Point with a degree in Computer Science, he joined the Signal Corps.  He served as a Battle captain and Brigade Engineering Officer in support of Operation Iraqi Freedom.  After four years, he was ready for a new challenge.

Bryson took a position with the British company Smiths in their Space & Aerospace section as a Global Commodity Manager. He learned about airplanes – Military and Civilian – and he flogged the supply chain to find much-needed airplane components from around the world.  He implemented Lean Six Sigma improvement projects and was delighted to find tangible results in the outputs from strategic tweaks to the inputs.  When they transferred him to be the Global IT Asset Manager, he used similar methods to improve security and manage IT assets – deployed across the globe.  He was able to save the Company $4 Million/year by streamlining IT and putting security at the forefront of IT.  He built a team of global IT experts and locked down control management, configuration and change management, building one of the world’s first Configuration Management Data Bases.

Moving back to the DC area, Bryson joined forces with ManTech, deploying his newly minted skills to improve IT for the Department of Defense.  His job was to perform infrastructure refresh across many arms of the Federal Space (including DoD, State and the Special Forces).  Ripping out old stuff and putting in new stuff was a rewarding experience.  He felt that the warfighter was much better off due to his improvements and he always kept their needs in mind when he went on to manage R&D investments for the company.

Bryson advises that “When working in a large organization with a complex mission, it’s important to develop direct, frequent and transparent communications to keep your management informed of the important work you are doing.  No one is doing IT/cyber Security just for the sake of IT/cybersecurity!  Every organization/company has a mission (business) to perform, and IT/cybersecurity just supports that mission (business line).  You have to be able to explain how your IT/cybersecurity helps their bottom line.  IT/cybersecurity leaders are often given a degree of autonomy, which can threaten the established leaders if they don’t fully understand.”

Bryson loved managing the R&D Division, but “Every golden cage rusts.”  He needed to find a new challenge.  Some friends advised him he should start his own company.  Initially he resisted (“That’s a ‘West Coast Thing’!).  But one evening, over a few beers and on the back of a cocktail napkin, he sketched out an idea he was passionate about:  he wanted to move offensive cyber operations out of the realm of just collecting logs and bemoaning what HAD happened.  He saw a model to “bring cyber operations into a true Fifth Domain”.  From that, Grimm was born!

The first few years of running a startup are always rough.  GRIMM took whatever work was available: from proposal writing to system administrator jobs.  But slowly the company came together, piece by piece.  One breakthrough came when a Fortune 50 company approached him to solve a problem they couldn’t find a solution for anywhere else.  When you think about it, that’s a huge gift!  They had already done the market research for a solution and identified a gap.   Scythe took off from there.

Surprises:  Bryson has learned that there are really only two types of companies:  Those that have a leadership fully onboard with the risks and requirements of cybersecurity and are willing to commit the time and resources to mitigate them, and those who ignore the prospective problems.

Advice for Decision Makers:  Political leaders need to step up to the plate when it comes to cybersecurity.  Most government entities are not resourced to provide robust solutions to challenges that everyone faces.  Government should create a model, that will remain updated and current, and that can be “used” by any municipality.  This goes for small and medium businesses, too.  Resources should be consolidated for the benefit of all.  The current hands-off approach taken by big government must change.  They must OWN the problem.

Bryson wants all organizations to remember that the relationship between IT and Security will always remain the same:  a fraction of the main business.  As the main business grows, the proportion of IT and cybersecurity should also grow.  This is a permanent slice of the pie that will never change.

Security Improvements:   The adoption of the cloud has had the biggest impact on cybersecurity in the past five years, but not for the reason most people think!  As companies become more and more comfortable taking their data out of their locked and protected data centers and putting it in the cloud, it opens that data up to cybersecurity experts and solutions that are much more powerful than what you can install in a datacenter.  Security managed service providers are adding value towards protecting our assets. 

Risks in The Near Future:   Our attack surface is becoming exponentially greater as we connect sensors to everything (IoT).  “I worry about this all the time.” Bryson says.  “As you increasingly connect your phones, automated devices, remote sensors, etc. you are providing many more attack points – most of which are beyond your control.  Everyone needs to think about how these will their risk profiles.”

Technology of Interest.   Bryson doesn’t see one great new technology that will change things.  He believes that change happens in microevolutions that move us towards greater risks and greater capabilities.  He’s excited about his new company Scythe and hopes that in five years they will change the entire way the world measures security:  going from an extrapolation of the past to a measured, empirical view of the future.

Views on Thought Leaders:    Bryson follows Ron Gula, GulaTech for his insights on next generation technologies.  Also, Dimitri Alperovich, the CTO at Crowdstrike and Dave Kennedy at TrustedSec for their vision and strategic thinking.

Quick Hits:

• Book Recommendations: Cryptonomicon by Neil Stevenson.
• Favorite piece of content on OODAloop: Bryson relies on Matt, Bob and Mike’s reviews of new technologies to give him a quick look at what is happening in the marketspace.  From there, he can decide if he needs to dig deeper.
• LinkedIn: https://www.linkedin.com/in/brysonbort/
• Twitter: https://twitter.com/brysonbort