This post is based on an interview with Stu Sjouwerman. It is part of our series of interviews of OODA Network members. Our objective with these interviews is to provide actionable information of interest to the community, including insights that can help with your own career progression. We also really like highlighting some of the great people that make our continued research and reporting possible.  For the full series see: OODA Expert Network Bio Series.

Career Progression:  Stu wrote a few articles about Bill Gates when he was the editor of his college newsletter at the University of Amsterdam.  He was mesmerized by Bill’s meteoric trajectory.  He decided to follow in his footsteps – dropping out of college and jumping into the technology field headfirst.  He knew he was a quick learner, so he taught himself computing by reading everything he could get on the subject.

Stu has a knack for reading the tea leaves.  Back in the early IT days, regular folks were just starting to buy home computers, but they had no idea how to set them up or how to use them.  Training didn’t exist and there was no one to call.  He started a company called Micro Instructional, making audio cassettes that would walk new users through the necessary steps.   Stu took risks and was rewarded.  He survived the stressful years of hard work and over-extended credit cards, eventually selling the company to a large Dutch publishing company.

This pattern of prescience followed by action were repeated throughout Stu’s long career.  After he recovered from the exhaustion associated with the startup/sale of a company, Stu took a job with Sunbelt International in Paris.  At the time, they had one contract with a U.S. Software developer making system management tools for the new minicomputers that were flooding the market:  defrag, I/O caching, etc.  He approached the major European distributors and within four years had built the company into a huge enterprise.

When Bill Gates hired Digital Equipment Corporation’s (DEC) Chief Architect, David Cutler for $1 Million a year to work at Microsoft, Stu had a premonition.  He knew the system management needs of the Virtual Memory System (VMS) operating system.  He knew Microsoft was going to a new OS (Windows NT).  When you add ONE LETTER to VMS… what do you get?  WNT!!

Knowing the problems that VMS admins were running into, Stu could predict the enormous market for windows management tools that Windows NT would create.  He took Sunbelt International to the U. S. and quickly became successful filling the system administration needs created by Windows NT.   He spent the next 17 years building an impressive portfolio of endpoint and email cybersecurity products.

Meanwhile, he still followed Bill Gates, watching closely to see the trends.  When Microsoft started buying up antivirus companies, Stu could see where this was leading.  With a half a billion endpoints, Microsoft was in position to develop their own cyber tools – just as good, or better than anything he could sell.  Stu says: “They started with something that worked ok, and today Microsoft Defender is just as good as anything else out there.  They are well positioned to catch the threat first, write the code and write the new definitions, faster than anyone else.”  Time to get out!  Stu sold the company in 2010 for a lucrative profit.  In his mid-fifties at the time, Stu remembers “I had lots of zero’s in my bank account, but no game to play.  All my friends were still working.  My wife wanted me out of the house!”  Retirement just wasn’t in his DNA!  Thinking over his lifetime of trying to make secure networks, he considered this question: “Why is it still a problem?”  The answer:  Social Engineering – people clicking on links, especially from trusted (spoofed) sources.

Stu started his current company, KnowBe4 in 2010. https://www.knowbe4.com/  He now dedicates his time and talent to helping companies identify and respond to Email threats that can carry weapons grade cyber-attacks (such as the Crypto locker ransomware attacks, etc.).  By concentrating on small and medium sized businesses, he has built a company that could rapidly scale to Enterprise.   Today, Gartner has positioned KnowBe4 as the leader for Security Awareness Computer Based Training.

Surprises:  Stu’s always surprised how hard it is to estimate the time and effort needed to get a new initiative off the ground.  Stu recommends thinking “long and hard about what the necessary level of effort will be, so you can plan accordingly.”

Advice for Decision Makers:  Stu says “You have to create a security culture in your organization.  It comes from the top down.  The eighth layer of the OSI model is the Human Firewall.  On average, 10 percent of malicious emails can make it through the filters and wind up in the user’s inbox.  Your human end users are your last line of defense in the fight against phishing attacks.”

Security Improvements:  Improved processes and procedures have made improvements possible.  Stu says “You have to get ‘defense in depth’ in place.  All seven OSI layers have to be locked in tight – and your human firewall has to be trained to respond appropriately.”

Risks in The Near Future:  Stu is most concerned with critical infrastructure:  power plants, gas pipes that feed power plants, health care, local government, local communities.  “IT didn’t sign up for this” Stu says, “but the reality is, IT is in the trenches in a slow cold war being fought over the internet.”

Views on Thought Leaders:  Perry Carpenter, his Chief Strategy officer, provides Stu with advice and counsel.  https://www.linkedin.com/in/perrycarpenter/

Quick Hits:

• Book Recommendations: The Advantage, by Patrick Lencioni;
• Favorite piece of content on OODAloop: Stu reads articles that refer to the urgent need to security awareness training, especially as they pertain to the upcoming Presidential Elections and crafty spear-phishing campaigns.
• LinkedIn:  https://www.linkedin.com/in/stusjouwerman/