This post is based on an interview with Paul Kurtz, Co-founder and Executive Chairman of TruSTAR. It is part of our series of interviews of OODA Network members. Our objective with these interviews is to provide actionable information of interest to the community, including insights that can help with your own career progression. We also really like highlighting some of the great people that make our continued research and reporting possible.  For the full series see: OODA Expert Network Bio Series.

Career Progression:   Paul grew up in Des Moines, Iowa during the Cold War.  President Reagan was implementing a robust anti-Communism campaign and Paul imagined a career in National Security.   He earned his degree in Political Science and Government from the College of the Holy Cross.  He was particularly interested in Middle East Studies, inspired by one of his Professor’s, Dr. John Esposito, who taught Religion, International Affairs and Islamic Studies.

This was a time when the “American Ideal” bumped up against Communism.  President Reagan, a devote Christian, was fundamentally opposed to a Global Power that was against Religion.   He had just developed his all-encompassing Star Wars Program.  Paul found the policy side of all this fascinating.  How America “projected power” was supremely important to the future of our Country, and Paul was interested in how Religion and Politics could affect National Affairs.

After College, Paul was picked up by the State Department for an unpaid internship, hoping to turn it into a full-time job.  He ended up settling for a menial Clerk Typist GS-5 position, because he knew that State was where he needed to be.  He quickly moved up into positions of more importance as a Foreign Affairs Officer.

Late in 1988, Pan American Airlines Flight 103 was bombed in an attack orchestrated by Libyan leader Muammar Gaddafi.   Counterterrorism moved center stage as a fundamental part of America’s National Power Projection Policies.  Paul worked for the Office of State Department Bureau of Intelligence and Research (INR) as an Intelligence Analyst supporting Nuclear Non-Proliferation.  When the First Gulf War started in 1990, Paul found himself right in the middle of the action.  He had just been assigned the SCUD Missile account – the weapon the Iraqi’s were firing.  His future with the State Department grew to include many weapons inspections on the ground in Iraq and throughout the world, and eventually into the position of drafting the U. S. Nuclear Non-Proliferation Policy.

In 1999, his colleague, Mr. Richard Clarke, then on the U. S. National Security Council, encouraged him to move over to the White House where he started as Director of Counter Terrorism on the NSC.  His first exposure to cyber security was preparations for Y2K, since there was some thought that unpatched computers could be used to facilitate a terror attack.  While serving as director for counterterrorism, he focused on coordinating intelligence sharing between FBI, NSA, CIA, State, and DOD.  The goal was to ensure intelligence was fused to prevent terrorist attack.  Despite previous attacks by Al Qaeda dating back to 1993 (the first World Trade Center attack) the United States was effectively blindsided.  And yeah, that’s where he was on September 11^th.  In the Situation Room at the White House, blindsided.

Eight days after starting to pick up the pieces of that disastrous day in U. S. History, the Nimda worm appeared and the world got its first panicky look at cyber weapons. This gave Paul’s career in cyber a rapid lift-off, as he moved into his new position as Special Assistant to the President for Critical Infrastructure Protection.   Responsible for the cyber portfolio, Paul had a unique perk: he was able to visit the big technology companies, like Symantec, CISCO, AT&T, etc. to stay apprised of trends that impacted them at the highest level.  He learned a ton!

After five years of working 14-hour days and fielding endless late-night phone calls, Paul jumped at the opportunity to deploy his skills in a new role: standing up the Cyber Security Industry Alliance (CSIA).  Who better to create this non-profit industry group to promote cyber information sharing and raise cyber security awareness?  It took him three years to build this important trade alliance.

His colleague and mentor, Mr. Richard Clarke, had by that time created a successful consulting practice and needed someone with cyber expertise.  Paul moved into that new job in 2007, working mostly on Middle East cyber security issues, helping partner nations create a cyber defense programs that would protect their critical assets and help them understand threats before they became disruptive.  In 2011, Paul decided to jump into the frying pan as a CISO at CyberPoint International, where he was able to work inside an organization employing many of the policies and strategies that he had initiated.

Meanwhile, Paul was becoming frustrated by how the private sector and government agencies were unable to manage and share cyber intelligence.  He had watched how the lack of sharing terrorism information had enabled the attacks of 9-11.  He knew it would be more difficult in the cyber world given our dependence on IT and the speed of attacks.  He saw it as a train wreck about to happen and wanted to be part of the solution.  He created TruSTAR so he could focus on cyber intelligence fusion.  “My mission” Paul says, “is to create the means to fuse cyber intelligence in real-time.”

Paul believes enteprises struggle with too many tools, alerts, and data.  To date, we have not focused on integrating what we know from the tools we have deployed.  We are spending more and become less effective because of a failure to integrate. TruSTAR serves as middleware that normalizes and correlates the data from tools to ensure operators have a comprehensive view of what’s going on inside the enterprise.  If you focus first on unifying tools, teams and data inside your own organization, then it is much easier begin to coordinate with peers, suppliers, and partners.

Surprises:  Paul, like most of America, was surprised by the terrorist attacks of September 11^th.   He agrees with finding of the 9-11 commission, that it was “A Failure of Imagination.”  He carries that failure today.  He also never thought he would be working on cyber security but the failures around intel fusion motivate him to succeed in cyber intelligence fusion to prevent attacks.   “Cyber security brings so many pieces together.  If done right, it can help you keep from being surprised,” Paul says.   He is also astonished and disheartened to see how technology has been turned on its head, changing from an “enabling freedom” to a tool of suppression and manipulation.

Technologies: “I’m not a big fan of the term AI” Paul says.  “But if you could walk AI back to Machine Learning, you would see there is a tremendous amount of power to see the bigger picture, apply models, extrapolate and be predicative.”

Advice for Decision Makers: “Government is not going to solve cybersecurity.” Paul says.    “The Private Sector can assemble a picture of what is going on much faster.  The implications are huge.  During the cold war, we assembled all the intel we had and fused it together.  That’s why we were able to minimize contingencies and manage crises.  We seem to have forgotten that with cybersecurity.  We expect the government to save the day.  They can’t, or at least not in a timely way. The government can’t move fast enough because of authority issues that dramatically slow their ability to respond.  The more private sector can manage and fuse data, the better off we are going to be.”

Views on Thought Leaders:  Paul’s college Professor, Dr. John Esposito set him off on his initial pursuits.  https://en.wikipedia.org/wiki/John_Esposito   Mr. Richard Clarke taught him how to always be open to something that might be unimaginable. https://en.wikipedia.org/wiki/Richard_A._Clarke

Quick Hits:

Book Recommendation:  

• The Spider Network, How a Math Genius and a gang of scheming bankers pulled off one of the greatest scams in History, by David Enrich.
• A Pope and a President, Paul Kengor.
• Favorite piece of content on OODAloop: Paul uses OODAloop to see how the applications of technology can be used for nefarious, bigger purposes.
• LinkedIn: https://www.linkedin.com/in/paul-kurtz-56aa813/