Drawing a parallel between real-world security and cyber security to provide a better perspective on why Security in general everyone’s job and Cyber Security is not an exception. Bringing experience and understanding of cyber security perceptions from multiple roles working with numerous projects and organizations across the world. Emphasizing on the training and awareness requirements customized to the audience instead of one training fit for all approach to increase understanding and adoption of Cyber Security practices.

Just over 20 years ago I helped build the FBI’s InfraGard Program. Although we aspired to be proactively preventative, we have lived stymied, notwithstanding our best intentions, in the world of the Reactive and its associated “Defense in Depth” complexity and cost. Proactive prevention eluded us. The security industry has profited quite nicely from the insecurity of the world and this reactive paradigm. For decades we have relied on the best technology we had at the time to deflect the onslaught of what we faced daily in the way of malware and other attacks. The effectiveness of that AV technology was always predicated on having latest signatures on hand, which the adversaries could easily defeat with just the slightest modification of their last iteration. That signature-based paradigm required much in the way of downstream resources and expense and usually at least one “sacrificial lamb” upon which to let each new instance of threat sink its teeth. On a good day the capture and deflection rates rarely rose above 50%, requiring that we labor assiduously to manage leaderships’ expectations. We finally got leadership to understand and accept what became almost a mantra in the industry: “It’s not if but when”--as galling professionally as that admission was to make. However, just as predicted 50 years ago by Thomas Kuhn in his book the Structure of Scientific Revolutions, we’re seeing the dawn of a new day where AI’s machine learning and advance mathematical algorithms now offer validated deflection rates, pre-execution, in the realm of 99%. The FBI has now called me back into service to help redesign the next generation of InfraGard leveraging this emerging force. Our discussion will explore my generation’s journey toward this emerging new paradigm, its challenges, and what it portends for the future.

McClurg serves as Vice President and Ambassador-At-Large of Blackberry | Cylance. He engages the industry around the globe on the risk challenges today and how AI uniquely mitigates them. Champions a move from a historically reactive security posture to one focused on proactively predicting and mitigating future risks. He comes to Blackberry | Cylance from Dell, Honeywell, and Bell Labs/Lucent where he served as their CSO.
Before joining the private sector, he served in the U.S. Intelligence Community, as a twice-decorated member of the Federal Bureau of Investigation (FBI), where he held an assignment with the US Department of Energy (DOE) as a Branch Chief charged with establishing a Cyber-Counterintelligence program within the DOE’s newly created Office of Counterintelligence. Prior to that, McClurg served as a Supervisory Special Agent within the FBI, assisting in the establishment of the FBI’s new Computer Investigations and Infrastructure Threat Assessment Center or what was later known as the National Infrastructure Protection Center within the Department of Homeland Security. McClurg also served, for a time, on assignment as a Deputy Branch Chief with the Central Intelligence Agency, helping to establish the new Counterespionage Group and was responsible for the management of complex counterespionage investigations. He also served as a Special Agent for the FBI in the Los Angeles Field Office where he implemented plans to protect critical US technologies targeted for unlawful acquisition by foreign powers and served on one of the nation’s first Joint Terrorism Task Forces. McClurg was recently voted one of America’s 25 most influential security professionals; holds a J.D. Degree from Brigham Young University; is a member of the Utah Bar Association; Co-chaired the Overseas Security Advisory Council (OSAC) of the U.S. Department of State; serves as a special advisor to FBI; and served as the founding Chairman of the International Security Foundation. He also holds an MA in Organizational Behavior, BS and BA degrees in University Studies and Philosophy from Brigham Young, and advanced doctoral studies in Philosophical Hermeneutics at UNC-Chapel Hill and UCLA

Software Supply Chain - Software vendors routinely suffer breaches that they either don’t know about or choose to not publicize (until a customer or researcher discovers the evidence).