Sramana Mitra: This is obviously a serious issue, and there are people working on it already. Who is working on it and who has good ideas?
JR Reagan: The good work is happening all over the place. You see the National Labs in the U.S. and other government organizations outside the U.S. that are doing some great work on the pattern types of stuff. There is serious analytics going on that is going to feed this once it is ready. Then there are the typical vendors out there that are starting to tune their platforms to accommodate big data in faster cycles. I would say a lot of great work around visualization and analytics is happening in places like Silicon Valley, academia, etc. But it is not necessarily geared toward cyber yet. That is what I think is going to be very interesting. Once people start to turn their heads to this approach or tool that I can use to solve cyber security, it will be an inflection point for us.
SM: How do you define cyber? The way the security world operates right now is that enterprises are protecting their own networks and infrastructure, governments are protecting their own networks and infrastructure, and individuals are supposed to have antiviruses and firewalls on their computers. How do you define cyber in this general area?
JR: It is going to be the collective risk posture of all of our networks and computers. It is a very broad statement on purpose. It used to be us all saying, “Wouldn’t it be great if we could visualize traffic jams and know where things are?” It used to be too hard. The technology was owned by somebody else, and they were sophisticated and expensive tools. Now you can go on your desktop and you can see it. We used to say that it was too hard to figure out where a disease [was most active]. We can do that today. I think it is about asking a different question. People are solving it within their four walls, but when we have this hyper-connected risk, wouldn’t it be great if we could see where bad things are happening on networks across the U.S.?
SM: You are talking about a public good that would be monitored by private data providers that are able to provide information about exceptions, intrusions, or malware to various bodies that are in a position to act upon it.
JR: Absolutely. You could even envision a situation like this one: “My connection in the house is slow. Check on that. Maybe it is a denial of service attack.” You have to have an overreaching hypothesis and vision to really stretch where this will go, not just solving one incident after another. I think that is where we are at right now.
SM: Tell us a bit more about your lab. How is it structured and how does it operate?
JR: We have a couple of parts to it. We found that the experience in that lab is almost the most important thing. It is about prototypes, not presentations. We train folks to be client experience specialists. It is like in a big theme park. They know how to really engage people and get them to have great conversations about what we do. So we have those people, who are experts who can dive into various problems, and we also have what we call Visualization Studio. We don’t typically find that in IT organizations. You normally find those on Madison Avenue [in advertising].
We found that using design-led solutions allows us to get over the hump of understanding if it is the right problem to solve or not. We have designers, engineers, data specialists – we cohort them on each problem. Those are the two worlds that make up our lab. Last, we have something you call a GovLab, which researches big problems. We do that through digital native eyes, so they can look at problems way differently from people like me, who have been around the block and seem to know it all.