GTCF #13: Bryan Ware - Tech Entrepreneur and DHS Cyber Executive
April 01 2021 Filed in: Gula Tech Cyber Fiction Show
Ron interviews Bryan Ware who started out his career as a commercial tech entrepreneur, served as a senior DHS cybersecurity executive and now runs Next5 - a technology-focused business intelligence and strategic advisory firm. We discuss all sorts of cybersecurity technologies, the latest in United States cyber policy, toast Chris Krebs and share some bourbon.
Ron Gula: [00:00:00] Hello, it's Ron Gula with episode 13 of the Gula Tech Cyber Fiction Show. Today, we are going to be speaking with Bryan Ware. Bryan, how's it going?
Bryan Ware: [00:00:10] It is going great. Glad to be here. Thanks for having me, Ron.
Ron Gula: [00:00:13] Thanks so much for coming out to the the studio in the hinterlands of of Maryland.
Bryan Ware: [00:00:17] It's beautiful out here.
Ron Gula: [00:00:18] Thank you very much. Thank you. It's for, I take credit for all the beauty in Maryland, all right?
Bryan Ware: [00:00:22] Okay. You got it.
Ron Gula: [00:00:22] That's good stuff. That's good stuff. Today we're going to talk about your background. We're going to talk about your time working at DHS, at CISA. And then we're going to talk about the future. We're talking about government politics and cybersecurity. Then we're going to get into some of your favorite science fiction, and where... We're making up our own fiction in this industry.
Bryan Ware: [00:00:39] Okay. We can do it.
Ron Gula: [00:00:40] All right. That sounds good. So you started out as not a government... You're not this typical government careers, now that's a bad thing, but you're definitely you've gone in and out of government. How did you get to what you're doing today?
Bryan Ware: [00:00:52] Yeah, I really, I never wanted to work in government. I I've always worked around national security from the first job out of college. I was in, a great engineering services firm. I've done government contracts as well as commercial, but, I have always thought of myself and I've always been an entrepreneur. I started my first company at 28 and just a whole series of things turned out where I found myself at a point in my career where it was no longer in my company. My board and I had agreed that that I should go work somewhere else.
And I took a few months to figure out, what I wanted to do. And I got the call, to come in and serve in government initially at DHS at headquarters, and then later at CISA. and I guess what I would say is when you're in cybersecurity or other ki- kinds of security and you support the government, or you support large banks or large corporations, you feel like you're part of national security. I've always felt that way. I felt like what we were doing was part of national security and that maybe that was the most effective way that I could support some of the government missions. But it was profound, to have the opportunity to really serve in government. I know you know that from the beginnings of your career, but for me, it was much more towards the end.
Ron Gula: [00:01:59] Yeah. I definitely like to thank everybody who does government service.
Bryan Ware: [00:02:01] [affirmative].
Ron Gula: [00:02:02] It is a service, but one does not get the call to go work at CISA, right? So you did a lot of stuff that kind of made you qualified for that. So your first company you worked at was, is it Sonalysts? Is that how I say it?
Bryan Ware: [00:02:13] Oh, I've worked for a series of small companies. The one right out of college was this awesome company called Jaycor. That was working on the Star Wars program, Strategic Defense Initiative. It was pretty amazing because we were trying to build, missiles that were going to shoot down nuclear missiles. And we couldn't even build parts of the avionics or the optical systems at the time. And you, we had to simulate them. Even though my degree was in laser physics applied optics and that's what I wanted to go do, we couldn't build any of this stuff. You, they put a computer on my desk and was like simulate it." And one of the things I learned in that job, I think each of your jobs, you can take something along with you.
I learned that I was not a very good computer programmer, but I appreciated design. And they had an idea on these missiles. It was called survivability enhancement options. We would call them countermeasures generally now, but what can you do to make this thing more survivable? And I've carried that concept with me for a long time. Worked at a company called Camber. Sonalysts was really neat. Sonar analysts contracted because they, they did a lot of really geeky Navy stuff as the name would suggest. But they'd also learned how to build a whole commercial business where they did movies and computer games and things along those lines. And I got to have some of that kind of media and design experience, too. But that's where we got the idea to f- to start Digital Sandbox, which was my first company.
Ron Gula: [00:03:26] What did Digital Sandbox do?
Bryan Ware: [00:03:29] We, ultimately we patented we invented a a, an artificial intelligence technique that took the [crosstalk 00:04:08]-
Ron Gula: [00:03:38] We have to drink. We said our AI-
Bryan Ware: [00:03:39] Oh-oh, we drink every time we say-
Ron Gula: [00:03:41] Maybe just this one.
Bryan Ware: [00:03:42] Okay. All right. Yes. Because it's interesting you say that because of course in 1998 when we formed Digital Sandbox, we didn't say the words AI all that much, but we built a Bayesian network based system that took all the expertise from experts, lots of different types of experts, and fused it together into an algorithm that was designed to think like you had experts making decisions, but you could do it at massive scale. So we could do thousands of risk combinations, whereas a group of experts could only maybe think of two or three red teaming exercises. And so initially Digital Sandbox started out doing that in the counter-terrorism space. What were the kinds of targets? What were the kinds of vulnerabilities that adversaries would exploit? How bad would it be if they did that? We took that risk equation and transitioned into the Homeland Security space where it's like this is how we should think about all things on a national s- scale or a country scale."
And then we were able to pivot that to insider threats as well. They work in very s- similar ways. There's like lots of l- very nuanced little indicators that experts know something about, but they're hard to pick up in normal signals. And our system was pretty unique that it could fuse things, everything from biographical information to public records information like DUIs or felonies or whatever, but also things like printing behaviors or badge access behaviors other IT behaviors and pulled that into a composite understanding of the person. So anyway, Digital Sandbox we raised a couple of rounds of venture capital and then ultimately sold that to a private equity platform to form Haystax.
Ron Gula: [00:05:15] That's awesome. And that really reminds me of some of the shows on TV where they're fusing all this data in, and then the computer AI comes out and says, "It's Larry. It's been Larry. He's the insider all along," right? Did you have those kinds of moments with that kind of technology?
Bryan Ware: [00:05:29] We had some of those kinds of moments.
Ron Gula: [00:05:30] Apologies to all the Larrys out there.
Bryan Ware: [00:05:32] Yeah. Sorry, Larry. Yeah, ultimately what we were trying to do is create portfolios of risk. Like you can't put all of your resources into just Larry because he's not the only guy that is maybe going to run into some problems down the road. You also don't want to just smear it like peanut butter equally across all of the different whether it's employees or buildings that you're trying to protect. And we really created portfolios of risk that helped our customers prioritize their resources. And sometimes those resources were dollars. So there were billions of dollars that were invested through our algorithms, or sometimes it was intelligence assets, like which things are going to pay the most attention to. But that part of what we did was really not so much about finding the one person. It was trying to make judicious decisions based on risk that, that would put you in the best posture to prevent or detect or whatever it might be to manage manage risks.
Ron Gula: [00:06:25] So the thing I love about these kinds of models, people can complain the model's not accurate-
But the model gets everybody in the organization on the same page.
Bryan Ware: [00:06:33] [affirmative].
Ron Gula: [00:06:33] It's a common vocabulary for you to talk about.
Bryan Ware: [00:06:35] [affirmative].
Ron Gula: [00:06:36] And then, so when somebody new shows up why don't we do an X, Y, and Z? We've been here for a couple of years working on this model. So it's kinda neat. So Haystax was interesting. So you rolled that technology in, and I think that was the product called Constellation?
Bryan Ware: [00:06:47] Yeah. That by then it was called Constellation, yap.
Ron Gula: [00:06:50] Why was it called Constellation?
Bryan Ware: [00:06:52] Constellation there's a lot of reasons. And actually some of my employees and teammates will probably have slightly different memories, but at least one of the reasons we called it Constellation was this whole idea that, sometimes you're seeing different stars, individual stars, but if you cou- you really can, when you can see the pattern of how they're connected, you can see something completely different in that, that idea of the constellation. I think probably the overused words, particularly in that period of time when we were talking about big data, which nobody even says big data anymore we say AI. I'm not gonna drink this time.
Ron Gula: [00:07:22] [laughs].
Bryan Ware: [00:07:22] It was all the connecting of the dots, which is still a metaphor that we used. Constellation was a connect the dots kind of idea.
Ron Gula: [00:07:28] Everybody has the image of the law enforcement people with all the pins and the pictures and stuff. Or as I like to say, link analysis, right?
Bryan Ware: [00:07:35] [affirmative].
Ron Gula: [00:07:35] There's all sorts of link analysis and ways you can do that. And I think before you went to CISA you actually also volunteered at MACH37-
Bryan Ware: [00:07:41] Yeah.
Ron Gula: [00:07:42] ... which is where I think, it's either Haystax or MACH37 was one of the first times I-
Bryan Ware: [00:07:45] Yeah.
Ron Gula: [00:07:45] I met you, always had a soft spot for MACH37. It really gave people a lot of hope and guidance for starting cybersecurity companies. What kind of things did you see at MACH37?
Bryan Ware: [00:07:55] You know the, gosh, I'm telling you, you see probably more early stage startup technology companies right now than just about anybody. But, here I was coming out of my one company. I had one data point, I knew what we did. I knew the parts of it that we struggled with or the parts that we did well at. And w- you know, s- selling the company puts some money in the bank. Being in the private equity platform gave a different kind of stability, but also freed up a lot of my time. And I really wanted to be able to share some of my experiences with those companies, the good and the bad. And but at the same time, there's just such an energy that comes from startups. And I learned as much, from the kinds of problems that these new entrepreneurs were seeing that they felt so passionately about they wanted to go build a business. So yeah, I, I did MACH37.
I did spend as much time as I could there for, some of their early years. I actually just did an event with them just a couple of months ago. But yeah, it is a great we need... It's hard enough to start a company on your own. It's hard to find good advisors or good support. And I think what they were doing and continue to do there is really important.
Ron Gula: [00:09:00] That's a great way to give back and you don't have to be a five time entrepreneur, right? You've done it once. You've sold to somebody, and you've actually done more of that. Sometimes you're dealing with people that are just younger than you.
Bryan Ware: [00:09:11] [affirmative].
Ron Gula: [00:09:11] You need to tell them, "Look, it's okay to get an account at this point. It's okay to do that." And I think it's really important for minorities, especially when you look at that, how can I help? How can I get going? And it's a great way for that. All right. So now you're getting that call to go work at DHS. Was it a letter, was it like a phone call? Did somebody say, "Hey, you're going to get a call from what's getting the call like for you?
Bryan Ware: [00:09:34] I in my work at Digital Sandbox, we did a lot of very strategic work for the Department of Homeland Security and other parts of the government. At the secretary level, because they were allocating billions of dollars to buy algorithms that we built and designed. And through that experience a number of the people that went into the administration were just familiar with that historical work that we had done. Secretary Nielsen Christian Nielsen was had been someone I briefed regularly when she worked in the Bush administration when she was building out the team there. We kept in touch. She'd wanted me to come over, but I was the CEO of a company that I couldn't, for one thing, I didn't want to leave really at that time, but also I had responsibilities in the company that I couldn't leave.
So when when the board asked me to leave leave Haystax, and I was... I remember I was sitting out front but in my house you get these Adirondack chairs and I live in the Virginia Hills. It was similar to out here. It's just beautiful trees. I was sitting out there and I I text Secretary Nielsen I said, "I'd be really interested in [crosstalk 00:11:54]-
Ron Gula: [00:10:32] Ti- timing is everything.
Bryan Ware: [00:10:33] ... in the right position. And she's "Come on, let's do it." yeah.
Ron Gula: [00:10:36] So you went in as cyber lead? What is, what, and how did that relate to CISA?
Bryan Ware: [00:10:41] Yeah, so d- DHS is a big department, it's the largest law enforcement agency because you've got Customs and Border Protection, Homeland Security Investigations, Secret Service, and all those things. My first position was as her senior cyber advisor. That really just means that you're in her office on all things representing what, translating whatever's happening on the cyber side, translating her guidance to all those people, in, in DHS. And then actually part of the fun of the job that I didn't quite expect is you really have to be there for every single issue, even the non-cyber issues. So hurricanes border immigration issues. But that was my portfolio.
CISA of course is the primary cyber component inside of DHS and really the primary cyber component for the US government on the cyber defense side. As that advisor, they were a lot of my portfolio, but Secret Service has cyber teams. And the science and technology director has a whole cyber program. And I was responsible for just coordinating her intent to all of them and their information to her.
Ron Gula: [00:11:46] And a lot of our listeners are from the cybersecurity arena. So they're CISOs, their pen testers, that, that sort of thing. But when you say cyber at this point, are you really talking like, not just the hacking stuff, but telecommunications, space communications, wireless communications it's a bit broader than just cybersecurity, right?
Bryan Ware: [00:12:03] Yeah. And when it meets the secretary, whe- when it meets the secretary, it's even things like going dark for law enforcement. The challenges with encryption and getting access to devices. It could be surveillance programs that they're running on the law enforcement side. But I think the other, one of the other things that's really neat, at the DHS level is we really are the advocates the ones responsible for the critical infrastructure of companies who, they don't necessarily, they're not necessarily IT companies or telecom companies, although that was a big part of the responsibility. It could be, any other company, they have so many different issues. They could be China trade issues that have a cyber nexus or IP theft issues that have a cyber nexus. And s- CISA's role is huge, by the way. The mission that they have is huge, but they're not the guys that are tracking down IP theft necessarily. That could be the Secret Service or counterfeiting could be the secret service,
Ron Gula: [00:12:55] you went in and during the Trump administration.
Bryan Ware: [00:12:58] Yep. Yep.
Ron Gula: [00:12:58] So right around then we still had an even number of critical infrastructure.
Bryan Ware: [00:13:03] [laughs].
Ron Gula: [00:13:03] And I think president Trump said, we're going to add election security to that causing everybody's well cool PowerPoint slides with this even numbers that said, how do I fit elections in, into that? So what were some of the issues you worked during that time?
Bryan Ware: [00:13:17] Election specifically, or any number of [crosstalk 00:15:05]-
Ron Gula: [00:13:19] Or just anything, right? Was 5G a big thing back then?
Bryan Ware: [00:13:21] Yeah.
Ron Gula: [00:13:22] Did you have to learn how to teach everybody how to say Huawei-
Bryan Ware: [00:13:26] Yes.
Ron Gula: [00:13:26] Spell Huawei.
Bryan Ware: [00:13:27] Yeah. Transitioning from... So I was the cyber advisor for a handful of months, and then I moved into the assistant secretary for, in policy, and there in the policy shop we take all of the jobs that the secretary, the cabinet member is responsible for, and we divide them amongst four assistant secretaries. So I had cyber. I had emerging technologies, I had other risk and resilience issues in my portfolio. Yeah, we dealt with things like what ultimately became the, what's it called the entity designation of Huawei that limited the ability of US companies to sell chips to Huawei, limited the ability of US telecommunication companies to buy from Huawei.
I was very intimately involved with that. By the way, very disappointed too for us as leading technology Western nation that we didn't have... We could only say no to Huawei. We couldn't figure out what we're going to say yes to because there wasn't a Western 5G solution, particularly at that time. I think though, by, by us slowing down kind of those unfair practices that, that Huawei engaged in we've given the opportunity to create new new technologies. So that was one of the things. Certainly elections. There's a number of things we did in the emerging technology space.
There's AI policy. Gosh, we've used that word again. A lot of things in space, that was, when you think about what's happened in the last, three, four years is the commercialization of space. The moving away from requiring the Russians to get us to the space station, being able to get to the space station with the US rocket. There's a whole series of s- SPDs, Space Policy Directives that came out in that period of time as well. And that was also in my portfolio. So that was great fun.
Ron Gula: [00:15:04] What's the connection between space and cybersecurity?
Bryan Ware: [00:15:07] So in my policy job before I went to CISA I had all emerging technologies, right? Which includes, we, we treated space that way because when we thought about space we were thinking about GPS. We were thinking about putting things into space. We and DHS is one of the primary members of the of the Space Council. As we translate to CISA, though, there are a number of cyber concerns in space. We have to communicate. There's command and control of all those systems. That command and control uses essentially radio waves for the most part that can be intercepted.
And how we think about space cyber is really important. And then there are a of space assets that are also, could be degraded, could be spoofed, could be denied. And so how do we have other means of doing precision location and timing? GPS. How do we know? How do we ensure that if there was a disruption of GPS, we still know where we are and what the time is which, which was another kind of thing that did land in this, in, in the CISA jar, but also tied up to that, that, that policy role.
Ron Gula: [00:16:05] So how far into the future were you guys looking? Did you ever see that show Fringe?
Bryan Ware: [00:16:10] No, I don't think so.
Ron Gula: [00:16:11] Fri- Fringe had the oh my gosh, who's the oh this is horrible for me. In Lord of the Rings-
Bryan Ware: [00:16:16] Yeah.
Ron Gula: [00:16:16] ... The third movie, he was the protector of of the white castle. This is horrible that I brought this up.
Bryan Ware: [00:16:23] I don't know.
Ron Gula: [00:16:24] He was basically this researcher and DHS was basically doing the inspections of all these paranormal things.
So my question to you is how much were you worried about advances in nanotechnology, advances in like micro drones, advances in quantum mechanics to like decrypt, our encryption and stuff like that? How far out were you looking?
Bryan Ware: [00:16:43] The truth is there was a point in time. May, maybe it was well before I got to the department, I don't really know where that horizon had gotten pretty short, at least in the Homeland Security Department. And we were worried about drones after drones were already flying, and there were problems with Gatwick Airport in London. And we were worrying about a number of other emerging technologies that were really, right on our doorstep. And of course we just talked about 5G and Huawei. W- we should have been worrying about, we could have seen. We knew that there was... We have 5G because there've been four already, right?
Ron Gula: [00:17:17] [affirmative]. [affirmative].
Bryan Ware: [00:17:17] Like we knew it was coming, but we just hadn't planned for it. And so one of the, one of the two or three things I did in my whole time at DHS and CISA that I'm the most proud of was start a program to identify emerging technologies and to evaluate their risks. And to try to do that on on a horizon that would allow us to start to anticipate how could they impact critical infrastructure? How could they impact our government missions? How could we maybe leverage them and become more efficient if we can... How can we leverage AI to be more efficient at cybersecurity?
And that Emerging Risk Matrix is the program that they run from headquarters now is, was something that I started there and the whole idea that there's nothing that was paranormal profound about it. But the whole idea was like, we gotta stop worrying about things after they're already here. We should be able to see these things coming for a little while. We're not an R&D organization really like DARPA or IARPA or others are, but security organizations to anticipate these things, too.
One of the things that got done after I left actually I don't think it's done yet. I think they have a draft policy in DHS that'll come out soon on encryption with respect to quantum computing. Like we know that it may be a ways out, but before there is quantum supremacy, before there's quantum computers that can exp-, make current encryption obsolete. We know that's a ways out, but we also know that the government moves pretty slowly, and it has huge infrastructure. And we probably ought to start now and try to figure out what all, we're all are we using encryption? And what are the most important things, and where should we start wa- working towards quantum resistant encryption today before before that's like a next year thing. And anticipation I think is you got to put part of your time and resources and energy and the things that aren't today's problems, but are going to be your successor's problems or the future's problems.
Ron Gula: [00:19:07] It was the Steward of Gondor [crosstalk 00:21:53]-
Bryan Ware: [00:19:09] Ah, so you got it.
Ron Gula: [00:19:11] That, that same thing, like if we went back just 10 years ago and we were talking about, drone proliferation, and the fact that applications written in China were going to be stealing our faces, for biometrics and stuff like that.
Bryan Ware: [00:19:23] [affirmative].
Ron Gula: [00:19:24] People would have looked at us crazy.
Bryan Ware: [00:19:25] [affirmative].
Ron Gula: [00:19:25] So it's one thing to say, ha-ha future technology, a UFOs, paranormal, but some of that future stuff is common really fast. Especially when you talk about space, self-driving cars, there's a whole new vector of attack right there. Especially, when you see people like China banning their military and senior leadership from driving, driving Tesla. So that's interesting stuff. What was some of the wackiest stuff that you had to track or postpone or stuff like that?
Bryan Ware: [00:19:51] Oh, there were some, there were a number of wacky things that we looked at from time to time, but they're not, none of them are gonna sound all that exciting. I don't think on a on this podcast. One of the things that was-
Ron Gula: [00:20:00] Most, most heavily classified stuff is really boring.
Bryan Ware: [00:20:03] Yeah. That's true. Something that wasn't particularly classified. It was interesting, there was this I think it was a Wired article maybe couple of years ago about Russia's desire to disconnect from the internet. They want to have it like the internet kill switch.
Ron Gula: [00:20:14] Kill switch. Absolutely.
Bryan Ware: [00:20:15] That was an interesting thought exercise. What would that look and how would it work? And and we knew roughly what China had done with The Great Wall. And so those things actually, it's a good way to describe the kinds of things that were a little different from the role the policy role at headquarters versus the operational role at CISA. We try to think about what could, what would that look like technically? And w- what would the world look like more and more companies, countries did that? And what does the internet look like?
If you move from the internet to the splinter net is as many call it how does that affect the way that we do intelligence operations? How does that affect the way us S businesses do e-commerce operations? Like any number of things were considerations and the policy levers are very different than the operational levers. You're trying to encourage good behaviors. You're trying to shift things in the way that are beneficial to US interests. You're trying to align with allies. And you're trying to see over the hill a little bit, you're trying to figure out what kinds of things might happen in the future that we need to be ready for.
Ron Gula: [00:21:15] And then how do you juxtapose that with, if you look at some of the threats that have happened recently, right? We had massive power outages in Texas, not from a cyber attack, but from a snowstorm. And we had a huge change to our telecommunications and our working, remote industry not because it was more efficient because we had to go home 'cause of COVID.
Bryan Ware: [00:21:32] [affirmative].
Ron Gula: [00:21:33] And then we actually had somebody try to poison people in Florida with, by hacking into the water system. So it's, we're coming at this from a lot of different angles. We were after 9/11 people talked about Hollywood fiction. Let's look at science fiction as a way to figure out, threats we can do. So where do you pull some of the inspiration from?
Bryan Ware: [00:21:49] Oh, I love, it's so funny, you mentioned like the science fiction and the pandemic. Like during the beginnings of the, this pandemic, didn't it feel like every, you know-
Ron Gula: [00:22:00] The Stand, The Walking Dead.
Bryan Ware: [00:22:02] Yeah, yes.
Ron Gula: [00:22:02] Absolutely.
Bryan Ware: [00:22:03] And I went back and re-watched a lot of those shows and those series just to get into the thought process. And some of them actually had their roots in a virus. But others are like, just the idea of becoming more more disconnected and more virtual in our day-to-day lives, which is also the, so much of that comes from science fiction. I love I've always loved watching the sci-fis. I'm a, I'm not as big of a reader right now as I've been at different times but I take a lot of... You get good good corollaries a lot of times from those books, or interesting ideas from those books. I'm reading... Oh gosh, now this is going to be my moment. I think her name is octa- Octavia Butler.
Ron Gula: [00:22:40] Okay.
Bryan Ware: [00:22:41] And I'm like halfway into the book right now, and it is a I don't actually know what's happening in the book. It's in like 2035. And they're, living in a walled little neighborhood inside of Los Angeles and no one has really electricity anymore and all these other things. And I just heard about this book recently in the last couple of weeks, and I'm like, "Okay, I'm going to read that," because, maybe we'll come up with some, maybe it'll spur some interesting ideas of ways to think about-
Ron Gula: [00:23:03] Self-sustaining, independence-
Bryan Ware: [00:23:05] [affirmative].
Ron Gula: [00:23:06] That's good. I think before we really dive into cybersecurity another big thing you worked on was supply chain, right?
Bryan Ware: [00:23:11] [affirmative].
Ron Gula: [00:23:11] It's not just Huawei and 5G and the fact that we don't have a lot of 5G manufacturers here in the state. It's also the power grid, right? There's components we're buying from China. I hear these horror stories about, we're buying Chinese power converters and the transformers, and they're just loaded with telecommunications connections back, back to China, which makes you wonder, but that's also how this stuff works, right?
Bryan Ware: [00:23:32] [affirmative].
Ron Gula: [00:23:32] Most, you can't buy a large multi-million dollar asset these days and not have connectivity back to the manufacturer. So what was your theory or take away from all the supply chain work?
Bryan Ware: [00:23:42] I think there are parallels between what you know so well in the IT world and how the internet made everything so efficient in e-commerce and communications and all those things. There are parallels in the very physical world where just-in-time inventory, all of the logistics innovations of the FedExs and the UPSs, and the idea of globalization. They created amazing efficiencies, right? We can get fresh avocados. You can get cheap electronics and they're sourced from all over the world and they get to you super efficiently. And I would say that over the last couple of decades that's led to developing worlds, in, in, in many ways lifting people out of poverty. It's given us, as consumers, so much great choice and low price, but along the way no one really knows where the stuff comes from anymore. And it comes from all over. But increasingly so many things come from Asia and and particularly from China.
And there've been, there's been a contingent, really in the Defense Department and the intelligence community for a number of years, it's been concerned about the growing supply chain risk. The way that components could be corrupted or the way that there could be scarcity of components, but it's, that was a pretty small group that had a hard time getting attention. And something really profound has happened in just the last year. Everyone understands now the supply chain risks with Asia because we couldn't get a mask last March. Remember how hard it was to just find a mask to put on your face? I remember going on Amazon. And it's not that they were expensive. It's just that they all came from China, and they were needed in China, and you couldn't get them here.
And that's the most low tech thing that there is, right? But ventilators, medicines, and I think that the highly connected, the highly interconnected and increasingly dependent on, on, on China nature of our supply chains became very obvious to just about everyone. Now we're going to have to think about that in other areas that are of enduring importance. And I even say that the medical issues made 5G a lot easier to understand, and semiconductors is the, that's the real, that's the next decade's issue is that so much of our semiconductor supply chain comes from Asia, not just China, but from Asia. We have less and less indigenous capacity or Western capacity, but pretty much everything that we're doing every day, that whole way that we got through this pandemic of being, sitting at home and doing Zooms and Teams meetings, and Cisco WebExes, and so forth. There's a lot of micro electronics involved. And we got to find ways that we can secure the resilience of those supply chains.
Ron Gula: [00:26:34] So similarly to the supply chain, how much did you look at the disinformation or the public perception manipulation? Not just even on, on social media. I think people don't realize that when you look at Twitter and I look at Twitter, Twitter has given me my feed and given you your feed. Even when you go on Amazon, I went to buy some [Sonosis 00:30:36] the other day, guess what? We don't have any on Amazon. I was like, "Oh, wow, what's up?" I go to Best Buy, "Yeah, we got all the Sonosis you want." So Amazon was being a little selective about what they're doing. How much of that did you track? Because that's right up there with manipulating elections-
Bryan Ware: [00:27:04] Oh, yeah.
Ron Gula: [00:27:04] It's right there with perception management.
Bryan Ware: [00:27:06] Yeah. It is our adversaries and not even our adversaries. I think you're talking about just things that businesses do you, use information to shape opinions and adversaries in particular found ways that it doesn't even have to be remotely true. If you can get people to like it and share-
Ron Gula: [00:27:26] Has to be believable.
Bryan Ware: [00:27:27] It has to be believable. And by the way, some of the QAnon stuff didn't seem to be particularly believable, but it had believers, right?
Ron Gula: [00:27:34] [affirmative].
Bryan Ware: [00:27:34] It, and those issues were a very big issue for my leadership. Thankfully for me, that by the time disinformation and mis, misinformation related to the campaigns was a primary issue. I was pretty much heads down working on the more cybersecurity bits of that. Chris Krebs and others really they took that head on. They tried. I think one of the things that, that CISA is the most proud of that I know that Chris is very proud of and deserves a lot of credit for was this idea of war gaming in advance the kinds of messages that might go out that were false, and trying to have the facts in an easy to get to place. And they spent the time before any of that false information was really going out there, educating the media on where to come to for the facts and trying to do their part to educate the American people, that paid huge dividends I believe in trying to tamp down active disinformation campaigns of whether ballots were being manufactured by DHS or thrown away, or whatever, like pointing that to authoritative source. And as successful as it was as as a way to limit the disinformation campaign it, it did come at the cost of a couple of jobs a little bit down the road.
Ron Gula: [00:28:47] That's that's well said.
Bryan Ware: [00:28:48] [laughs].
Ron Gula: [00:28:48] We'll just say, let's just handle that by saying here's Chris Krebs.
Bryan Ware: [00:28:51] Absolutely.
Ron Gula: [00:28:52] Best luck in the future.
Bryan Ware: [00:28:52] Oh, yeah.
Ron Gula: [00:28:55] It is. I will make one comment there though. I get a call from my dad.
Bryan Ware: [00:28:59] [affirmative].
Ron Gula: [00:28:59] Who is Chris Krebs guy? Do you know him? And I was like I don't really know him, but yeah, he's one or two degrees separated from everything we do.
Bryan Ware: [00:29:04] [affirmative].
Ron Gula: [00:29:04] And the story I tell to people is that as much as you're at DHS and folks who are in cybersecurity or in cyber we are in a bubble.
Bryan Ware: [00:29:12] [affirmative].
Ron Gula: [00:29:12] We speak a different language. We speak in acronyms and risk. And we talk out of both sides of our mouth about the here's a bunch of stuff you should do, but you can still get hacked by Russia. Even if you do all that. It's not unlike the medical profession, but the world doesn't understand the cyber profession. They understand the medical profession. So that's kinda, kinda interesting. All so we're going to dive into cyber bit more, but before we do that, your career you have now left, you are doing Next5, and you came with swag. You were very new.
Bryan Ware: [00:29:39] Oh, yeah.
Ron Gula: [00:29:39] You got your own [crosstalk 00:33:52]-
Bryan Ware: [00:29:40] You know it's a legitimate company because I've got a, like a shirt with the name on it.
Ron Gula: [00:29:43] That's very legit. So what is Next5?
Bryan Ware: [00:29:46] It actually has, some seeds in everything that I've done throughout my career and even the things I most recently did when I was at DHS, but the idea behind Next5 is to identify the emerging technologies that will be the most important technologies in the world five years from now in the Next5 years and attract and build good, strong, analytical coverage and products around those technologies so that we can help investors to understand when it comes to quantum computing, what does that mean? What are the impacts going to be? How's it maturing? Who's leading in those areas by country or by company or by patent holders? Diff- different ways of looking at leadership.
So I'm building a bis- business intelligence platform to track and provide insights on those products. And then around that we're wrapping strategic advisory services typically to larger companies and larger investors to help them to understand on a longer term horizon, what are these technologies going to mean in my business? Are they going to open up whole new opportunities for efficiency? Could they could the emergence of some of these technologies im- impinge upon our business? And I think that, just going back in the conversation we've had so far not even two years ago Huawei had high '90s percent of the global market share for 5G. But because of a few policy decisions that were made in the Trump administration that the Biden administration looks very likely to continue to support there's about half of the world that is no longer addressable by a Chinese company. So two years ago, no US company had even 1% of the global market share. No western company had even 1% of the global market share, but right now half of the world is available to them.
And that's really where I want to focus my time, and my energy is like, how do we see those opportunities coming? And how do US businesses, Western businesses need to prioritize, invest, acquire the capabilities that are going to allow them to lead and dominate in that area. And it's, I'm having a lot of... I'm having a lot of fun. I'm doing the I'm still in the national security mission all over again from the private sector, but, in this role believing that the best defense is a good offense. If we can build he- healthy, strong, competitive businesses that are solving really important problems that, that's the way I want to win.
Ron Gula: [00:32:05] That, that's excellent. You're focusing on 12 critical emerging technologies, 5G, quantum, we covered that a good bit. Are you publishing any research available to the general public?
Bryan Ware: [00:32:15] Yeah we're going to... A lot of the research is going to be more for our customers. That's the business model, but yes we're getting really close to starting to put out curated news and not just news because news is news, but trying to put out some of our analyst insights that would be much more broadly available. But at th- at this point, the focus is on our customer base and getting that.
And yeah, we're going to cover all 12 of those technologies on a continuous basis. And the focus right now because I think that they're the ones where there's either a lot of rapid change, rapid volatility, or there's not enough information to make good decisions. So a sweet spot right now is 5G semiconductors or micro chips. And and quantum computing. Qua- quantum is very different than those other two. Those other two are like clear and present. They're right here right now. But quantum is just hard to get your head around and when, and as it emerges, it, the impacts it's going to have are going to be incredibly transformational. And that, those are the first three that we're spending the most time on for the next quarter or so.
Ron Gula: [00:33:15] So let's talk a little bit about that and pivot into role of government, public policy, that sort of thing. It used to be that technology would just dramatically outpace government policy, right? Like we had vulnerabilities and compliance issues before we got PCI, right?
Bryan Ware: [00:33:28] [affirmative].
Ron Gula: [00:33:28] Before we got government regulations and whatnot. But now you could say thanks to the Trump administration or whatever, but, we're banning technologies, right? Overnight ban TikTok, ban, DJI Phantom drones, ban, ban stuff. I look at the Biden administration now, and I think there's going to be regulation-
Bryan Ware: [00:33:44] [affirmative].
Ron Gula: [00:33:44] ... on a number of things could impact big tech, social media, that sort of thing. But right now, one thing they're trying to do is DHS announced that they want to pass some regulations on, minimum software, resilience, vulnerability, things. I am very curious about what they're going to come. This is something, wouldn't it be great to just to pass a law and say, "Hey, you can't have vulnerabilities in your products," right? What do you think of what, what might happen here?
Bryan Ware: [00:34:11] Yeah. I think there's a few things that could happen. And I don't I don't know the specifics of what may come out. Right now DHS CISA has very limited visibility into each department and agency. We would fund programs that benefited those departments and agencies, but a lot of the data from those programs, those capabilities went to the CIO and CISO of that agency not to a central place at CISA where you could look across the whole of the government and see whatever you need to see.
Ron Gula: [00:34:43] Continuous diagnostics monitoring.
Bryan Ware: [00:34:45] Yeah, so CDM be- benefited each department agency, but not the incident response team at CISA. And that's, that becomes a glaring issue in the moment that we're in right now. It was always an issue, but it's glaring now. I think what we'll start to see less about software, but the way that we run software or additional responsibilities on the departments at agencies to give more visibility, more granular visibility back to CISA. And particularly things that would have been relevant in the cases that we've just seen.
From a policy perspective, though, I think there's an important conversation that we need to have about what the responsibilities of those software companies are for security. We used to, you're talking about the 18 critical infrastructures before 17 or 16 or however many there are. That used to be things like the financial system and the power grid and the water and other things. But, our business is run on on email and IT systems and cloud systems. And it feels like there's a, there, there's a responsibility for those large companies to not just, not have bugs and not just have high availability, but to secure their products and platforms. And I know that's a policy discussion that we're going to have. Regulating that is really hard. And I could imagine all kinds of negative outcomes and it's hard to imagine how to regulate it and get the desired outcomes.
Ron Gula: [00:36:09] So I have an accounting practice.
Bryan Ware: [00:36:11] [affirmative].
Ron Gula: [00:36:11] and I've got my certified, public accountants and they mess up my books. They can lose their job and their ability to practice.
Bryan Ware: [00:36:19] That's right.
Ron Gula: [00:36:20] Same thing with law.
Bryan Ware: [00:36:21] Yep.
Ron Gula: [00:36:21] Same thing with doctors. Maybe it's going to go down that road. Now, I think the typical person who's writing code, it's like people who are figuring out medicine in the 1800s.
Bryan Ware: [00:36:32] [affirmative].
Ron Gula: [00:36:32] They were not like what we have today. So that's where I think we need to go as an industry, like really put these people on this is a professional platform, right? This is not hacking two APIs together with some Python, right? People depend on these APIs and whatnot. The problem is we're all over the place. There's probably some really important technologies out there that are hacked together with a little bit of Pearl and Python and whatnot. On the other hand, though, the public doesn't really seem to care too much when there's breaches. They don't seem to care too much about privacy. And I see this world where the people who want to have security are actually not participating with us. What do you think might happen here?
Bryan Ware: [00:37:12] I don't think there's going to be... Like, I strongly believe that we need to significantly increase the resources at CISA. That it needs to be a bigger, better funded agency with more capabilities. That being said, though, we don't want our security investments to outstrip our IT investments.
Ron Gula: [00:37:29] [affirmative].
Bryan Ware: [00:37:29] And yet our, IT is so bad from a security perspective that we have to spend more and more money on cybersecurity. As an engineer engineer scientist. Like you want to engineer out the defects that cause, recalls, that cause repairs. That's the way we manufacture an automobile, right? You don't want to take, you, you don't want your automobile breaking down all the time. And if you designed and built that you'd rather catch that whatever is going to cause it to break down at the design phase, you want to have good quality in the way that you build it so that when it comes, off the show floor it's going to work the way it's supposed to work.
Software is not like that by a long stretch right now. And one of the things that's, and this is a single data point. So like data points are not trends, but I find it interesting in the Biden's Biden teams stimulus funding for this big, $2 trillion package. There was originally going to be nine or $10 billion for IT modernization and 650 million or so with some other money, almost a billion dollars for cybersecurity. All that IT modernization got stripped down to one billion and one billion for cybersecurity. This isn't a good ratio, right? I would rather pay more for really good IT that meant that I didn't have to spend as much on incident response, that's...
Ron Gula: [00:38:51] I tend to agree and I'm probably going to make some folks angry here. I mean-
Bryan Ware: [00:38:54] I was going to try not to say things [crosstalk 00:44:16]-
Ron Gula: [00:38:55] I am, I'm a fan of the Solarium. I'm a fan of compliance. I'm a fan of hunting, but if you have to have compliance, and you have to have hunting, it's not security engineering. We don't want to fly in planes and have policies in planes because you might misconfigure a plane that crashes, but that's exactly what we're doing in IT. We are just letting people do things and saying, "Oh, by the way, why don't you patch this with duct tape?" It's called compliance and hunting versus secure by design. And I really wish there was more focus on that.
In the case of IT, that's great. I love putting more money into better things. There was a I wish I had the Senator here, but oh yeah. I'd love to have any senators and congressmen come on the show here. But there was somebody who said during recently after SolarWinds, like why are we spending all this money with Microsoft when they have all these problems? Now, Microsoft deserves some blame here, but they are the ones are working hardest on making their products securable and configurable. And the vast majority of these 30,000 exchange servers that are out there were old and unpatched, right? So it's an interesting, it's an interesting thing to say just make things secure by default. I don't think that's going to go very well.
Bryan Ware: [00:40:03] No. So good luck on the regulatory side, right? It's, I used to have the conversations with my software development team where they... If you said that you wanted less bugs in your software then they would just look for bugs less.
Ron Gula: [00:40:15] Yep.
Bryan Ware: [00:40:16] If you said that you wanted to drive your defects down and have a rigorous process then you slowed all your development down or all of your innovation down. You can't... We're going to have to make choices on what we want and we can't have low cost, super fast acquisition, super fun user experience and the best security, and the best privacy. We haven't figured out a way to have all of those things just yet. Unfortunately the security and privacy stuff has been barely an afterthought. If we bring that and maybe that's what these incidents are going to do for us is bring those forward more as primary considerations.
Maybe that's a slower correction, but I know there's an enormous desire to have some some regulation here. I actually think that we need some, I just don't know that we know how to do it the right way. Because you're right, it is a lot more like a craft. We're in the arts and crafts era of software still. We've been saying that for decades now. But we're there, it's not an engineering discipline just yet.
Ron Gula: [00:41:13] All right. Let's talk about SolarWinds.
Bryan Ware: [00:41:14] Yes.
Ron Gula: [00:41:15] SolarWinds, somebody hacks a supplier, and they put their backdoor into an update and they slipped their malicious code in. So that's what happened with SolarWinds. So one, how come we didn't catch this as a country, right? I don't want to... You can blame NSA. You can blame Einstein, but you could also blame the thousands of cybersecurity AI hunting companies. These things were in the networks and trying to probe around and get just the access was delivered through SolarWinds not all the exfiltration and stuff like that. So what do you think SolarWinds means for the industry?
Bryan Ware: [00:41:54] Yeah it's a good news, bad news, what does it mean? The bad news is that there isn't, as, aside from the guys at FireEye that maybe even got lucky. I'm not gonna, I wouldn't say that in front of Kevin. But aside from those guys that saw it, no one had seen it for nine months, plus, which tells you that all of our existing infrastructure, all of our existing tools, all of our cybersecurity products, all of our IT best practices were not effective. That's really bad news because there's billions of dollars that are spent on those things.
The good news, particularly going back to MACH37 and all those startups, there are tremendous product opportunities because the things that happened were detectable, were preventable, were catchable could have been mitigated. And there have clearly been products that have quickly adapted and have been quickly responsive, but we're still missing some products and capabilities that can anticipate and identify and detect the next one.
And I think some of those new products and innovations are really going to be on the IT side. Like just better practices for how, so that you can create the golden SAML ticket, right? There's IT product there. And I think there are products on the zero trust side or capabilities around the z- in the zero trust area that are probably analytics products that are doing a better job of detecting these zero days or detecting anomalous traffic ton, tons of good new opportunities.
For engineers, who love hard problems to go solve or for entrepreneurs who want to build businesses that have unique value. The burning platform is here right now. And you, most of the time when you're a small company or you're an engineer, you're an innovator, you're intimidated by the big guys that already have the billion dollar mar- market cap. But for the most part they were limited in their effectiveness.
Ron Gula: [00:43:51] I tend to agree. It is an opportunity to help. It's also an opportunity to do things better, right? Do things in a more secure fashion. And I often wonder if the information we're communicating to the general public is correct or not. So for example, you look at everything in the NIST cybersecurity framework, hundreds, 200 things, five, five major areas identify all the way to respond, right? So it's good, it's scientific, but it's basically compliance and hunting.
Bryan Ware: [00:44:15] [affirmative].
Ron Gula: [00:44:15] But then if you go way back out and we've had Kiersten Todt on the show to talk about the Cyber Readiness Institute, and you're like, okay, what specific, what's the doctor Fauci equivalent of wearing a mask, right? They basically say it's patching, it's phishing, it's passwords, and it's USB. That's it, right? Secure wifi, not there, right? Secure VPN, not there. Those are the four things they focus on. I always feel a little yeah. I'm sure Dr. Fauci has many other subtle things that tell us about how to fight COVID but wear a mask. How do you mix all that kind of stuff because DHS is very focused civilian government, right? But you're also kind of a Dr. Fauci for talking to the nation about cybersecurity.
Bryan Ware: [00:44:54] Yeah. The US cert part of CISA in particular, that is that central repository of all of the vulnerabilities and best practices and guidelines, I think is actually one of the greatest services that they provide. Is yeah, it's got to work inside of US government, but when it does, it works for everybody else too. And we really did feel that, that mission, that need to push our information out. I think that those best practices, those simple top 10 lists they are still relevant and they are still important, but we unfortunately are now seeing a few challenges to simple conventional wisdom that we're going to have to get our heads around. Two or three of them. I think that are interesting. Like I think I used to poll people, my smart guys, what's the most important thing? Patch often patch urgently.
It was the patch that was the delivery mechanism for the back door. Okay. So now we're going to... We're not going to say don't patch because that's worse, but we're going to have to find some nuance in the way that we patch. So that we are understanding the integrity of that patch. I think that there have been many. I'm one of them that believe that we can operate in the cloud more securely than we can operate on-prem. For a whole variety of reasons, but mostly because of specialization.
Like this, not every enterprise can be an expert at running their network, but we've now just seen cases where before the exchange vulnerability on-prem, there was the Office365, SolarWinds vulnerability. You're not safer, and we always knew necessarily by moving from on-prem to the cloud or vice versa. But there's going to have to be nuance there because I think that would have been, going back many years ago there was a recommendation to smaller enterprises in particular, move your stuff into the cloud. Now there's nuance there.
And I think that the one that's been on my mind the most recently is we're in a... Most large enterprises have been moving to single identity to access all of your enterprise devices and all of your enterprise databases so that you didn't log in and password to every single thing. And now that is a primary means of vulnerability. A primary, mechanism in these hacks has been going after that privileged access. And then really owning at, the the ability to move into any part of the network that you want to.
Again, I don't think that the best practice of doing that integration was wrong. You certainly wouldn't want to have hundreds and thousands of passwords and how are you going to main, maintain and manage all of those. But we're going to need better ways of managing access, better ways of doing analytics around the identity and a more security inf-, a secure, AD or whatever infrastructure in the first place.
Ron Gula: [00:47:33] So let me get your reaction to this. So one of the things I volunteer is defending digital campaigns, right?
So when you run for Congress, someday, I can give you free cyber swag without it being a campaign donation, right?
Bryan Ware: [00:47:43] Okay.
Ron Gula: [00:47:43] Having said that, if you think about small business, a small campaign, how do you protect that? And if you bring NIST cybersecurity framework to it, it's basically compliance and hunting or patching and, password management, stuff like that. But we never say do 100% max solution or do 100% Windows solution or 100% Google solution. And we certainly don't have any ability to compare the risks of those things, right? But we all know that as soon as you put some non Microsoft code on a Microsoft platform, you open yourself to malware.
Bryan Ware: [00:48:19] [affirmative].
Ron Gula: [00:48:19] If you go all in with a Google Chromebook, you're basically immune to malware. Maybe you can phish some accounts here and there and stuff like that, but there's a lot to be said for these monocultures, that man, you're putting all your eggs in one basket, but I often wonder if that should be the message to small business.
Bryan Ware: [00:48:34] Yeah. As a small... One of the things that's hard for, hard to get your head around. I'm leaving CISA where we had a good IT department who really understood cybersecurity really well, and they owned all my devices and they provisioned my devices and I expected that they were pretty secure. Now I'm running my own small business. I am the IT guy. You're the IT guy, too. Yeah, congratulations. CIO pays about as well as CEO. And one of your both. These are hard choices to make. I can't, I stay up to speed on all of these things. I don't feel like I have the expertise to do that nor do I have the time to, to do that. And so what it does do at least from my standpoint is take as little risk as you can, simplify as much as you can. I can't try out every product that sounds like it might be an efficiency.
Ron Gula: [00:49:21] Yeah. Two days ago I had to do a bunch of keynotes and a bunch of meetings. I used Teams, Zoom, Google Hangout, Adobe Connect, and WebEx all in one day. One which worked, which I was happy about is to recognize the cameras. But that's just insane-
Bryan Ware: [00:49:35] It's insane.
Ron Gula: [00:49:36] ... when you think about all that kind of stuff, and if you are, want to practice a monoculture it's almost like practicing beliefs. If you're ca- Catholic, it's Lent, no fish on Friday. You go out for lunch, somebody happens to offer you a pizza with pepperoni. You've got to be disciplined. And if you're that person and you're like, "No, I can't use Zoom. Zoom is against it." You're looked at a little strange. And I really wonder if we shouldn't work on the culture to be more accepting of that because, you can't quote me and go now Ron is saying Zoom is an insecure thing," of course, but it's certainly less secure than 100% Microsoft. You just added a million lines of code and a whole infrastructure that I didn't-
Bryan Ware: [00:50:13] Yeah.
Ron Gula: [00:50:13] ... use before. And we just don't think about that in the general public.
Bryan Ware: [00:50:16] By the way, one of my, just this is a complete non-sequitur to everything that you just said that you made me think of this funny memory. I had to host a meeting with Google and Apple. They were developing the API for the contact tracing. It was such a great idea led by industry to allow contact tracing in a way that collected no personal identifiable information, didn't use location information. It just used the very low powered blue, Bluetooth or whatever, and an API that we're working on together.
We were having a meeting with Google and Apple leadership so that they could talk to us about that. And we could talk to them about some security concerns that we actually didn't have, but we wanted to understand things better. We're going to set up the web meeting and at CISA our go-to platform was Microsoft Teams, here you're looking at Apple probably doesn't use Teams. They got like FaceTime. Google, has many different things Hangouts or Meet or whatever. I remember that awkward moment I was like, gosh, how do I.... What do we host this on? So we floated it to them. What would you prefer that we use for this? And Switzerland, apparently it's Cisco WebEx because that's what we used, [laughs].
Ron Gula: [00:51:21] That's hilarious. I love stories like that. You should never FedEx a an a vendor order to UPS. That's happened [crosstalk 00:58:37]-
Bryan Ware: [00:51:28] Oh, no.
Ron Gula: [00:51:29] All right. So let's close out with some science fiction, which includes superhero movies, books, any of that kind stuff. So while you're at DHS, what are people watching? What are people excited about?
Bryan Ware: [00:51:40] There are so many Star Wars geeks at CISA it's shocking.
Ron Gula: [00:51:46] [affirmative].
Bryan Ware: [00:51:46] There's Trekkies and all those other guys too. But there's, I remember one of the first times I went to CISA, and it was before, before CISA knew that I was coming over, but I knew that I was coming over. And I'd go for meetings, but I couldn't, nobody knew why I was there. I like look on the floor of the elevator lobby waiting for my elevator. And there's like a baseball card, but it's a Stormtrooper card. And I don't know, there, there's some guys that work there that dress up as Stormtrooper. They had their own like playing cards. I didn't even know that was a thing. Yeah, I'd say it's probably, I'd say it's probably-
Ron Gula: [00:52:22] Star Wars is great. There's a lot of good that we can talk about out of Star Wars, right? The weaknesses in the all three death stars.
Bryan Ware: [00:52:29] Yes.
Ron Gula: [00:52:29] The so the order of the Jedi versus the empire there's a lot of stuff there. Is the force, you know what we're using to do cybersecurity. It's a lot of good-
Bryan Ware: [00:52:37] [laughs].
Ron Gula: [00:52:37] ... a lot of good stuff there,
Bryan Ware: [00:52:38] But the most important thing now after the Mandalorian is we can always just close everything out by saying, this is the way.
Ron Gula: [00:52:43] This is the way.
Bryan Ware: [00:52:44] This is the way.
Ron Gula: [00:52:44] This is the way. That's awesome. How about books? Are you motivated by any of these I'll call them Hollywood fiction. These stories about wars with China, like I'm reading Ghost Fleet right now.
Bryan Ware: [00:52:54] I read Ghost Fleet.
Ron Gula: [00:52:55] I was late to reading it. I'm just, I read Burn-In first, but I'm like, "Oh, I got to go back and read Ghost Fleet.
Bryan Ware: [00:52:59] On my, on the, in the end of the island in our kitchen is 2034, I think it is.
Ron Gula: [00:53:05] That's the one I've been told to get.
Bryan Ware: [00:53:06] I haven't cracked the cover on it yet, but I pre-ordered that when it came out. I read Ghost Fleet and Ghost Fleet was really cool for me because, I'm reading intelligence reporting and I'm reading defense reporting and, that's that's fact, or it's at least analytical judgment or assessment, but it doesn't really tell a story. And sometimes if you're not, if you're just in a role, like I was, you don't know what the story is. And the book like Ghost Fleet helps you to see aha, like this is this a certain course. I won't tell you the end. Yeah, I like, I do read some of those.
I don't read a ton of those. I used to love by the way, this is a slight departure, but the Sandman series is what I like. I never, I thought I was done with comics when I was a kid, but I always loved like Stephen King books, The Stand, yeah, those are like huge books. Huge in size and like really made an impact on me. And I later discovered the Sandman and I loved Neil Gaiman. I've read almost everything that Neil Gaiman's ever written.
Ron Gula: [00:54:01] What are the best examples of fiction in the movies or books about real-world hacking and whether it's nation state stuff or personal, one-on-one hacker stuff?
Bryan Ware: [00:54:11] Enemy of the State, of course. That's the, it's the one where the NSA can turn the cameras around and see on the other side,
Ron Gula: [00:54:17] there's, there's-
Bryan Ware: [00:54:18] [laughs].
Ron Gula: [00:54:18] ... so many things wrong with them.
Bryan Ware: [00:54:21] [laughs]. Yeah, it's the one thing we just love to hate.
Ron Gula: [00:54:23] And there's so many awesome people at the NSA, but there's like a GS 13 in that movie and they now, there's a few disgruntled GS 13s there-
Bryan Ware: [00:54:31] [laughs].
Ron Gula: [00:54:31] They nailed that. Have you ever seen The Listening?
Bryan Ware: [00:54:33] No, I don't think so.
Ron Gula: [00:54:34] The Listening is this crazy movie where they are, it's like the early '90s and there's a government contractor that has developed a way to listen on your phone. This is before cell phones and literally they lose the documentation for this like in Italy or Europe somewhere. So they have to send out a team of s- Seals or something to get them. And the NSA guy decides to protect the woman who got this stuff inadvertently before she, and he has to hack back into the NSA.
And it's just really an interesting movie. It's very real. It starts off with a lie detector test in a crappy government facility. That's what working there-
Bryan Ware: [00:55:10] [laughs].
Ron Gula: [00:55:10] Was which is good. Now, how about the super science fiction? We talk about Star Wars-
Bryan Ware: [00:55:13] Okay.
Ron Gula: [00:55:13] But do you ever see a Minority Report or Altered Carbon, like on Amazon where everything is just in your face. Even like the space stuff, like Expanse on Amazon, everything just works. Nobody patches a spaceship, unless it's a plot point that there's a virus or something like that.
Bryan Ware: [00:55:29] Yeah. I've watched all of those. Expanse I had a hard time getting into, watch a chunk of the first season and I never got much further. And then others have told me like, "No, you bailed out too soon."
Ron Gula: [00:55:40] Yep. [crosstalk 01:03:24].
Bryan Ware: [00:55:41] Yeah, all so it's on my list to revisit. And I liked the first season of Altered Carbon a lot more than the second season. The first season was fantastic. And I think I petered out somewhere in the second season of that one. Yeah, I do love those and there are glitches, right? And I love that they reflect the glitches, and that there was missing information in Altered Carbon, which is what a lot of, what a lot of hacking is, right? Is removing information or changing the way that you perceive information for sure.
Ron Gula: [00:56:06] Awesome. All right. Where can people find you online?
Bryan Ware: [00:56:10] Next5.co. [crosstalk 01:04:00].
Ron Gula: [00:56:13] It's .co not com, co.
Bryan Ware: [00:56:14] Yeah, com, it turns out that there's just not any coms left anymore, but there are some cos. And then if you move away from co you starting to get into some shady domains, at least that's what my internet service provider told me.
Ron Gula: [00:56:26] .tech and stuff like that, right?
Bryan Ware: [00:56:27] [laughs].
Ron Gula: [00:56:28] That's awesome.
Bryan Ware: [00:56:28] The one.
Ron Gula: [00:56:29] That's good. All bryan, thank you very much for-
Bryan Ware: [00:56:32] Thank you.
Ron Gula: [00:56:32] ... for coming on, sharing your experience at DHS, sharing your experience what you're going in the future and in the past. Thanks again. This is Ron Gula with episode 13 of Gula Tech Cyber Fiction.