Today we are interviewing GCA Global Marketing Officer and Chief of Staff Michael Tanji, who joined us in March having spent a varied career both in intelligence and computer security for the U.S. military and federal government, as well as co-founding a number of cybersecurity companies including Carbon Black, which was acquired in 2018 by VMware.
In his spare time Michael has also authored a number of books on cybersecurity.
Welcome Michael - it’s great to have you on board!
Thank you very much.
What attracted you to join GCA and what have you been focused on during your first 6 months?
I wanted to spend some time in the not-for-profit space. I had no prior experience working with nonprofits. When I looked at various organizations in the space dealing with security it was a lot of people dealing in white papers and seminars, which would be great if we could talk our way out of the problems we’re in. The fact that GCA actually creates or assembles solutions people can use was the kicker for me. Maybe someday I’ll be ready to sit down and write the great American white paper on cybersecurity that spurs serious action, but until then I’m still inclined to help build things.
My focus so far has been on understanding the organization, its people, its functions, and helping reinforce order, stability, and sustainability. For its size, GCA does a lot. It is not unlike every startup I’ve been involved in; everyone doing maybe a little too much because there is so much to do. Everyone is doing great work, but you can only go full-throttle for so long. We’re five years old this year, and I’d like everyone to be here 25 years from now and you can’t do that if you’re burning the candle at both ends.
GCA addresses systemic cyber risks by developing concrete action oriented solutions which make a difference. Combining large technology focussed projects, such as Quad9 and AIDE through to regionally or sector specific solutions such as our Cybersecurity Toolkits. We continue to focus on phishing and IoT. Where do you feel GCA has made the most impact to date?
Far and away the answer would be Quad9. One simple change on your PC or phone and a whole class of problems are off the table. There is no updating, or fine-tuning, or maintenance on the user’s part. Set it and forget it. Solutions that rely too heavily on the user taking action, generally speaking, don’t do as well because everyone is focused on access and speed and productivity. Better to address the problem as close to the source as possible and for as many people as possible.
Your career has tended to focus on defense against adversaries - from physical combat through to cyber defense - how has the evolution from physical to cyber warfare changed the strategies deployed by defenders?
I would argue that we haven’t really cracked that nut yet. We’re still trying to shoe-horn schemes from the physical world into the cyber one, and not always successfully. We love to use martial analogs to describe our work, and while those analogies are not useless, I think they’re sub-optimal. If they were working we’d be in a better position than we were 30 years ago. We’re not. If cyber defenders were an actual army, it would be an army fighting to protect people who don’t really want to be defended, and in many cases actively work against what the army is doing or recommending. At that point you have to ask yourself: is an army the right model? Is a castle, a wall, a moat the right model?
What is GCA working on at the moment and how can the community get involved?
If you’re at all interested in security solutions for the Internet of Things (IoT) space, our AIDE project is something you should get involved in. Computing technology is already pervasive and connectivity ubiquitous; IoT just takes that to another level. The impact IoT is having on our lives - even if you personally don’t have any IoT devices - is fairly scary when you realize how little security it all has.
Yes, the IoT space is evolving so rapidly. How can folks get involved with this effort?
If anyone is interested they can visit AIDE - GCA | Global Cyber Alliance | Working to Eradicate Cyber Risk to learn more.
Our Domain Trust project is another effort that has the potential to have an impact at scale, so if you’re connected to a registry or registrar or are attempting to deal with online fraud/phishing you should definitely reach out.
Great stuff! What else is on the agenda?
We are also working to build capacity for law enforcement organizations to deal with cybercrimes. Pushing knowledge and know-how out to the front lines so that responding officers can help victims more quickly, and so that more can be done by officers who are not cybercrime or forensics experts, who are exceedingly rare even in very large departments.
Thanks so much Mike for taking some time today to chat. You have certainly been busy in your first six months, with lots of great things happening.
Check out the GCA website to learn more about these initiatives and how to get involved. And use this community forum to connect with others in the global community.
Thanks Mike.
You’re welcome, and thank you for the opportunity to spread the word about the good work we are doing here at GCA.