Varonis debuts trailblazing features for securing Salesforce. Learn More

Varonis named a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023

Read the report

Speed Data: Rethinking Traditional Cybersecurity Principles With Rick Howard

2 min read
Published September 11, 2023
Megan Garza and Rick Howard

Welcome to Speed Data: Quick Conversations With Cybersecurity Leaders. Like speed dating, our goal is to capture the hearts of CISOs with intriguing, unique insight in a rapid format for security professionals pressed for time.

This week’s episode features Rick Howard: author, journalist, Carnegie Mellon faculty member, and CSO, Chief Analyst, and Senior Fellow at the CyberWire. A highly in-demand professional, we were fortunate to grab time with Rick to chat about his new book, “Cybersecurity First Principles: A Reboot of Strategy and Tactics,” and learn the one area in which almost all security practitioners struggle.

A passion for podcasting

The old saying, “If you enjoy what you do, you’ll never work a day in your life” couldn’t be more fitting for Rick Howard, the CSO, Chief Analyst, and Senior Fellow at the CyberWire.

“I can’t believe I get paid to do this job,” he said. “I have an excuse to read a bunch of interesting things, and I get to write about it and do podcasts; I love what I do.”

Rick’s enthusiasm and energy shine through when he talks about his role for N2K Networks’ cybersecurity audio network. Ever the prepared professional, Rick makes sure he knows interview topics inside and out before he hosts an episode of his show.

“Whatever the topic is, I try to do the background research on my own; I’m trying to understand it,” he said. “The thing that helps me more than anything is I’ll write an essay about the topic just so I can explain it to myself, and then I use that as the basis for whatever interview we’re going to do.”

Although for most of Rick’s career he has solely worked as a security practitioner, his onboarding at the CyberWire in 2022 brought with it the title of respected journalist. However, this new accolade can have its downsides, Rick said, because those in his line of work tend to have the mindset, “I don’t want to talk to the press.”

“You go to conferences, and if you have a journalist badge, people tend to walk away from you,” Rick laughed.

Get started with our world-famous data risk assessment.
Book your free assessment

Questioning traditional methods

As if Rick’s resume wasn’t impressive enough, he recently published the book “Cybersecurity First Principles: A Reboot of Strategy and Tactics,” which challenges the conventional wisdom of today’s cybersecurity best practices.

“I’ve been thinking about the idea of cybersecurity first principles for over a decade, and what got me on it was, I heard this NPR story about two mathematicians back in the 1900s who were looking at the current math rules and you could come up with two different answers using legitimate math rules,” Rick said. “If you have two answers with math, that’s not right. So they decided to go back and rewrite the language of math from the ground up using first principles.”

That notion of questioning what has always been accepted as gospel was the inspiration behind Rick’s 400-page book.

It occurred to me that in cybersecurity, back in the ‘70s and ‘80s, a bunch of really smart people were trying to get their heads around what cybersecurity was going to be and they came up with really great ideas. What happened then was we all glommed on to those ideas and have never questioned them since. So maybe we haven’t come up with the exact first principle for cybersecurity yet.

Predicting the unpredictable

One area in which Rick thinks the cyber world still has a long way to go is forecasting risk.

“Most security practitioners like me don’t have any idea how to do that,” he said. “The big epiphany I had this last year was that [forecasting] doesn’t have to be that precise to make decisions — you don’t have to have the precision that everybody thinks they need. You need ballpark estimates so that senior leadership can make resource decisions.”

Reducing risk is what we do at Varonis. Want to see for yourself? Request a free trial or get started with our world-famous Data Risk Assessment.

What you should do now

Below are three ways we can help you begin your journey to reducing data risk at your company:

  1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
  2. Download our free report and learn the risks associated with SaaS data exposure.
  3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.
Try Varonis free.
Get a detailed data risk report based on your company’s data.
Deploys in minutes.
Keep reading
speed-data: why-cybersecurity-is-an-unceasing-progression-with-siwar-el-assad
Speed Data: Why Cybersecurity is an Unceasing Progression With Siwar El Assad
Siwar El Assad chats about the impact of cybersecurity on modern society, the reality of breaches, and how a chance encounter led Siwar to the industry.
dspm-deep-dive:-debunking-data-security-myths
DSPM Deep Dive: Debunking Data Security Myths
DSPM is the leading acronym in cybersecurity. However, the recent buzz has cluttered the meaning of data security posture management. Let's demystify it.
speed-data:-rethinking-traditional-cybersecurity-principles-with-rick-howard
Speed Data: Rethinking Traditional Cybersecurity Principles With Rick Howard
Rick Howard, author, journalist, and Senior Fellow at the CyberWire, chats about his new book on rebooting cybersecurity principles with Varonis' Megan Garza.
the-benefits-of-threat-and-data-breach-reports
The Benefits of Threat and Data Breach Reports
Threat and data breach reports can help organizations manage security risks and develop mitigation strategies. Learn our three pillars of effective data protection and the benefits from these reports.