“We’re always fighting the last war” — that’s a phrase historians like to use because policymakers and others tend to be so focused on the threats they already know, and our mindsets and organizational structures are oriented to respond that way as well. And in the “situation room” of nation states (including the intelligence briefing war rooms in the White House), much of the security conversation is necessarily focused on the worst possible scenarios, broader context, and attribution as well. Companies, however, unlike nation states, do not have to worry so much about attribution (who did this? why) or even as much about the sexy, headline-grabbing threats. In fact, they may be better off focusing on security hygiene and basic metrics for assessing risk in the boardroom — much like they review financials regularly — argue the guests in this hallway-style conversation episode of the a16z Podcast.
Herb Lin, who is Senior Research Scholar for Cyber Policy and Security at the Center for International Security and Cooperation and is also at the Hoover Institution, both at Stanford University; David Damato, Chief Security Officer at Tanium; and a16z policy team partner Matt Spence (who among other things previously spent time at the White House working with the National Security Council) begin by sharing their views on the term “cybersecurity” …and end up with practical advice for a security boardroom 101. No matter what, security should have a seat at the table.