Kurt Van Etten, Chief Product Officer

Kurt Van Etten joined RedSeal in August 2015. Prior to RedSeal Kurt was Director of Product Management for Symantec’s Data Center Security offerings, where he delivered security, risk, and compliance solutions. Previously Kurt served as the Director of Risk Product Management at PayPal responsible for developing solutions for Identity Risk, Merchant Risk, Resolutions and Protections. Kurt also was Director of Information Security Programs at eBay with responsibility for the Network Security and Risk & Compliance teams. Additionally, Kurt has held positions at Motorola and as an officer in the United States Marine Corps.

Kurt holds an MBA from the Kellogg School at Northwestern University, a Masters in Engineering Management from Northwestern University, and a BS from the United States Naval Academy.

Q&A with Kurt Van Etten

On the Evolution of Cybersecurity

Network security initially was about protection, building firewalls to keep people out and putting anti-virus on end points. Back then there wasn’t much thought about what happens during or after an attack—there was no play book. This need for a better, more comprehensive approach gave birth to digital resilience.

Digital resilience requires that you have the information you need to respond to an attack. What does your network look like? Where can the attackers go? Can they get to your critical assets? What do you need in order to respond adequately?

Understanding Digital Resilience…

People don’t understand that digital resilience is a strategy. The approach is multifaceted, but it begins with situational awareness.  Back when I was a Marine Corp. officer, the first thing you learned about defense was to walk the terrain. Figure out where the avenues of approach are, where the lines of fire are. First determine what you’re defending, then deploy your resources.

For more on a digital resilience strategy, take a look at Ray Rothrock’s book. (link)

The Importance of Context

It’s clear that RedSeal delivers unique information that’s badly needed. I was on the practitioner’s side and we never had anything like RedSeal. We made decisions with incomplete information.

The simplest example is vulnerability prioritization. We would get a severity score of one to 10. You do the 10’s first, then the nines, and you work your way down. We never thought about factors like the location of the data. Is it accessible? Maybe a piece of data is not really that important, but does it provide access to your important stuff? That’s what RedSeal does. It gives you context to make better decisions.

Why RedSeal

RedSeal is different. It’s an innovative approach to solving a problem that’s important to the world. There’s a lot of passion around working on something important. And if you look at our federal customer list (the ones we can name), you know that digital resilience is important to national security. So there’s a mission here. And the culture here is open and transparent. It’s a great place to work.

To the Bat Cave Office…

There are two shows I never miss: RSA and Comic-Con. RSA for all things cybersecurity and digital resilience. Comic-Con for all things Batman. I have been collecting Batman memorabilia since I was a kid. My office reflects that.  When you’re building network resilience, it’s always a good idea to have the caped crusader on your side.

X