Revolutionizing How Companies Fight Cyber Attacks
In this week’s episode of “The People Behind Innovation,” Owen Brown interviewed Leslie Kershaw. They discussed Leslie’s mission and overall goals with her company CYWREN Solutions, as well as lessons learned during the startup process. The series is available under Google, Apple, Amazon, and Spotify streaming services, or on Anchor with no account needed to stream. Please contact katherine@exponentialimpact.com , if you have any comments or founder stories.
Leslie Kershaw is the co-founder and CEO of CYWREN solutions, a company that aims to provide better communication between companies and government when it comes to cybersecurity. CYWREN hopes to protect companies from the devastation of cyber attacks by bringing together the community to quickly discover where the issue began.
Could we start off by talking about your background in offensive cyber operations?
I enlisted in the Army after college, and then I was recruited for a special missions unit. That unit did net operations. We were chartered with trying to figure out how to do different things to systems out in foreign space. Then, I heard that the organization that I was at, which was the NSA, had an organization completely dedicated towards on-net operations in foreign space. So I tried out for that organization and went through the course, and I spent the next about eight years of my career doing that. Eventually I moved into a position where I was coordinating the operations across all of our enterprise and leading those operational efforts. Once I completed that, they asked me if I wanted to move over to the Department of Homeland Security. So I did that and I represented all of the cyber equities for my home agency, which was NSA to DHS.
During your time in the army, did you have any projects that you led from the beginning and were able to use your own strategy to lead them?
Once we were trying to collaborate with another agency, and I won’t talk about that one specifically, but in order to enable their operations, we had to develop a whole legal framework. So I’d spent about a year and a half working with that organization, trying to figure out how we can collaborate with them. At the heart of my career, I think it’s always been collaboration. How do we help other people so that the strength of numbers is better to help secure our nation better? And in helping that organization, I realized this problem that we’re dealing with where the private entities out in commercial space have no idea what the government is doing. The government sometimes itself cannot talk to itself. And then in the commercial space, we also don’t communicate well with one another. And so my biggest concern is if we get attacked by another country as strong as ours in the cyber realm, how do we face that as a country? And right now, the way that cyber is built is so individualized per organization that it’s probably going to bring us to our knees. It’s a really scary situation where we just don’t know how to communicate with one another.
Could you describe a little bit about how your startup helps bridge that gap between communications with private and public entities?
One of the major issues that all organizations deal with, whether they’re government or they’re private, is that there’s a lot of layers of bureaucracy that they have to go through in order to share information, sometimes internally and sometimes externally, but there’s always this approval process that each organization is structured for to be able to share cyber information. There’s a lot of reasons for that. If you’re a private company and you have stakeholders, you don’t want to publicly admit that you’ve been hacked because there’s a lot of impact to your bottom line. So, shareholders don’t want to see that. If you’re the government sharing that information can be harmful as well because maybe it’s going to impact some of your operations and you don’t want it to. So what we are trying to build is a way that people can get the approvals quickly. Right now, what happens is people go into meetings, they talk to one another, they try to figure out what can be shared, what can’t be shared, and then there’s attorneys and compliance folks that are involved. And so all of that has to go through different email chains and meetings. And what we’re trying to do is automate a lot of that functionality so that you can get the right people involved, help them understand why that information needs to be shared in closer to real time, and then get people to collaborate in a way that’s a little bit more natural instead of having to sit through emails and waiting for days or weeks for those replies.
In what way does your platform for communication allow companies to communicate in a way that they haven’t been before?
What we’re doing is creating a way to automate the approval process. And we’re bringing in a kind of a white pages aspect where people can either anonymously or be upfront about who they are as a person and what their technical expertise is in cyber. And so that’s probably one of the main differentiators. We are geared solely at cyber and bringing together people that are willing to work within that space and help out other companies either for free or for profit. And so that’s really what we’re trying to do is bring together a community of people.
How do you convey your passion for cybersecurity to investors and how do you outline your story?
It actually came from one of the talks that I went through here in XI, that storytelling talk that has been really crucial to help the investors understand the path on why it is that I’m doing that. So the story that I tell is about the OPM incident and how difficult it was to try to collaborate and communicate with people and get them to come together around this issue.
Want to hear more? Listen to “The People Behind Innovation” on Google, Apple, Amazon, and Spotify streaming services, or on Anchor with no account needed to stream.