CNAS CEO Nathaniel Fick to Lead Cyber Security Software Company Endgame Inc.

[alethialia]

Nate Fick's got himself a new job. Here's the CNAS press release: CNAS CEO Nathaniel Fick to Lead Cyber Security Software Company Endgame Inc.

Tom Ricks mentioned it in a blog post:

In other CNAS news, the estimable Nate Fick is leaving the place to become CEO of some cyber company. He will be missed. We need a replacement. So, if you know

Comments

[green_grrl]

Wow, those are going to be some really big shoes for someone to fill, and I'm not just saying that because of Tom's (hilarious!) description. I hope Endgame is a cool place to work--CNAS always seemed like such a good fit for his mix of idealism/pragmatism/service/skill/humor.

[alethialia]

I'm a bit wary of Endgame, from what I'm reading.

[pommederis]

"A leading venture-backed provider of advanced cyber security solutions"? Nah, nothing vaguely-shady-sounding in that description at ALL.

But I've probably just been reading too many spy thrillers. Or zombie apocalypse stories.

[alethialia]

I actually think it's Endgame Systems Inc, which...read that wiki page and tell me it doesn't raise an eyebrow.

[pommederis]

...Er.

That might even raise two eyebrows.

I mean, there's no denying that any remotely effective national defense strategy must of necessity include defense against cyber-related attacks, but, wow. If it's actually true that they sold malware vulnerabilities...

Eek?

[stripedpetunia]

IANA security specialist but I think that means that they'd tell you about your software vulnerabilities that you haven't detected yet... for a fee.

[pommederis]

That's not how I read it. The article seemed to be implying that the emails said they'd advertised a service selling other companies' software vulnerabilities for a fee.

And if so, that's... not cool. To say the least.

[stripedpetunia]

How not-cool it is for any given entity always depends on who it's being used on and why. You probably wouldn't mind it being used to take down some country's nuclear weapons program. In terms of computer security, the vulnerabilities are just there. Someone has to find them first. Hopefully that someone is the devs; in the case of major software manufacturers, it can take years for the devs to catch up. I'm personally not working with enough reliable information to feel a need for concern about a thing like this. There are a lot of blanks to fill in with wild speculation.

[pommederis]

Eh, true enough. And Wikipedia is hardly the most authoritative of sources to work off of in any case.

That said, I still agree with alethialia that the whole thing remains a little eyebrow-raise-y. Hopefully, though, bringing Fick on is a move to get away from any possible former skeeviness, because from my admittedly rather limited knowledge real!Fick is a pretty straight arrow kind of guy who would not truck with that kind of shit.

[alethialia]

I'm iffy on the cyber security industry - especially when it comes to legislative actions based on their claims - but zooming out for a minute, it's a fascinating career move. Because he does have some experience in cyber security; he touted it as a big thing at CNAS last year. And he's leveraging that experience to make this move, which puts him in a charge of a for-profit company. He's basically positioning himself for his next job. It's a stepping stone.

Harvard MBA to CEO of a for-profit company in 6 years. Damn.

[dargai]

That's a meteoric rise, that is. It's going to be interesting to see where we go with cybersecurity over the next few years. I think he's also a good candidate for the position because of his affiliation with Bessemer. Having someone as CEO who's got a proven track record of growing start-ups and js an operating partner at a venture capital firm? Probably a good move.

[alethialia]

It does make that Bessemer position more explicable, indeed. It's all so very carefully...managed.

[green_grrl]

It's tricky. I can see the advantages of a company helping the FBI take down cybercriminals, or creating an IP reputation tool, or even working on projects like the virus that took out Iran's nuclear centrifuges (not that Endgame was involved in that one, as far as I know). But they're very secretive. And I'm not a fan of the Patriot Act, nor am I a fan of many clandestine interferences in foreign affairs (1980s, Central America, a moral disaster on our part). How do we know that zero-day exploits are only used to infiltrate the bad guys, as can be objectively agreed upon? :-/

[alethialia]

How do we know that zero-day exploits are only used to infiltrate the bad guys, as can be objectively agreed upon? :-/

You can't. And selling zero-day exploits? Uh...huh.

Otoh, maybe thus the management change?

[green_grrl]

Presumably they were selling zero-day exploits to the government or to other companies contracted with the government, but yeah. If they needed someone with an unimpeachable reputation at the helm, they picked the right person. I only hope that he keeps them clean and does not become covered with their gray.