Former U.S. CISA Chief Chris Krebs To Advise Rubrik On Cybersecurity
‘When you’re doing pioneering new work in a new market or new space, you can’t be totally internally focused. You need to bring in leaders who have broader perspectives outside-in, and who is a better leader, who is a better expert, who has a better background than Chris Krebs?’ says Rubrik CEO Bipul Sinha (pictured).
Cloud data protection and management technology developer Rubrik Monday introduced Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security, as the chairperson of the company’s new Chief Information Security Officer Advisory Board.
Rubrik’s newly formed CISO Advisory Board is aimed at helping private and public sector organizations find better ways to protect themselves from cyberattacks, said Bipul Sinha, co-founder and CEO of the Palo Alto, Calif.-based company.
Krebs, who headed the CISA from 2018 to 2020 and who last year helped SolarWinds in its recovery from a Russian hacking campaign, brings the kind of expertise to Rubrik to help advance the company’s cybersecurity capabilities, particularly against ransomware, which has become the biggest threat to the economy and to users’ digital lives, Sinha told CRN.
[Related: CEO Bipul Sinha: ‘Rubrik Is The Pioneer Of The Data Security Category’]
“We are very fortunate to have Chris Krebs as the chairman of the CISO Advisory Board that we are putting together,” he said. “The goal of this Advisory Board is to facilitate information exchange around best practices in data security to advance the cybersecurity space overall, and provide thought leadership in advancing data security market product road maps, and also provide input to the Rubrik product team on where we should put more energy and time.”
Krebs, as a former director of the CISA, brings a very wide perspective around cybersecurity, with experience in protecting the U.S. and its elections, Sinha said. Krebs knows the importance of bringing together the private and public sectors, which is important because cybersecurity is critical in protecting against things like cyberwarfare and industrial espionage, he said.
Rubrik and Krebs will build this Advisory Board to look at new technologies that can be applied to cybersecurity, including machine intelligence and artificial intelligence to derive security intelligence, and from there to build resiliency, recovery and observability, Sinha said.
“So there’s a lot of new thinking,” he said. “And coming from the vantage point that Chris comes from, it is a tremendous advantage to Rubrik and to also the marketplace and the industry.”
Krebs told CRN that he has deliberately avoided taking on too many roles since he left the U.S. government in November 2020 despite being approached by a large number of companies, although he does serve as a board advisor with SentinelOne.
Krebs met Sinha at an event last year after hearing from friends who told him to keep an eye on Rubrik.
“As I was continuing to think about what do I want to do when I grow up, what do I want to do in my post-CISA life, I really started thinking about, where do I see the gaps in the marketplace?” he said.
Every organization needs a strong identity solution, whether it’s multifactor authentication, identity and access management, privileged access management, vulnerability management, the ability to monitor networks ,and incident response, he said.
“It’s a highly saturated market, constantly evolving, constantly acquiring and re-acquiring,” he said.
“The last piece is data recovery, the ability to recover after a ransomware event, or any other significant catastrophic data destruction or data deletion attack,” he said. “And there was this dearth of innovation. It wasn’t the place that we saw a bunch of companies flowing into. So as I continued to learn more and more about Rubrik, it really made sense to me that there’s a security-focused solution here that’s threat informed by what’s happened over the last five years with the increase in ransomware.”
Rubrik’s ransomware approach is unique in its focus on more than data recovery, Krebs said. The company is also focusing on developing digital twins technology to enhance resiliency so that updates and patches can be done without taking a system down, as well as its approach to DataOps and data observability, he said.
“The ability to look into your data and your operations and see what’s happening to detect leaks, to detect any sort of underperforming operations, this all just goes back to a point that Bipul really started to stress about the resilience of an organization,” he said. “So moving away from that perimeter base, the moats and walls, to more of a layered defense, assume a breach [happened]. It’s really pulling it down to the crown jewel level of the data you’re seeking to protect, data the bad guys are going after.”
Rubrik’s new CISO Advisory Board will take the company beyond the industry’s traditional cybersecurity focus on infrastructure security, Sinha said.
“When you’re doing pioneering new work in a new market or new space, you can’t be totally internally focused,” he said. “You need to bring in leaders who have broader perspectives outside-in, and who is a better leader, who is a better expert, who has a better background, than Chris Krebs?”
Krebs said that as he starts his new role at Rubrik, he will first look broadly at what industry sectors and segments the company will focus on, and they will likely include industrial automation, hospitals, schools, state and local government agencies, all of which are ransomware and cyberattack targets.
“So we have objectives,” he said. “We have intended outcomes we’re trying to seek here. So the unknowns right now, or at least the questions that we remain to have to answer are, what is the complexion of the board? What is our international makeup? And what are the sectors and segments? ... As Bipul said, this is not just for internal analysis. This is really trying to get a sense of where are CISOs’ challenges? What are the gaps that they have in the market? What can we do to make products easier for them to deploy and to use?”