Absolute Software CEO Christy Wyatt cut her teeth as a coder, before moving on to increasingly senior roles at Citigroup, Motorola, Apple, and Sun Microsystems.
She now heads up Absolute Software, an endpoint security solution provider that has its offering factory-embedded into the BIOS of vast swathes of OEM devices.
(The first step is hardware-based and sees a “Persistence” module built into firmware. The second step involves installing a software agent that allows device information to be transmitted to IT so it can remotely track, manage, and secure devices).
Now heading up the $98.9 million by annual revenue (fiscal 2019) Canadian company, she joined Computer Business Review’s Conor Reynolds to talk culture, security, remote parenting, and getting hands on with the engineering team.
Let’s Start with the Basics: What is Absolute Software?
We are a self-healing endpoint capability; a small piece of technology that’s embedded in a half-a-billion devices. [Our technology] allows us to be able to locate those devices, to be able to protect them if they get lost or stolen, or go missing.
Customers are able to see whether there’s sensitive information on them, geolocate them, etc. We have 12,000 customers worldwide.
The part of Absolute that I think gets me super excited is this self-healing capability.
It’s an interesting moment for our industry. We’re spending $120 billion on security this year as an industry, but 30 percent of that is going to get spent on software that goes on laptops and desktops.
The average enterprise has 10 agents installed and that makes them incredibly fragile, they collide with one another. They need to whitelist one another. Inevitably, something bad happens, and you go to pull the data and you go, ‘oh the agent wasn’t running, the encryption wasn’t turned on; the user deleted it…’
So this concept that we can build an immune system for the endpoint is really a powerful concept.
You Work Mostly with OEMs?
We have about 30 OEMs that actually have us actively embedded in all of their laptops and desktops. So it’s a huge part of our business. I would say were a partner-first organisation. So whenever we’re working with a customer we’re making sure that it’s us and a partner coming together to support that relationship.
We have almost two decades of experience of working with these partners. So it’s very collaborative. Many of our partners use our platform for BIOS management capabilities. So they’ve done some really interesting programmes with Lenovo, HP, Dell around things like BIOS password management. They don’t just see us as a commercial solution that we can both sell together; we actually work very closely with them to make sure that we become an enabler for their own security strategies.
“A Crazy Decade of Layering on Technology”
We’ve just had this crazy decade of layering on more and more and more technology and yet I.T. managers don’t actually have a way of seeing if it’s working.
Because almost every one of those controls can be interrupted; can be disintermediated; can be deleted. So we’re in this very unique position to be able to look from the hardware up and say what’s really going on with this device.
You can actually project a rate of decay for security controls within the enterprise. You can see the gap. If you think you’ve deployed a control to 100 percent of the population, we can show you that it’s between 20 and 30 percent of the population that doesn’t actually have that effective and working. And then it’s going to decay depending on the control, could be between 2 and 4 percent per month. It’s significant.
If you think of the billions of dollars we’re spending, then this becomes a big big problem. 70 percent of the breaches are actually coming from problems or vulnerabilities that we already know the fix for. You’ve probably already spent the money to plug the hole and yet for whatever reason, that control is not effective.
What’s the Biggest Security Threat you See?
There’s a lot of conversation going on around ransomware right now. I think the next big wave coming right behind it is another form of ransom called sextortion. Where you’re being threatened, not that your laptop’s going to be frozen and your corporate data is going to be stolen, but that someone has compromising information or you.
[I raise this because] I think the user plays a huge role regardless of whether it’s malware or ransomware. Often times the user is how they get in. It could be because they’ve stolen the credentials, it could be because you’ve clicked on a phishing link, there’s any number of ways that they could manipulate the user to get in.
“The Biggest Challenge we have in Security is Cultural”
I frankly think that the biggest challenge we have in security is cultural.
I think we’ve taken this position of naming and shaming the employee, where we say ‘naughty employee you did something bad and look at all of the bad things that happened’. That erodes trust between the end user and IT.
So oftentimes if that user gets compromised, they’re not super excited about calling IT and saying, shame on me I clicked on the links bad thing happened on my laptop. They’re more likely to just try to pay the ransomware to make it go away so nobody ever needs to know, and helping propagate it to other desktops.
It’s Comparatively Unusual to See Someone Go from Software Developer to CEO. How Did you Do it?
I went from software development to roles in IT, and then I was in systems engineering. I’d say that was my first exposure to the customer side came when I moved down to Silicon Valley 23 years ago, because we [Sun Microsystems] were launching a platform called Java. This little group called Java needed people to explain technical platforms to non-technologists. Java was a really revolutionary conversation. so that was kind of an interesting transition role for me, because solving interesting technical problems gets engineers really, really excited.
Do you Still Get Hands-On with Engineering?
My engineering team would say I might be overly involved! I still get very excited about technology…
But actually having an impact on the customer, having that customer understand the potential and then actually be able to change their business as a result of technology is just infinitely more powerful. And so that was kind of a turning point, I think for me.
I still get chances to geek out. My daughter took a computer science class in college and she’s said ‘mom I’m having a real hard time, I need you to help me’. We weren’t in the same city, so this was all by video conference, remote log-in and remote desktop; we were writing scripts and controlling a robot in another state.