High-profile hacks like those at Sony and HBO have made businesses aware of their vulnberability. But most companies are still playing catch-up on cybersecurity. Nathaniel Fick, the CEO of Endgame, spoke to International Business Times about what he learned from his time in the military, the Washington-based cybersecurity firm he started at in 2012, and his advice for companies. 

You served in the Marines, can you talk about your time there?

I served as an infantry and reconnaissance officer in the Marines for five years after graduating from college in 1999. I led one of the first American units into Afghanistan just a few weeks after 9/11, and then led one of the first units into Iraq in 2003. Later, when I was in business school, I went back to Afghanistan to teach counterinsurgency tactics to Afghan Army and Police officers. It was a searing experience. I learned a lot about myself and about leadership under pressure. Every day I’m conscious of the fact that I’m fortunate to have come through it all relatively unscathed. Many of my friends and comrades weren’t so lucky.

How has that experience helped with what you do at Endgame?

I rely on my Marine experience every day at Endgame. The Marines have built an intense culture around the core values of Honor, Courage, and Commitment. At Endgame, we’ve also built a values-driven culture around our company values – Integrity, Boldness, Speed, Openness, Responsibility. They infuse what we do and how we make decisions, who gets hired, who gets promoted. I don’t put a lot of stock in situational leadership styles that change with different circumstances – people are people, and we respond positively to the same things.

STRUCTURE SECURITY -- USE THIS ONE Newsweek is hosting a Structure Security Event in San Francisco, Sept. 26-27. Photo: Newsweek Media Group

What is the biggest cybersecurity challenge for Endgame?

Our biggest challenge is cutting through all the marketing noise and all the inflated claims in the security industry. This space is incredibly crowded. There are a lot of companies using the same buzzwords like ‘machine learning’ to try to convince customers they’ll solve all their problems. It’s not easy to have a rational conversation and be heard amongst all that chatter. At Endgame, we’ve been deliberate about remaining true to our values and proving to our customers that we’ll always be open and forthright about the efficacy of our platform . We focus a lot on independent testing and evaluation, and on being transparent with customers about how we do what we do. I think that’s why we’ve won the trust of so many customers.

Why is it so important for businesses, small and large, to protect themselves before an attack occurs?

We can sum up the security industry’s shortcomings in three numbers: $75 billion is spent each year on security, and yet at least 75 percent of large enterprises are breached, and adversary dwell times (from breach to detection) average 100 days. A lot of damage and loss happens during those three months. Shortening dwell time, even shortening it very dramatically, isn’t enough. We need to stop attacks before that damage and loss can occur. This is a hard problem to solve because offense is structurally dominant over defense, and it’s even harder now because the release of nation-state-level offensive cyber capabilities “into the wild” means attackers have ready access to some very sophisticated weapons. When Shadow Brokers released a trove of powerful zero-days allegedly stolen from the NSA, these tools became immediately accessible to any criminal looking to make a quick buck. That’s why it’s crucial for the security community to collaborate and share knowledge on the latest techniques of sophisticated attackers. We’ve made that a priority at Endgame by sharing techniques to stop modern attacks on our blog.

In times like these, in which the U.S. faces cyberattacks from Russia and North Korea, how important is it for Endgame to work on cybersecurity?

[…] Endgame has become the de facto standard for endpoint protection across much of the DoD and intelligence community by enabling a workforce that includes many junior analysts to protect national defense systems from nation-state adversaries, and to do it very, very effectively. As these same kinds of targeted attacks have become more common against commercial enterprises, more and more companies now rely on Endgame for protection. Ours is the only endpoint platform capable of stopping targeted attacks before damage and loss with the people you already have. We think that mission matters and we’re proud of what we do.

If you had to give only one piece of cybersecurity advice to an ordinary citizen what would it be?

I like to tell the joke: “What’s the difference between email and true love? Email lasts forever.” Our digital lives are accessible by any attacker who has the motivation to get through. That’s why ordinary citizens need to practice some simple security hygiene, including:

  • Using unique passwords on different websites

  • Using complex passwords for every login

  • Using a password manager to remind you of these logins

  • Using multi-factor authentication on all high value accounts

To read about this in more detail, check out our guide to not having your passwords stolen .