Farsight Security COO Alexa Raad: ‘Be Your Own Champion’

Alexa Raad is chief operating officer of Farsight Security, based
in San Mateo, California. Farsight Security is a provider of real-time
actionable Internet threat intelligence solutions.

In this exclusive interview, Raad discusses methods of curbing
cybercrime by tracking bad actors through the trails they leave in the
domain name system. She also offers some encouraging advice to women and
girls interested in breaking into the cybersecurity field.

Farsight Security COO Alexa Raad

Alexa Raad

Chief Operating Officer

Farsight Security

TechNewsWorld: What is Farsight Security’s mission?

Alexa Raad: We believe that everyone is entitled to a safer Internet,
and so everything we do starts out with that mission in mind. What we
do is provide Internet defenders with very valuable data that they can
use to get some context around nefarious acts.

As an example, if you think about Internet threats like phishing and
botnets and malware — all of those start with a DNS — a domain name
system. And so every kind of nefarious act leaves footprints and
fingerprints in the DNS. That’s something that cannot be faked. We
provide information that is contextual.

Aspose Ad

To give an example, a lot of the new domain names that are registered
are typically registered with bad intent, meaning criminals are going
to use them to commit some sort of act, like phishing attacks, etc. When
a domain name is registered, it’s fine, but when traffic starts going
to those sites, it becomes much more dangerous.

When people start actually going to a phishing site, it raises the
threat level. We have a global sensor network that picks up these
resolutions. We collect this data, but without any
personally-identifiable information, which is important.

That information allows people to see what’s actually got some
traction, and we also add additional information for guilt by
association. If a phishing site is actually hosted where there are lots
of other bad actors or bad sites, that provides you with some context.
You start to follow that and get a better picture of that attack than
you would otherwise.

We provide real-time and historical information, and both are
contextual. The real-time data is important, because you have to fight
these battles in near real time. The historical information is important
because you want to know if this was the first time we ever saw this
URL or domain name. A lot of these patterns repeat themselves. It is
unlikely that a site was bad six months ago and all of a sudden it’s
reformed. Having that contextual information is important.

TNW: Why do you have a passion for cybersecurity? Why do you think it’s an important and vital field?

Raad: I believe in the mission of cybersecurity. I want to leave our
kids with a safer Internet. The Internet is such a utility — we all rely
on it, and we have to have some modicum of expectation that the
Internet is safe.

The DNS is a fabric that’s equalizing. Regardless of where you are on
the Internet, you have a voice. We’re learning that if Internet is not
taken care of, there will be unintended consequences.

TNW: What are some of the key cybersecurity issues today? What are some prevalent or common problems that we face?

Raad: There’s an increasing number of attacks with the Internet of
things. The number of Internet-enabled devices is increasing, and all of
these connected devices provide vectors for cybersecurity attacks. The
race is on for cheaper devices, but the race isn’t necessarily on to
create more secure devices.

TNW: What advice would you give to girls and women wanting to get into the cybersecurity field?

Raad: It’s the ideal field for women. To be really good in
cybersecurity, you have to have an inquisitive mind, be a
problem-solver, and see things holistically.

For a problem that’s complex, you need to think holistically, you
can’t compartmentalize. You have to think, how would a criminal look at
your DNS architecture? Women tend to think holistically, and if you do,
you will excel in this field.

The other piece of advice I would give is that you have got to be
your own champion. Don’t wait for anyone to propose something to you or
to give you the promotion that you deserve. You have to speak up. You
have to be your own advocate, and you have to lay out the business case.

If you want to be promoted, for instance, you have to say, this is
what I’ve done, this is what I’ve accomplished, this is what I can do
more of, and this is why it’s in your own best interest to promote me.
There is an imbalance in the number of women in power, and it’s also at
the executive level. Very few women are CEOs or in the c-suite or on the
board, and there is a lot that women can offer and do.

Whether it’s because companies recognize the need to hire more women
or they have a policy to do so, the opportunities for women are there.
The security industry is growing. There aren’t enough people to fill the
jobs available, and a lot of them are high-paying, with good benefits.
You just need to be your own champion.

TNW: What new cyberthreats are emerging, and how can businesses prepare themselves to face them?

Raad: You see a lot of ransomware. Just a few weeks ago I was at my
dentist, and he told me that he had just been the victim of a ransomware
attack, and he ended up paying it. You wouldn’t have thought he would
be the victim of an attack like that, but someone in his organization
had clicked on a link, and all of his patient records were frozen until
he paid the ransom.

You will see more of this because it pays well, and it targets people
who aren’t well-versed in security hygiene. We’ll see more and more of
the security issues and attacks that come because of insecure devices
like wearables and Internet-connected devices.

There isn’t an incentive for manufacturers to create more security.
The economic incentive is more toward creating devices that are cheaper
and more affordable than more security, but it really has to be both. It
requires both better engineering and better policy