INSIDE THE

NEWS + ADVICE

Innove’s Brad Morrison on the Internet of Things, Cybersecurity and Veterans

Posted by Kathleen Smith

Brad Morrison, InnoveBrad Morrison is the CEO and Founder of Innové. Innové designs, builds and manages secure networks for government, telecommunications & commercial clients based in the San Antonio, TX, and Washington DC, areas.

What is Cybersecurity

I grew up in the network security domain. I left the Air Force Academy in 1996 and the dawn of the internet age was just coming into its own. Joining the military officer ranks in 1996, I was sent to San Antonio to be part of the cryptologic systems group. San Antonio has been involved in the cyber realm for decades if you really think about it; full spectrum cyber to include telecom, RF, electronic warfare and more. The buzz as I have seen it as an outsider looking into Washington, DC, these days is that they put everything into cybersecurity especially in the DoD, probably due to funding.

I view cybersecurity not just as action but as a noun – its confidence or trust in moving, using, sharing or storing data. It is a state of confidence or trust in the use of data. The San Antonio community has been involved in this for decades with our DoD community and our cipher/deciphering. You could say we have done cyberwarfare all the way back to the Civil War as cipher codes have been used for ages. I have more of a traditional view of this where cyber encompasses a lot of things we have been doing for a long time.

For me the bigger question is why is cybersecurity important now. You look at the Internet of Things (IOT) and how the internet permeates all parts of our life along with mobile. There has been an exponential increase in digital opportunity at the same time digital risk. And I believe this is what has gotten the attention of why cybersecurity is more important now more than ever. The network is everywhere and it is permeating all aspects of our life. Therefore with this entire increased digital footprint there is opportunity, but there is also risk.

IOT – another buzzword – is a bucket that includes anything that is connected to a network. We saw this day coming when we would put an acronym on it and everything can be addressed with a digital network ID, a TCP IP address, and that is why IPV6 is so important to exponentially increase the address block of IP addresses. The people and the machines that they use, the machine-to-machine interactions, is the IOT. It is basically this idea that the network goes everywhere to enable both people and machines to utilize data.

Tell us About Innove’ and its Impact on Cybersecurity

When I left the service in early 2001, I went to work for KPMG in Dallas in the telecommunications sector. After doing this for a few years, I had the opportunity to come back to San Antonio to start Innové. Our first opportunity was to help the Air Force improve and deploy strong cryptographic algorithms. This was at the request and under the direction of NSA. There was a policy 3-9 called Cryptographic Modernization where computing power back in the early 2000’s was deemed exponentially strong such that some of our out-of-date algorithms became vulnerable to attack.

When the NSA put out Policy 3-9, the Air Force built a multi-billion program to modernize cryptographic algorithms around this need to improve the strength of the algorithms used mainly to protect communication networks – landline, over the air, radio frequency or SATCOM. Innové provided the engineering systems and information systems security engineering expertise to help the Air Force complete this mission. This is how Innove got its start at the core of cybersecurity in the encryption and decryption of military control and command data. To this day, we continue to have a real strong presence in that cryptographic mission where we apply network security engineers to help design, build and manage those security controls.

We have also expanded into the commercial application of military grade encryption as it is applied to data at rest and data in transit over networks. We are starting to do some really neat things in the design, build and management of secure networks other than defense networks using some of the expertise we have developed over a decade in service.

How did San Antonio Become Cyber City USA

Beyond the weather, low cost of living and concentration of government cyber missions, there is a rapidly growing cyber security talent pipeline. We have a strong number of CyberPatriot Teams (K-12) in the area, second only to the Washington, DC, area. We also have the NSA Higher Education cybersecurity opportunities at the University of Texas San Antonio and other local universities. Cyber security education is a big deal here in San Antonio. By growing a cybersecurity talent pipeline of young kids from Middle School forward through post-secondary will ensure San Antonio stays in the mix to grow businesses in this sector.

One of the main reasons that I think San Antonio is uniquely situated to be Cyber City USA is because of the Texas Miracle. Many think it’s big oil – Houston – that is driving our state GDP. But when you really think about it, big oil along with the ancillary services of producing that oil and turning it into something to be used, historically ranges from 10-30% of our State GDP. The growth we have seen in the Texas Miracle is a multidisciplinary economic boom that the state has enjoyed since coming out of the recession of 2008, which the rest of the country has lagged. According to the Texas Comptroller, pre-recession Texas employment peaked at 10,638,100 in August 2008, a level that was surpassed in November 2011, and by November 2014 Texas added an additional 1,101,100 jobs. The U.S. recovered all recession-hit jobs by May 2014 and by November 2014 added an additional 1,680,000 jobs.

These numbers highlight the fact that Texas prosperity over the past several years has come not only from oil & gas but from other coveted sectors like aviation, high tech, telecom, semi-conductor, healthcare and cybersecurity.

The growth in cybersecurity like other sectors can be in part attributed to riding on the coattails the overall business environment that Texas offers. The independent spirit of the people here coupled with the economic environment that we have in Texas allows for this really neat place to incubate and grow the cybersecurity industry and Texas is largely looking to San Antonio to do that. This coupled with the foundational mission in cybersecurity from the Air Force and NSA, the academic pieces that any economic developer is going to tell you need to attract business and the start up environment that we are looking at. You round this out with the business climate environment in the State of Texas, makes for a very neat kind of tinderbox for a significant cybersecurity industry here in San Antonio.

Tell us About the Cybersecurity Bootcamp for Veterans you Co-Founded

The idea of the Boob Camp came from John Dickson, a Principal at the Denim Group, and me, after we attend a Lyceum Delegation to Mexico. We were in Mexico City and just chatting about how we were both Air Force Veterans, that we are both San Antonio Chamber of Commerce members, and we wanted to give back.

The Chamber provides us with a foundation and means to get the word out. We basically wanted to reach out to the transitioning military and veteran community who were interested in started a cybersecurity business but didn’t have the knowhow to make these ventures realized.  Both John and I were cut from that same sort of cloth and we didn’t really know where to turn. At that time, San Antonio didn’t really have any of that so we thought it was a great idea because we know that the wellspring of San Antonio is Security Hill and NSA. You constantly have very capable and qualified military members that know a lot about cybersecurity and have been introduced to tools, practices and processes that have commercial viability. Some of these qualified individuals are inspired to further develop these ideas in the commercial world. Chris Gerritz of Infocyte is a great example of this.

There was a gap that we saw so the whole idea is veterans giving back to other veterans in the cybersecurity domain where we can come alongside them in a practical based sharing way, versus a formal MBA education way. The program itself is to cover four business building blocks: Strategy, finance, people and money. We get into the gritty lessons learned along these four building blocks from people who have been there, done that. It’s not theory as presented from an MBA professor, but rather veteran entrepreneurs that are part of the cybersecurity community. These entrepreneurs share what it really takes to make this thing fly. In that dialogue and discussion the veterans can make a determination if entrepreneurism is for me or not.

Loosely we have constructed four quarterly sessions. In this second year of the program we are including a mentor / mentee partnership which has happened previously informally. For example Chris Gerrtiz of Infocyte has done this with a number of the Boot Camp presenters, to help him get his company moving in the right direction.

Why are Veterans Uniquely Qualified for Cybersecurity Careers

My experience has always been that there is this inherent trust when you deal with prior military professionals. Right, wrong, indifferent. This has been my approach especially with the cleared people that we deal with. There is always a certain amount of scrutiny that is applied when you come out of the military versus professionals coming out of other walks of life that haven’t had any vetting or they don’t have shared experiences with you as a veteran.

With respect to cybersecurity if you look at this particular segment coupled with the work ethic and the inherent trust the military does a really good job of skills training and allowing the development of creative thought especially where I came from. People view the military as very rigid, which it is with rank and structure, but within the cybersecurity community there is a lot of liberty given to explore because the threat is constantly changing. You have to use some creative analytical skills to make things happen. These are incredible skills sets that the commercial cybersecurity community values as well. So you blend this inherent trust, work ethic and skill set, along with creativity which makes for a  very interesting mix of someone that can move into this field and commercialize a process or a tool better than someone that doesn’t have this experience.

Both NCOs and Officers alike are dealing with major problems and challenges at a very young age that you typically won’t get forced into those positions in the nonmilitary community unless you have a few years of experience under your belt.

One thing that is lacking in our veterans is business acumen and skills. The idea of the Boot Camp was to begin to tackle those things that are not technical or process in cybersecurity. So with the Boot Camp, a veteran may have a great idea, but we bring to them the questions: How do you finance this? How do you bring it to market? What does the big picture look like? How many people do you need? What kind of people do you need?  At the end of the day the Boot Camp is a sounding board to bring these big ideas to life.

What are Your Recommendations for Veterans Considering Cybersecurity Careers

The top three things:

They should diligently apply themselves to the work on hand. This is the experience that is going to be of value in the long run.

Continue to hunger for education and networking opportunities and act upon these.

If they have the aspiration to be an entrepreneur, they should not feel they can’t ask for help, which is difficult for a military professional to do and difficult to overcome.

Take care of business, keep learning and networking and ask for help.

Register now for the April 23, 2015, San Antonio Cyber Job Fair

 

 

 

This entry was posted on Monday, April 13, 2015 7:40 am

One thought on “Innove’s Brad Morrison on the Internet of Things, Cybersecurity and Veterans”

  1. I am an Air Force Veteran. My last duty station was Randolph at the AF Personnel Center. I have always been interested in Cyber Security, but have remained in the PM side of Technology. I am trying to get as much knowledge to get into the more technical side of security. I am 15 hours from completing an associate in Information Assurance and Security from Northwest Vista and would like to continue educating myself about Cyber. Thanks for your sharing Kathleen.

Leave a Reply

Your email address will not be published.