Our digital economy depends on secure data; effective cybersecurity is critical to the functioning of governments, finance, infrastructure, business, and individuals. Thomas Glocer has been helping to fend off cyber attacks for nearly two decades, as CEO of Thomson Reuters, a member of the Morgan Stanley board, and co-founder and executive chairman of the cyber defense firm BlueVoyant. He surveys the state of cyber defense.
State of Cybersecurity-Thomas Glocer, a 1984 graduate of Yale Law School, has been helping to fend off cyber attacks for nearly two decades. As the CEO of Thomson Reuters from 2001 through 2011, his firm’s trading platforms were a target that needed to be secured. His fascination with the multi-faceted demands of cybersecurity grew while chairing the committee responsible for technology on Morgan Stanley’s board of directors. Today, Glocer is the co-founder and executive chairman of the cyber defense firm BlueVoyant. In a conversation with Yale Insights, he discussed cybersecurity, and its limits, as well as a radically new model for privacy and protection of the data we all create as participants in today’s digital world.
Q: How did you get into cyber defense?
Cyber defense brings together issues that interest me—compelling technological challenges and a geopolitical overlay where foreign-state actors might want to compromise not only government and military systems but financial services, the power grid, etc.
When I ran Thomson Reuters from 2001 to 2011, we were subject to significant amounts of electronic probing, in part because of the electronic trading systems we operated in foreign currency and fixed income. As a result, I fell in with a group of, call it, concerned cyber warriors who were worried that the nation’s banking system wasn’t adequately protected.
Later, on the Morgan Stanley board, I chaired the operations and technology committee, which was responsible for oversight on cyber defense. I thought cyber defense would be a good area to start a new company. I launched BlueVoyant with Jim Rosenthal, who had been the COO at Morgan Stanley and directly responsible for cyber as well as all the rest of the tech work at Morgan Stanley. I’m BlueVoyant’s executive chairman, and Jim is the chief executive.
Q: What does the company do?
The company does three main things: threat intelligence, managed security, and proactive professional services.
Threat intelligence provides actionable early warnings about the bad things that are out there. That’s typically for larger companies that have a security operation that will know what to do with the information.
The managed security service is typically for companies that haven’t invested tens of millions of dollars to build their own cyber defense operation; they can hire us to provide it. We can build and monitor a security stack.
The third piece is cyber forensics and incident response services. Whatever happens, we can do something about it, either remediating remotely or sending in human beings.
Because of my background and Jim’s, we work a lot with financial services. But we have customers across pretty much every industry because, unfortunately, everybody is subject to hack or attack. I wouldn’t have thought Sony Pictures was at a big risk of cyberattack. But obviously they were and a very crippling one.