Categories
Articles

CTO 2.0: Maiffret Rejoins BeyondTrust

Digital Strategist Chris Hood
Get daily Dark Reading top stories every morning straight into your inbox
Follow us @darkreading to stay up-to-date with the latest news & insider information about events & more
Get daily Dark Reading top stories every morning straight into your inbox
Follow us @darkreading to stay up-to-date with the latest news & insider information about events & more
Get daily Dark Reading top stories every morning straight into your inbox
Follow us @darkreading to stay up-to-date with the latest news & insider information about events & more
One of the security industry’s pioneers recently celebrated a homecoming of sorts: Marc Maiffret last month returned to his post as chief technology officer (CTO) at privileged access management vendor BeyondTrust after a six-year hiatus from the limelight of the security industry.
Maiffret, whose vulnerability management startup eEye Digital Security was acquired by BeyondTrust in 2012, left BeyondTrust three years later to take a break, do some backpacking, and figure out his next move. He was soon also caring for both of his parents, who had been diagnosed with dementia. 
After a brief stint as CISO at SpaceX, he has mostly kept a low profile in the industry, working as a security consultant embedded in the security operations teams at some large organizations in healthcare, finance, and space.
Maiffret had a rather abrupt start to his security career. In 1998 at the age of 17, he infamously got a literal wakeup call for his hacking activities when he awoke to find an FBI agent holding a gun to his head. He was never charged or arrested for anything, but agents confiscated his computer equipment. The then-teen hacker known as “Chameleon” in the Rhino9 hacker group says he and his hacking cohorts mostly just built tools and wrote papers about their work — activities that were fairly typical at the time for a generation of burgeoning white-hat hackers.
Just a few weeks after his encounter with the FBI, Maiffret teamed up with Firas Bushnaq to found eEye Digital Security, whose flagship product Retina Network Scanner was based on tools Maiffret had written in his teen hacker days. In 2001, Maiffret and fellow researchers at  eEye discovered the first major Microsoft Windows worm, Code Red, which they named after the cherry-flavored Mountain Dew soft drink they pounded all night as they picked apart the game-changing worm.

Clear-Eyed
His shift from security vendor to the enterprise perspective was — no pun intended — eye-opening. “The last few years have been both rewarding and a lot of learning,” he says. “It’s easy when you’ve been on the product side building security and technology … to become a little detached from what customers are really facing and what their challenges really are.”
Many of his enterprise clients were experiencing a common problem with their security postures: “What was impressed upon me was the lack of security [technology] tailored to a business and an organization,” he says. “That impressed a lot upon me how like a vendor we can definitely do what we can with our solutions to be smarter in how we tailor them to the companies. … It’s more than one-size-fits-all.”
Maiffret expects to be the “glue” between engineering and product management at BeyondTrust, he explains. One of his priorities will be ensuring the vendor’s platform works well with other security technologies. Many security products just don’t work well together today, he says.
“I think it’s important for security companies to have empathy more than anything else, and to me that is earned through action. The last few years embedding with various security teams was that and more for me, and I’m excited to put that into what I do next at BeyondTrust,” he says. “Maybe a bit less brash than I was when I started down this path 23 years ago, but still happy to fight for the things that matter and call ‘bullshit’ when needed.”
In the meantime, Maiffret’s already diving back into his roots: security research. “You can’t take the nerd out of me,” he says. “It’s core to my being.” 
Copyright © 2021 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.

source

Leave a Reply

Your email address will not be published. Required fields are marked *