Matilda Bailey is a Networking specialist dedicated to exploring the latest technologies and trends in cellular, wireless, and next-gen solutions. Today, we delve into her journey, insights on starting SCYTHE, and her passion for industrial control systems within cybersecurity.
Can you introduce yourself and your role at SCYTHE?
I am Matilda Bailey, a Networking specialist focused on cellular, wireless, and next-gen solutions. At SCYTHE, I lead our efforts in developing advanced cybersecurity platforms that address current and emerging threats in the industry.
What inspired you to start SCYTHE?
The inspiration for SCYTHE came from my experience with Target. Their breach in 2013 reshaped the cybersecurity landscape. When they approached us in 2016, I saw an opportunity to create a scalable platform that could replicate any potential threat, thus enhancing cybersecurity measures comprehensively.
Can you explain what SCYTHE does and how it benefits the cybersecurity industry?
SCYTHE is an offensive security platform that simulates real-world threats to help organizations defend against them. By allowing the creation and testing of custom threat scenarios, SCYTHE helps businesses understand and strengthen their security posture in a controlled, repeatable manner, which is essential for robust cybersecurity.
How did your experience with Target lead to the creation of SCYTHE?
The breach at Target highlighted the need for a proactive approach to cybersecurity. It showed that organizations required a way to test and improve their defenses continuously. Target’s request for a custom implant was the catalyst for SCYTHE, enabling us to develop a platform that offers ongoing threat simulation and security optimization.
What is the significance of SCYTHE’s platform for scaling threat behavior?
The SCYTHE platform allows for scalable threat simulations, meaning organizations can tailor the scenarios to their specific environments and needs. This flexibility is crucial as it provides a realistic assessment of their defenses and helps identify and mitigate potential vulnerabilities effectively.
How does SCYTHE help organizations manage their cybersecurity efforts?
SCYTHE offers organizations an interactive environment to test their security measures against simulated attacks. This proactive approach helps teams identify weaknesses, train their responses, and implement targeted improvements, ensuring a strengthened overall cybersecurity strategy.
Can you tell us about your journey as an entrepreneur before founding SCYTHE?
Before SCYTHE, I founded GRIMM, an offensive cybersecurity consultancy. My journey in entrepreneurship taught me the value of agility and pivoting. Transitioning from government to commercial projects was a significant step that broadened my perspective and was instrumental in identifying opportunities like SCYTHE.
How did transitioning from government work to commercial projects impact your business approach?
Transitioning from government to commercial work expanded my understanding of the broader market needs and dynamics. It taught me the importance of scalability, client-orientation, and flexibility, which were critical in developing solutions that cater to both public and private sectors effectively.
What were some challenges you faced when starting GRIMM and how did you overcome them?
One of the challenges was adapting to the commercial landscape from a government background. Overcoming this involved expanding my network, seeking mentorship, and being open to learning new aspects of commercial software sales and development. This adaptability was crucial for founding SCYTHE later on.
Why was it important for you to maintain the intellectual property of the SCYTHE platform while developing it with Target?
Retaining the intellectual property allowed me to ensure the continuous development and improvement of SCYTHE. It also provided the flexibility to pivot the platform’s direction based on broader market needs, making it more valuable and relevant beyond its initial scope with Target.
How did you navigate learning commercial software sales and development while starting SCYTHE?
Navigating commercial software sales involved extensive networking and mentorship. I reached out to experts like Ron Gula and Dmitri Alperovitch, whose guidance helped bridge the gap between my technical knowledge and commercial requirements, ensuring SCYTHE’s successful launch.
What is the importance of understanding the Total Addressable Market (TAM) for an entrepreneurial venture?
Understanding TAM is crucial for identifying the potential market size and demand for your product. It helps in developing a strategic plan for market entry, positioning, and growth. Without this knowledge, there’s a risk of targeting too niche or too broad an audience, leading to potential business failure.
Can you explain the concept of purple teaming and why SCYTHE supports it?
Purple teaming combines the insights and strengths of both red (offensive) and blue (defensive) teams to enhance overall security. SCYTHE supports this by providing a platform where both teams can collaborate, share findings, and improve defenses based on realistic threat simulations, ensuring a more effective and cohesive security strategy.
What qualities do you think are essential for an entrepreneur to succeed?
Key qualities for entrepreneurial success include risk tolerance, adaptability, and resilience. It’s crucial to withstand uncertainty, learn from failures, and continually pivot and align with market needs. The ability to lead and inspire a team toward a shared vision is also fundamental.
How did your interest in technology and cybersecurity begin?
My interest started with a natural curiosity for technology. From experimenting with MS-DOS to programming games on a calculator, I was drawn to deciphering and controlling technological systems. Over time, this passion translated into a desire to protect these systems, leading me to a career in cybersecurity.
Can you share some of your early experiences in cybersecurity during your time at West Point and in the Army?
At West Point and later in the Army, cybersecurity was hands-on and reactive. We dealt with viruses and system patches, which taught me the fundamentals of protecting critical systems. These experiences underscored the importance of proactive, rather than reactive, cybersecurity measures—a principle that guides my work at SCYTHE.
Why do you have a strong passion for cybersecurity and protecting regular people’s lives?
Cybersecurity impacts everyone’s daily life, from financial transactions to personal data. My passion lies in ensuring that regular people can safely navigate their digital lives without falling victim to cyber threats. It’s about providing a secure environment where technology benefits rather than harms society.
What motivated you to focus on industrial control systems (ICS)?
ICS are foundational to our critical infrastructure. A failure here can have catastrophic consequences, from disrupting utilities to endangering public safety. The high stakes and the vital role of ICS in everyday life motivated me to focus on securing these systems to prevent significant harm.
Can you explain what ICS Village is and why you co-founded it?
ICS Village is a non-profit aimed at promoting awareness and education about critical infrastructure security. Co-founding it with Tom VanNorman was driven by the need to bridge the knowledge gap and foster a community focused on protecting crucial industrial systems from cyber threats.
How has the focus on industrial control systems in cybersecurity changed in the last five years?
The focus has intensified due to high-profile incidents like Oldsmar and Colonial Pipeline. These events highlighted the vulnerabilities within our critical infrastructure and the dire consequences of cyber attacks, leading to increased awareness, investment, and collaborative efforts to secure ICS.
Why do incidents like Oldsmar and Colonial Pipeline highlight the importance of ICS security?
These incidents demonstrated how cyber attacks on ICS can directly impact public safety and daily life. They underscored the need for robust security measures and proactive defense strategies to prevent potentially life-threatening disruptions in essential services.
How does building a community that embraces cybersecurity beyond the industry contribute to overall security?
A community-centric approach ensures that cybersecurity practices and awareness extend beyond industry professionals to the general public. This collective effort enhances overall resilience, as informed and vigilant individuals can contribute to identifying and mitigating threats in their environments.
What advice would you give to someone interested in starting their own business in cybersecurity?
Stay adaptable and be willing to pivot based on market demands. Build a strong network to fill gaps in your knowledge and seek mentorship. Focus on understanding your target market and developing solutions that address real-world security challenges. Above all, be resilient and ready to learn from failures along the way.
