FBI’s Top Cyber Official Joins Startup Security Firm CrowdStrike
The FBI‘s former head of cybersecurity, Shawn Henry, announced on Wednesday that he is joining CrowdStrike, a “stealth-mode security startup” that protects corporate customers targeted by hackers and foreign intelligence services.
Henry will be President of CrowdStrike’s newly-formed services division, which will focus on assessing and responding to targeted threats to the intellectual property and trade secrets of major Western companies.
Henry, who retired from the FBI last month after 24 years of service, was executive assistant director of the agency’s criminal, cyber, response, and service branch since September 2010. Prior to that, he served as assistant director in charge of the FBI’s Washington field office.
He drew attention last month when he said the U.S. is “not winning” the battle against foreign cybercriminals.
Henry said his move into the private sector would allow him to continue his fight against cybercrime without many of the legal, jurisdictional and bureaucratic constraints seen in government agencies.
“I’m excited to move to the next phase of my life with CrowdStrike. Not due to animosity toward any government agency and not because I don’t have the will to fight any longer. On the contrary, this fight is my passion,” wrote Henry, 50, in a blog posting on the CrowdStrike’s website.
“I have always said the private sector needs to be a bigger part of the solution, and with CrowdStrike I’ll have more flexibility and opportunity to make a difference from this side of the fence.”
During his time as the FBI’s top cybersecurity official, Henry saw firsthand how often private sector networks were under attack, he said.
Henry said he made the decision to join CrowdStrike after seeing first hand while at the FBI how often private sector networks are under attack, and the lack of protection of those assets.
The federal government protects military and government networks, but there is no one — except CrowdStrike and its rivals — assigned with protecting the private sector dot-com domain, he said.
Indeed, many western companies are not even aware their networks have been breached, he said.
“You can only build the wall so high. The reality of it is that the adversaries that we’re seeing now are jumping over the wall … so the alarms are not going off,” he said.
“Every single private sector entity that has any intellectual property, any (research and development), that has any type of business” is either currently being probed, or soon will be, by people who should not have access to that data, he told The Washington Post.
“That’s absolutely happening.”
“The successful thieves of today are running rampant through your computer networks, unfettered, every single day. They watch what you do, and they know what you know. Your “secrets” are not,” he wrote in his blog posting.
“If all they do is steal your most sensitive information, consider yourself lucky. We used to say a burglar who came into your home while you were there was one step away from being a murderer; likewise, today’s cyber thieves are just one step away from being saboteurs.”
“Their presence on and access within your networks often means they’ve got total control…the ability to alter, delete, or even destroy your data and your communications network.”
Henry said CrowdStrike would use intelligence and technology, including new tactics and different methods to classify and store data, to give customers “a sense of trust when they are at their most vulnerable, and to instill in them the confidence that their most sensitive information will be protected to the fullest extent possible.”
CrowdStrike was founded by in February by George Kurtz, former worldwide chief technology offer of security software maker McAfee, and Dmitri Alperovitch, former vice president of threat research at McAfee. The Irvine, CA-based company received its initial funding from private equity firm Warburg Pincus.