In The Boardroom™ Let's Talk™ Press Room About Us Research Reports Contact Us
In the Boardroom™
AT&T Cybersecurity


In The Boardroom™ With...

Roger Thornton
VP of Products & Technology
AT&T Cybersecurity Thank you for joining us today, Roger. Before discussing your May 16 Keynote at Cyber Investing Summit in greater detail, please give us a brief overview of your background.

Roger Thornton: I had the incredibly good fortune to grow up in the Silicon Valley and then went on to spend 20 years there in a variety of professional roles ranging from software engineer and product manager to founder and CTO. That’s where I fell in love with the whole world of venture and startups. After a decade at some of the leading Silicon Valley companies, including Cypress Semiconductor, Apple Computer and Sun Microsystems, I eventually co-founded Fortify Software in 2002 with a good friend, Ted Schlein at Kleiner, Perkins, Caufield and Byers. Fortify was not my first adventure into Cybersecurity. I had previously been part of the startup team at Good Technologies (acquired by Motorola) and was an early investor in EnCommerce (acquired by Entrust). Fortify was acquired by HP in 2010 and was quite predominant in the high end of the security market - most large banks around the world utilized Fortify as did much of the DoD community.  After the Fortify and HP Enterprise security experience, I truly wanted to focus my efforts on the broader market - the majority of companies that simply don’t have the same resources that a large bank or DoD agency has at its disposal.  We founded AlienVault to help organizations of all shapes and sizes achieve world-class security without the headaches and expense of traditional solutions. AT&T completed its acquisition of AlienVault in August 2018, accelerating its own vision for giving organizations of all sizes access to more effective, simple and affordable cybersecurity solutions. Today I am the VP of Products and Technology at AT&T Cybersecurity. I have the incredible honor and privilege to work with some of the world’s most talented security experts and product professionals focusing on making AT&T’s extensive cybersecurity capabilities and technologies accessible to businesses of all sizes around the globe. We’ve all seen the headlines regarding the recent Citrix 2FA breach,  Equifax,  Marriott,  MyHeritage, and Uber  which have affected billions of users and the wake-up calls keep coming about cyber “insecurity”.  Can we get a sneak peak, Roger, at the topics you’ll be discussing at Cyber Investing Summit?

Roger Thornton: At AT&T our mission is “To connect people with their world everywhere they live and work, and do it better than anyone else”. We have been doing this for more than 140 years since the invention of the telephone. The company has been involved in cyber security for nearly as long - and long before the term cyber security was coined. I am going to share some of the unique insights on the marketplace that are gained from the vantage point running products and technology for our cyber security business unit.  The talk will be a bit contrarian to the typical security message. Instead of showcasing the latest breach and trying to scare the audience into action, as is so common, I prefer to focus on what is working. How are the leaders dealing with the threats and surviving in today’s hostile environment? What can we learn from them and how do others follow in their path? We will explore how this impacts the market for new startup ventures and where the investor can look for opportunities. Congratulations on the formation of AT&T Cybersecurity ( . Want to discuss the unique value proposition that AT&T Cybersecurity delivers to your customers? 

Roger Thornton: Digital transformation - the movement of critical computing from the data-center to the cloud -  is driving rapid changes in business models and network architectures. It also drives changes in how cybercriminals operate, making it easier for them to harvest data and launch automated attacks at scale. The mismatch between changes in cybercrime sophistication and the relative stagnation in cybersecurity approaches is apparent as organizations continue to suffer data breaches. According to a survey presented in AT&T Cybersecurity Insights, 88% of respondents had reported at least one type of security incident or breach in the last year.

The root cause? Dispersed networks, an explosion of data, disparate technologies, complex security operations present cybercriminals with gaps or “seams” in organizations’ security postures. Fighting cybercrime requires a coordinated and collaborative approach orchestrating best-of-breed people, process and technology.

AT&T started down this path years ago by building a best-of-breed Cybersecurity Consulting practice and Managed Security Services business serving customers of all sizes, across industries, and around the world. Combined with its network visibility across the threat landscape, AT&T has been well-positioned to take a unique role in cybersecurity.

With the acquisition of AlienVault, AT&T Cybersecurity will continue to deliver on our joint vision to address these “seams” and uniquely bring together people, process, and technology through a “software defined” unified security management platform. A platform that integrates, automates and orchestrates a wide spectrum of best-of-breed point security products.

By abstracting much of the management of individual security products, we are automating deployment and ongoing operations, and operating them as a single unified solution - much in the same way AlienVault had done with the critical capabilities required for threat detection and response.  This platform will use the technical capabilities and reach of AT&T’s Edge-to-Edge intelligence in order to deliver solutions as on-demand digital services optimized to help protect customers through their own digital transformation journey.

We will accomplish this through collaboration with AT&T’s industry-leading Chief Security Organization, our impressive list of industry partners and through the integration and automation of AT&T Alien Labs threat intelligence.  The combination of Open Threat Exchange now curated by Alien Labs and AT&T’s incredible breadth and depth of threat intelligence will create one of the world’s leading threat intelligence platforms!

AT&T Cybersecurity is uniquely positioned to provide security without the seams  through people, process and technology, which will provide unrivaled visibility for our customers! Today’s threat landscape is persistent and complex. Your thoughts about “best practices” that should be followed in this environment?

Roger Thornton: I can never talk about best practices without mentioning and stressing the “basics”. Our industry loves to talk about the edge cases, advanced threats, and the latest innovations. I understand why, all that stuff is really cool and when a company has an incident or a breach, it sounds much better to attribute the action to an “advanced threat actor”. But the fact remains that no rational adversary is ever going to invest more than they have to in order to gain what they came looking for and most have a good understanding of how much money they will be able to make if they are able to breach your systems.  The basics really do matter, they are your best opportunity to upset this balance and make the threat actor spend more than they want. Once the basics are in place, the critical challenge is to maintain your security posture without spending a fortune in the process. We are not at a loss for security solutions today, the challenge is making them work effectively, efficiently and making them all work together. Given the myriad of solutions available in the market today, an ability to select the right solutions and make them work is the real key to success.  May we ask you, Roger…what does your crystal ball reveal regarding cybersecurity headlines in the coming year?  

Roger Thornton:  Sadly, it is a very good bet that we will continue to see some of the same headlines that we have in the past. I do think that it is a good bet that there will be headlines associated with the EU’s GDPR and similar privacy legislation here in the US like California’s CCPA. This will create yet another wave of opportunity for innovative new startups to help end customers navigate these new regulatory requirements.  Thanks again for joining us today, Roger.  Any other subjects you’d like to discuss?

Roger Thornton:  I would just like to thank you and your team for all the great work involved in making the summit the great success that has grown into and for the opportunity to share thoughts and insights with you here today. I look forward to seeing everyone in New York on May 16th.