Compass Awards

Geer: Risk Management Should Change the Future

Information security pioneer Dan Geer reflects on the past, and looks toward the future of risk management

By Joan Goodchild, Senior Editor

March 25, 2009 — CSO —

"The dean of the security deep thinkers," "security luminary, " and "risk-management pioneer" are all phrases that have been used to describe Dan Geer. Considered one of the foremost leaders in information security, his resume includes time as president and chief scientist at Verdasys Inc, a critical role in Project Athena at MIT, and a now famous firing from @Stake for co-writing a paper warning that a Microsoft monoculture threatened national security.

These days Geer, a 2009 CSO Compass Award winner, is CISO with In-Q-Tel, a non-profit venture capital firm that invests in security technology in support of the intelligence community. Geer recently spoke with CSO and explained why, despite all he has accomplished in his past, his sights are still set toward the future of security.

Let's start be discussing some of the work you are doing now with In-Q-Tel. What is In-Q-Tel's mission?
The idea is we invest as a strategic investor as opposed to a financial investor in small firms whose products look like they would be of some real use to the intelligence community. For a financial investor, strategic would be: If I put money in, will I get more money out? For us, it is: If I put money in, will I get more product out? It is a different kettle of fish.

The entrepreneurs of the world remain the place where innovation tends to come from and quite often where there is innovation you might not otherwise ever hear of. Sure, there are big firms that do innovations. But on the other hand, in the technology sphere, lots of little companies don't make it for whatever reason, yet what they have thought of is well worth investment.

We do not keep companies alive for no other purpose than having them sell to the intelligence community. But we do say there are lots of little firms whose ability, for example, to cope with what it takes to sell to the government, is either limited or deferred to a later date when they might be bigger. And we do something about that.

If there is a return on the money we make, it just goes back in the pool. There are no stockholders in the traditional sense.

Is it easier to operate in this economy with that model? As a strategic investor as opposed to a financial investor?
I think it is. In as much as what we are looking for is not all that related to how the banks are doing. We don't throw money away. So if a company is just not going to make it because, for whatever reason, their market is going to be delayed three years and they won't be there by then, then of course we pay attention. It has to be a going concern and something that has a commercial future irrespective of the intelligence community. But what we try and do is make it possible for them to add to their product mix in a way they might not otherwise be able to do. So, I think this is actually a fabulous time to be doing this.