Interview: Kevin Simzer On Lessons Learned From A Cybersecurity Giant, How Startups Can Break Into The Cyber Space, And Remembering Who The Adversary Is
Kevin Simzer of Trend Micro shares his top tips on how startups can break into the cybersecurity scene and the importance of security companies working together, rather than competing against one another, in the fight against cybercrime.
The cybersecurity industry is hugely crowded, with over 3,500 security providers registered in the U.S. alone. While this means that there’s likely to be a vendor offering a solution to whatever problem a company may be having, it also means that it can be difficult for businesses to find that solution amid a sea of noise. At the same time, it makes it challenging for startups to break into the industry and puts pressure on established players to innovate to ensure they remain relevant.
With so much competition in the cyber space, it’s important for security providers to remember who the real adversary is.
“The competition actually isn’t another cybersecurity company,” says Kevin Simzer, Chief Operating Officer at Trend Micro. “The competition is the hacker.”
Kevin has over 25 years of experience in the infosec space; prior to his current role, he worked as Trend Micro’s EVP of Sales and Marketing, responsible for corporate development, strategy, and product positioning. Today, Kevin leads Trend Micro’s sales, marketing, and business development teams.
In an exclusive interview with Expert Insights at RSAC 2023, Kevin discusses the lessons learned that have enabled Trend Micro’s success and growth over the last 35 years, how startups can break into the cybersecurity scene, and the importance of security companies working together, rather than competing with one another, in the fight against cybercrime.
You can listen to our full conversation with Kevin on the Expert Insights Podcast.
Lessons Learned From A Cybersecurity Giant
The cybersecurity industry is constantly evolving, with new technologies taking the place of old ones and new attack methods being developed to try to evade those technologies. In order to stay relevant, security providers have to innovate, ensuring that their products evolve and improve to solve the challenges businesses are currently facing—not just those that they’ve faced historically. The best way of doing this, says Kevin, is by predicting which big changes are going to happen next and pivoting to provide services that help consumers deal with those changes.
“[Trend Micro is] run and led by an incredible woman. Her name is Eva Chen, and Eva has almost a ‘crystal ball’ in security. She thinks of things in terms of the infrastructure changes that are going on, and that’s an opportunity for companies to embrace new technology, but it’s also an opportunity for the threat actors. And we’ve kind of made a 35-year successful business out of following these infrastructure changes, and making sure that we are helping our customers to prepare for them and think about security with that new paradigm in mind.”
“I’ll give you an example,” Kevin adds. “In 2009, we started investing in cloud security, believe it or not, so cloud was just getting going; this thing called AWS was kind of this hot startup in Seattle and inside of Amazon. And we started spending time with them, because we could already see how customers are going to be moving applications from their physical data centre to the public cloud. That’s a wonderful opportunity for them, but also the threat actors. So, we started working with them early on, in order to figure out what how could we protect the workloads that are moved to the cloud.”
“It’s really that notion of predicting the infrastructure changes that matter, and trying to get out in front of them, that has really helped to drive our success.”
How Startups Can Break Into The Industry
There are currently thousands of security products on the market, which can make it difficult for businesses to choose which products to invest in. But the crowded market doesn’t just impact consumers; it also makes it hugely challenging for cybersecurity startups to enter the industry.
The main issue that startups are facing, says Kevin, is that they tend to focus on providing a ‘feature’; a product that does one thing really well. And in the current landscape—due to factors such as talent shortage and economic downturn—organizations are looking to consolidate their security tools and vendors, so that they’re easier to manage and maintain, and require fewer resources to do so.
“We’re seeing this massive consolidation of vendors happening. Most of our enterprises, our small and medium businesses […] want a single console, they want everything to be delivered, they want one throat to choke in the event that anything goes wrong, you know, all of those things. They really just want to actually have something that’s simpler and ultimately more effective. And we’ve seen that time and time again.”
But this doesn’t mean that startups should give up, says Kevin, because they are providing services that organizations can benefit from. Instead, they should embrace the theme of consolidation and unification.
“Partner with a larger platform provider, because that’s going to be your ramp to customers as they quickly consolidate down to fewer vendors.”
Remembering Who The Adversary Is
Security companies working together against a common adversary, rather than competing against each other, is critical.
At Trend Micro, “[we] always think that the competition actually isn’t another cybersecurity company,” says Kevin. “We think of the competition as a threat actor, and what they’re thinking about whenever they’re in the shower in the morning getting ready for work.”
Across the industry, we’re seeing this mindset manifest through strategic partnerships and better product integrations, but it can also come in the form of security vendors sharing research and intelligence with one another—something that Trend Micro strongly advocates for.
“Ultimately, with cybersecurity, it is about having as much data—as much knowledge—as possible, and we gather that data in several different ways. First, you have to accumulate it. And we accumulate it […] from our products running in 500,000 commercial customers. We absolutely learn a lot because we have probably the most geographically dispersed customer base on the planet. Around 25% of our business comes from the Americas, around 25% from Europe, 25% from the Middle East and Southeast Asia, and 5% from Japan. So, we have a very good cross section right across the world of where threat actors are going and what they’re doing.”
“The second way is by doing research. [We have] 8,000 Trenders, we have several thousand people in engineering, we have hundreds of people in research, and all they do is think about the threat actors. They hang out on the dark web, they spend time thinking about what threats are going to look like in five- or 10-years’ time, and they start doing research. And we publish those reports; we share a lot of that.”
“[we’re] the largest finder of zero-day vulnerabilities. These are these vulnerabilities that exist in shipped commercial products from all kinds of different companies. So, we run a conference called the Zero Day Initiative conference, […] where we harness the energy of 3,000 researchers outside of Trend Micro, and we pay them to actually find vulnerabilities and develop an exploit for it. And if it’s a meaningful one, they will actually make a sizable amount of money. So, we help researchers out, we get some good learning, and we work with [the company that makes the product with the vulnerability] in order to properly get that problem patched and fixed. And in the meantime, we make sure that our products are protecting customers against the vulnerability.”
“So, it’s about learning from our customer base. It’s about investing in research. It’s about making that research available. The competition is the hacker, so how can we collectively try to stop the bad guys? That’s what we’re up to.”
Listen On Spotify:
Listen On Apple Podcasts
About Expert Insights
Expert Insights provides leading research, reviews, and interviews to help organizations make the right IT purchasing decisions. You can find all of our podcasts here.