This interview was originally published on International Airport Review.
In this cyber security special, we asked Anastassia Lauterbach to interview Dario V Forte, Founder, and CEO at DFLabs.
With cyber security an ever-increasing worry for aviation industry professionals, here at International Airport Review, we envisage developments both in cyber threats and solutions to these challenges to ‘take off’ in 2017.
How did you come to found DF Labs? What was the “a-ha moment” for you?
Well, it happened in 2004. At that time I had just quit a role in government where I had been working in organized crime and cyber crime enforcement. At that time, incident response and cyber investigation were almost at the beginning of their curve towards widespread recognition, so I founded a team of five people, mostly involved in breach and forensic services and consulting.
Then in 2008, we moved into technology as we intercepted one of the main CISO issues: reducing the complexity of incident response, including the reaction time. At that time it was mostly an IR focused case management. Then we evolved rapidly into IR automation and orchestration, connecting people and machines into a supervised active intelligence context.
How did you find the experience of being a single founder? What are the pros and cons? What was the investor reaction? What would you advise other single founders in cyber security?
Being a single founder in Europe requires you to put in money for a lengthy period of time and you are alone in doing that. So I have spent most of my own money in the venture. On the other hand, I was certain it would turn out to be a success sooner or later. Both me and my team knew IR and IM could be a disruptive market and the company was going well and self funded. However, at some point I decided with my team that some smart capital could help us accelerate. Consequently, we considered a series of venture capital firms. We declined a some of them before eventually joining Evolution Equity, because of their experience in the market.
How did you find the fundraising? What did you do well? How did you educate investors without being patronizing?
When you are a sole founder (and owner) you have a completely different way of thinking and acting. You are business driven, product driven – customer driven. Your concept of organisation is totally different. With a Round A investor, the situation changes. I personally was lucky to have such a good counterpart. Some of my colleagues were not that lucky. I don’t myself feel patronised. Instead, I feel controlled and guided along the right path at this stage.
How would you define your market? Which major forces are shaping this particular market within cyber security? How long does it take to build expertise in this market? Do you see a lot of companies coming into this market? How has the market evolved over the last 10 years?
Cyber security is a growing market, where – my opinion – only 30% of the players are actually innovative and provide value (of course I hope we are in that 30%). Likewise, it is not easy to find smart money from investors, and that is further risky for entrepreneurs. For a European company, it is even more difficult as, until 3 years ago I would say, cyber was mostly US-centric.
“When you are a sole founder (and owner) you have a completely different way of thinking and acting…”
Now things are changing. As a European vendor, we are more interested in customers than before. There are a lot of companies coming into space, but not so many that are able to survive.
How relevant is your work and technology for the transportation industry in the broadest sense? For aviation in particular?
In aviation, timely response to incidents and proactive threat intelligence are fundamentals in order to reduce cyber risks. One thing is surely important: it is not possible to fully replicate security plans and technology from other sectors into avionics and airports. The architectures are absolutely different from the ordinary ones.
The level of interconnection is very high and the potential entry points are distributed – so are the necessary protection points as well. Cyber incident response in transportation requires expertise and cooperation between vendors and clients. There is no one-size-fits-all. Our technology platform has been created to orchestrate the response processes and machine action with a high grade of accuracy and flexibility, and with the help of machine learning and automation.
Do you see any legal and regulatory trends, which are already or might influence cyber security technology?
It depends on where the client works. In Europe, for example, GDPR is going to be one of the compliance drivers in the next 5 years. While it is a potential good factor, GDPR also could result in “yet another hype on cyber”, which could negatively impact on the effectiveness of the countermeasures. In our sector, given its complexity and the multiple market player, there will be a growing demand for orchestration and automation technology platforms, which will be adopted both at airport and airline level.
“Until 3 years ago I would say, cyber was mostly US-centric…”
What are the barriers to widespread adoption and implementation of technologies like yours?
Fundamentally two factors:
1. Lack of specialized personnel
2. Vendor marketing that is too optimistic
While the first is definitely an HR and CISO issue, the second is the vendor’s responsibility. Terms like Artificial Intelligence, machine learning and unattended fully automation are “charming” but potentially “harming” as they make clients believe that humans can be easily be replaced by machines and “out of the box” software. That is not the reality – not even in a perfect world.
How should corporate boards and governmental facilities view cyber security? Is it doable to address cyber security from the strategic, operational and governance perspective?
Boards are understanding that cyber is becoming one of their main responsibilities, so we will witness a growth with a top down emphasis, supported by compliance trends and actual data breaches. Nobody wants to be the next to suffer it.
Could you please disclose any case studies of this? How could you help your customers?
We recently took on board five important clients of worldwide importance. One of them, in particular, is an MSSP (Managed Security Service Provider). This is one of the most challenging environments for a technology like ours (DFLabs IncMan). First of all, MSSPs require data segregation between customers. That can be achieved only with a multi-tenancy (which we have). But this is not enough to win. The MSSP customer base is usually heterogeneous, so there is no case equal to another. We solved this problem with the use of Playbooks (Flexible Incident Workflow both “human to machine “ and “machine to machine”). With our Playbooks, clients of any type (including MSSPs) can automate their security operation with virtually no coding and, at the same time, can perform predictive analysis in order to predict attacks and incidents/breach which could happen in the near future. This set of features, which is under the DFLabs SAI Umbrella (Supervised Active Intelligence) is absolutely unique and can serve hundred of clients at the same time, with measurable KPI and actionable intelligence.
What is next for your company?
We have a product road map already decided for the next 24 months. In our project, there is a high usage of machine learning techniques. The next version of the platform is being announced at RSA Conference San Francisco and it is going to be a huge step ahead for the entire community. From our perspective, machine learning, AI, automation, can enable people to improve, not replace them. From a corporate standpoint, we have doubled our headcount in the past 6 months and want to triplicate by 2018.
Are there any advantages to building your company in Europe instead of the US? What’s your view on European technology hubs? Where is Europe very strong and what are gaps and challenges?
In this particular historic period, being European is of a great advantage in cyber. We are well received in many markets where both US and Israel are not equally well perceived. That happens both in EMEA and APAC. At the moment we speak, the majority of our client base is American. Being European, at this stage, can help both from a positioning and a capital expenditure standpoint. A million dollars invested in Europe has an ROI at least 25% higher than the same amount invested in US or Israel.
About Dario Forte, CEO, DFLABS Dario V Forte, Founder of DFLabs:
Dario Forte started his career in IR as a member of the Italian police, and in that role, he worked in the US with well-known government agencies such as NASA. He is one of the Co-Editors of the most relevant ISO Standard (SC 27) and, as CFE, CISM and CGEIT, he has an MBA from the University of Liverpool, plus Executive Education at Harvard Business School.