(Norm Laudermilch)

Norm Laudermilch

Position: Chief operating officer, Invincea, a Fairfax company that uses secure virtual containers to protect against advanced cybersecurity threats.

Norm Laudermilch has been at the forefront of IT security for 25 years. Before joining Invincea as the company’s first chief operating officer, he was the COO for Terremark Federal Group (part of Verizon). He has also been the chief technology officer for mobile security provider Trust Digital and a vice president at VeriSign and Symantec.

What led you to this field?

I was always interested in computers and technology. In my mind, I wanted to do something in the area of business process improvements, making the way our businesses operate these days more efficient. I always thought I was going to go change the world with innovative programming. In a way, I ended up doing that but in a field that was not something that I had anticipated in college, and that was information security.

You went to work in the intelligence community right out of college. What was that like?

People talk about having that aha moment when you’re solving a critical problem. In those days, we were having aha moments every day about how to make our IT infrastructures more secure. It was really applying technologies that we’d been using for a long time but in a completely new way. It was a very exciting time.

After working in the intelligence community for seven years, you joined the private sector. Was it very different from the work you had been doing?

It was remarkably similar, [using] the same technologies that we were deploying for the government to protect our country from threats to our national security. It was just a shift to protecting companies, helping companies protect their intellectual property and their brand. It was really the same application of technology just in a different space.

What led you to Invincea?

I was watching them very closely for the past year or so, and at the same time, the incredible growth that Invincea is facing and the increasing demand for their products really was leading them to look for a strong operator. At the time I was looking at them, they were also looking at me, and it was like the perfect marriage. I knew that this was the problem I wanted to go solve, endpoint security. I didn’t jump right in with Invincea without looking around. I did survey the market, look at what other approaches to solving the problem were out there. It was incredibly clear to me that Invincea had a far superior approach already to solving the problem, one that also that had a huge user community as well. Invincea has over 1 million protected users already so that really speaks to the effectiveness of the technology. So for me, it was a way to go positively effect a larger number of people right away.

You say endpoint security is the biggest security challenge. Why is that?

That’s where the users are. And users are easy to trick into clicking on a new URL in an e-mail or opening an attachment that might look like something they’re interested in. The advanced threats that we face today — things like spear phishing, watering hole attacks, these kinds of things — will not be stopped by antivirus software. The vast majority of our end-user population — and by the way this is the largest number of devices on the Internet — are very, very vulnerable because humans can be tricked easily. Invincea solved that problem by wrapping all of the things the user does in a container that if exploited would not allow access to the rest of the computer.

You could see how attractive this was to me. This is a huge problem that needs to be solved. Nobody is solving it right now. The big antivirus companies have already admitted that the signature-based approach to detecting malware is not working. So here we are at Invincea solving that problem.

The bad guys always seem to be inventing new ways to harm computers. How do you stay on top?

Security up until now has been a leapfrog industry where we come out with products that protect against certain types of attacks and then the attackers just come out with new attacks. And our vision at Invincea is to leapfrog once and for all so that we develop a set of endpoint security solutions so that the attackers, no matter what they’re next move is, we’ve already made the last leapfrog.

You said that the big mistake that a lot of software start-ups make is that they don’t build software that is enterprise ready. What do you mean by that?

A lot of new security products are interesting as point solutions, but when you hand them over to a security or systems administrator that works for a Fortune 50 company, you find that they don’t deploy well, or aren’t easy to manage, or don’t work in large communities of users. That’s been a focus of ours all along. We know that endpoint security is a global problem. It’s a large corporate problem. It’s an entire Internet problem. Everything that we’ve done is designed with scalability and efficiency in mind as well as security.

What’s the best advice you’ve been given in your career?

It’s an Albert Einstein quote that I’ve had on my desk for probably 25 years. It says, “In the middle of difficulty, lies opportunity.” My mom gave it to me when I graduated from college. I think it means to me to not run away from hard problems. And you can tell from the story of my career, it’s definitely been something I’ve taken to heart. I thrive on the hard problems and I think that when you solve those hard problems is when the greatest amount of opportunity arises.

— Interview with Kathy Orton