Former Seal Team 6 member and current Chief Security Officer of OnyxCTS, Marcus A. Capone, joined Episode #77 of Task Force 7 Radio to talk about the convergence of logical and physical security, the obstacles to organizational change, and the consequences of not having end-to-end optics when it comes to protecting your organization's assets.
He joined Host George Rettas, president and CEO of Task Force 7 Radio and Task Force 7 Technologies, and Co-hosts Tom Pageler Chief Security Officer of BitGo, Inc. and Andy Bonillo, VP & CISO of Ciena, on Monday night.
Capone also shared his experiences as a Seal Team 6 Operator, what it takes to be successful both in the military and in business, and if the leadership skills exhibited in military service easily transfer to the private sector when veterans make a transition to senior executive positions. Finally, he described how Seal Team 6 members train for cyber security events, how important cyber hygiene is, and how accountability and support play into the team concept.
Capone admitted he entered the Navy thinking it was just like what you see on TV (via G.I. Jane). He turned down all the officer programs and just enlisted because he wanted to be a Navy Seal.
While he does not like to talk about his past life, Capone is now in the private sector and has to “open up a little bit.” He did several deployments with Seal Team 10 to Afghanistan, and then eventually proved himself enough to be selected for Team 6. He noted that while most candidates there are in top physical shape, they are also judged on how well they can react to pressure.
Capone explained that you are ranked every day. “If you have a bad day, you may look at the board and find yourself at the bottom, but you have to walk past the other guys with you head held high and show why you belong there.” They hold each other accountable he explained saying that “I try to take that and transfer it over to the private sector.”
Rettas asked about how these skills transfer over to the business sector.
“Most of the humblest guys I worked with were the best guys,” said Capone. The ones “constantly yelling and beating their chest,” weren’t there six months later. “We are humble guys,” he said, “Do the best you can to figure out who wants to be there.”
Integrating Physical Security With Cyber Security
The security community as a whole should ask, “Have we evolved to meet the current threat?” Capone also explained that he thinks we’re a little behind. With the current threat landscape – physical and cyber security businesses and organizations and their structures, have stayed the same.
We should ask “How do we integrate better to protect corporations, people, assets, etc.?” Private security professionals should sharpen their skills everyday. With a different adversary in mind, corporate security is functioning at the highest possible level if you bring “guns, guards, dogs, access control, cameras … along with that cyber piece,” according to Capone. “Once you bring those two together, then you have an elite force.”
On the battlefield, the adversary does not play by the rules and our hands are tied – “we have to play by the rules,” he said. “The adversary never sleeps, evolves as fast or faster as our defenses. We’re always playing catch up.” The best teams with a good defense are proactive — trying to get ahead of that curve.
In all lessons learned in the military – not all translate. But “I’ve never met a single commander, CEO, or investor that said ‘you know what, we have enough information.’ Or, ‘We don’t need any more information because that’s not going to help,’” explained Capone. And that’s the same whether in the boardroom or battlefield.
See Related: “IFSEC Global Influencer Talks All Things Cyber Security”
Rettas talked about how transforming change in law enforcement tends to be the most challenging. As some corporate security folks are made up of that field, he wondered how to deal with those who have a hard time with change.
Pageler added that one thing Capone talked about early on is when he went into the Navy; he had all these officer opportunities, but wanted to be an operator. “Some people are almost too educated, too inside the box and they just can’t see it.”
There are tactical and strategic thinking and you need both to be an agile group. Capone said, “If you talk to my operators right now (friends, former colleagues, and teammates) those guys are going to more computer classes now than ever vs. pulling a trigger.”
Bonillo agreed that it’s “good that those making the transition are educating themselves.”
“In order to be relevant, they have to learn technology,” said Capone.
Rettas next asked about Capone’s military experiences that spill into the business world. “Cyber hygiene is important, basics are important,” Capone said.
Bonillo added critical thinking and managing people and resources in a stressful time as underappreciated skills.
“Most guys come out of high stress life or death situations and transition into private sector,” according to Rettas. Not everything translates from the military world to the business world. But for the most part, they come out and they don’t get flustered as easily. They can say, “You’ve got a cyber problem? Ok, let us sit down and figure it out. You receive far more than just physical training. Tell us more about that.”
Capone said that “We are definitely arguably one of the best at blowing things up and being physical, being high speed, etc. But we’re training for a lot of different positions now.” Cyber is a buzzword right now – the world has come to that. “We walk around with a device in our pocket that does literally everything. If you’re not an expert on everything that thing in your pocket does, and know how to use it to your advantage, you will be at a disadvantage,” said Capone, adding that the adversary will use that against you.
See Related: “When Politics And Cyber Security Collide”
“Everyone is going to have a bad day in cyber – it’s how you react to that, how prepared you are, will define you as cyber security professional,” added Rettas. He then asked about training, “How much attention do you think the private sector is paying attention to the training aspect?”
“In my military career all we did is train,” said Capone. “We’re constantly training and if you’re not training you’re not getting better.” He said that you don’t see that type of investment in people in the private sector. So he advises, “You have to invest in yourself.”
Enterprise Security And Leadership
Capone explained that there are a lot of high profile missions you read about, but there’s a day to day grind that no one hears about. Operational tempo is constant. Enterprise security products are expensive. They may be really great, but they also may be out of reach for most organizations. However, they need to protect the exact same things.
Capone is seeing a trend where big companies say, how do we protect our senior leaders and their families outside of the office? They have it covered in the office with multi-million dollar products, but as soon as executives go home with their laptops and log into their Wi-Fi, that coverage ends. Capone said that adversaries will ask “Why would I attack you in Fort Knox when I can attack your little hub at home?”
So, Capone aims to offer an enterprise product, priced to where it’s affordable for an underserved community (individuals and small businesses).
Rettas closed by asking what qualities do leaders share?
[inlinead-1]
- Leaders are very humble in the fact that they don’t believe they have all the answers.
- They come down to our level and ask what should we do here? “I think strategically, you think tactical and help me make a decision.”
- They listen to their advisors.
- They know what they know and don’t know.
- They check their ego.
- Leaders just care.
“At the end of the day people have their skillsets – you know what you can do well and you gravitate to others that have the skills you’re lacking,” closed Capone.
See Related: "Taking On The Leading Role In Cyber Security"
The ‘Task Force 7 Radio’ recap is a weekly feature on Cyber Security Hub.
To listen to this and past episodes, click here.