As the CEO and Founder of Centripetal, Steven Rogers is a pioneer of intelligence based cyber defense. We sat down with Steven to find out more about his career in security, his role as CEO, and how he sees Centripetal growing in the future.
How did your career lead you to founding Centripetal?
My background is in security; I worked on secure communications systems for the Air Force and security for things like the defense messaging system, which ran most of the US DoD. This was in the days before the Internet, but there were computer networks in use at that time that were the precursor for the Internet.
Then later in my career I worked on communications and networking issues. For instance, I founded a company that built high performance routers. With this background in both networking and security, I felt that the need for intelligence in the Internet, particularly after the rise of the first generation Internet, was most prevalent. From this I decided that individual organizations should have granular, intelligent control over what traffic enters and leaves the network. At the time, this was a very unique way of approaching the problem.
What was your motivation in founding Centripetal?
When the Internet came along, it brought with it the wonderful feature of allowing us to connect with anyone in the world, at any time. However, it also allows anyone to infiltrate a network and steal data from anyone else in the world. This problem goes across legal boundaries. It means that you often have no legal recourse in cases where someone steals data from you. With my background in networking and security, I felt that this issue needed to be approached from a different standpoint. The stance we take is that the individual user of the Internet should have control over who comes into their own network. They should have enough intelligence about their own traffic to ensure their network is used for their mission and nothing else.
With the Internet being so vast, making decisions on fast-moving packets coming in and out of a network involves an enormous array of decisions. We observed that it’s possible, despite the huge amount of data in transit, to identify where the threats are. We can accomplish this to a very complete degree and carefully process these threats. Cyber threat intelligence, if you apply it properly, can become a highly effective tool to determine automatically who should come into your network and who should not, and thus gives an organization risk-based control.
A decade ago I began to think this was something I really needed to work on because of my background. I came up with the solution, sought out funding, and set up Centripetal. When we started the company, no cyber security product or solution had the capability to make these kinds of decisions, and all of that technology had to be created from scratch. We developed the computer science that would enable this rapid decision making. That was the first of many problems we had to solve which led to many more innovations.
Where do you see Centripetal in relation to the evolution of cyber security? Do you see yourself as part of second-generation threat intelligence?
Really we see ourselves as the next generation of the Internet infrastructure. Internet communications and networking used to consist of relatively “dumb” functions like routing and switching. Now the communications needs to be much more precise, secure, and intelligent. Internet-working can now be intelligence-driven.
We take a different approach to security but it’s an approach that can be built into the diverse cloud and physical environments of today’s Internet. There is no other software-based system in the world that can match what Centripetal delivers in terms of its deployment, cost-effectiveness, and overall security value we deliver to the client.
Intelligence-based security is just getting started. In terms of the future of cyber threat intelligence, I think of a world where, while we may not have legal jurisdiction over every source, we can identify and keep track of threat actors who aim to cause damage and hold these actors accountable. What’s possible to accomplish with intelligence, and the number of intelligence sources is expanding every day. This ensures that there’s a real incentive to put measures in place to protect networks, ultimately leading to a cleaner and safer Internet traffic – hence our service brand: CleanINTERNET®.
What does your day-to-day role look like at Centripetal?
At Centripetal, Jonathan, or COO, and I split responsibilities in terms of running the business. Jonathan takes charge of security operations which encompasses the service and technologies that we deliver to our clients. He’s heavily involved in the client-facing business units since those all reach back to our service. I focus on the technology and long rangeinnovations that we deliver through our research investments. This is where my expertise lies, and I’m running our engineering and research teams.
As an organization, what values define your culture?
Our culture is customer-focused. Everything happens by putting the cyber security needs of our customer first. If there’s something that needs doing for our customer, we try very hard to drop everything and will put the whole company on it, if necessary. Making the customer’s life easier is what we care about most. We are highly customer-focused and oriented.
Some people believe that companies will inevitably become less customer-focused, the larger they get. This is where Centripetal differs from other organizations. We’re customer-focused rather than sales-focused and have been since the beginning. Our approach of investing our own capital rather than relying solely on venture capital has put pressure on me. We’ve had to be much more patient, but we’ve built a better foundation than other companies in our industry. It’s very difficult to do. Ultimately our financial approach has allowed us more control and given us a unique company environment and approach to growth, which strengthens our team’s shared culture and produces a much better solution for our clients.
What are you most proud of about Centripetal?
I’m most proud of the team and the way we’ve held together. 80% of our team have stayed since they joined; we don’t have many people who leave the company despite the difficulties we’ve had to overcome. The best companies have high retention rates and that’s important to us.
We haven’t been afraid of growing slowly, as we had to take the time to pioneer the technology, which was a long process. If it’s a big enough idea, it’s worth it to take your time and build it right. When we started the company, not even the biggest supercomputer could make decisions at the rate we needed. So, our technology is very leading-edge.
We launched the company in 2009, and we sold to our first customer in 2015. With a long term investment, you have to be able to confidently see the future of security. It took a lot of faith in our technology and its value. That’s why I’m even more excited today than when we started.
What do you do when you’re outside the office?
It’s not a good idea to have work occupying your mind 24 hours a day, so I have a variety of hobbies. I’m an outdoors person in both winter and summer; I like to travel, hike, dive, and sail, and last year I hiked up Mount Monadnock in New Hampshire.
What are your ambitions for Centripetal?
I see Centripetal growing and opening up new offices with in-country client teams in Europe, Asia, and around the world. We’re selling outside of the US now and will be looking at expanding there in the next 12 months or so. I don’t see acquisition as part of the near future; we want to keep good technology and research as the centre of our business and avoid becoming transactional. We’ve lived security for a long time and we’re in position now to help see cyber become a marginal problem. When we do that right the financials will work themselves out.