New CEO remaking National Cybersecurity Center as think tank

By: Wayne Heilman

October 14, 2017 Updated: October 14, 2017 at 12:42 pm
Caption +
Vance Brown is the new CEO of the National Cybersecurity Center in Colorado Springs, Colo. Photo taken at his office Monday, Oct. 9, 2017. (The Gazette, Christian Murdock)

Vance Brown wants to turn the Colorado Springs-based National Cybersecurity Center from a membership-based fire department for computer hacks suffered by small businesses into a self-supporting think tank for online security.

That’s a major change from Gov. John Hickenlooper’s vision when he unveiled plans for the center last year during his State of the State address.

Brown is the former software company CEO who took over the center’s top job on an interim basis in late August. Ed Rios had resigned after leading the startup organization for 10 months to “devote more time to his business interests.” Rios will remain as a member of the center’s board of directors.

Brown stepped down last year as CEO of Cherwell Software, a Colorado Springs-based company that specializes in helping large organizations get more out of legacy software systems that tend to stop working when updates clash with previous custom features. He remains as Cherwell’s executive chairman and helped the company land a $50 million venture capital investment to make acquisitions and expand its information-technology service management product line. He also had been CEO of Springs-based GoldMine Software Corp.

Brown recently started a business accelerator specializing in cybersecurity called Exponential Impact. It is cosponsoring with the cybersecurity center a three-day Cyber Symposium on Nov. 1-3 featuring more than 20 speakers headlined by retired Army general and former Central Intelligence Agency director David Petraeus.

The cybersecurity center, which now employs three full-time and two part-time staff, will move next month to a former TRW manufacturing plant at 3650 N. Nevada Ave., where $8 million in state-funded renovations are nearing completion. The nonprofit still needs to raise money to build out space for its research, education and training operation.

The organization was started based on Hickenlooper’s vision in his 2016 State of the State address that Colorado could become a worldwide hub for cybersecurity through a center he wanted to build in Colorado Springs. The Colorado Springs center was initially designed to offer help to small and midsized businesses to combat cybersecurity threats, do research on such threats and educate public officials about cybersecurity. Hickenlooper and local leaders also wanted the center to fuel a major expansion of the local cybersecurity industry.

Brown was interviewed this month by The Gazette about his new role.

What are your short-term goals as interim CEO?

I want to build an ecosystem for cybersecurity that fulfills the (state) legislation that was passed last year. We need to bring the top technologies and partner with companies to make it happen. At the end of the day, it is about job creation in technology and cybersecurity, and we need workforce development around it to make that happen. We want cybersecurity companies to start here, grow here and stay here. We are building all of these alignments with partners and I am overwhelmed how many educational institutions and organizations want to be part of it. That is why I am excited about this and believe we will be successful. We need 50 (companies the size of) Cherwell, each bringing 500 jobs. We already have the government and military components in Colorado Springs, which is why the governor felt this center should be in Colorado Springs. We are building out (the former TRW plant) into a community center for cyber that will house the NCC, incubator space, a venue for cyber war games and a cyber lab. We aren’t there yet, but we have government, industry and education working together to accomplish our fundamental mission.

How is your vision different from the previous vision?

I am passionate about partnering, but it is more about continuing and accelerating our mission. I am not going to sit back and stick with the status quo. I want to go forward with our mission. After all, what is a cyberattack? It is an attack on information technology, and that suits my background. There are a lot of new technologies that we can put into place to improve cybersecurity, including artificial intelligence and block-chain. Right now, it is more expensive to defend against a cyberattack than it is to launch one. We need to change the economics of cybersecurity to be the opposite so it is more expensive to attack than to defend. I love the technology solutions here and if we partner, embrace and advance the best technology, we will win. We will try to educate people and that will start with an executive-level foundational cyber course to give any executive what they should know about cyber. A big part of the NCC will be to help raise cyber awareness in a role-specific and role-appropriate way. Society is demanding that after the Equifax, Target and Yahoo breaches that it is not OK for these organizations to have my information and not have a duty and standard of care with it. We have to raise the awareness in every organization and create a duty of care for that information. It matters what happens to consumers’ financial and personal information. We will offer educational symposiums and conferences to help anyone in an organization raise their cyber awareness.

How will new technologies improve cybersecurity?

Not many people have heard of block-chain technology, but they have heard of bitcoin, which is based on that technology. Block-chain technology is a decentralized way of storing and exchanging information. By making information decentralized instead of keeping it in a handful of places, it makes it more difficult and expensive to launch a cyberattack. I’m intrigued by that, and it will be a major subject of our symposium next month. I want us to be not just a major cybersecurity hub but also a hub for industry that will attract block-chain engineers to Colorado. I believe this technology will be one of the reasons Colorado Springs will be successful in this area. I come from big-time technology, so I look for a technology solution to problems. That is what I am passionate about.

Why did you agree to take this job?

It had been a year since I moved to part time at Cherwell. I love Colorado Springs; it has done a lot for me and I want to give back. I have not been all that involved in the community because I had been focused on the company. Now I have more time to be involved in the community. I was asked to fill in, and I feel it is my civic responsibility to do so. I am stunned by the lack of understanding of what software can do for our community. If you can’t sell people on Colorado Springs, then you can’t sell anything. I’m a big believer in Colorado Springs and what we can accomplish here. We have a great technology history. I love this city and believe it we can succeed in building a cybersecurity ecosystem. I want to grow our reputation in technology as we have done with the military and defense contractors. Our job is to build a cybersecurity ecosystem and get everyone aligned with that goal. Colorado Springs is perfect for this. We can be a leader globally in cyber eduction, research and training. One thing you will see change is our logo to incorporate the importance of innovation.

What is your top priority?

The symposium in November will be a catalyst for all we do. We have big-name speakers and multiple governors attending. This will be a big momentum catalyst for us. It is important that the community get behind this because we are bringing high-paying, high-profile jobs here. We also are playing an executive education program in March at Denver International Airport where people can fly in one morning, attend the program and leave the next evening. We want to build a global reputation through these programs and we are developing the curriculum right now. We have great sponsors for the symposium that include Level 3, UBS, Wells Fargo, Bank of America and others. You can make a lot money doing great events. I’ve done this before with the Help Desk Institute (while at GoldMine Software) and I have brought in Ron Muns, who built the Help Desk Institute to help us build a membership program. These events can fund us. Our overhead is not huge; we will be lean, mean and sustainable. El Pomar (Foundation, which gave the center two grants totaling $76,000 last year) has made donations to help us get started, but we expect to have enough cash flow from our events to be sustainable by the end of next year.

How has the center changed since it began operating?

We didn’t have the resources to do the rapid response center. We had to decide what a nonprofit institute can do vs. what private industry can do. Competing with our (cyberattack) response centers didn’t fit with our mission. We want to spend our resources on what fits with being an institute. We want to be a think tank for cyber technologies, including block chain. The National Cyber Exchange (a separate organization also based in Colorado Springs) has been serving in the rapid response role and will continue to do so.

How do you see the cybersecurity industry growing in Colorado Springs?

This industry isn’t going away; it’s growing rapidly. Cyber attacks are the greatest threat to the world today in military, transportation, banking, energy and the financial industry. It is a matter of when, not if, someone will be physically harmed by a cyber attack on the health care system. Billions of devices are connected to the internet, and the numbers are increasing at an exponential rate. The only way you aren’t vulnerable (to a cyberattack) is if your are not connected to anything and that is not (feasible in) today’s world.

Questions and answers have been edited for clarity and brevity.