I’m responsible for the product our company offers and the portfolio built around it. I make sure we have a product team that keeps track of market developments, listens to our own product specialists and engineers and other stakeholders that influence our product. That’s what I do in a nutshell. With the info my team collects we make a roadmap that we use to feed our engineering team with ideas and the philosophy behind them to create or improve products.
EclecticIQ offers several products. Our core product is a threat intelligence platform. This is an enterprise platform for threat intelligence analysts. It’s designed to make their work more easy and quick. It aggregates and analyses various sources into a similar format. Our product was developed because the job of a threat analyst is very comprehensive. There is a lot of data available that comes in various formats for example ftp and xml but there are many others. Organizing all this data into useable content is very time consuming. Our product automates that part of the process. We also deliver tools for analysing and comparison of data. We make sure the threat analyst can focus on his core task: performing threat analysis and reporting on potential risks.
Our clients are mostly in the banking and government sector but also in oil and gas and some in retail. We started in Amsterdam with a small team but now have about 35 employees, offices in London and Moldavia and a partner in Australia. Currently we are exploring the possibility of entering the U.S. market with our product.
I rolled into the IT security business by coincidence. About 15 years ago I started at a small firm where I helped setting up a helpdesk. That was my first IT experience. After that I worked for the Ministry of Defence where I worked on some bigger IT projects like implementing a new OS. I then moved on to start my own IT security company together with a business partner. With Goodfellas we focused on producing firewalls. I did that for five years before moving on to work in general management and later product management at several companies.
I stayed in the IT security business though because it´s such a dynamic field and you have fun colleagues. In IT security you have to deal with your adversaries who are innovating just as much as you do. Sometimes it seems like new investments are needed because you’re falling behind. But then something new, like threat intelligence for example, comes along that causes a paradigm shift.
The domain is also interesting because it´s growing. Back in the days you would maybe have one security officer. Nowadays you have whole departments and all sorts of specialisations. Hacking for example was considered just fun or mischief, now it’s considered a crime in some cases. All these developments make it so dynamic. A lot of people still think you need a technical background to work in IT security. While really there are so much opportunities at the moment. There’s a whole economy behind IT security spawning new jobs and educational programs in this sector.
There have been many, but for me personally as an entrepreneur starting my first company and EclecticIQ are the biggest milestones. Last year at EclecticIQ we got so many applications from new clients. It´s really rewarding to have all those new clients after all the hard work you´ve put into trying to make your company a success.
Another thing, a bit different, is that we helped people who were about to be arrested because they accidentally did something wrong and they came to us for help. Intelligence officers also make mistakes sometimes and it´s nice if you can help them fix it.
I expect threat intelligence to go mainstream next year. So it will be interesting to see how that’s going to work out for us. Also we are looking into the possibilities of experimenting with big data, AI and machine learning. We don’t have a clear plan how to use this techniques yet but we see a lot of startups that are active in this area. I think this will lead to interesting new solutions and products.
I believe its important for someone working in IT security to stay up to date through reading forums, websites, visiting conferences etcetera. For example, despite being more involved in product management, and less so the hard core security aspects, I still visit conferences like BlackHat and the annual RSA conference in Las Vegas to learn about new ideas and techniques. There are lots of ways to stay up to date and it’s nice to meet people who work in the same field as you do.
If you like IT security and want to work in this sector: don’t give up. There are so many different specialisations and positions that it can be overwhelming sometimes. If you think you like it keep trying and don´t give up. There are so many options available that you can always grow in a position or move on to another challenge within IT security. If you start as a network security specialist for example and you don´t like it, look around to find out what aspect of IT security appeals to you more.
Also don’t underestimate the time you have to put in to stay on top of developments. It´s not like you just complete some study and you´re there. You really need to keep educating yourself online and try new things. Getting to a level of knowledge that is useful and valuable really requires time invested and a curiosity for technology.