Ever wonder what it’s like to be head of security for a company that specializes in security?
In the early 1980’s, CBS aired a show called Whiz Kids, a science fiction adventure following a group of teenage detectives who also happen to be…wait for it…computer experts. In one episode, they hack into the California traffic information network to change those digital bulletin boards that hang above the freeway. Watching this on TV, a 9-year-old girl in New York found herself completely transfixed. Afterwards, she asked her parents for a computer, and they got her one. Her passion was sparked. That young girl, of course, was future Avast CISO Jaya Baloo. She tells this story to host Derek Knudson in the latest episode of the podcast “Modern CTO.” Through the full 41-minute episode, Jaya and Derek discuss her journey to Avast, what it’s like to be in charge of internal security for a security provider, the utility of quantum computers, and more. After that 9-year-old got her first computer, there was no stopping her. The biggest computer-themed movies of the ‘80s and ‘90s – War Games and Sneakers – only stoked her on further. She learned about bulletin board systems (BBSes) and, just like Matthew Broderick’s character David Lightman, she created a dialer program in BASIC that called her local phone numbers to look for other BBSes. As a grownup, Jaya worked in various tech positions. Derek asks her about one of the more interesting ones – Lead of Lawful Interception at Verizon in the Netherlands. There she had to navigate and make order out of the enormous amount of red tape surrounding the lawful tapping of phone lines. Further reading: But if that job was a headache, then working for Avast was an elixir. She tells Derek that when the CISO opportunity arose, the timing was perfect, and she was more than happy to join the team. She already loved the brand and was using it on her kids’ computers. She was impressed at the level of protection Avast’s free product provided. “The cool thing about Avast and AVG is that…the layer of security protection you get is just the same as some pay products, but it comes for free in our free product,” she says. And while she’s a hacker at heart, she uses her power for good. That’s another thing she loves about working for Avast. “The opportunity to protect all those people meant something to me,” she tells Derek. “It still does. I quite like this idea of having an impact to improve stuff for other folks, and the possibility to do that for 500 million people is awesome.” Derek asks if there’s any extra pressure on her for being the CISO of a security company. She responds that her initial thought – that it would be easier to implement security measures at a company that understands security – was wrong. Execs in any company tend to frown upon security that limits their productivity, but Jaya says her tact is directness. She doesn’t tap dance around the point. She tells her colleagues directly if one of her recommendations will slow the system down or throttle a network. It’s all in the name of security. Looking forward to the future, Derek asks, what are some things that could be good for security and what’s looking scary? This is where the topic of quantum computers comes up. Jaya explains how the processes that protect our security are one-way functions. They’re solvable and crackable, but only with a lot of time and effort. Unless you have a quantum computer. “Initially,” Jaya says, “they were solvable within the lifetime of the universe. And now, with a quantum computer, they’re solvable potentially within a couple of minutes or seconds. That’s scary.” She goes on to explain that we need more quantum-resistant algorithms. There’s more to hear in this episode, such as the challenge of offering identity services, the profile of users most vulnerable to attack, and the importance of being in a constant state of learning. Jaya has six mentees, and she stays open-minded to their ideas, experiences, and comments. She’s certainly all grown up, but she keeps that inner whiz kid alive and well. “I think everyone has something to teach each other,” she tells Derek. Hear the full episode below.
How Avast's CISO got to know the tech ecosystem from the bottom up