Autonomous IT

**Jason Kikta (00:00)**
Hello, everyone, and welcome back to another edition of the CISO IT Podcast from Automox. I'm Jason Kikta, your host today. I currently serve as the CISO at Automox and an adjunct lecturer at the Johns Hopkins SAIS Alperovitch Institute. We have a special guest today: Dmitri Alperovitch.

Dmitri is a renowned cybersecurity expert, author of the national bestseller *World on the Brink*, and chairman of Automox’s board of directors. Dmitri, welcome to the show!

**Dmitri Alperovitch (01:00)**
Great to be with you, Jason.

**Jason Kikta (01:03)**
Dmitri, for those who may not be familiar with your background, could you give a brief introduction? I know many listeners already know you, but it would be great for our newer or younger audience members to hear about your journey in the industry.

**Dmitri Alperovitch (01:20)**
Sure! I've spent over two decades in cybersecurity. I started in the 90s, launching a cryptography startup with my dad while I was still in high school. After earning my bachelor's and master's degrees from Georgia Tech in what was then called Information Security (now Cybersecurity), I worked at several startups before joining McAfee, one of the largest cybersecurity companies at the time.

In 2011, I left McAfee to co-found CrowdStrike, which has since become one of the biggest cybersecurity companies in the world. I retired from CrowdStrike in 2020 after taking it public and have since been focused on national security, geopolitics, and cybersecurity policy through my think tank, the Silverado Policy Accelerator. I also help companies like Automox grow and innovate, and most recently, I wrote *World on the Brink*, which explores how America can compete with China in the 21st century.

**Jason Kikta (02:37)**
That’s an incredible journey, and I really appreciate you being here. You've witnessed the evolution of IT and cybersecurity, shaped not just by technology but by market forces, government intervention, and cyber threats.

I’d love to hear your perspective on how IT security has evolved over the years—from the early days of slow, deliberate patching to today’s need for speed and balance between security and efficiency.

**Dmitri Alperovitch (04:02)**
Absolutely. Speed is everything in cybersecurity. As a military guy, Jason, I’m sure you appreciate the OODA loop concept—Observe, Orient, Decide, Act. The faster you cycle through that process, the better your chance of winning.

At CrowdStrike, our goal was to accelerate detection and response for security teams. Automox plays a crucial role in that ecosystem by enabling rapid response through cloud-based IT management. The reality is, no matter how strong your defenses are, attackers will find a way in—whether through a zero-day exploit, a misconfiguration, or a phishing attack. The key is responding quickly.

Years ago, I introduced the concept of *1-10-60*: the best organizations detect intrusions within one minute, investigate within 10 minutes, and evict the adversary within an hour. If you can operate at that speed, very few adversaries can outpace you.

**Jason Kikta (06:42)**
That makes total sense. I remember when EDRs like CrowdStrike emerged, some security teams worried they would replace incident responders. But the reality was different—these tools augmented human teams, automating what computers do best: speed, repetition, scale, and precision.

Similarly, Automox is bringing that level of automation to IT teams. Many IT departments still rely on outdated processes. I recently spoke with a customer who had 400,000 unpatched vulnerabilities across 1,700 systems! They thought their patching solution was effective, but it turned out to be a partial solution, leaving major gaps.

**Dmitri Alperovitch (09:59)**
That’s a ransomware attack waiting to happen. The problem is that many IT teams don’t even realize they have these gaps. And that's where cloud-based automation changes the game.

CrowdStrike revolutionized security by bringing detection to the cloud. Automox is doing the same for IT management. Traditional on-premise solutions don’t work well anymore—people work remotely, systems aren’t always connected to a corporate VPN, and threats evolve too quickly. With a cloud-native solution, you can instantly see the state of every system, push patches, update configurations, and enforce policies in real time.

**Jason Kikta (12:12)**
Exactly. I remember when IT security meant scanning networks with Nessus once a month and printing reports. Now, we need real-time visibility and action. With Automox, you define policies, and the system ensures compliance without constant manual intervention.

**Dmitri Alperovitch (13:26)**
Marc Andreessen once said, “Software is eating the world.” I’d argue that *cloud* is eating software. Cloud technology has transformed security and IT management by making it more accessible, scalable, and automated.

**Jason Kikta (14:16)**
Right. And automation is more critical than ever. Just last month, we hit a record number of CVEs—over 5,000 in one month, an average of 164 per day. That’s nearly double what we saw last year. IT teams are struggling to keep up, which is why smart automation is essential.

**Dmitri Alperovitch (17:14)**
Exactly. Even sophisticated nation-state actors take the easiest path in. They won’t waste a zero-day exploit if there are 15 unpatched vulnerabilities they can use instead. That’s why patching, misconfiguration management, and reducing attack surfaces are critical—even against the most advanced threats.

**Jason Kikta (19:28)**
That makes sense. We’ve also seen a shift from targeting common OS and applications to third-party software vulnerabilities. Ransomware groups now have the resources to find and exploit niche vulnerabilities, which makes patching third-party apps just as important as securing operating systems.

**Dmitri Alperovitch (20:31)**
Absolutely. The challenge isn’t just Patch Tuesday updates—it’s the vast number of third-party apps enterprises rely on. Keeping everything updated is a massive undertaking, but automation makes it manageable.

**Jason Kikta (20:59)**
Before we wrap up, I want to thank you for joining us, Dmitri. It’s been a fantastic discussion. And I also want to highlight your book, *World on the Brink*. It not only examines China’s potential moves on Taiwan but also offers an optimistic outlook on how the U.S. can deter conflict.

**Dmitri Alperovitch (21:11)**
That’s right. Despite the title, it’s an optimistic book. The U.S. has unmatched advantages—our economy, military, alliance networks, and innovation base. The key question is whether we have the will to use those strengths. The book lays out a strategy for victory in this new Cold War with China. I encourage everyone to check it out on Amazon or your favorite bookstore.

**Jason Kikta (22:06)**
Great insights, Dmitri. Thanks again for being here. And to our listeners, stay safe out there. See you next time!

**Dmitri Alperovitch (22:16)**
Thanks for having me.