Transcript
Hi Mike Matchett with Small World Big Data and we are here at Rsac 2025. We are looking at the greatest and latest cybersecurity solutions from around the world, and we are now going to visit with one of our favorites. How are you doing? Great, great. I'm Harold Rivas I am the chief information security officer at Absolute. So, uh, you're you're a CISO is what you're saying. And, uh, what's your life expectancy as a CISO? It's very short. A lot of stress in the role. I actually got into this line of work thinking that it would be less stressful. That's proven completely wrong, but I've learned to, uh, to cope. All right, so this is this is a case of where you are a security vendor, but you're using it for yourself and for your clients on their behalf. So you learn. You learn as you're going along, right? That's right. So we run the program, I run technology, product security, compliance and of course the information security role. So it's a pretty comprehensive role through all those facets. Effectively. I am customer zero my organization. It's our eat our own dog food type of program. Drink our own champagne program. Yeah. Yeah. Uh, yeah. You never really want to say dog food when you're talking about your own product. Um, so, uh, tell us a little bit then about what the scope of Absolute is. I'm not sure that everyone who's watching this would, would, you know, already know. So just just at a high level, what do you what do you do, uh, as a solution vendor in the security space? Happy to. So we are a global leader in cyber resilience or enterprise resilience. We have a deep focus and an amazing piece of technology that operates below the operating system. So you could have a completely ransomware device. And that device, almost in a Lazarus like effect, bring itself completely back to life from bare metal. This relationship with the hardware below the operating system gives us an ability to focus in on Sin on resilience and have visibility and nobody else has. So, for example, 24% of all of the security stack, we have telemetry to evaluate this, the security stack that CISOs rely on to protect their enterprise. On average, at 24% of those are not running. We have the ability to go in below the operating system and ensure it's brought back to life and is always consistently operating. Same thing with device encryption. If the device is lost, we can operate in a way no one else in the world can. We call that extreme resilience. That's I think I'm getting to the name absolute right. We're talking about absolute zero trust basically. Right. That's what it gets down to. So I think we'd be interested to know just a little bit more. Even though we don't have a lot of time. How do you manage to do that? How do you manage to get in at a hardware level and insert yourself down there? So we have about 30 OEM agreements that we've had for a very long time. And some of our partners, Lenovo's and others are going to deploy a piece of technology deeply embedded at the build process of that hardware cannot be removed. We work with those vendors closely to deploy this capability, and then those agents communicate back. If a customer chooses to license the underlying technology, which then communicates with our council and gives them all of this amazing capability. So there's no like corrupting the software or jailbreaking that it's baked into what the infrastructure is. That's exactly right. It's baked in. It's something that allows us that individual control outside, independent of the operating system. Uh, here at the I mean, there's a lot of places to go with this conversation. And as you know, as a former IT guy, if I want to go there, but just we're here at the Rsac show. So let's talk about the themes you're seeing here. Obviously, there's things about AI. There's things about supply chain. What are you seeing here that's particularly relevant for absolute? So for us, there has been a tremendous amount of focus over the past several years around On detection and attempts to prevent cyber incidents. We recognize fully that there are going to be cyber incidents. Assume breach. Right. For a long time the industry has talked about this, but what are we doing as an industry to focus on what happens after the barbarians are inside the gate? And that's where we're really focused. That's where we shine. It's about helping you restore after such an event. You could have a completely ransomware organization. You could have an environment that's gone completely blue. Screen of death worldwide. And we can help you bring that entire environment back to life. So like a magic reset button at the hardware level? That's exactly right. Yeah. All right. Well, there's definitely a lot more to discover there. I don't think we've even scratched the surface of how that actually works physically, but it's a very astute place to dig in and say, here's where security has to be, right? We have to be at that layer. And that's that's an area we're really making sure we're bringing forward. We've had opportunities to connect with leaders, other vendors and partners to make sure that the focus now shifts to what happens after the event. What can we do to be more resilient? And in our case, we're pushing the agenda of extreme resilience out of band capabilities, not just tabletop exercises, but actual technical controls that allow you to do things nobody else can. I like the extreme resilience idea of just being able to reset the, you know, reset everything from the ground up, so to speak, on their at a push of a button. Um, if you had to give one message to other people attending RSA because there's 25,000 people here, uh, what would you like everyone to sort of understand about absolute and, uh, where where they should be thinking? Yeah. So we believe we have something that is truly unique in the market. You're making investments in security solutions. Our research shows, through our Cyber Resilience Report that we just released at the kickoff of RSA, shows that 24% of the time it's not working. So understand that one quarter of your guards are not active. And that's a big risk that many people need to understand. Through our capabilities, we can ensure that technology is operational. It's an ecosystem of capabilities. In general, CISOs depend upon 75 different pieces of technology to protect themselves. How often are you evaluating whether or not they're actually doing the job you set out for them to do? So it's important for you to focus on, am I getting the return on those capabilities, and do I have the right kinds of controls? If something breaks to restore my organization, the focus on resilience is really about let's move the conversation beyond detection and prevention and start to really focus on it's going to happen. What are you doing after the fact? Yeah, I mean, I'm struck by the fact that a fourth of their tools aren't actually going to be functional in that situation anyway, and they have no magic reset button unless they're doing something at this level. That's exactly right. That's exactly right. So we want to make sure that we're promoting awareness on the need to start to have a conversation around resilience. If someone wants to learn more information about absolute, you probably have a website. Is there something specific you point them to? Maybe something that would help them get started understanding this? Absolutely. So Absolute.com but also an opportunity for you to research online and check out our resilience report that we just published. So resilience report from Absolute. Com um any uh any last words you want to give to our audience here. Yeah. What I would say is we're all in this together. So we believe in an ecosystem of capabilities, an ecosystem of partners to get us through. We are getting better as an industry. We're partnering. We're working together. We're doing our part in contributing back into that ecosystem. So look forward to partnering not only with our customers, but with others out there in the industry. All right. Thank you so much. Thank you.
