Cyberattacks are a leading threat to national security. KnowBe4, a Clearwater cybersecurity training firm, wants to help head off that threat.
The company hired Rosa Smothers, a former technical intelligence officer for the Central Intelligence Agency, to lead KnowBe4’s federal practice efforts. Her primary responsibility is providing cybersecurity advisory services to civilian and military agencies within the federal government.
“Federal employees are under constant relentless attack by our cyber adversaries, so helping them be smarter both at work and take that security awareness and intelligence and be smart at home, too — I’m very passionate about that. In my view it directly translates to our cyber national security,” Smothers said.
KnowBe4 is a fast-growing company that ranked No. 96 on the 2018 Inc. 5000 with $64.5 million in 2017 revenue and 3,726 percent revenue growth over three years.
The company, which last year got a $30 million capital infusion led by Goldman Sachs Growth Equity, is moving into legislative and lobbying efforts and launching an internship program with University of South Florida, in addition to its expansion in the federal arena.
Smothers is a Florida native who served for more than a decade in the CIA, leading the adoption of cutting-edge computer technology. She started as an analyst, and during her CIA career she briefed members of Congress, supported the National Security Council and other policymakers and met Presidents Bush and Obama.
“Quite frankly, the coolest stuff are the things I can’t share with you. Part of that life is the willingness to do amazing work and not brag about it,” Smothers said. “I’m thankful that as I separated and transitioned out, I could find a place where I could apply that passion for the mission in a slightly different way, but one that’s still vital for national security.”
Stu Sjouwerman, KnowBe4’s CEO, has had a long-term plan to become more fully focused on the federal space, said Smothers, who brings that focus to the organization.
The push is timely. A September report from the General Accountability Office found the federal government has failed to implement certain cybersecurity actions, leaving energy, transportation systems, communications and financial services vulnerable.
In fiscal year 2017, federal civilian agencies reported 35,277 cybersecurity incidents—which included web-based attacks, phishing and loss or theft of computing equipment, the report said.
Phishing involves efforts to obtain sensitive information such as usernames, passwords and credit card details, often for malicious reasons. Phishing emails account for 98 percent of all incidents related to social engineering scams, which target employees’ personal information to commit identity fraud.
But phishing can be prevented, Smothers said.
“As tech people we focus on hardware and software solutions. We want to procure hardware and software to secure the environment. But we don’t think about the human element, or as we call it the human firewall, and that part of the network and the network interaction. That’s something that has not been addressed, which is why, specifically for the federal effort and certainly for people with security clearances, it’s of particular interest and concern,” Smothers said.
KnowBe4 is working toward certification for FedRamp, which was created to address problems that arose as cloud computing entered the federal space. “It’s a certification that cloud service providers can obtain and it can be used by all federal agencies,” Smothers said. “It’s a cost savings. Each federal agency doesn’t have to confirm or deny the security of the cloud service provider, it’s already been done for them across the board.”
The Department of Defense has a more stringent certification called FedRamp Plus, and KnowBe4 has its eye on that as well.
KnowBe4 is in the nascent stages of its legislative and lobbying efforts, working with Crossroads Strategies, a Washington, D.C.-based bipartisan advocacy and advisory firm.
“Part of our mission is to help educate and inform decision makers in Congress and otherwise about the need for security awareness training and social engineering awareness,” Smothers said. “We were visiting members of the House and Senate in November and our engagement will go into full swing in January.”
She credited Rep. Gus Biliakis (R-Palm Harbor), who serves on the Energy and Commerce Committee, with being “incredibly supportive” of training and awareness issues in the cybersecurity industry.
Additionally, KnowBe4 will launch a 12-week internship program next summer in collaboration with the University of South Florida. Internships range from tech support to courseware development, public relations to human resources. Students and graduates can apply here.