An Interview with Raimund Genes CTO of Trend Micro by Dylan Chatterjee
At this year’s Black Hat I had the opportunity to sit with Raimund Genes, CTO of Trend Micro. Mr. Genes has been a driving force in Trend’s growth as an innovator in the Information Security Space for several decades. As CTO he is responsible for introducing new methods to detect and eradicate threats, and to predict movements in the digital underground with his team of threat researchers. He manages a team of developers and researchers around the globe who create Trend Micro’s new core technology components to protect customers against digital threats under the Smart Protection Network umbrella. He firmly believes that they have to be there because they are leaders in the security field and it is their opportunity to meet with other professionals and see what new innovations they are coming out with and what others think the future threat landscape will look like.
I started the interview by asking Raimund a simple question,” Does he think the challenges around InfoSec in the Health care sector are unique because of all of the regulations which govern compliance or is it simply a specialized application facing the same challenges as other market sectors?” The rampancy of ransomware attacks and many hospitals and healthcare institutions in the US have captured headlines and the concern for HIPPA breaches is one which touches every person in the US and around the world. Raimund said he thinks the healthcare sector is just like any other field in terms of protection needs. The difference is the attitude the institutions are adopting towards security. They are choosing to believe that HIPPA violations won’t affect their reputation enough to warrant the hassle of updating security. They would rather incur the fines than invest in more modern security procedures. He contrasted this to the healthcare data protection laws in the EU where violations can be significant. The new General Data Protection Act which is slated to go into effect in 2018 allows the government to levy fines of up to 2% of the company’s annual worldwide turnover. A much more severe penalty that Raimund feels is incentive enough to have healthcare institutions improve IT security rather than set aside money to pay fines.
I asked him why he thought Trend has been so successful in staying in th forefront of the security space? He said one key element for him, especially as CTO is retaining talented individuals. Brain drain and a lack of innovation can be crippling in an ever evolving industry such as information security, but Trend doesn’t suffer from either of these things. Raimund indicated that Trend has a 98% retention rate for employees and provides an environment that fosters continued excellence that makes people want to stick around rather than viewing their tenure at Trend as a stepping stone in their resume before moving on to other companies. This same atmosphere makes people willing to take risks and make mistakes which helps them drive innovation. Raimund says he’ll routinely see some interesting innovation at Black Hat or another conference, and tell his research teams to think of a similar solution, only for them to remind him that they’ve held a patent for a similar solution for years and it didn’t work or the useful bits are already being incorporated where they work best. This constant research and innovation allows Trend to avoid making many of the costly mistakes their competitors make with emerging technologies because they’ve already been researching the technology for years and they know it won’t work out in the long run.
Another big reason for Trend’s success Raimund says, is because they always make sure they aren’t just selling solutions to clients, but educating the clients on what the solutions they’re selling do and why it is the best solution for them, what it will protect them from, what it will allow them to do and why that matters. One of the first positions he recommends enterprise organizations to consider is a Data Protection officer. This position is responsible for every aspect of protecting and valuing the data created by an organization as well as working with t CISO to implement strategic infrastructure and countermeasures. It is difficult to predict if the US will follow suit with similar legislation to the EU General Data Protection Act. We love our lawyers and that level of enforcement is never easily implemented. One this I can predict however is, whatever the prevalent thoughts are regarding Information Security and data protection in the future, it is likely that Raimund Genes and Trend Micro will be in the thick of it.