Thursday, January 7, 2016

Contain yourself: The new wave of cyber-security



Check out my latest article in 
SC Magazine:


Enterprises spend millions combatting cyber-attacks, but much less on threats inside their systems, says Tom Patterson. Containment via micro segmentation is one way for enterprises to fight back.


Containment is a military strategy to stop the expansion of an enemy.  The strategy of containment has been used successfully in world wars, cold wars, and the war on terror. Today, it is a company's newest and best weapon in defending against cyber-attacks.


Wednesday, March 4, 2015

The Future of Security, (Or Why I Joined Unisys)


I’ve spent more time than most in board rooms and c-suites talking about risk, trust, and security. Until recently I’ve been focused on how to deliver great security, but increasingly have been constrained by the security products themselves. So I’ve made a career move to focus full time on bringing a suite of new and advanced security products to market, and deliver them in the most trusted and efficient way. I’m thrilled to announce that I have been appointed the new vice president of Unisys’s Global Security Solutions group.

This shortfall of newer and more advanced security products has grown more pronounced as our adversaries around the world leverage more money, more organization, more expertise, and more determination than even in recent past. What’s happening is that good companies, with good CISOs, buying current best of breed products, are still getting exploited with increasing frequency and consequence. This isn’t the fault of the companies or their CISOs, or even the managed security providers that service them, but rather a noticeable and pronounced shortcoming of the current suite of products.

There are good point solutions masquerading as silver bullets, and there are very strong systems that are too complex to either install or manage properly—both giving off a dangerous false sense of security. There are also a spate of brand new emerging products that are highly innovative and aimed at solving some of the great problems we face, but these are often coming from brand new, very small, and untested companies that are difficult for large companies to hand over their enterprise trust to. I believe that the answer must lie in leveraging the best of both camps. We’ll focus on using everything we’ve got to solve some of the biggest and baddest problems we all face, in a way that produces agile and innovative new products that have the support, scale, and mission critical staying power to actually make a difference. So I have come to Unisys to pull together and head Global Security Solutions, with the goal to make that difference in the world.

Unisys has all the tools needed to make this difference, with a long history of providing mission-critical technology and services to both commercial and government customers around the world. They have an impressive intellectual property portfolio in the security space, and formidable teams of security practitioners who can both engineer solutions and deliver them in a trusted and efficient fashion. And they’ve been doing it quietly for years.

The world does not need more firewalls and anti-virus programs, as valuable as they were in their time. With the rapid emergence of data science, it does not need more security event management (SIEM) software. But it does need systems that can react to real time attacks in real time with software defined networking (SDN). It does need the ability to protect the most valuable of assets even after a breach, with micro segmentation (uSegmentation). It does need a way to hide enterprise endpoints and servers from malware (Stealth). It does need better ways than passwords to identify legitimate users, and it does need to work easily across all our devices and clouds to enable efficiencies and trusted user experiences.

Honestly, living here in Silicon Valley, I expected to join a Silicon Valley product company, and talked to quite a few before choosing Unisys. There are some great products and companies brewing out here, with some truly innovative ways to solve real problems. But as I talked with them, the conversation quickly focused on just one of the above areas, and I felt a pull to work on bringing a more complete security eco-system to the enterprises that need it.

I was exposed to the Unisys Stealth system five years ago, when it was in use at a government agency I’ve been known to frequent. I’ve always been a fan of the unique way that the Stealth product approached protection, by cryptographically hiding key assets from advanced malware, instead of trying to play whack-a-mole with every new variant that pops up. In talking with some of the Unisys security brain-trust, I learned that the company has a treasure trove of other security solutions in development that bring that same great combination of innovation and trust. In my new role at Unisys, I plan to take the best of Silicon Valley’s innovative style, combined with the Unisys global core of great people, products, and delivery, and focus on bringing a new suite of security solutions to a market that is in desperate need of advanced, holistic security solutions.

While Unisys doesn’t have in a big ‘name’ in the security business, I think you’ll see that changing starting now. In the meantime, I’m betting that boards, CEOs, and CISOs are more focused on finding solutions that completely meet their needs, than airport billboards and pre-IPO valuations.

Please join me in the Unisys Global Security Solutions journey, whether as an active participant or an industry observer. We’re going to work hard, leverage a lot of great talent and technology, listen to our customers and partners, work collaboratively with everyone, and have some fun along the way. You can follow along at www.Unisys.com/security or www.twitter.com/TomTalks

Thursday, August 28, 2014

Wednesday, August 13, 2014

Buckle Up! The Threats to our Newest Connected Cars.


Please take a look at my latest article in CSO Magazine that details the different risks to the newest cars.

Thursday, July 17, 2014


Security has become a front burner topic for the boards and executives that I spend my days conferring with, and that can only help in the defense of their companies and the worlds critical infrastructure. As part of my commitment to educate and empower (and occasionally entertain) the worlds most critical of companies, I'm pleased to let you know that these blogs have now been picked up as regular articles in CSO Magazine (an IDG Publication), plus a regular 15 minute interview each week on CBS radio (Wednesday's at 11:45am US Pacific Time) to focus on the current topic. Please read my first two articles here:

Competing on Trust

Leading Life Sciences Security

I look forward to continuing to engage with your here, on the new CSO Magazine site, via Twitter , in one of my keynote speaking events, and of course old fashioned voice and email. Stay safe my friends.