Unmasking Ransomware: The Shiny Penny That Costs Lives With Janine Darling

 

Ransomware is not just about money. It is also about lives frozen in uncertainty. It’s time to unmask the dark reality, fortify our defenses, and protect the very essence of our digital existence. Our guest for today’s episode is the CEO of Stash Global, Janine Darling, a leading expert in the field of cybersecurity. Janine discusses the shadowy world of ransomware that does not only result in financial losses but also mess up critical sectors of the government sector. She explains how devastating these attacks can be and emphasizes the need for greater awareness of cybersecurity measures to combat them. Janine discusses the vulnerabilities targeted by ransomware attacks and the new opportunities in ransomware technology her team is currently exploring.

 

Watch the episode here

 

Listen to the podcast here

 

Unmasking Ransomware: The Shiny Penny That Costs Lives With Janine Darling

 

In this episode, we’ve got this awesome guest. She’s a serial award-winning among the cybersecurity community. She’s a James Bond fanatic, a private chef to her close friends, and a modern-day philanthropist. We have the CEO of STASH® Global. Welcome, Janine Darling.

John, George, thanks for having me.

It’s good to have you. Janine, we’re going to jump right in here. If the cyber risk was a pizza and frameworks are the crust, what’s the riskiest topping you’ve seen and what topping would you equate that to?

I’d have to say ransomware and not only because it’s been a shiny penny for a long time, but because when you dig down into the damage it causes, it’s not just about the money. What’s happening in the ecosphere is that people are quite literally losing their lives when data is compromised. I’m speaking about the Department of Defense and the military, but also closer to home, at hospitals and in doctor’s offices. There have been a number of difficult breaches where people have died because the system was frozen and the information that was needed to either continuous surgery or administer the right medication at the right time couldn’t be accessed.

When I think about how much ransomware has grown and how cyber in general, but ransomware in particular, we’re always playing catch up. I know that we need to do something about that. I’d equate that on a pizza to anchovies. I know that you anchovy fans out there, you’re going to say, “What are you talking about? We love anchovies. They’re the best thing that a pizza could ever have.” I would say that most people look at anchovies as stinky, oily fish that when they’re put on top of a pizza, spread themselves out and get into every taste bud, whether you are on a piece that has an anchovy on it or not. That is how I think of the anchovy in retrospect to a pizza and ransomware in the cyber ecosphere.

 

 

There is no anchovy on half.

Perhaps some of us in the cybersecurity industry with the anchovy comparison must love anchovies because we do it for a living. We deal with them all the time. It’s that ransomware is very common these days. It’s on the news all of the time. Let’s say it’s top of mind for most C-Suite and board members, especially with new cyber laws.

The interesting thing about cyber in general, but ransomware in particular, is that we’ve been dealing with ransomware and cyber breaches as an everyday thing for many years. I can remember in the beginning when there was one here or one there that made the papers and people were thinking that they were anomalies. I remember thinking even way back then that there are people poking at the system. They’re seeing if it is vulnerable and what kind of havoc they can cause and money they can make by doing this. It’s turned into a tidal wave and we’re still trying to solve it. There are thousands of technologies out there that are trying to do so. I think that it’s going to take a different combination to get that solution.

 

 

I agree that innovation has to happen, a new solution. It sounds like that at least what we’re seeing these days is that there are still a lot of CEOs, let’s call it the C-Suite in general, that think that they’re secure and the hacker can’t get in. Sadly, they get hit almost like a deer in the headlights, “What happened?” I know that that is what we see more frequently when hackers do succeed. It’s always the ransomware situation that has them sweating bullets the most as they say. At least from what you are doing as it relates to the industry in general, cybersecurity industry in general specifically, I’m wondering if there are any other avenues that the ransomware technology that hasn’t gone yet that you’re exploring and willing to discuss.

What you’ve observed is so apt. The majority of the world still believes that they are secure until something happens. Until that thing happens, there’s proof that it can happen. Also, because what has been available in the marketplace up until then has been almost exclusively focused on defense. There’s the idea from many avenues and too many people that there’s an unprotected outside of a perimeter that you can defend and a protected inside. That has been the MO for years and years. If you believe that, it’s hard to walk away from that.

What you do, the opportunity for companies that are trying to solve this problem is trying to create a stack for companies that suit their market segments so that they’re going to have enough tools, the right tools, the thing that will “solve” the problem. The trouble is that in theory, that’s a great idea and a good way to approach it. You’re looking at your networks, endpoints, and platforms, and you are quite systematically probably buying things that are going to protect all of those areas. One of the troubles is that once you put all those pieces together, you have no idea how they are inter-operating with each other. In many cases, particularly with large companies that are using about 150 tools on average, there’s no way to find that out until something happens.

 

Ransomware: You purchase tools to secure your networks, endpoints, and platforms. You are being methodical about it. Butonce you put all those pieces together, you have no idea how they are interoperating with each other.

Ransomware: You purchase tools to secure your networks, endpoints, and platforms. You are being methodical about it. But once you put all those pieces together, you have no idea how they are interoperating with each other.

 

The other thing that seems to be happening across the world is what I call cyber fatigue. Lots of companies out there are all coming at you. We are all coming at you. I will put myself in that box as well with we can solve this problem for you. There’s the want to believe, and also the fact that most people who are writing the checks don’t know the questions to ask and don’t know that the due diligence has been done so that whatever this is, it is doing what it says.

The steak matches the sizzle is what I always call it. Does the steak match the sizzle? Again, it’s not that these technologies are bad technologies. It’s lovely these elegant technologies out there that are doing their piece of the pie. The trouble is that that doesn’t solve the situation. When you put it together with everything else, sometimes it creates more holes than you had before.

The steak has the sizzle sticks out for me. I’m wondering. Does the C-Suite have the wrong mindset which appears to still be in most markets stop the hacker, which doesn’t seem to be working very well? “Perhaps, they are unstoppable.” What is that new mindset, do you think? On the steak is the sizzle, do they need to throw tofu onto the grill and think completely differently? What do you think is the path?

For a very long time, this is not an uncomplicated issue in terms of ow companies and CEOs, in particular, are thinking about their businesses. If you’re a private company, you’re thinking about your customers and your employees. Possibly, if you are looking to go public or activate an M&A, you’re thinking of those things, too, but maybe not as much as your customers and your employees. With larger public companies or public companies in general, they’re all about the stockholder. The stockholders are who they need to account for. They’re trying to maintain a posture that is based on things that they’re comfortable with. “Here’s what I know and here’s what everybody else is doing. If everybody else is doing this, it must be the way to go.”

Anything that comes along that is new, how could they have figured it out? These are companies with big names, big brands, and, “This is who I’m going to stick with because if I do and I check all the boxes, then that’s the best I can do.” There has been a pivot that’s taken a long time because it’s a huge ship. The pivot is happening where people are starting to understand that all these things I’m using, they’re valuable to me, or many of them are. They are stopping your garden variety hacker from getting into my company or the freakishly talented college kid who can break into the Federal Reserve. It’s stopping that kid.

It’s not going to be able to stop the nation-state actors and the other malicious actors that know what they’re doing. We are connected in this world, and I’m sure John and George you know this, by 50 billion endpoints. There is every way in. How to address that is not a simple thing, but it does involve a change in thinking and has to get away from the perimeter mindset to the data mindset, which is the lowest and the smallest, but the most valuable component in your business.

 

 

There’s no question that there are new comprehensive data privacy laws coming down the ramp that a lot of executives are going to have to change their mindset to protect the data. What you’ve said resonates with me. It seems to be the truth of the future. One area that I do struggle with a little bit is trying to understand what people are doing. It becomes a new shift. What I’m hearing is that compromise is a matter of when, not if.

If you’re going to be data protection specific or you’re going to concentrate on that, perhaps the new mindset is going to be focused on. One thing that you’ll often hear me say day-to-day if you were in our office is, “We need to keep sensitive data safe.” What’s the best way or what are people doing do you think to address this problem? Maybe the answer is buying your product. What do you see happening and what people are doing about the problem now with data?

The thing that has made me feel encouraged in the last months is that people are thinking about and cyber is starting to be written about not as a specifically technology-siloed issue but as a business issue. This is another business problem I need to solve. Some of the other problems I have are more straightforward, or I may know more about them so I have an easier time making a decision about what I’m going to do. The idea that a data-centric solution, a solution that protects the data and the system that runs it in any organization, is starting to gain some real awareness and traction in the marketplace. When we began to build my company, I built the first iteration of the technology on my own with a technology company in New York.

After that, I was able to attract my team through my network and their networks. Now, what we concentrated on was starting at that most valuable and smallest piece, the data bite, and working out where the vulnerabilities are. The vulnerability is right in the data. The data is the perimeter. It is the idea of protecting it proactively so that no matter what happens, malicious actors do not have access to the content of files. Even if they have the files, they don’t have access to the content. You can recover the data with a click of a button and you can also recover the system that runs it. It’s great if you have the data, but often the system is frozen as well. When a system is down, it typically takes at least a couple of days, if not weeks or months, for that system to be restored, depending upon the size of the company.

If the company has a lot of international outposts or a lot of different factors, you are looking at $100,000 to $500,000 per hour of loss in terms of a financial hit. That doesn’t even speak to if you’re a public company that your stock price is going to take a hit and it’s going to stay that way for at least a couple of years. You’re going to have trust problems and the kinds of things that are layered in terms of the negative impact. If we address the data and the system that runs it, you can find a solution minus certainly one. We are the first that can proactively prevent those systems from being compromised. If they are compromised so that nobody can get to the content and everything can be restored in a very short period of time, that’s the solution.

When I talk to companies out there, oftentimes, they will say to me, “I’ve spent all this money on proprietary systems and algorithms and this, that, and the next thing.” I understand that which is why what we built is something that not only closes the defensive security gap but will place nicely with all platforms, infrastructures, networks, and endpoints. Over time, these companies become comfortable with the idea that this works.

 

 

They can get rid of a lot of that less-value tools that maybe aren’t doing exactly what they should be. I’m encouraged that instead of data-centric being an emerging technology, which it was for a long time, it is now entering the familiar lexicon of the business marketplace that makes it easier for me to do well by doing good, which is what I was taught as a child, even though people have adopted that phrase. In many instances now, because it sounds good, I always started this company to do good. When you do good, everything else follows.

One of the reasons for the framework is to help those business people understand that there is a treasure map or understanding where their data might be and knowing that that’s the one piece that they need to protect. Using those frameworks helps make it easier with almost a step-by-step instruction piece. It gets somewhat technical so that’s where they might need some help, but it is growing. The CEOs and everybody else is now paying attention to these. Being data-centric and learning about that is an advantage for how things are moving forward.

 

 

What resonates with me is good. That has a lot to do with organizational behavior in general. Bad is greater than good by 5 to 10 factors. Doing the right thing, especially when nobody is watching is a common phrase. It’s almost cliché in my organization. The team is tired of hearing me say it. Ultimately, the malicious threat actors that are out there mean business. They want to get in. They’re going to find a way to exploit in some way, shape, or form. I’ve always seen the market as step one is the loose environments. Hackers love loose environments where there’s no serious investment in cybersecurity, and that organization is lagging. Those are low-hanging fruit. That’s the tier level one.

As you get into more sophisticated targeted attacks like critical infrastructure protection situations and nation-state attacks and those sorts of things, that’s a whole another level. If they want to get it, they’re going to try hard and they’re going to find a hole and exploit it. Ultimately, that is to obtain data. I completely agree with the concept of the focus being on data protection. The challenge still becomes the issue of how that fits with their technical debt and existing solutions, especially when they have the mindset of stopping the hacker rather than creating proper protection measures or enclaves that assume that there are some places they’re going to get in but they’re not going to be able to get to the data if they do.

In your case of good, that mindset is probably what drives a lot of cybersecurity professionals. They want to do the right thing. If the leadership doesn’t understand the problem, then that’s another challenge. We spend a lot of our time educating leaders through Vistage communities, speaking engagements, and those sorts of things. Do you find yourself in the same situation in terms of the risk factor? Nobody wants to talk about anchovies.

That is true. Nobody likes to.

How do you do that?

It was interesting what you said a few minutes ago. I don’t think I answered it directly, but you said something like, “Are there places where ransomware hasn’t found its way that is going to be surprises?” I’d like to encourage everybody to think about ransomware in this way because we are connected in so many ways throughout the world. Ransomware, in many ways, is like water. Do you know how water finds its way? You put a new roof on, you get a leak in the ceiling, and you’re thinking, “How in heaven’s name could that be happening? I just put a new roof on.” There was a pinhole or something that didn’t get sealed. There was something that went on.

That’s how ransomware is. That’s how any breach is. There are so many ways in that like water, it can find its way. To your point, it’s our responsibility as people who genuinely know what is going on to take the smoke and mirrors and the fancy marketing speak away from what’s going on and present it and teach it as of the business problem that it is. There’s no voodoo here. Here’s why it’s happening. There are people who know how to solve this and here’s how they solve it as opposed to here’s the differential to what you’re doing right now. You’re not doing anything wrong. You bought good stuff. It’s just that that’s all that has been available. The last piece of that, the piece that actually protects the data in your system, that hasn’t been available until now.

 

 

A company like mine, and to our knowledge, we are the first and only company that has put this together in this way where the data in the system are recovered in practically real-time. It’s a very low-friction system. It is agnostic. It’s universal. It can be used anywhere at any time on cloud or off. Users don’t touch it. It’s run through an admin dashboard. Workflows don’t change. It’s basically you come in one day and your business isn’t secure and you come in the next day and your business is secure but nothing else has changed.

This is like the magic wand has been waived the way that you’ve explained it. I’m sure that there are some things that still keep you up at night as CEO. What are those?

Everything that is going on in the world keeps me up at night. The thing that I think about most is what I mentioned in the beginning. The anchovies keep me up at night, whether I eat them or I’m thinking about them. The anchovies keep me up at night because until we can solve this problem in a very big way or fortify our IP, our ability to compete, and our position in the world as a superpower, we’re going to be in a vulnerable position. We could have a conversation about that, and that would take a long time.

The age of information is a wonderful age. There’s so much available to us but there is so much misinformation. Understanding what’s going on, not everybody does. There is fatigue out there. This tidal wave has been going on for many years. There’s something 6,000 cybersecurity companies out there. Yet we still have the problem. What’s wrong with this picture? There’s another piece we need to get there and that’s what we’re trying to do.

Industry regulators as well as lawmakers certainly are having their day of reckoning with all these new regulatory requirements. What is your biggest challenge in the regulatory requirement world? That seems to be the way that organizations are, I don’t want to say it, but I’m going to say it anyway, being forced to be aware of the things that they’re not acknowledging already.

Because of the way our technology works, we solve all of those regulatory specifics for every company in every market segment. We make them compliant. I know that you know that there is a couple of overreaching rules that have come out of the White House in the last year that have some teeth. How do you get that done? That’s what we get done for you. Again, there’s a lot of information out there. It’s our job to be transparent and not use fear. People are fearful. We don’t need to keep pushing the fear. We need to give them the data and the facts. What’s happening and why? What you’re using and how that is helping you to ally some of the things that you might be afraid of. With this piece, you need to do something about this and then you’ll be able to take a deep breath and have some peace of mind.

That reminds me of a conversation that I had with a CEO. It’s in a traditional brick and mortar as well based here in California. What resonated with me was the regulatory issues specifically. He loves California’s regulations. It keeps other businesses from competing with me. Regulatory is an opportunity for innovation and being different. That stuck in my brain. There is a lot of truth to that. Nobody wants to, unless they have to, conduct business in certain areas because of regulations. I don’t see it as a FUD factor. I see it as an opportunity. Fear, Uncertainty, and Doubt for those of you that don’t know the FUD.

I see the opportunity to position a mindset as well as a footprint. The right solutions as the footprint but also aligning the right mindset of protecting data. It sounds like you figured this out as well. Did I miss that because that seems to be what I’m learning after studying your site and this conversation? For our audience, this is the first time we’ve spoken to Janine. This is often the case with many of our guests. Is that where we’re headed from a regulatory perspective? Is it the opportunity or is that the pain and suffering?

It’s both opportunity and pain. When we were understanding what solution we wanted to build, a big piece of it was because I come from a background that is very customer focused. I remember as we were building this, I said three clicks to anywhere. It’s simple enough so that even people in large organizations can deploy it on their own. I said, “I want this to be the thing that you set it up and it goes.” We thought a lot about that because let’s face it, the world is moving fast and businesses are impelled to keep up, most particularly public businesses. You have got to be making your numbers. Each quarter comes around like this. You’ve got to be paying attention to that. Hence, all of those rules and regulations can’t be shuttled to the side anymore.

 

 

What we designed was something that for the people who are interested in the intricacy and the granularity of the technology, we can show them that. It’ll still be very easy for them to implement. They’ll then have the security of understanding from a technology standpoint. This does what it says. We have as many people. No fault here in any way. You’re doing your job, you’ve got a lot to do, and the systems in your company have been set up in a way so you are supposed to be checking boxes. You check the boxes and you’re doing your job. You are, but you’re not accomplishing the goal.

We have set it up for both headsets so that you’re going to be secure no matter what your headset is. We’re going to make it easy for you to adopt. We do make it easy for you to activate. Whether you’re somebody who needs to check the boxes because you’ve got to get onto the next thing or you’re somebody who’s like, “I want to see how this works.” We accommodate both of those things. The whole thing is about making it do what it says and easy in a way that is for the entire populace from somebody who wants to have it work to the people who are interested in how it works.

Definitely do not of approval on that simplicity. I love the three-click concept. That’s a great guardrail. To achieve that is an achievement in itself because a lot of the challenges that you see culturally within organizations are there are so many ways to do things if you’re a geek. However, it sometimes takes 12 or 13 clicks, which is natural for somebody who understands the tech. For those who do not, it’s probably a little more complicated. What I’ve learned as well is that you could have and sell the best tool in the world. That’s easy to configure. If the competency of the execution of configuring and installing that tool is not there by the person who’s doing the configuration, you’ve got a completely different problem.

 

 

We’ve seen that for years in firewalls that get bypassed or configurations that are incorrect and those sorts of things. Even in filtering content, we’ve seen challenging situations where leadership should be making decisions and saying, “This is what we’re going to do and how we’re going to do it,” then turn that into a configuration. This is where we see challenges in the trenches and solving the governance problem.

We’re talking to these technical teams all the time and they don’t know how to take what essentially is a tool and configure it to keep the company and the leadership happy because somebody has to make the risk decision on what are we doing with it and how are we doing it. Maybe that’s not the case in data protection. “Where’s the data?” “There it is. Protect it.” Do you think it’s simpler to do it with your tool because you look at the data and you say, “This is the data, so protect it?” Should it be simple?

It should be very simple. In our case, it is. There’s an interesting little fly in the ointment here, and I’m watching some companies, a few that I know well, that are going about the business of tackling data classification because almost nobody does that. It’s an important piece. The interesting thing too is that most companies have X amount of years of data storage either in hot or warm storage. There’s like 10 or 15 years of data somewhere out there, who knows where in these companies, and they do not know where. This is another part of the issue. In order to protect everything now, you basically have to protect all your data and then classify it so you don’t have to be protecting all of it.

This is one of the next things that’s coming down the line. The other thing that has continued to be in the focus of many people is what blockchain technology is. There is the idea from many people that blockchain is a cybersecurity solution. It isn’t in the way that people are thinking about it. It’s an elegant technology. It does what it says. It makes sure that the olive oil that you order directly from Italy as it goes through all of the supply chain, you’re getting that bottle. It is confirming the transaction.

It’s making sure that it happens and there is no break in the chain until it gets to you. Is it secure? Yes, in its own way. Does it secure data in a way that makes it almost impervious, completely resilient, and ready to be used anywhere in the world? No. It’s a different thing. People are a little bit confused about that and I can see why. It’s easy. I know I was confused in the beginning too. I was like, “What is this? Is it similar to what we’re doing?” It’s quite clear that it’s not. Again, it’s an excellent technology.

 

 

Janine, what excites you about the future? What do you see happening anything in particular?

It’s interesting using that word excite. I am excited about the future and I have to say also and not to be dramatic that I’m also apprehensive about the future. The reason I’m saying that is I’m an AI and VR fanatic like most people. These are great things coming along and they’re getting perfected in a way that is astonishing at a pace that is astonishing. There’s always that flip side of the coin. I was watching a interesting interview with the founder of OpenAI on 60 Minutes, which is a documentary program I watch every week. Even he said, “We’re a little bit afraid.” He said it tongue in cheek but he said, “It’s not that we’re afraid but we don’t know what this can do yet. As it continues to grow and be expanded and also refined, we are finding out things about it every day.”

I’m excited about AI. It can change the world in a way to make things much easier for people in general because that’s what I always come down to. How can people’s lives be improved? There’s lots of opportunity there, but there’s also, as usual, the opportunity for it to be exploited for nefarious reasons. I’m excited but also apprehensive. The same thing with VR. It’s wow along with deepfakes, which scare me. There are no ifs, ands, or bots there. I’m fascinated, but I’m mostly scared because they’re getting good. I’m worried that, at some point, there’s going to be somebody that gets the wrong message from something that is a deepfake and we’re all going to be in trouble. I’m hoping that’s not so but in general, I wake up every day and think to myself, “Who am I going to help today?” That’s what I love to do.

That is along with Boston Dynamics if you’ve seen some of the robots that they’re creating now with AI and some technologies. Not too long, we may be in the clone wars.

When you start to hear, “What is it?” “Call it what it is.” There’s an honest, open letters from some of the very smart scientists that helped with the evolution of tech in general. They’re warning there are ethical issues here with AI. I feel the apprehension as well. There are some things that whether it be robotics, and of course we have to include the cliché, ChatGPT conversation these days. It seems like if you’re not mentioning it when it comes to AI, then you’ve missed something.

Have you guys tried ChatGPT yet?

I’ve been involved with natural language processing ChatGPT like research for about four years because we were looking at ways that we might be able to ingest written policy and find corrective problems within that policy and reproduce it to address risk. That’s the context of my involvement. Seeing ChatGPT was a moment for me because I had not expected such a powerful outcome. The speed at which it’s moving now compared to its initial version. It’s apprehensive.

John and George, do you remember there was an interesting experiment? I don’t know when it was. I lose track of time. I think it was Facebook that did an experiment with AI and they had two different personas speaking to each other and then they locked the humans out. Do you remember that? It wasn’t around for very long. This is what I remember about it. I remember thinking to myself, “This is where we’re going. This is not so good.”

I don’t want to raise hairs on people’s backs, but years ago, during the Manhattan project, Albert Einstein wrote a letter to Roosevelt on the issue of chain reactions and fission and those sorts of things in terms of creating nuclear weapons.

I’m starting to see some parallels between these scientists now about artificial ethics and AI, Artificial Intelligence. Watch out and watch out what you invest in as well has been the other warning that I’m seeing. Companies see it as the future. You’re going to throw a bunch of money into this and then potentially, depending upon how you’re using it, you’re going to end up in a bad place. I wonder about the degree of apprehension that we’re seeing in the scientific community compared to the technology and innovation or the innovators who are applying AI. At least from the perspective of cyber risk, this is one of the areas where the Department of Defense and The Cyber AB is.

We do quite a bit of CMMC for our clients as an RPO and are involved with that whole thing. It is one of our superpowers. It’s going to evolve to be even more stringent I would imagine in the AI field. It’s artificial ethics in general. The average consumer doesn’t know the outcome. They hear flux capacitors and things that. It’s just language. They don’t understand until they see how it’s working and the outcome. College students are an example of that who’ve been using ChatGPT to write letters or write essays for themselves for their classes. I do question whether or not we have the right artificial ethics standards in place.

It’s a bit of the Wild West out there yet. When I think about all of the innovations that have risen in the last years, it always brings to mind the cover of a New Yorker magazine not too long ago where somebody is sitting in this chair in the clouds and all these arms are bringing everything they need to them. I’m thinking to myself, talk about a statement of where, in some ways, we’re going and also maybe where society wants to go. There’s the idea that ease is everything. I think that time will tell.

It’s a fantastic discussion. There’s a lot to be learned in AI as well as in cyber risk and the issue of ransomware will continue to be top of mind for a lot of leaders. Let’s talk a little bit about you. How did you get started?

It’s a funny little story. It’s not all that interesting to me I guess because I’ve lived it. I’ve always been curious about everything since I was so young. I would be looking at the world and still do in a way that’s like, “Why are they doing it like that? There’s a better way. There’s a more productive way and valuable way.” I view the world in that way. Not actively, but it’s the way my brain works. During my career, which was with both very large enterprise companies down to very small companies and everything in between, often, I was in an operations role and IT would report to me. I’ve always been interested in privacy and know that privacy cannot be achieved without security. I was very interested in how data traveled, where the challenges and the vulnerabilities were, and how could we address them.

That’s in every life. The time came along when I had an opportunity to pursue varied interests. I had a whole list of businesses I was thinking of starting, but this one. I kept looking at this one and thinking, “This is a big problem and it’s only going to bigger.” I was so attracted to solving it that I went out and did focus groups with both the consumer sector and the business sector and said, “If there was something where you knew that anything important to you would be truly protected and you didn’t have to worry about it being stolen, lost, manipulated, or whatever, would you buy it?” The answer I got in some way or another was always like, “I hadn’t thought about that, but that sounds like a good idea.”

That’s why I started this company. I mentioned in the beginning that I put the first clumsy iteration of what I had in mind together and then had my co-founder. I have to call up my team a little bit here. My co-founder, Chris Evans, who is also the CTO of the company, is originally from NASA and also was an Air Force Red Team lead. The Air Force Red Team leaders are known far and wide as some of the best technologists in the world. Between my visionary operator head and his technology operator head, we are a good team because I’ll say, “I want to do this because I see this coming in the marketplace, and here is how I think it will work the best for our customers.”

He’s come back to me several times and said to me, “I don’t think we’re going to be able to do that.” I’m like, “Okay but why not?” We’ll have a conversation and then a week later, this has happened twice with big deal things, he’ll come back to me and say, “I figured it out. Here’s how we can do it and here’s the other things that we can do to make it absolutely a no-brainer for people to enjoy it.” It’s been a wonderful journey. The journey has been longer to this point than we thought it might be, but we do know. Even our investors have said to us, “You were way too early.” Now things are starting to move along in a very big way. We’ve got some big name customers and lots of people paying attention. We are optimistic that we are going to be able to fix this problem for lots of people in the next few years.

Do you have any stories, without disclosing a customer name, where somebody was using your solution that you can share with us, and how there was an outcome at the end that gave you personal gratification?

I can tell you that so far, anybody who has our solution deployed has not experienced any kind of breach. That’s pretty much all I can say. That’s wonderful news because it proves that certainly, our solution is making a positive impact in whatever way we have configured it for them. Some of them are using it on its own. We don’t have to integrate. It’s a modular system, so we snap on. We’ve used whatever they have and we add that other piece. It’s exciting times.

The best-kept secret in ransomware risk management is what I’m hearing.

I don’t care about being well-known. I care about getting this in the hands of most people. That is my top of mind. If people have to know me because of that, that’s fine, and if not, that’s fine too.

I definitely appreciate your approach. Often, you run into CEOs that have a mindset that may not be the same as your own. I have a similar mindset. The challenge always is what’s the market? The externalities. What’s going to happen there? Still, we can talk a little bit more about the best ways to decompress. What do you do to decompress? What’s the personal escape for you?

I’m not that interesting in terms of my decompressing life. I love to spend time with my family. I’ve got twin sons and lots of cousins and siblings. We enjoy spending time together. As I said, I love to cook a good meal. I love to relax probably in a very European way over 3 or 4 hours. I stand around the kitchen, have a few glasses of wine, have dinner, have an after-party, and all those things. I’m a Les Mills fitness fanatic.

I’ve been doing Les Mills for as long as I can remember. That helps me with my Zen. I have a lot of energy that needs to be displaced in an appropriate way. I use Les Mills to do that. I love watching documentaries of all kinds. I absolutely love to travel. Honestly, this is probably going to be a little odd, but I don’t mind when I’m traveling having a couple of hours in an airport because sitting and watching the world go by is great. Those are some of the things I do.

Sometimes, it’s great doing people-watching.

You can relate to the time in the airport for sure. I think that we’ve covered all the bases in terms of the cyber risk side of the coin. It’s great to hear about what you do to decompress. I’m sure there are going to be people interested in learning about how to follow you or connect with you. What are the best ways for them to do that and what are the connection points?

That would be great. I am on LinkedIn a lot. That is my home base. I don’t spend much time on Facebook, even though we have a page on Facebook. LinkedIn is where you can find me. I’m pretty active there. If you want to send me a direct message, I pretty much reply to everybody sooner than later.

I sent you a connection request now.

Janine, thank you for your time. We appreciate it and very informative. We hope that customers will come take a look or people will come take a look at your solution. It sounds like it’s new in the market and could definitely solve some of those issues that should be burning in a lot of executives’ minds.

I appreciate John and George you having me on. It’s been delightful. There’s nothing more than talking about my ability to help people in cyberspace. I agree with you. I do hope people take you up on being in touch because we can help.

Thanks, Janine. I appreciate the time as well as the investment of energy to let the world know about, of course, our audiences as well, a little bit more about what you do and how cyber risk is in their control if they know where to look for it. Thanks so much.

My pleasure.

To our audience, thank you for tuning in. We hope that you’ve learned something or you maybe laughed or cried. Hopefully, not when you heard about the data and the data classification. Either way, tell somebody about this show. Help us get the word out there and help another CEO, company, or another person with their data. Again, Janine, thank you very much for your time.

Thank you.

 

Important Links

 

About Janine Darling

Janine is an award-winning CXO who has held prominent leadership positions for commercial product and service companies of multiple genres.

She has driven the expansion and profitability of many well-known global brands including Samsung, Sony, Barnes & Noble, Everlast, Chanel, Mark, Nestle, and Starbucks.

Currently, she is the Founder & CEO of STASH Global Inc., the fastest, most effective way to stop Ransomware and Data Compromise in its tracks.