Interview

AITech Interview with Brian Buck, VP, Strategy, Research & Innovation at Lookout

Learn how Lookout is pioneering advancements to secure the digital future.

Could you walk us through your 50-year professional journey in the technology and innovation field, highlighting the professional journey that led you to Lookout and your current focus on cybersecurity

Fifty years ago the technology space was very different. Other than software provided by the vertically integrated big players (IBM and the “BUNCH”—Burroughs, UNIVAC, NCR, Control Data Corporation, and Honeywell) who offered mainframe computers and their operating systems, and a smattering of applications, all the rest of the applications that organizations needed were written in-house. So if you wanted to work in tech, you likely worked for one or the other; there weren’t any independent software vendors yet.

Cybersecurity was not a primary concern for application developers back then; the focus was on delivering the application’s functionality on time (some things haven’t changed very much). It tends to take the occurrence of something bad (an attack) before people realize there is a risk and that it must be managed and mitigated. I remember when I discovered and reported the equivalent of what would now be called a SQL injection attack in an internal system in a large bank in the late 1970s; it allowed an attacker to read anyone’s internal email (this bank was a technology leader in adopting email for communication back then). Management didn’t know how to react. Their first reaction was disbelief, then anger at me for finding the vulnerability, then finally a remediation for that specific problem; but the lesson wasn’t learned that vigilance was required not just in operations but during development, that cybersecurity needed to be part of the entire process of delivering value to people with computing systems, from start to finish. This is still, to some degree, a problem.  But it ignited a spark for me, to always look at the risks related to the systems that I was developing, and to proactively take care of them.

I find it interesting that the same sort of mindset that is good for cybersecurity works very well for innovation.  This is a mindset that is curious about everything, wants to understand how things work, and discover what else systems or technologies can do beyond what was originally conceived, that uses imagination to consider what kinds of problems the systems or technologies  can create or solve. This used to be called a “hacker mindset” before the word “hacker” acquired its current connotation of a criminal attacker, and referred to someone who was clever and inventive.

Eventually, after a career as CTO or Innovation leader at a variety of tech companies, I heard about Lookout, which at the time was really the only company in the world thinking creatively about the cybersecurity risks that had existed with the then new technology of mobile phones.  Lookout wanted a leader for innovation and patents, explicitly asked for a “hacker mindset,” and I found the energy of a small startup invigorating, so I joined them in 2012.

Could you delve deeper into Lookout’s strategy for achieving its mission of ensuring a secure digital future?

As the leading provider of Data-Centric Cloud Security, we work to set a new standard for helping businesses protect the sensitive data and information they care about most. Today, the boundary between enterprise and personal data has all but disappeared.  A common software vulnerability can compromise a large, global company, which in turn can expose the personal information of millions of its customers.  And the reality is that regardless of corporate policies, people use the device that is in front of them to do both business work and personal tasks. People work from home, where the pace of corporate work intermeshes with the demands of home and family. An organization’s employees have personal presence on social media, and the history of data breaches combined with privacy-invasive tracking mean that there is an enormous amount of data about employees in the dark web, and attackers, who always use the easiest and least defended path to attack, are targeting employees as a means to gain access to enterprise data.

This reality requires a bold new approach to data protection—one that’s easy, automatic, and transparent. Our mission is to secure and empower productivity while keeping privacy a top priority in a world where work can happen anywhere. We do this by offering both mobile threat defense and security service edge (SSE) solutions to enterprise and government organizations.

Many individuals express concerns that AI might potentially compromise digital security. In the light of this, could you elaborate on Lookout’s perspective and approach towards leveraging AI, as exemplified by Lookout SAIL, to enhance cybersecurity effectiveness?

AI is playing an increasingly important role in cybersecurity. In fact, last year, Acumen Research and Consulting put out a report valuing the global market for AI-based cybersecurity products at $14.9 billion in 2021 with an estimated value of $133.8 billion by 2030. However, many say hackers are reaping the benefits as well, considering AI-generated phishing emails have higher rates of being opened than manually crafted phishing emails. So it’s important to be mindful when creating and deploying AI-powered products. For us, we thought about what our customers need the most in light of talent shortages in the industry and decided on a generative AI assistant to help them use our Lookout Mobile Endpoint Security and Lookout Cloud Security solutions to the fullest and with significant time savings.

Collaboration often leads to diverse perspectives. How does Lookout ensure that the ideas and inventions generated by the team are effectively harnessed and integrated into the company’s products and strategies?

It is absolutely true that collaboration is more fruitful for innovation! Studies show that the more diverse, in every sense of the word ‘diverse,’ the group of people working to solve a problem, the better the results of the innovation, in terms of both the number and quality of ideas. But it can be easier to come up with ideas than it is to actually put them into practice.

Innovation managers talk about the front end of innovation (FEI) and the back end of innovation (BEI). Ensuring that an idea can quickly and effectively transition from FEI to BEI stages can be tricky. The front end of innovation can be done more quickly and with fewer resources than the back end of innovation, where the hard work of implementation happens. And that’s where the problem lies—in the competition for resources.

The late Clayton Christensen talked about this in his classic book “The Innovator’s Dilemma.” Existing initiatives and market demands for specific features are competing for resources with newer ideas. This is the fundamental dilemma, and is in fact the definition of economics itself, how to allocate resources in conditions of scarcity. There are never enough resources to do everything, which is why the Scottish historian and philosopher called economics “the dismal science.” But Peter Drucker described the action an organization must take if it is serious about innovation: “If you want something new, you have to stop doing something old.” It is hard to have the discipline to make innovation a priority, but organizations which are successful in doing so have figured out how to balance the needs of the present with the promise of the future.

Could you explain how Lookout SAIL uses generative AI to assist cyber defenders? What specific challenges does it address, and how has its implementation impacted Lookout’s operational efficiency?

We kept Lookout SAIL’s functionalities focused on security education, platform navigation and security telemetry analysis. We wanted to create a valuable companion, offering insights and assistance to users, ultimately streamlining tasks such as administration, policy creation, incident response and threat hunting. Think of the time you’d save if you could just interact with an AI-powered assistant rather than sifting through a manual or user guide. Through its integration into our existing user experience, SAIL also enhances workflow and accelerates user interactions, leading to increased productivity and effectiveness.

Specific Lookout SAIL capabilities include:

  • Platform navigation and operational efficiency: Speeds up onboarding to the Lookout platform, guiding new users through relevant platform features and answering onboarding questions within the chat feature. Users can easily “sail” around the platform to obtain answers, visualize results, and perform desired actions. Example: “Help me add a new admin to the system.”
  • Security status: Allows users to ask questions about specific tenants and investigate their organization’s security posture. Example: “Find high and medium-risk iOS devices that have anti-phishing features enabled.”
  • Security education: Equips users with up-to-date industry knowledge on basic and emerging topics. Example: “What is the difference between Secure DNS and On-Device VPN?”

As the tech industry moves towards greater integration of AI, how do you see the synergy between AI technology and cybersecurity evolving? Are there any potential pitfalls or challenges to navigate in this intersection?

There is an interesting phenomenon that I have observed regarding artificial intelligence over the 50 or so years that I have been in the business. Tasks that once were considered hard research problems in the field of artificial intelligence were solved, then made their way into products, and over time these areas ceased to be considered as part of the field of artificial intelligence, they were now just part of software engineering.  Indeed, I’ve suggested that the real definition of “artificial intelligence” is “the stuff that we don’t know how to do yet.”  Once a problem is wrestled into submission, it stops being part of the AI field.

The use of AI tech in the cybersecurity field is not new;  Lookout and others have been using various AI & machine learning (ML) techniques for decades. The sudden appearance of generative AI in the public arena has startled everyone (except those who have been working on this for quite a few years).  But it is not fundamentally different from other forms of new technology adoption.  The various AI techniques will pervade every product, every feature, where they can improve detection, protection, and performance.

Regarding pitfalls, there is much written about AI and ethics, about the dangers of AI, and so on. But this is true of any new technology; if it has the power to do good, then it also has the power to do bad things, and if it is not completely understood, there will be confusion and uncertainty around it, which can lead to fear of its consequences.  Over 60 years ago noted science fiction writer Arthur C. Clarke coined his famous Three Laws; the third law is the oft-quoted “Any sufficiently advanced technology is indistinguishable from magic.” But Buck’s Corollary to Clarke’s Law (yes, I named it after me 🙂) is “If a technology is sufficiently advanced that a user cannot understand it, then they think it can magically do anything, but it can’t.”  This type of mis-perception can lead to uncertainty, worry, anxiety, even fear; or conversely, over-inflated expectations which ultimately lead to disappointments.

Most people do not understand what AI technology is, how it works, what it can and cannot do. It is the responsibility of anyone implementing any sort of new technology to clearly explain what is being done, what are the risks and benefits, and how risks are being mitigated.  But this should be true for any technology, not just AI. Einstein once said “If you can’t explain it to a six-year-old, you don’t understand it yourself.” The industry has a dearth of such explanations for new and complex technologies.

Lookout’s use of AI to enhance cybersecurity efficiency is commendable. How do you ensure that the technology is harnessed for positive impact, and what considerations guide Lookout’s approach to AI deployment?

Lookout actually has a storied history with AI and machine learning. Since our founding 15 years ago, we’ve treated mobile cybersecurity and anti-phishing as a Big Data problem — and one that requires machine learning to solve. We applied the same strategy to security against insider threats and account takeovers, pioneering the use of machine learning to monitor user behavior to prevent data leakage and exfiltration.

To that end, we now have the world’s largest mobile security dataset as the Lookout platform analyzes telemetry from 215 million Android and iOS devices, 269 million apps from app stores worldwide and hundreds of millions of web destinations to uncover hundreds of phishing sites every day. This enables our customers the ability to detect and respond to security threats in real-time on mobile endpoints and in the cloud.

With AI’s potential to both enhance and disrupt various industries, what approach do you have for other companies looking to leverage AI for the betterment of their fields while maintaining security and integrity?

Companies which want to apply AI to the problems in their fields should include their internal cybersecurity people from day one on their design & implementation teams to ensure that all sorts of risks are understood, explained, and mitigated.  Over my career I’ve come to the conclusion that people in general suck at risk management; but cybersecurity professionals have the training to do this better than just about anyone. The shiny new technology tends to get people excited and implementing without giving due consideration to the risks. 

What do you consider as the most exciting trend or development in the cybersecurity space currently, and how does Lookout plan to align with or respond to this trend?

Awareness at the top organization level.

The most important trend is that organizations are moving away from the blissful ignorance phase (“it won’t happen to me”) and beginning to realize that cybersecurity attacks can (and do) happen to anyone, that the criminal attackers are exploiting those organizations’ inattention to doing cybersecurity right, and that at the executive and board level the awareness is growing that cybersecurity risks are real, growing in frequency, can kill the business, and are ongoing and persistent risks that must be continuously addressed. 

Could you share a pivotal lesson or piece of advice from your career journey that has greatly influenced your approach to innovation and leadership in the tech industry?

Regarding leadership, I have learned that the foundation laid down when I was a Boy Scout has served me well. It was there that I learned how to follow and how to lead, and that helping other people at all times is a necessary trait for any good leader. Everyone is familiar with the motto “Be Prepared,” and it certainly applies not just to leadership but also to innovation. Louis Pasteur said that chance favors the prepared mind, and this is definitely true for innovation. Keeping the child-like traits of curiosity and imagination as one takes on the many burdens of adulthood enables you to take a fresh view at any problem and come up with a solution. Einstein is quoted as saying “If I had an hour to solve a problem I’d spend 55 minutes thinking about the problem and five minutes thinking about solutions.” The point is that preparation—exploring the problem space, discovering and defining and redefining the problem—is the key to problem solving, to innovation.

“Find the problem. Imagine the ideal outcome. Work backwards from that to where you are now, inventing a piece at a time, to pull the future you want into the present.”

Brian Buck

Vice President, Strategy and Research at Lookout

Brian Buck is an innately curious futurist, strategist, and innovator and the vice president of strategy and research at Lookout. Through his fifty-year career in technology, Brian has been the CTO and co-founder at several public and private companies, and has headed research and innovation groups in technology & financial services companies. Brian is a serial inventor, with over 200 patented inventions. He is a Certified Foresight Professional, and a member of the Association of Professional Futurists (APF), Association for Computing Machinery (ACM), and the Institute of Electrical and Electronic Engineers (IEEE). Brian has a master’s degree in computer science from the Illinois Institute of Technology, and a bachelor’s degree in math and physics from Dartmouth College.

Related posts

AITech Interview with Adit Jain, Co-Founder & CEO at Leena AI

AI TechPark

AITech Interview with the Vice President of Security Strategy & Threat Intelligence, Venafi – Kevin Bocek

AI TechPark

Interview on AI in Healthcare with Harjinder Sandhu, Founder & CEO of Saykara

AI TechPark