In Conversation with Nico Fischbach, Global CTO, Forcepoint

Nicolas (Nico) Fischbach is the Global Chief Technology Officer at Forcepoint. Nico is leading Forcepoint’s cloud-first transformation as the CTO for the company’s cloud security business, where he oversees technical direction and innovation. Before joining Forcepoint, he spent 17 years at Colt, a global B2B service provider, and was responsible for company-wide strategy, architecture and innovation.

On the sidelines of the Forcepoint APAC Media Conference at Kuala Lumpur, Nico had a free-wheeling discussion with me, on a range of critical themes around cybersecurity.

Prabhu:  Which technologies, do you think, are the most exciting for you right now?

Nico: Enterprises everywhere are focused on Digital transformation. And I think, you know, everything that underpins digital transformation, in terms of, you know, changes in the way people do networking, and not just 5G.  I think, the existing wireless environment is already very good to enable people to be able to travel to walk from anywhere. It really enables IoT, and not just from a Consumer IoT perspective but really more from the industrial IoT or IIoT perspective, and especially the convergence between the Information Technology (IT) domain and the Operational Technology (OT) domain.  Broad megatrends, like Industry 4.0 transformation, and not so much AI, but  rather Machine Learning, are transforming enterprises everywhere. Data is accessible anytime, anwhere enabling people to work from everywhere. This is the new normal. It is not so much yet about the technology side of it, but rather the new form of enterprises that are more more flexible, much more open. The end game is, you know, to, to enable people to get the job done, quicker with the right tools in the right environment, and provide a security wrap or safety wrap around all the technology layers. This is with the objective to ensure that those companies will shift from, you know, legacy business processes, from on-prem solutions and homegrown tools, to embracing the cloud. In the digital economy, it will be all about securing the data, and all the intellectual property in the form of business processes. It’s all about making data secure, preventing data breaches, and data theft.  Within this context, it is all about making data secure as it flows between employees, business peers and partners. It is about putting a safety net around them, and not just you know, from phishing attacks and cloud attacks, but also the much-more complex evolved attacks from you know, high value criminals or even kind of rogue nation states at some point.  And this is where Forcepoint comes in. So that’s what we operate in. We bring together data science and machine learning to shift from threat response to actually behaviour intelligence, and from reactive to proactive or even predictive risk assessments, at some point. Our end objective is to give both enterprises and users with a better secure environment to work in.


Prabhu: You travel a lot. From your perspective, how do you compare technology maturity as it stands in the West, with what is happening in Asia?

Nico: I think that that question always comes up. Technology maturity very much depends on the technology verticals, where the companies are coming from, in terms of their technology maturity and the markets they address. I believe, the US is kind of really leaning forward. Western Europe, on the other hand, is kind of second, and followed by Asia. Beyond a very high macro level perspective, I think the reality is that on the field, in every region, you have technology leaders, leading the transformation, as well as technology laggards or followers.  From an APAC perspective, the maturity of enterprises is on the rise, and they consider embracing digital transformation  more seriously, and I think it has to do with the cultural shift. The CxO leadership in APAC is thinking differently, about how they are enabling their workforce. Yet, I don’t think there’s a one size fits all answer on that one, but it comes up all the time.


Prabhu: When you talk about human-centric cybersecurity, do you see early adopters in Asia?

Nico: We are in Asia this week to test the waters and get feedback. At this point, it is all about getting the basics right, in terms of putting a governance framework in place to address the user data security.  We are also looking at the maturity curve of organizations. This is key, as most of our conversations with, you know, CIOs and CEOs or CTOs is like, you know, they want to have us come in as trusted advisors to help them build that technology roadmap for them, and frame what their short-term vision should be, and how should they scale their maturity curve.  This is an environment they do not have much exposure in, and they are looking at us less, as a vendor of solutions or services. Interestingly enough, we see countries like Japan, South Korea, and pockets in the Greater China where there is a lot of innovation happening in the region. Enterprises for many, many years had single-point products solving a single problem, so to speak, right? Today, the conversation is much more about what are the business outcomes and, and how to derive business value from that.

Prabhu: And if we could just again focus on Asia, and talk of behavioral analytics in an Asian context. Yes, there will be the early adopters and many laggards, but generally, are we still there yet? Or is it more?

Nico: We are starting to see traction on dynamic data protection (DDP). I think people just don’t realize how important human and, you know, data assets are. Asia is a market full of potential, and yet untouched market for Forcepoint.  With X-Labs, and mixing the product with behavior analytics, we are pretty unique, and this is a very big differentiator for us.  If you were to look at some of the products in isolation, you could see them as me-too products because, there are others who also do DLP, next-gen firewall. But, I believe the key distinction is that no one has the combination of those you know, and that’s important.We have integrated human research in our data science efforts.  In such a scenario, we we really leading the pack.  All said, execution is going to be key right here and going forward.

Prabhu: We talked about Artificial Intelligence. There are many other terms going around? Like Cognitive, and Machine Learning. What is your take on this: Tech versus Human capital?

Nico:  From my point of view, Machine learning is the real thing. Artificial Intelligence is a big umbrella term that covers a lot of the complex components in the technology stack. Consider, cognitive security, and the various models, from RMB detection to adversary networks.  I think the challenge is more, you know, finding the right people. So it is not so much about the tech. I think there’s enough engines out there, including, for instance TensorFlow. The question is, how do you make use of that engine to create value?  What we really need is the right data scientists with the right data to train. It is not really about which AI model or which Machine Learning tool or which engine it is. It is all about whether we have the right data to train the system and whether we have the right human with the human brain power to make sense of that data. I think it’s more of a need for new data sets in terms of quantity and quality. And alongside, having the right data scientists with the right experience to unlock it.

Prabhu: For potential clients in Asia reading this interview, how do your explain the Forcepoint philosophy? Is it, hands-off, or every-step-of-the way. All things said, find the right talent is an issue, right?

Nico: There is always an issue, especially in data science, right. The products we offer today, for most companies, will, apply very well to their operating environment. And then, you know, as part of improving the system, we would need to have this partnership conversation with the customer to make the business input as well as output better. So that’s where we start to walk in partnership with those customers to see what’s relevant for them in their own business context. The inherent idea is to make it easier to adopt. Yet, it all boils down to the level of maturity, the IT stack available, and the data. So it really depends what you want to cover in terms of your use cases, what data is really available, and how to make sense of that data.