Glen Pendley is the CTO of SecurityScorecard, a US information security company that rates the cybersecurity postures of corporate entities and presents them in its own proprietary dashboard. This allows its clients to assess the cyber risk of third parties and vendors that they either work with or are considering entering business with.
Since its 2013 launch, SecurityScorecard has rated cybersecurity exposures for more than one million companies, assessing criteria ranging from network security to mentions within dark web forums.
Prior to joining SecurityScorecard, Pendley held multiple senior roles at Tenable, and was director of R&D and Product Management at McAfee for over three years. He started out his career in the United States Marine Corps.
In this Q&A, the eighth in our weekly series, Pendley explains why he’s worried about sloppy coding, how growing up before the days of Google instilled a strong research ethic, and how learning when not to care is key to avoiding burnout.
Rob Scammell: Tell us a bit about yourself – how did you end up in your current role?
Glen Pendley: Honestly, a lot of it is luck and being in the right place at the right time. I have worked really hard of course, but a lot of people work hard and that’s not a guarantee to success. I think the one thing I can say about myself is that I have had a knack of identifying and taking advantage/maximising the opportunities that have come my way.
What’s the most important thing happening in your field at the moment?
I straddle cybersecurity and software engineering. Right now, every organisation in the world is a software company whether they realise it or not. The sheer number of applications (web, mobile, etc) is continuing to grow exponentially. The people writing these applications have no idea how to securely write code. The amount of risk every company out there today is taking on scares me. This to me is the most important thing happening right now.
Which emerging technology do you think holds the most promise once it matures?
This is probably a common response to this question, but it has to be machine learning/artificial intelligence. The ease and the scope at which we can collect data nowadays opens up so many opportunities to get insights and solve problems in a way we never could in the past. Across every walk of life.
How do you separate hype from disruptor?
The difference between hype and disruptor to me is simple. Does it actually solve a problem people have, and in a way people can consume it. I can almost tell immediately what is hype, and what has the potential to be a disruptor simply by how focused they are to solve a particular problem. Disruptors tend to clearly articulate the problem they are solving, how they do it, and why it matters.
What’s the best bit of advice you’ve been given?
Best advice I ever received was “You need to learn when not to care”. Earlier in my career, when I first became a VP, I thought it was my job to try and address every issue in my organisation. I was told by my boss at the time that I will quickly burn myself out doing this. I need to focus on the few things that will make the biggest impact and literally not care about anything else. I won’t be able to do anything about it anyway. It took a while, but I eventually became much better at managing the right outcomes at scale by doing this.
Where did your interest in tech come from?
My father. He was an electrical engineer. Growing up before the days of Google, I was never allowed to ask him how something worked. He bought me the greatest book I had as a kid “How Things Work”. I would have to research things on my own. If I still had questions we would sit down together and go through things together.
What does a typical day look like for you?
I have a one-year-old, so my days aren’t overly exciting right now. I own a few gyms, so I like to work out in the morning. Once I start working its mostly meetings and having discussions. Typical sort of workday. After work I play with my son until he sleeps and then I read before I sleep. Not exciting at all!
What do you do to relax?
I love to read. I have also gotten into curling recently. It is such a fun game to play. It’s like hardcore shuffleboard on ice. If you have never tried it, you need to!
Who is your tech hero?
Hero is a strong term. I am not sure I have a ‘hero’ in any sense. There is someone who I look up to and has been a huge influence in my career. His name is Renaud Deraison. He created the tool that got me into security to begin with back in the late 90s and I eventually had the opportunity to work with/for him for nearly a decade. I feel lucky to consider him a friend today.
What’s the biggest technological challenge facing humanity?
Generally speaking, I don’t think most people realise how much data they are producing, who’s collecting that data, and what they can do with it. Whether the reasons are for good or evil is irrelevant, people are very ignorant to what’s happening with the interconnectivity of everything.