Building a Community of Trust with Tom Billington, CEO of Billington CyberSecurity

Carolyn Ford:

Welcome to Tech Transforms, sponsored by Dynatrace. I'm Carolyn Ford. Each week, Mark Senell and I talk with top influencers to explore how the US Government is harnessing the power of technology to solve complex challenges and improve our lives.

Hi. Thanks for joining us on Tech Transforms. I'm Carolyn Ford, here with Mark Senell. Hey, Mark.

Mark Senell:

Hey. Good morning, Carolyn.

Carolyn Ford:

Morning. We have a special episode today. We get to welcome Tom Billington. He's the CEO of Billington CyberSecurity. I'm just going to go full plug for their premier summit of the year. It's Billington Cybersecurity Summit. It's September 5th through the 8th. If you don't have your passes, you need to go get your passes. This really is the premier government cybersecurity summit. Here's a little bit of flavor.

Dynatrace is going to be there. We'll be hosting a demo on September 6th. Willie Hicks, our public sector chief technologist, is moderating a couple of panels. Willie's also a regular co-host here on Tech Transforms, so you guys know he's just a fun speaker. He was on a few panels last year at Billington, as were you, Mark, with some A-listers.

Mark Senell:

Yeah.

Carolyn Ford:

Willie's panels this year, on September 6th, he is moderating the panel, “Protecting Data in a Zero Trust World.” A couple of the panelists, I mean I'm just going to give you a flavor of what this A-list looks like. So one of the panelists is Gerald Caron, he's the CIO of ITA. And then Shery Thomas, cyber technology officer at the United States Marine Corps Forces and Cyberspace Command. So that's first panel.

Second panel's on September 7th. It's called “Striking the Balance, Building a Smart Workforce, and Increasing Automation.” This is such a hot topic. It affects us personally as employees. They're going to address managing the burnout and how automation can help with that. But a couple of the panelists, Amy S. Hamilton, she's a PhD, senior cybersecurity advisor at DOE, and Patrick Johnson, he's the director of the Cyber Workforce Management Directorate in the Office of the Deputy CIO for Resources and analysis at the DoD. That's just a little bit of the lineup at Billington. Like I'm saying, these are A-list government leaders. So if you don't have your passes, go get them.

Today, with Tom Billington here, we're going to get his insights on how Billington Cybersecurity Summit came to be the government cybersecurity event. Not only is the speaker lineup star-studded, but this summit is the only summit in the government space specifically that attracts international media, and this media includes The New York Times, The Wall Street Journal, The Post, Financial Times, Bloomberg, all of them. The summit regularly breaks important news that advances the cybersecurity of our government and critical infrastructure.

So Tom's going to give us a preview of what this year's summit will look like and how the latest issues impacting the public sector will guide this year's conversation. With that, welcome, Tom, to Tech Transforms.

Tom Billington:

Carolyn, thank you very much, and Mark. I really appreciate being on here. I'm going to share that introduction with my mother. It's been so nice. Thank you.

Carolyn Ford:

Good. So I've won today. If it's an introduction that you want your mother to hear, then we're winning.

Mark Senell:

Welcome, Tom, and good to see you as well.

Tom Billington:

Thank you, Mark. Thank you.

Carolyn Ford:

I'm very excited.

Tom Billington:

Appreciate it.

Carolyn Ford:

I get to be there this year. I don't get to come every year, but I get to be there this year. I'm really excited to see ... Some of the speakers are my favorite. I'm just going to mention Ann Dunkin because I'm kind of a groupie. She actually was just on the podcast. Man, she is so fun, so intelligent, and so personable. She's going to be there. So go check out the website to see the full lineup.

Tom Billington:

Thank you. Ann is a rockstar. She's Department of Energy as the CIO. I'm really honored to be on this great podcast. Thank you very much for having me on. I appreciate it.

Mark Senell:

Our pleasure.

Carolyn Ford:

Well, thank you for joining us. Yeah, our pleasure. So let's start with your background in cybersecurity. You've been doing this for a while, Tom. What challenges were you facing that led you to start the Billington Cybersecurity Summit?

Tom Billington:

rs ago, believe it or not, in: 1999

So I really started this business to be distinctly patriotic, to provide a serious dialogue in a way that I felt wasn't really being done at that time. What was some of the challenges is your question. So breaking into the federal cybersecurity community, to be honest, was hard as an entrepreneur. We had to build trusted relationship after trusted relationship. Over the course of 14 years, it's become decidedly easier now, now that we have had the privilege of having those trusted relationships.

But really building that ecosystem of trust in the DC community where I've spent most of the majority of my life was probably the greatest challenge, but is the greatest thrill now to be able to continue to build that community of trust. So that was one challenge, and the second was how do you discuss a topic that is largely classified in a public setting in a way that benefits the community?

I think that's an area where we've really rapidly, as a community, rapidly built is the ability to have a dialogue, not just with our government allies and with our industry partners, but also with the international community, which we're very excited to feature again this year at the summit and love to delve into it more.

Carolyn Ford:

When you started, really, cybersecurity was the wild, wild west. To your point, getting information out to the rest of the world that doesn't fit into the classified world has been key in making us a more secure-

Tom Billington:

Absolutely. They are, and important not just for government, but for all the citizens that government serves. It's increasingly important in the critical infrastructure sector, obviously, and that's been revealed in a number of recent advisories by CISA and FBI and NSA and the like. We're excited this year to have speakers like General Nakasone to open the summit and DNI Haines to close the summit, and then CISA Director Easterly to open day two, and the DISA director open day three. So it'll be a really full event.

We are tracking right now three times the registrants of last year to date. So we're excited by the reception that it's received in the community and incredibly honored to be able to have partners like yours and partners in government to be able to provide an exceptional service to the community.

Carolyn Ford:

We are excited to be part of the summit again this year. I've had the pleasure of hearing some of the speakers that you just mentioned, and they're not boring, much like Ann Dunkin.

Tom Billington:

Yep. Not at all.

Mark Senell:

Given the forum, Tom, how do you come up with the speaker topics for an event like that?

Tom Billington:

We have a content team, Mark. As you know, any great venture comes about through a great team. So we have a content team that meets almost daily now to develop the four-day event, 40 sessions that this program will feature. We come up with them through a number of ways. First is we collect attendee feedback from previous events. Last year, for instance, future areas that were of real great interest included data and cloud security, identity management, supply chain-related issues.

And then we focus on what key technology developments there are and how they will likely impact future cybersecurity issues like AI/ML this year, obviously, with ChatGPT, space, multi-cloud implementation, to a lesser extent, quantum computing, as well, key areas. Then we try to incorporate world events, what's going on outside with, obviously, the Russian invasion of Ukraine. We've done a lot with Ukraine, trying to support that country, the rise of China as a key US competitor, the growing world of cyber-crime.

Lastly, we focus on, so okay, we have the world events. We have the technology developments, and then we overlay on that the policy developments. For instance, as you know, the release of the National Cybersecurity Strategy and implementation plan and the workforce strategy just this week, DoD's release of its zero trust framework and all the many policy documents that, as you know, are released regularly, those all then further round out the program that our content team is working so hard on every day.

Carolyn Ford:

For me, that last piece is particularly valuable because those documents are unwieldy, to say the least. Even if I did read them, I don't understand most of what I'm reading. Most importantly, I want to know what matters to our government leaders, what they're focusing on, and this is such a great venue to understand that.

What holes have you seen when it comes to bridging federal government cybersecurity initiatives and commercial cybersecurity initiatives? Have you seen a disconnect or any gaps between the two?

Tom Billington:

Right. So a couple things. Great question. This is obviously a very complicated issue for several reasons. Most federal entities, as you know, already have strong working relationships with the technical commercial sector. These include the giant cloud and service providers, tool providers, systems integrators, and the like. So these relationships are ongoing, oftentimes very deep.

On the other hand, there are a host of other commercial entities that are interested in introducing what they do in the federal sector who are less well-known. They have amazing innovations. But sometimes the way to get into the government takes longer than their businesses allow. So how do you engage those early-stage entrepreneurs and innovators and allow what they are doing to help our government partners?

Second, there's a continual movement of key players on both sides that forces companies and federal entities to continually find ways to engage. Government funding can vary, obviously, and the government need for new cybersecurity efforts is also often not balanced among entities who all have different levels of cybersecurity requirements. And then all these forces create a complex environment sometimes about governance.

If a cyber breach impacts an organization, where should an organization turn? That's a continual source, I think, of concern among some. But overlaying all that is an incredible leadership team throughout the US government, I think the strongest we've ever seen between many who are doing firesides today, Ambassador Nate Fick, Anne Neuberger, Director Jen Easterly, General Nakasone, the two nominees for new posts, Harry Coker and Lieutenant General Haugh. I mean it's really a strong team and harnessing all that firepower is increasingly important.

Mark Senell:

Hey, Tom, that got me thinking. You said something. You mentioned critical infrastructure, and you were talking about industry partners with government, technology partners. But in conversations that I'm hearing more and more, there are commercial entities, like the financial institutions in the US, healthcare, energy utilities, law enforcement, et cetera, that I think of. When I think of critical infrastructure, I think of, okay, the US critical infrastructure.

How have you been able to incorporate some of the talk track that they may be dealing with in this segment? I know this is more government-oriented, but is there any sort of synergy there for those types of folks to engage?

Tom Billington:

Yeah, absolutely. Great question. We have a couple panels that I thought I'd mention. We have actually a whole afternoon focused on critical infrastructure, one panel on healthcare, which is going to feature the CISO at Johns Hopkins and, among others, CIO at ... It's Karl Mathias. We have a healthcare panel. We also have a energy panel that is going to focus on the energy sector.

Just, Mark, years ago, I got to know the importance of critical infrastructure in a big way with two events we did in Detroit focused on auto cybersecurity. I think we were talking right before about what's the call to action. At that event, we had Mary Barra, the CEO of General Motors, speak for one of the first times in cybersecurity. It was such an impactful event that the auto sector came together with voluntary requirements for the first time in cybersecurity the day before our events.

So I think these summits are meant to be action-oriented. Given that the majority of the data in the US is held in the critical infrastructure sector in the private sector, that's a crucial area of importance. What do you think, Mark?

Mark Senell:

Yeah, higher education as well.

Tom Billington:

Higher education, absolutely. Yeah, for sure. Involving academia is a pretty-

Mark Senell:

I mean I-

Tom Billington:

Yeah.

Mark Senell:

In our space, when we talk to our commercial customers, they're dealing with a lot of the same issues that the government is dealing with. Ultimately, like you just said, a lot of that data and information we deem as critical to our national interests. So I just was interested to see what kind of engagement you might have seen from the commercial sector in something like your summit.

Tom Billington:

Yeah, and-

Carolyn Ford:

Well, and Tom-

Tom Billington:

Go ahead, Carolyn.

Carolyn Ford:

Well, I was just going to say to your point, Tom and Mark, on all of the panels you have, I keep mentioning the government rock stars, but we've got a lot of industry rock stars, too. I mean we've got people from Oracle. You just named a few, Johns Hopkins, our resident rockstar, Willie Hicks, so leading industry that are excellent partners to the government now. So they're participating in the conversation at the summit.

Tom Billington:

st time we've done this since: 2019

It's the aim, to foster that collaboration between the public and private sector because it's a team sport, as you know. General Nakasone has stated that, and others. So it's crucial that that partnership be forged, and these four days of collaboration will be central to that.

Carolyn Ford:

Well, and I was glad to see that you brought the exhibit hall back this year because foremost is your speaker lineup and your topics, and the exhibit hall is a easy way for the attendees to pop over who are looking for technologies to help solve specific problems. If they know, for example, they're looking for observability, so they can come over to the Dynatrace booth and get a quick demo. So it's an easy way on the break for them to explore a lot of technologies. How many vendors did you say will be there? 75?

Tom Billington:

Over 75, yeah.

Carolyn Ford:

Yeah. So it's a really good way for that exploration of the vendors with pretty little commitment on your part.

Tom Billington:

Exactly. Thank you for the plug on registering. Those who do register will get the opportunity not just to attend and hear from the speakers and we have 22 breakouts. That's not to mention all the general sessions and firesides. So you'll be able to hear that, learn from them, ask questions in the breakouts. But also in the exhibit hall, we'll have two all-attendee receptions. That's something we've never done before. So it'll be a chance to network and, for those who are attending, to visit the exhibit booths like Dynatrace's and so many others.

Mark Senell:

Thank you.

Carolyn Ford:

Thank you for that plug, Tom.

Mark Senell:

We normally don't do that.

Tom Billington:

I did it.

Mark Senell:

Tom, if I can, let me pull on this thread that you mentioned just a minute ago about call to action. I know we've been in this space for a while, and we've been having some of these conversations around cybersecurity for a while. How do you measure or how do you see the call to action on progress that's being made in this space?

Tom Billington:

Great question. Measurement, you mentioned, is a key topic and question that we ... How do you measure your effectiveness in cybersecurity? That will be woven through every set of questions that we will provide speakers, and we take this work seriously. We'll spend the next four weeks or so in content calls with our panelists. So we'll be discussing, and Terry Burruss, our content director, has brilliantly developed the questions. Each panel is carefully worked out so that we deliver value to attendees.

So how do we make this a call to action? The speakers that we're fortunate to have, and this is over 200 we expect. We already have over 160 speakers. The speakers that we're privileged to have is unlike any other event, I would humbly say, in the government sector. So it is and marks a call to action just by itself.

Mark Senell:

I 100% agree. I think that the content that you all deliver in the format that you've had is different than anything I've ever seen.

Carolyn Ford:

Speaking of content, give us a sneak peek, Tom. The recent news we've got, the move at vulnerability regulation of generative AI, bans on TikTok, one of my favorite topics. What do you think the hottest topic at Billington is going to be this year?

Tom Billington:

AI and ChatGPT, we will have three different sessions on AI, at least three. Offensive cyber, we're seeing new authorities and funding being given to the offensive cyber, whether that be in classified or unclassified settings. Obviously, I don't have a clearance. I can't say on the classified. But I certainly know what I read in the unclassified. Data security, supply chain is key. More aggressive private/public engagement will dominate the conversation.

I think the area of zero trust is, I know, an important area for the federal government. Between the announcements from DoD and CISA and NIST and others, it will be increasingly important next year. With zero trust, I know derided perhaps is a concept among some who have been long in the industry, not derided perhaps, but it becomes a buzzword. But what it really entails is what we'll be discussing, things like identity access management and the like.

We'll be having two tracks focused on one on zero trust and identity and one of zero trust in data security, and then each one address even more specific topics so that we can help demystify what is an important topic for our government partners. I hope that helps you, Carolyn.

Carolyn Ford:

Yes, and I'm wondering about the oldies but goodies, like zero trust. What's new?

Tom Billington:

So what is new is the government adoption of it and the ... many of the areas that zero trust encompasses have been around since the profession has existed in cybersecurity. But at no other time has the US government proclaimed the importance of this overarching field as it has in the last few years. So it becomes important for the government. It becomes important for the industry leaders who serve them.

It's certainly been proclaimed at the very highest level of US government as being important. There are some obligations, important ones, that are coming about next year that we all have to pay attention to.

Carolyn Ford:

Fantastic. So we're going to move on to our tech talk questions.

Tom Billington:

Great.

Carolyn Ford:

Mark, do you want to ask him the first one?

Mark Senell:

Sure. Can you tell us what one of your favorite or more memorable moments has been from one of the cybersecurity summits?

Tom Billington:

Sure. Last year, Georgii Dubynskyi is the deputy to the minister of digital transformation at that time from Ukraine, gave a talk with ... Jim Lewis from CSIS moderated. Dmitri Alperovitch served on that panel. At the conclusion of it, he finished, and he got a standing ovation from our audience, which is one of only two standing ovations received in the 13 years we had held events. As you know, Mark, having attended a number of them, we've held a number of events on behalf of Ukraine. It's a very personal issue for me.

My father was a Russian historian before he passed away, a great supporter of Ukraine. He had taught Russian history, cultural history, both at Harvard and Princeton. So it's a personal thing for me and for all of us in the community. I think we all, our hearts reach out to our Ukrainian countrymen and women who are defending themselves against Russian aggressors. So that was certainly a highlight that I can recall. We're just privileged to serve the community and serve Ukraine.

Carolyn Ford:

The international piece that you've introduced to the Billington Summit, I really applaud. We are a global community. It can't be us versus them. We're a global community. I really respect and appreciate what you've done with the international community and specifically with Ukraine, to have them come and speak and shed light on what's happening with them personally. I know, Mark, that was a favorite session of yours as well.

Mark Senell:

Yeah, absolutely. Very emotional.

Tom Billington:

Yeah. Yeah. The other speakers this year, we have the new head of BSI in Germany who's going to give her first talk in the US. Sami Khoury is the head of the Canadian Cybersecurity Center, terrific thought leader. Juliette Wilcox from the UK will also be speaking, and Erica Lewis, as well, from the UK. So it's not just the US team sport. It's an international team sport. The partnership with our international allies is crucially important, as you both know.

Carolyn Ford:

Yeah. Our agencies have those allies, too. Ann Dunkin was just talking about P-TECC with us and the important work that DOE's doing with the European countries. I mean we're sharing information. We're learning and growing from one another. So just really important.

Okay. So now I'll move on to a more lighthearted question. What's one piece of advice you'd give to someone starting out in their career?

Tom Billington:

t. That was my interest since: 1986

I've been the beneficiary of many mentors and try to pay it forward. So that's one key piece of advice I'd encourage any person. The cybersecurity field is such a wonderful area. I would encourage those who are starting out in their career to look at cybersecurity. There's an incredible worker shortage, as you both know, as the government knows, hundreds of thousands. It's an incredible mission field, incredible way to serve your country, serve your fellow citizens. Pursue the field in cybersecurity, and the doors will be opened.

Carolyn Ford:

Fantastic advice.

Mark Senell:

That's great advice.

Carolyn Ford:

Right. Do what you love, so simple and so hard to stay true to. You're a great example of what you can do when you follow your own words of advice.

Tom Billington:

Thank you. Appreciate that, Carolyn.

Carolyn Ford:

All right, Mark. You got the last one.

Mark Senell:

Okay. Have you listened to any podcasts other than ours or read any books or seen any movies or anything that you'd recommend for our audience?

Tom Billington:

Sure. I haven't seen Mission Impossible yet, but I hear it's quite good. Have y'all seen that?

Carolyn Ford:

No, not yet. I want to see it.

Mark Senell:

No. What about Oppenheimer? Have you seen Oppenheimer?

Tom Billington:

I haven't. I haven't yet, but I've heard. Have you seen it?

Mark Senell:

No.

Carolyn Ford:

No, but I've seen Barbie.

Tom Billington:

Seen Barbie? I heard that was really good.

Carolyn Ford:

It's fantastic.

Tom Billington:

Yeah. Okay.

Carolyn Ford:

It's really clever. I think you would enjoy it being a writer because you will get how difficult the message that she conveys with such sharp humor, how hard that is. I think you'll really appreciate it, Tom.

Tom Billington:

Yeah, great. So yeah, just as far as podcasts and TV and books, movies, books by Kevin Mitnick are often really great, books by David Sanger of The New York Times, Nicole Perlroth, formerly of The New York Times. Anything I can read by Dr. Ronald Ross from NIST, I do. Articles by Director Easterly, General Nakasone that they put out, I also read very closely.

On the movie front, I mean related to cybersecurity, I try to shy away from much of what Hollywood produces there. It's such an important serious area that I don't probably delve into the movies too much on that front. But once the summit's over and our team's able to relax, I'm sure I'll have a little more time to watch movies.

Carolyn Ford:

Okay, Mark. This is why I follow Tom Billington because you just heard his lighthearted reading. It's stuff that I look at the title, I'm like, "I don't even understand the title." So Tom reads it, breaks it down for me, gets it at the Cybersecurity Summit so I can understand it.

Mark Senell:

It ain't Doonesbury.

Carolyn Ford:

That's what I read. I went to see Barbie, and I loved it. Well, thank you so much, Tom. This has been really, really fun.

Tom Billington:

Great. Thank you. It's been great fun. Thank you for all your important work for our national security, and thank you for your partnership. Thanks for this great podcast. Look forward to seeing you in September. Those listening, hope to see you in September, and I think there's more description about the summit in the show notes. Thanks, Mark and Carolyn, really very much for your time and for having me on. Appreciate it very much.

Mark Senell:

Thank you, Tom. Great to see you again, and I look forward to seeing you at your summit.

Carolyn Ford:

Same.

Tom Billington:

Great. Thanks so much.

Carolyn Ford:

Thanks to our listeners share this episode. Smash that like button. This really was a special episode. We do not endorse vendors. We're vendor-agnostic. That's how important we feel like Billington Cybersecurity Summit is. If you only go to one event this year, this is the one you should be at. Thank you, Tom, for your service to our country, for giving our leaders a platform to share these important messages. We will see you next week on Tech Transforms.

Thanks for joining Tech Transforms, sponsored by Dynatrace. For more Tech Transforms, follow us on LinkedIn, Twitter, and Instagram.