Following his recent induction into the 2024 class of Cyber Defenders, we were happy to grab a few minutes with David Link, the founder and CEO of Reston, Va.-based ScienceLogic, for a conversation about the importance of data observability and protection in cybersecurity as the IT landscape continues to grow ever-more complicated.
MeriTalk: Congrats on the Cyber Defender award, David. Can you tell us a little bit about ScienceLogic and the company’s security work?
Link: ScienceLogic is a company I co-founded over a decade ago, and from the beginning we have always strived to support our customers’ cyber resiliency. We have built a software technology platform that provides real-time analysis of machine telemetry across fault, performance, and configuration data across all device types – including security devices, cloud services, on-prem networks, on-prem operating systems, and virtualized environments and databases and application layers. So really, achieving full stack observability.
One of the interesting things over the past couple of decades is that we’ve gone through three significant changes to the compute architecture – from mainframe, to client server, to public cloud delivered via hyperscalers. We’re now in the fourth innovative evolution of computer architecture, which underpins generative AI. This new architecture delivers another application set of feature functions and capabilities that are truly unique. So here we have these four different compute models with fascinating application capabilities, and we’ve built a software platform that sees across them all. This is very important for cybersecurity, resiliency, and awareness.
MeriTalk: In the bigger picture on security, what are some recent policy and tech trends you are seeing that are helping to improve security and that we should be doing more of?
Link: You’ve heard people say to follow the money, and in that same vein it’s very important to follow the data, especially depending on the application. Certain data sets are more coveted – those that have a higher degree of intellectual property – than others.
We’ve seen a trend in government driven by movement to the cloud, but that’s backing off now so that government has a foot in each pot, and we’ve seen more compute capacity repatriated back to the private data centers. Part of that is driven by the cost implications of running private data centers, and if you have a tool like ours that can help you effectively manage what you have on-prem then costs at scale can be lower than what they may be in the cloud, which is better for pure agility than it is for cost containment right now.
But if you follow the data, often you need to keep coveted datasets in your own enclave close to you and that may not be best placed on a public hyperscale even if it is in a provider’s government cloud. So, we have seen a trend recently to move away from cloud-first and move to a smart optimized cloud deployment, and what that really translates to is figuring out what capabilities you need, where the most privileged data sits, and how to deliver the outcomes cost effectively within budgets and security/privacy considerations.
And that has implications for AI-based security solutions because when you have these hybrid configurations where you’ve got workloads sitting in a lot of different places there’s a heightened need to support complex security and network configurations.
MeriTalk: Also in the bigger picture, what looms large for challenges in improving security?
Link: The increasing complexity of IT – where there is a relentless set of innovations – and also the consumerization of IT where we all use applications as consumers, and we want our business applications to run like the consumer applications – that puts a lot of pressure on IT. You can’t manage what you can’t see, so you’ve got to collect telemetry from all these different technologies that are part of the service.
Those technologies keep evolving quickly and they send even more telemetry now than we ever could get before, so it’s a very significant problem to stay ahead of. The crux of it is that constantly monitoring all this machine data is very hard to do in real time, so you need kind of an intelligent man in the middle – or a software platform like ours – to get that holistic view and a secure view while mining through these datasets at machine speed to find the right insights that allow you to take proactive action so you can mitigate and fix things when a problem is identified.
MeriTalk: How did you find your way to the tech security field, was it something that always seemed like a natural path or was the path more complicated?
Link: Serendipity has been one of the keys. I earned an undergraduate degree in geology, and I loved it. I had a full scholarship to pursue my master’s degree in that field, and I had one on-campus interview that led to a job with CompuServe – one of the very first online services companies. So I started my career in a pivot, realizing that the research that I was doing my senior year needed a lot of computational work, and I was doing programs on the backs of the Digital Equipment VAX computers and DEC 10s and 20s computers at the university to do statistical analysis on some of the research that I was doing. I realized the future of geology is going to be about the statistical computational modeling underneath the data, so I better get really good at leveraging the new power of compute and statistical regression analysis to be even better at my profession. So, I joined CompuServe thinking I’ll do a year or two there, then I got to deeply understand networking and computers and global network infrastructure and large-scale systems quite well. I went to IBM after that, and then had seen enough and began to start companies on my own.
MeriTalk: What do you enjoy doing in “real life” that doesn’t have anything to do with technology and security?
Link: I have a deep appreciation for the outdoors, hiking, and gardening which is a favorite hobby of mine. I have some fig trees and there’s nothing like the taste of fresh figs. Beyond that, I love cars, and golf, and tennis. I also enjoy going to antique shops – they let you remember things you grew up with and give us a perspective of old gadgets and new ways of solving similar problems.