Creativity is the Heart of Cybersecurity
Insights from a Q&A with Deflect’s Founder, Kevin Voellmer
From Pudding to Cybersecurity
Let’s embark on an international entrepreneurial journey through time: Imagine the year is 1950. Mr. George Voellmer Snr. packs up his life belongings, preparing to leave all that’s familiar in Dresden, Germany. After the war he wants to pursue film, setting his sights on London. Eventually, he moves to Los Angeles to become a cameraman. Settling in America and starting a family, he still keeps in touch with his German relatives, especially his father Max.
Back in Dresden, the rest of the Voellmer family attempts to hold onto the family business, “Voellmer’s Pudding.”( See the label below.) Max Voellmer and his relatives face steep competition from the popular Dr. Oettker brand and feel the additional squeeze on the factory from Soviet forces.
The original label for the Voellmer’s Pudding brand in Germany
The pressure on the family business becomes too much to bear; Voellmer’s Pudding folds but the family stays put. George and his American descendants keep up contact with Max until the Stasi interrupts communication. It’s considered a state security risk to interact. End of discussion- full stop. Or is it?
Ready for a different ethos than he felt in America, Kevin joins Factory Berlin and gets to know a Factory Berlin partner, Next Big Thing AG (NBT), a startup studio in IoT and blockchain — representing Germany’s de:hub for IoT and a growing tech ecosystem.
Discover why creativity is a core part of cybersecurity.
1. Hi Kevin, thanks for being here. Your family connection to Germany is pretty unique. Can you share more of your entrepreneurial path?
KV: Sure, I joined Factory Berlin around the time I got connected to my ex-business partner. He came from a theology background and he got into security a bit serendipitously. For example, he found a C++ manual in a dumpster and taught himself to code. He was wild card material but we formed a great partnership. He had a developer and penetration testing experience, aka “pentesting”, but wasn’t as aware as I was of the extent to which security plays a role in an organization.
This blended well with my entrepreneurial mindset and business management focus. I had deep cybersecurity insurance experience from working on an internal strategic initiative within the cyber-underwriting group at Liberty Mutual Insurance. I helped them improve risk assessment techniques for new applicants, and of vendors that wanted to work with them.
I went straight from Liberty into a startup consultancy which provided pentesting and risk work to clients (having interactions ranging from C-level to Engineer), as well as partnering with cyber underwriters, and designing operational and sales processes.
2. Why is cybersecurity such a critical topic for products and systems?
KV: Security is foundational to progress. There are certain things we have to rely on in daily life–whether that’s outside of work, transportation, access to products and services. To live safe and comfortable lives, we rely on security. Urban infrastructure or medical devices need access to information and can’t be maliciously manipulated.
From a targeted, professional engineering and development perspective: if you are trying to build something specific and you are not considering security, then you can’t guarantee you can fulfill that function. Security is a core element of any well-engineered product or service.
“…If you are trying to build something specific and you are not considering security, then you can’t guarantee you can fulfill that function.” – Kevin Voellmer
3. How do you approach penetration testing?
KV: There’s actually a lot of creativity in pentesting. There are processes and procedures but ultimately, there’s no script. You need to follow your intuition, identify something that seems off or vulnerable, and figure out a way to interact with that portion of a system so that you can produce unintended results.
The way you achieve that is to come up with some non-standard ways to interact with the system. The possibilities are so broad! The pentester has to shine with creativity. Something might not be set up correctly, so you have to try many things out.
4. What kinds of errors are common in cybersecurity? What are people missing?
KV: A security mindset is important to instill in engineers, and can be delivered via trainings. When an engineer builds something, they think about how to the system should be used and not how the system can be abused. They have the intended user in mind–their expectations and not someone else’s. That’s the security mindset: think like a spy! It’s not always comfortable, but you have to be thinking that way.
5. What kind of support are you currently receiving?
KV: Teams that perform are ones where operational functions are handled well. With NBT’s venture development support, I can focus on my business. I’m getting valuable strategic leadership and coaching support from people who have years of experience. In addition, I receive financial support to help my company grow. With access to the partners and network, I’m making new connections that would otherwise have taken a long time to build.
Kevin Voellmer of Deflect at Factory Berlin Görlitzer Park
Thanks for sharing insights, Kevin. Looking forward to your progress!