Last week I had the rare and exciting opportunity to visit Capitol Hill to represent Pangea in a Cyber & Digital Identity Innovation Day organized by Okta. Pangea was one of several portfolio companies from Okta Ventures who were invited to participate. The day was intended to educate U.S. policymakers, including their senior staff, about the technological innovations that Okta Ventures portfolio companies are creating and how it solves real needs across industry and government.
This was one of the most memorable trips I’ve gone on in my career. There’s an unexplainable feeling and awareness that you have when you’re walking the halls of the Russell Senate Office Building and the Ford House Office Building. Furthermore, I was there to talk about software, security, and identity, making this much different from tourist visits I’ve done in the past, or even sales or support visits to civilian agencies using products I’ve worked on in the past. This was a visit where we had the opportunity to interact with law and policy makers, and their staffers, on the topics that keep all of us in software and security up at night. The conversations and experience was really inspiring.
My (and Pangea’s) specific area of interest is around CISA’s Secure By Design initiative, and educating Congress and Senate staffers on the importance of that effort. I shared with them that it’s never been easier to create an internet-facing consumer application than right now. And it will only continue to get easier. But the number of application developers is far outpacing the number of security professionals. Meanwhile, developers are creating amazing applications but few are treating security as a top priority. The standard behavior in software development is to ship features fast, and secure them later. This is something we collectively need to change and find ways to make it easier, more convenient, and more efficient for developers to write secure applications. CISA is doing a great job in educating the developer space around this shift in behavior that must take place, and the government’s support for CISA’s efforts must continue.
Our incredible host and guide throughout the day was Michael Clauser, Director of US Federal Affairs at Okta. He brought us in front of several key groups throughout the Congress and Senate who are focused on these types of challenges in tech. We were given the opportunity to share our perspectives with the House Homeland Security Subcommittee on Cybersecurity & Infrastructure Protection, chaired by Andrew Garbarino (R-NY). We met with key staff including Emily Burdick and Nick Bruno to learn about their areas of interests and concerns, which included a discussion around the cyber workforce shortage. Following that we met with the House Oversight & Accountability Subcommittee on Cybersecurity, Information Technology and Government Innovation, chaired by Nancy Mace (R-SC). We met with key staff Lauren Lombardo, Peter Warren, and Raj Bharwani on topics regarding the Federal Information Security Modernization Act (FISMA) reform bill and the challenge of software provenance within government applications.
Our afternoon sessions were an open invitation to congressional and senate staff to learn more about the portfolio companies and listen in to a few panel discussions. Andrew McClure, Managing Director at Forgepoint Capital, led a discussion on various topics covering the US government’s role in cybersecurity and an assessment of the US government as a customer and user of innovative technology. I was joined in the panel by David Goldschlag, CEO of Aembit and Mohit Garg, CEO of Oloid.
In all, I left the day really inspired and impressed in the engagement by the subcommittees and staff. I didn’t know what to expect heading into this, but the technical depth in the various discussions were fantastic, and the staffers’ grasp on the current security issues plaguing modern software and its effect on US citizens were strong. A major thank you to Austin Arensburg, Sr. Director at Okta Ventures, for inviting Pangea and other portfolio companies into this discussion. It was a great opportunity to educate and simultaneously learn from our country’s leaders setting policy for many of these issues. This is just the start for us as we continue educating the public about the importance of Secure by Design.