No question, the information security community lost a friend with the untimely death of Terry Austin.
The CEO and president of security solutions vendor Guardian Analytics, Terry just recently died unexpectedly and young, turning 52 this year. In paying tribute to their leader on the company home page, Guardian's employees honor him for his wisdom, grace and fearlessness.
Not only did security lose a friend, but fraud lost an enemy.
"Seeing everything bigger and brighter than most, he inspired us to reach higher and achieve more than we ever thought possible," they write. "His drive, creativity, compassion, loyalty and humor will be dearly missed."
And I'll say this: Not only did security lose a friend, but fraud lost an enemy.Terry and Guardian were early, vocal defenders against corporate account takeover, when incidents started to surge in 2009. When the FFIEC released its authentication guidance update in 2011, Terry was quick to immerse himself in the document, coming to understand, interpret and convey to his customers the nuances of banking regulators' expectations. He was especially passionate (no surprise if you know Guardian's solutions) about the topic of fighting fraud via anomaly detection. Soon after the guidance update was issued, Terry spoke with me about what he saw as the simplicity of this anti-fraud measure (see: Facts and Myths of Anomaly Detection):
The magic of anomaly detection, he believed, was that it worked against any fraud technique or vector. "It works on the simplest forms of attack, and it works on the most sophisticated forms of attack, because it's really based on knowing what the normal user's behavior is like and then spotting anomalies from there."
In our work together, we talked a lot about banking institutions' efforts to conform to the FFIEC guidance - particularly smaller banks and credit unions that lacked the resources of the larger organizations. The expectations, of course, are the same for any size institution, and Terry tried to demystify the guidance for those who might be intimidated by it.
"It's really not as complicated as some will make it seem," he once told me. "I think the FFIEC was right on the money in moving away from authentication, talking about layered security and risk assessments, and specifically calling for anomaly detection as the minimum expectation."
In a lot of ways, Guardian and Terry Austin were in the right place at the right time, and they enjoyed success over the past several years. I'd see him frequently at industry events, and we'd always stop and chat about the latest/greatest fraud schemes and solutions. He was a great interview because we never had to practice or even overly prepare. We could just sit down, pick up the fraud conversation, and he'd give me fine insight.
The last on-camera conversation I had with Terry was at RSA Conference 2013, and the topic was big data analytics (see Using Big Data to Fight Banking Fraud).
Articulate, confident, passionate. Terry Austin embodied each of those qualities and more. I'll miss him - we'll miss him - and I hope you'll join me in sharing sincere condolences with his family, friends and the entire team at Guardian Analytics.