I’m continuing to experiment with audio versions of these posts. This is just a recorded version of post #2, published on May 26th. I appreciate all the feedback I’m getting, and am responding to every note. And in case you missed the post the first time, here’s the text:
Working on the National Security Council Staff is like living an indeterminate amount of time in the future. A sort of national security “Lagrange point,” almost all major changes, initiatives, and decisions must go through the “NSC Process.” The staff are a kind of mission control for the U.S. national security apparatus, as scientific research, emerging threats, daily crises, and long-term strategy all converge and compete for priority on the agenda of the appointed members. Work there long enough and the world’s “breaking news” can be hours, weeks, or even years old.
Amidst this milieu, I had spent months thinking through just what to do upon my departure. Having worked for years inside that palantir, leading a team that delivered a string of successes, I felt compelled to continue taking on hard problems. When originally recruited for the job, cybersecurity of industrial systems had been a major priority, having tracked the issue for years both as an active duty military officer, and while working at a Silicon Valley cybersecurity startup. A constant stream of public reports (accurate or not) reinforced my early assessment: managing industrial control system cyber risks, especially for manufacturing, transportation, and critical infrastructure companies, was a generational challenge.
As a well-trained graduate of The College at the University of Chicago, my first instinct was that better pricing would solve the problem. I spent off hours researching the insurance industry’s recent activity around catastrophic cyber risk and reading insurance textbooks. Once I left the NSC Staff, I took calls with insurance executives, infrastructure risk managers, and private equity firms. Many agreed that insurance was a part of the solution, but there seemed to be systemic challenges around how. And in the back of my head, something felt off.
Was I doing this right?
It had been nearly six years since I had last started a company (a side project while assigned to a large unnamed agency as an active duty military officer). I decided to phone-a-friend.
The answer came back: I had been doing it all wrong from the start.
*audio version* - the hazy tomorrow, today