Most careers might take an unexpected turn from time to time but very few people see the path of their entire professional existence re-wired, without warning, in a single morning.
One who did is Tracy Reinhold, now the chief security officer at critical event management company Everbridge, which has been described as the most successful security company nobody has heard of.
The morning was September 11, 2001, probably the first time in world history when a billion human beings alive at the time will be able to say without hesitation what they were doing on a single day. Most of us remember very little but this was an unwanted reminder that there are a few things about which we will remember a lot.
At the time, Reinhold was working at the FBI, a crime investigator with 11 years of experience behind him chasing criminals after a five-year stint in the Marine Corps. Precisely halfway in a police career that lasted until 2012, the second half was very different from the first as he ascended to the position of an assistant director of national security.
It was the start of a journey that saw him later work at loans provider Fannie Mae in compliance and ethics, for Walmart as president of global investigations, and finally in 2018 to the role of full-blown cybersecurity CSO at Everbridge.
Reinhold first encountered Everbridge’s critical event management as a customer while working at Fannie Mae, the first time he’d heard of the Everbridge name, he admits. It was this first-hand experience that set him on the path to joining the company six years later.
“By using the Everbridge platform I was able to geo-map all of the potential losses for the organisation faster than the core business teams could. That changed the way the organisation looked at the security function and technology.”
With curious symmetry, the themes of Reinhold’s career’s mirror the journey taken by the cybersecurity industry over the last two decades from being a specialised department to front and centre of everything.
“9/11 transitioned me to national security, but it also changed the FBI itself, which for perhaps the first time ever suddenly had to be more proactive,” says Reinhold. Being proactive sounds obvious now but the model of policing the world over was based on reacting to wrongdoing rather than anticipating it.
In 2001, it was clear this approach had failed national security. This realisation had profound consequences for the US Government, for the FBI, and eventually for organisations across the entire economy. This was the moment risk management, and the costs of forgetting to take it seriously, stepped into the mainstream.
“It was a sea change for the organisation which traditionally had always been reactive. Now the FBI was coordinating investigations across multiple global jurisdictions to make sure citizens were secure.”
In retrospect, perhaps the biggest discovery of all for Reinhold was the concept of the critical event and how it might be managed and contained using technology. The events of 9/11 were the most extreme example of a critical event with the Coronavirus pandemic a nudge that these can take novel forms. Both events encapsulate the problem of how organisations adapt to sudden, unexpected change that throws up huge numbers of logistical problems at once.
Everbridge’s platform forms the basis for a range of systems that help companies cope with these situations, both large and small. This includes mass notification of entire populations, crisis management coordination, IT alerting/incident response, and even a mobile app, Safety Connection, that lets organisations know the precise location of employees.
There’s also a single management system for analysing numerous more general risks using threat intelligence sources, for example weather events, wildfires, terrorism, cyberattacks, travel incidents, and, of course, pandemics. Some customers use it as part of executive protection, others to ensure their supply chain is resilient against weather or political events.
“If we had not had the pandemic, the acceptance of new technology would be much slower to take root,” suggests Reinhold. “It has opened people’s eyes to different ways of doing things. Organisations that can embrace this new way of doing things will be more successful.”
For example, risk assessment should be threat agnostic, he says. “It doesn’t matter whether it’s a cyberattack, a weather issue, or terrorism – if you have a platform that allows you to recover from it faster, then you are better positioned to protect your organisation.”
Equally, not all critical events are equal. Even if their timing is unknown, cyberattacks are high likelihood events, which changes their potential impact. “The biggest effect of cyberattacks isn’t the event but the response, or rather the act of a coordinated response.”
Ransomware, Reinhold says, is a case in point. “If you have a ransomware attack, you must have the ability to communicate with your employees. It sounds simple but too many organisations are not prepared for the unexpected and don’t have critical event management in place.”
As with the FBI after 9/11, it’s about being prepared for a critical event rather than waiting for it to happen and then reacting. Having worked in both the public and private sectors, Reinhold makes the interesting observation that while the public sector lags in the use of technology generally thanks to constrained budgets, it’s often ahead of the curve when it comes to understanding this approach to risk management.
“In the private sector, operational concerns trump risk and vulnerability concerns,” he says. “But in the last decade there’s been a transition. In the last 20 months the corporate world has realised that it can’t rely on what it’s traditionally been doing.”
What’s changed is technology now connects people to risk events they might have ignored or discounted in the past. “The speed at which information moved was much slower but it didn’t mean it wasn’t happening. We just weren’t situationally aware. But if the flow of information isn’t de-conflicted, it just becomes white noise.”
From being blissfully unaware of threats because you had no information on them, now it’s a case of almost being overloaded with information. That is why, Reinhold believes, AI and the automation it makes possible, should be viewed as an essential coping tool.
The 9/12 enterprise
Over the 20 years of Everbridge’s life, the scope of what counts as a critical event has widened from mass communication at specific moments of crisis to something that can be used every day in many situations. This seems like an important point – critical events are not always critical simply because they’re emergencies. The applications of this in business turn out to be limited only by one’s imagination.
“If you’re a hammer maker and there’s a steel shortage in China which means you can’t get material, the earlier you know about that the faster you can find an alternative.” Everbridge’s supply chain risk intelligence will tell you about that before a conventional source reports it. “It’s not just about emergency events.”
Organisations who possess the tools to cope with the unexpected are like cats who fall off a wall but still somehow land on their feet. “With us you’re buying a subscription for a SaaS service that provides you with notice of critical events along with a platform that lets you address them in real time.”
Behind the scenes, curating these information flows is a complex task, a mix of technology used to sift huge amounts of raw data and a team of 80 analysts to shape and amplify what it uncovers.
“We take massive volumes of intelligence from which the customer determines what kind of information that are interested in. But before we send it to the customer, we have it reviewed by a human because we find this final check is important. Sometimes it’s not what you say but how you say it, including in different languages.”
If 9/11 established the idea of critical event management, the pandemic has made it mainstream. People have gone from seeing these events as outliers to understanding that over time they are inevitable.
“Since the pandemic, we’ve got boards talking about the issue of resilience. The answer is to anticipate problems using good intelligence. It’s about pivoting to address a new reality.”
For Reinhold, his public service mentality dovetails perfectly with his current role, a rarity in the private sector.
“My biggest takeaway from the FBI was that mission matters. Then it becomes more than the individual. At Everbridge I rediscovered a sense of purpose that had been lacking since I left public service. It’s always about what keeps you up at night and how we help you resolve that faster.”