Skip Navigation
BlackBerry Blog

Breaking Traditional Boundaries: From the FBI to Cylance and Beyond

NEWS / 01.19.17 / John McClurg

John McClurg recently chatted with and spoke about his background, his current role at Cylance, and the industry shift from reactive to proactive threat prevention. Here’s an excerpt from the full interview.

Thank you for joining us today, John. Before discussing today’s cybersecurity threat environment and Cylance's solutions in greater detail, please tell us about your background.

John McClurg:

As you look across the spectrum of my professional life, the one thing that characterizes my experiences is the fact that I’ve been living in the world of the reactive. 

As a young FBI agent, I was assigned to one of the first Joint Terrorism Task Force teams that the United States federal government pulled together to battle the emerging threat of terrorism. I worked with the teams that responded to attacks, including the Oklahoma City bombing in 1995, the Unabomber, who was apprehended in 1996, and the Pam Am Flight 103 Lockerbie bombing in 1998. During that same time, I also successfully pursued hackers and phreakers, the latter being a subset that focuses on telecommunications systems, especially to obtain free phone calls.

I then entered into the realm of espionage. I was a member of the team that identified and pursued Harold James Nicholson, the former CIA officer and a twice-convicted spy for Russia's Foreign Intelligence Service, SVR. 

In all my years of learning and real-world experience, what fascinates me is that since our nation’s founding, protection from threats has been a priority. Yet during that entire time, the used models have been reactive.

President George Washington, when asked amid the depths of the American Revolution what most concerned him, answered “spies.” For hundreds of years we’ve been amassing information to protect us, yet we’re still playing the reactive card. The same paradigm has continued through my career in the world of cybersecurity. As we built defense infrastructure and techniques, it was always to improve reaction time after the vulnerability or threat was identified and usually already exploited by bad actors.

That’s the signature-based approach. That’s the world we understood.

Not to overstate, but this is an archaic paradigm. It’s an old model that consigned us to a world not unlike that reflected in the classic movie Groundhog Day , a never-ending cycle which we seemed doomed to live over and over again — forced to accept the mantra, “it’s not if, but when we’ll be compromised.”

That’s my background in a nutshell, and what in part propelled me to Cylance: a new paradigm for protection through prevention. What is your perspective, John, regarding the unique value proposition Cylance delivers and Cylance’s competitive advantages… say, versus Symantec and Kaspersky, for example? 

John McClurg: The ROI that Cylance brings becomes apparent, especially for the CIO and the CISO, as you sit in the quiet of your study, unchained from old duties tied to response that once took up tremendous time. You see the downstream costs associated with the failure of your legacy antivirus partner, who detected the threat only after it occurred.

If the adversary is stopped upstream, all of the resources associated with constantly reinforcing and repairing the downstream structures — IT infrastructure, analysis, and manpower — can be diverted to some other worthy activity. Or you can simply return the ROI to the bottom line.

True threat prevention at the endpoint liberates. It delivers back to you the resources, money and time previously tied up in constructing layers of defenses. We understand that your customer list includes Panasonic, Toyota, The Gap, as well as government agencies, just to name a few. That is indeed quite impressive. Any ‘wins’ or success stories you’d like to discuss?

John McClurg: I want to flip that question on its head by sharing a success story that didn’t happen. It’s my story and reflects what Shakespeare described in Romeo and Juliet as “a wound that has not yet felt a scar.” It’s a wound still fresh and very much on my mind, sustained as a result of an advanced persistent threat.

Long story short, I turned to Cylance after experiencing the painful wounds of a breach. I’d heard Cylance’s claims but didn’t think they could be true. I was skeptical. After the team I lead performed its due diligence, they returned to me somewhat giddy. Please note — these aren’t the kind of guys who get giddy. I was shocked when they reported that Cylance’s claims were true. I realized then that if I’d only had Cylance’s protection in place before the breach, all that embarrassment, pain, money and lost time could have been avoided.

I tested their product before implementing. And I’m a big believer in that. The attorney in me, in some ways, never sleeps. I always tell people not to trust someone else’s word, that you should always test it yourself. The Latin phrase that captures this principle is Res Ipsa Loquitur, which translates to, “The thing speaks for itself.”

For three years in a row, I ran a top-rated security organization. The benefits that stand to be gained from strong prevention are remarkable and have a ripple effect throughout an organization. I’ve experienced that first hand.

I believe the most significant benefit is that you gain time back. Your weekends and nights and holidays return. The measure of my success used to be how quickly could I detect a breach after it happened, so we could begin remediation and cleanup. Being free of that model is liberating.  Cyberattacks, whether from a foreign government, a sophisticated hacker group, or a lone wolf, are in the headlines just about every day now. Unintentional insider threats are an equally serious problem where employees or other users might innocently click on phishing messages, visit nefarious websites, run risky or outdated software, or fall into any number of other traps. Please share with us your thoughts on “best practices” in today’s world of the Internet of things, mobility, and bring your own device.

John McClurg:  I think when you talk best practices in the traditional sense, you’re still using language that’s framed or influenced by old paradigms — in other words, the language of reactive detection. For most, predictive capabilities stand outside traditional best practices. It’s a completely different game. It’s a new world.

We are seeing artificial intelligence, machine learning, and math applied in a way that makes traditional best practices less relevant. That is the new best practice. We’re liberating people from outdated and time consuming practices associated with a reactive legacy and replacing them with a solution that actually prevents the execution of advanced persistent threats and malware at the endpoint. Our users create a level of security that surpasses traditional legacy systems by quantum leaps.

It takes us away from our weird love/hate relationship with crisis, where we’ve spent so much time and energy preparing for it that we can’t imagine doing something else. Security teams are no longer seen as an unavoidable cost of doing business. Instead, we’re now an indispensable part of advancing that business. That’s a refreshing place at which to arrive.

Thomas Friedman, in his book The World is Flat, characterized the modern world as a place where traditional boundaries of delineated interest would grow more and more porous as it grows evermore connected. With modern technology, mobility, the Internet of things, and big data, there’s never been a better time for Cylance to provide our offering.

This interview was originally published on Read the interview in its entirety to learn more about John McClurg, Cylance, and the future of endpoint security.

John McClurg

About John McClurg

Sr. Vice President and CISO at BlackBerry.

John McClurg serves as Sr. Vice President and CISO at BlackBerry. McClurg engages the industry around the globe on the risk challenges today and how BlackBerry uniquely mitigates them with the application of machine learning and other AI supported solutions. He champions a move from a historically reactive security posture, to one focused on proactively predicting and mitigating future risks.

Before BlackBerry, McClurg served as the Ambassador-At-Large of Cylance and as Dell's CSO, where his responsibilities included the strategic focus and tactical operations of Dell’s internal global security service. He was also charged with the advocacy of business resilience and security prowess, the seamless integration of Dell’s security offerings, and with improving the effectiveness and efficiency of security initiatives.

Before Dell, McClurg served as the VP of Global Security at Honeywell International; Lucent/Bell Laboratories; and in the U.S. Intel Community, as a twice-decorated member of the FBI, where he held an assignment with the U.S. Dept of Energy (DOE) as a Branch Chief charged with establishing a Cyber-Counterintelligence program within the DOE’s newly created Office of Counterintelligence.

Prior to that, McClurg served as an FBI Supervisory Special Agent, assisting in the establishment of the FBI’s new Computer Investigations and Infrastructure Threat Assessment Center, or what is today known as the National Infrastructure Protection Center within the Dept of Homeland Security.

McClurg also served on assignment as a Deputy Branch Chief with the CIA, helping to establish the new Counterespionage Group, and was responsible for the management of complex counterespionage investigations. He additionally served as a Special Agent for the FBI in the Los Angeles Field Office, where he implemented plans to protect critical U.S. technologies targeted for unlawful acquisition by foreign powers and served on one of the nation’s first Joint Terrorism Task Forces.