In Support of Chris Krebs and SentinelOne

Chris Krebs is a Republican, and I am a Democrat, but that’s never come between our friendship. Our political party affiliations have never mattered in our professional conversations either, since we share a common goal and an oath that we both take very seriously: to support and defend the Constitution of the United States against all enemies, foreign and domestic; that we will bear true faith and allegiance to the same. Every professional I have met who has worked in, or served as an outside advisor to, the Federal Government does so to fulfill this oath.

Chris and his current employer are now under investigation. I spoke up on the record, expressing my fear that there wouldn’t be a broad response in support of Chris and SentinelOne due to the potential retaliation against individuals and businesses.

Most of what I said was edited out of the story, but the theme I emphasized was that targeting a former government employee for doing their job and broadening it to their current employer half a decade later will have a chilling effect that makes us all less safe. Companies will hesitate to hire former government cybersecurity experts, depriving the private sector of their much-needed experience and perspective, and the federal government will have an even harder time attracting and retaining top cybersecurity talent.

National security cannot afford to lose either side of that talent exchange as we face growing threats that need experienced and knowledgeable cybersecurity professionals in both the public and private sectors. We must do what we can to stem the damage from this action.

Federal employees in cybersecurity and special government advisors from the private sector don’t do it for the money; we do it for the mission. I haven’t been paid for my time advising the U.S. government during the past decade, whether it was helping to renegotiate cyber export controls or helping to create the very first bug bounty program for the federal government: Hack the Pentagon, or even serving in the three advisory board roles I’ve had with DHS, NIST, and the Commerce Department.

I may face retaliation for supporting Chris and his current employer. My company is definitely more vulnerable than others since we aren’t backed by any VC deep pockets, but perhaps this post will help encourage others with bigger boats to raise their flags in support. What happened to Chris and SentinelOne won’t make our country safer or greater; it risks the opposite. It’s hard to believe that this can happen to anyone for doing their job and upholding their sworn oath to the Constitution.

National security shouldn’t be a partisan issue. It should bring us together as a country instead of dividing us. If the infosec community unites to speak up for our friends and colleagues, and leaves politics out of it, we can help strengthen our shared mission of protecting us all from cyber threats—making our country stronger and more secure.