Back
‘I Will Lose My Job Because I Can’t See’ – The Story Behind Lucidum
November 17, 2020
Lucidum Official

Four years ago, Charles Feng and I met at a restaurant on the coast in California. We had known each other since 2012 and we had built internal products together. Over lunch, we decided to build a company together. The question then was, what will that company do?

My passion tends towards the rudiments. The fundamentals hold special appeal. From exercise to literature to mentors: the older and the more basic, the better. After spending twenty years in security and technology, this passion had special and particular value. Technology is like jazz. The better you perform the basics, the more creative riffing is possible. From the outside, the hipper and more flashy the security, the more attractive it is. From an operator’s perspective, the opposite is true.

Charles’ passion is mathematics and automation. He has spent thirty years leading teams, solving difficult and persistent problems through simple, elegant solutions created with little budget and not enough time. Charles views the world with the x-ray specs I was promised in the back of Grit magazine. He sees through the surface to the compositional elements underneath and how they relate.

There was harmony in our friendship and partnership: fundamental problems, basic data, and automated answers. We decided to meet with hundreds of technology leaders over the next year. To each, we asked, “if you had a magic wand, what would you solve?”

We didn’t anchor the question, but expanded the boundaries, and asked for answers like, “awareness, budget, microservice agility, devsecops, lift & shift to cloud…”

What bothered 99% of these leaders so much that they wish they had a magic wand?

 

I can’t see what’s going on in my environment.

I want to see. I’m afraid of the dark.

With shadow cloud and shadow IT and BYOD, I don’t know what’s going on!

Agile and DevOps pump things out faster than we track.

I’m going to lose my job because something breaks that I didn’t know was there.

 

It hit us square in the face: this is personal. This isn’t a new mobile app or cloud management approach. This is existential. I will lose my job because… I can’t see.

At presentations, I tested this concern from the stage with strangers.

 

“How many of you give your programs a ‘B’ or better on Protect?”

All the hands go up.

 

“How many of you give yourself an ‘A minus’ or better on service level and performance guarantees?”

All the hands go up.

 

“Do you know everything you’ve provisioned?”

No hands. Just embarrassed looks..

 

“How well have you identified assets, users, data?”

Awkward silence. No one meets my eyes.

 

What if? What if the most basic problem had become the Gordian Knot? So unsolvable, we all accept that it cannot be solved and surrender to futility?

I hate giving up. I returned to work to see if I had this problem. The simplest way to solve this problem is to aggregate your known inventory repositories then deduplicate the totals. We all have myriad agents and accounts and false-starts at a CMDB that went out of date even as the folks who built it were handed their quarterly excellence award. I added all mine together and deduplicated. The result? I should have just over sixteen thousand things storing, transmitting, and processing data in my hybrid environment.

Were there more things in my environment? On my network? In my cloud… In my clouds? At the time, the only way to know was to interrogate each of those segments with a scan. So off we went to scan the entire enterprise. When the results came in, I was stunned. The scans picked up over thirty-five thousand things. I had twice as many connected systems as I had known and registered systems. That wasn’t the worst of it: what about ephemeral systems? Those microservices and lambda functions and BYOD, now-you-see-’em, now-you-don’t systems?

Now it was personal for me. This is existential. I will lose my job because I can’t see.

And looking across the enterprise, asset visibility was — and is — a fundamental capability on which everything else rests. The COO’s key initiative? Master data management. The CIO’s primary strategic goal this year? Digital transformation. IT OPs response to COVID? Accelerate cloud transformation.

The first step in any technology action is to know your denominator.

And I didn’t know mine.

Every customer data incident, overspend on cloud, provisioned systems that elude orchestration, open S3 buckets, corporate source code through a personal account… I’m not scared of a zero-day, I’m scared of standing in front of my team, my boss, and the mirror and facing the question, “why didn’t you know?”

The Gordian Knot was strangling me and the rest of the 99%.

It cost time, effort, and energy to solve this. Many false starts and failures, but when we were done, we knew we’d cut the Knot.

Why now? What has changed that makes this problem solvable now?

What changed is a handful of people with seventy-five years of math and technology experience decided to die on this hill. There was no pivot. There was no quit. There was no plan B. Our determination to solve this problem was personal — regardless of whether we could find a solution that could scale or sell.

Then we solved it. And we had built a solution that scaled. The machine learning at the heart of Lucidum is explainable. It’s fast, comprehensive, and open.

No more unknown unknowns. Finally and forever.

Connect with us and see Lucidum in action.

Once you see everything, you can manage, transform, and secure, confident nothing is missed.

Never hear the question, “Why didn’t you know?”