Imagine boasting a CV with a letter of appreciation from the White House for leadership qualities in helping the National Security Council develop the NIST Cybersecurity Framework and being named the 6th most innovative cybersecurity leader of 2021. The one who achieved these honors is Michael Coden, one of the top cybersecurity leaders specializing in strategy, implementation, and resilience. He has an array of roles in the form of Managing Partner at Magjic, Senior Advisor to BCG, Associate Director at Cybersecurity at MIT Sloan, Advisor to Safe Inc., Advisor to The Decision Lab, and Member of the DBOS-Project. His advice and consultation attract Boards, CEOs, C-suites, and CISOs so that they gain from his valuable knowledge about IT and OT.
Michael is the author of 17 patents on network equipment, data protocols, cyber risk quantification, and fiber optic semiconductor devices. He has also authored numerous scholarly contributions and The Fiber Optic LAN Handbook, with a circulation of 100,000 copies. He is committed to arming companies to protect themselves against cyber-attacks through his various advisory roles and his company Magjic.
The First Attack of Knowledge
After graduating from MIT, Michael first started working for HP in their computer division, developing the first minicomputer timesharing system. He was recruited away by Digital Equipment Corporation (DEC) where he developed a new memory system that allowed 3 CPUs to access the same main memory for parallel processing, and the first multitasking operating system for minicomputers. Impressed with his achievements, a customer hired him away from DEC to automate a marine container shipping terminal. Using minicomputers and a unique database system he helped develop called MUMPS, he was able to reduce the loading and unloading of a 50,000-ton container ship from 3 weeks (manually) to 8 hours, 15 minutes. Michael was then invited to join Exxon corporation to invest in innovative technologies and started the Optical Information Systems (OIS) division of Exxon OIS, one of the first three companies to commercialize semiconductor lasers. OIS was acquired by McDonnell Douglas, which used OIS lasers to deploy the US military satellite communications system – a ring of satellites around the earth that communicated securely using beams of laser light. This started his career in the cybersecurity domain.
Michael had the wonderful opportunity to co-found Codenoll Technology Corporation specializing in highly secure networks, which became the standard for the US Air Force, US Navy, Southwestern Bell (now AT&T), and the New York Stock Exchange and Bloomberg. Codenoll was acquired by ADC Telecommunications, where he continued as Vice President of Technology and Marketing, developing secure hardware and data protocols. He became President of an Israeli cybersecurity company, NextNine (now Honeywell). He developed software to secure critical infrastructure systems used by companies like Shell, Motorola Cellular Communications, GE Healthcare, Rockwell Automation, Schneider Electric, ABB, Yokogawa, Tokyo Electron and many others. His journey with the Boston Consulting Group (BCG) began when the company hired him to build its Cybersecurity Practice. He built one of the fastest growing and highly respected cybersecurity consulting practices, resulting in The Consulting Report naming him number 6 in “The Top 50 Cybersecurity Leaders of 2021. In 2020, he discovered DBOS, a new operating system developed at MIT and Stanford that will revolutionize cybersecurity. On January 1, 2022, he turned the BCG Cyber Practice over to his successors, resigning as Managing Director of BCG, where he remains a part-time Senior Advisor.
The Gateway to Cybersecurity Specialization
Michael’s belief that the focus of cybersecurity needs to shift from protection to resilience is the mission of Magjic. Michael says, “All organizations are targets and will be successfully compromised. Those that are resilient will suffer the least damage. Building ever more complex cyber-protection takes a long time and a lot of investment. Building effective detection, response, and business continuity plans can be made quickly at a much lower cost. Boards of Directors knowing that the company cannot protect against all possible attacks and encouraged by the new SEC rules that will require business continuity plans to be described in 10-K and 10-Q, will reorient organizations thinking to be more focused on resilience. At Magjic LLC, I advise Boards, CEOs, C-suites, and CSO/CISOs on prioritizing, activating, and implementing cyber-resilience that will reduce the impact and damages from a successful cyberattack.”
In addition to advising Boards and senior executives on cybersecurity, Michael’s long-term strategy is to help commercialize the DBOS operating system. The DBOS prototype has demonstrated the ability to detect 99.96% of all cyberattacks in less than 1 second in the operating system at zero additional cost. This compares favorably with current expensive external SIEMs and analytics engines that typically require 4-5 hours and are only 80%-90% accurate. Moreover, DBOS can be “rolled back” to the state before the attack in less than 5 minutes, allowing much faster and more robust business continuity when compared with current backup/restore technologies.
His contributions to the cybersecurity industry have ranged from helping develop the NIST Cybersecurity Framework to developing several ways for companies to implement increased cybersecurity at a reduced cost. One of his contributions is BCG’s Cyber Doppler, a method and patented tool for quantifying cyber risk that allows companies to make cyber investment decisions based on an ROI, which is calculated as: the “greatest reduction in cyber risk” divided by the cost of cyber projects. This method has allowed many companies to optimize their cyber strategy and spend. He shares, “I am currently on the advisory board of Safe.security Inc., which provides a cyber risk quantification product. I have also developed methodologies for enabling companies to develop common reusable cyber functions for multiple cloud service providers. Many companies have used this approach to reduce the time and cost of developing secure cloud applications and reduce security and audit operational costs. Reducing development time allows products to generate revenue more quickly; reducing operating costs allows software products to be more profitable.” He adds, “Additionally, I have pioneered dissecting “cyberculture” into “cyber behavior and am a member of the Advisory Board of The Decision Lab, a behavioral science think tank. I have also helped develop methods for companies to cost-effectively increase their cyber resilience, which is my current focus.”
Experimenting Ideas, Delivering Results
Michael is working with a team of 20 faculty and students at MIT and Stanford led by Mike Stonebraker (Turing Award Laureate) on a new operating system that is a relational database built on “bare metal” (DBOS). All the applications run as stored procedures wildly fast in DBOS, without having an extra layer like Windows or Linux/Kubernetes complicating system operation and slowing things down (think 10x quicker). DBOS is also much more scalable than current operating systems eliminating the need for complex cluster management. Exciting and important are the cybersecurity functions built into DBOS. There are many use cases for it, so he believes that this could be the next generation of operating systems.
Cyber protection strategies often take years to implement, at great expense. Companies need to make sure they can detect, respond, recover, and continue business operations. He would promote cyber risk quantification as a way of prioritizing cyber investments. Most importantly, he would like to see the applications transformed to the cloud be transformed to DBOS for greater cyber-resiliency.
Focusing on the Idea
Michael expects a significant shift in attention and investment from cyber protection to cyber resilience. He shares, “At BCG, MIT, Safe, and Magjic we have done a lot of work in this area, advising Boards, CEOs, C-suites, and CSO/CISOs to prepare, execute and deploy cost effective cyber resiliency in their organizations. Longer term, I envision a shift from writing applications in complex Linux/Kubernetes containerized environments to the more elegant and cyber-resilient DBOS serverless cloud environment. I am currently seeking companies who will volunteer to test the DBOS prototype that we have developed at MIT-Stanford.”
In his advice to budding entrepreneurs, Michael gives his concluding thoughts,
- “Focus on the value your idea will deliver. First describe why someone would give their money to you. You must be able to concisely articulate the value of your product in 2-3 sentences. Then work backward from the value proposition to how you deliver that value, and lastly, the technology you developed.”
- “Twice a year I ask my team to give me a ‘Report Card.’ They gather together for two hours, without me in the room, and then give me an anonymous report on what I should do, and stop doing, to make their jobs better and easier – with feedback on how well I’m doing implementing their previous Report Card.
- I believe that one mark of a true leader is to always have a succession plan.