Dr. Melanie Rieback is the Co-founder and CEO of Radically Open Security, the world’s first non-profit, computer security consultancy company. The security advice her team provides is “Radically Open” as Dr. Rieback is seeking to secure not just the internet but our societies and the World we live in. As well as consultancy and penetration testing, Dr. Rieback is spending “an increasing amount of time on social entrepreneurship, and the ways that we can make more activistic businesses to make the world better, and also questioning how business is taught in schools.”
“We can make more activistic businesses to make the world better”.
Dr. Rieback’s curiosity towards tech and hacking was encouraged from a very young age. Her parents worked at AT&T Bell Labs, where her mum was a computer programmer, and her father was a telecommunications project manager. “They used to have really old computers at home like 80 – 86s and 300 baud modems, and we used to dial in to their work networks so I used to play games on dial up, that’s sort of how I got started, and when I was probably about seven, I got started with programming: GW Basic”, reminisces Dr. Rieback. “As I got older, I also started getting faster modems, bulletin board systems evolved, and at a certain point, I used to log into bulletin board systems, and that was sort of when I first came into contact with hacking”. Reading through all the text files, Dr. Rieback couldn’t at that time see a way to hack legally, and didn’t want to get into trouble, so for that time just programmed text based games.
Uncertain as to which career path to take at first, Dr. Rieback studied Pre-Medical Science, eventually shifting to major in both Biology and Computer Science. The obvious route from there was Bioinformatics, so she took summer internships molecular modelling before joining the Human Genome Project at MIT after graduating, discovering in the process that she “liked the computer part more.” Dr. Rieback adds, “I also figured out that my Bachelors had reached a glass ceiling for what I wanted to do, so I decided to study further.”
“I realised that my Bachelors had reached a glass ceiling for what I wanted to do, so I went on to graduate school.”
After earning her PhD in Computer Systems at the Vrije Universiteit, Amsterdam, Dr. Rieback joined a cyber crime team, but found she had concerns regarding the security consultancy companies she was interacting with. These concerns spurred her to create her own ethical cybersecurity start-up, Radically Open Security.
“Radically Open Security,” Dr. Rieback explains, “is a social enterprise in the computer security consultancy space. We are a commercial, non-commercial company: the commercial front end for not-for-profit back end. We give 90 percent of our profits to the NLnet Foundation. They are a funding agency that supports digital rights, open source, and anything for a better internet”. The Radically Open Security website also explains that the other 10% profits go to an employee profit-sharing scheme, in which the secretary accumulates profit-sharing rights as quickly as the CEO.
“Businesses are not in a vacuum: they affect societies, they affect the environment.”
Dr. Rieback feels not-for-profit businesses such as hers can help to achieve the UN Sustainable Development Goals, and work to ensure gender parity, income equality, and to rapidly mobilise and reshape our society to stem the ecological crisis and the rise of populist hate: “businesses are a powerful tool that we can utilise for activism. We are not used to conceiving of businesses in that light. We are used to thinking that businesses are the problem, and undoubtedly many contemporary problems have their origins in some way, shape or form in business but it doesn’t have to be that way. The problem is there are commercial incentives and very unhelpful concepts like shareholder primacy that really cause businesses to make the wrong decisions, and ultimately these businesses are not in a vacuum: they affect societies, they affect the environment.”
“We are trying to fully decouple the profit motive from the operational, legal and business.”
“Misbehaving businesses are causing a whole lot of problems. We are trying to fully decouple the profit motive from the operational, legal and business, and to re-envision business as a tool for activism and peer positive impact. So we have been prototyping this with our own business: Radically Open Security. If any profits are made, I’m giving them to charity. I’m trying to remove that incentive of paying dividends to founders, investors, banks, and trying to make it a vehicle by the community for the community, and that if anybody’s going to benefit from it at all, it’s the community. But the point is that when you know that you’re not going to get rich from running a business, there there have to be other reasons why you’re doing it, and if you remove the profit motive, what is left is positive impact. So that really informs the culture of the entire business, and you can re-envision the business as art form, and you can really ensure that your large guiding decisions but also your tiny daily operational decisions all point in the same direction towards that lodestar of meaning and purpose.”
“We need to take the entire Silicon Valley model of entrepreneurship… and question it.”
Dr. Rieback has also been working on this in her non-profit ventures, her start-up incubator, in her TEDx talk, and in a university course in Post-Growth Entrepreneurship, which she has launched at the Free University of Amsterdam. At the heart, she is seeking “to question what is currently common knowledge about how people do business. I’m questioning growth… We don’t stop and ask ourselves the question often enough, why do we need to grow exponentially? As soon as you investigate this carefully, it doesn’t actually hold water because you really don’t need exponential growth. The reason why investors like exponential growth is so that they can get out and sell the business in 5 years. But the problem is this leads to really short-term decision making, which of course oftentimes has these adverse affects on society and on the planet. We need to take the entire Silicon Valley model of entrepreneurship, that we are taught pretty much everywhere: Capital, Scale, Exit, and I think we need to question it. We need to ask questions like: do we really need capital at the beginning to grow viable business? If you consider that 80% of start ups fail, it seems to me that we are doing something wrong. We need to ask questions like: is this system to benefit founders and society, or is this system set up to benefit the investors and those with money and those who have power, and those who perhaps are trying to maintain their position? There’s a whole lot of ideology embedded in our tools that we are receiving as entrepreneurs, and we need to start actively teasing out the ideology from the actual tools because what we don’t understand is that we are actually perpetuating the problem by taking this stuff unquestioningly, carrying it on, and applying it to our businesses.”
“In most cases, the root of the problem is business models.”
Dr. Rieback says she sees “a lot of things going wrong in the world” and is “trying to get to the root cause of it. If you take a technological problem such as privacy, it is easy to say ‘why don’t we build a facebook clone or yet another privacy technology’. But it is a band aid versus going after root of the problem. In most cases, the root of the problem is business models. If Facebook didn’t have the business model that our data is the new oil, which of course is very pervasive these days, we wouldn’t be in this place in the first place. If selling out our privacy wasn’t at core of their business models, then we wouldn’t have to build complicated platforms or all these privacy enhancing technologies. If businesses just behaved decently and we could put more decently behaving businesses on the market, which could almost function like “Fairtrade” on the market to put a commercial pressure on corporates to behave better. I’ve just grown to believe that this is the only thing we can do that will really have an impact!”
“Tech itself is fairly neutral. 9 times out of 10, the problem is not the tech but the intentions.”
On how we can ensure technology is used for good, such as taking care of human rights, Dr. Rieback again feels this comes down to business foundations and intentions: “Business models companies behaving badly putting ahead of other concerns like human rights non profit commercial market effective positive change tech more for good than for bad,.tyech is fairly neutral. 9 times out of 10, the problem not the tech but intentions.”
“The more we have to draw from, the easier it is for us to take our skills, knowledge and our background and apply it to new contemporary problems.”
Dr. Rieback is passionate about the interconnections between different disciplines, and thinks a balance of rationalists and creatives will be important as we evolve our world: “the broader we are enables us to be creative. Students tend to be separated: either you’re an artist or a scientist. But these bubbles are totally unhelpful. Creatives need rationalist skills to help give a solid foundation to their art or activism, while at the same time, the rationalists, businesspeople, techies, and other scientists, we need creatives, artists and activists to get meaning and purpose in what we are doing, and to realise there is more to life than just 9-5 jobs that are comfortable and salaried, with a pension. The truth really lies within the synergy of those two things, and it relies on creatives also utilising rationalist tools and rationalists utilising the meaning, purpose and the drive of creatives. It doesn’t have to be even two separate people: we can even embrace that within ourselves. That’s a problem with our education system. Much of creativity is really bringing together bits and pieces of disparate things and then combining them into unique new amalgams that help to meet your needs. That is creativity but that is also invention. The New Testament says there’s nothing new under the sun, you basically just put little bits here and there and apply them to new contexts. The more we have to draw from, the easier it is for us to take our skills, knowledge and our background and apply it to new contemporary problems and find new ways of seeing things.”
“We need to make sure we present a lot of good role models to the world because there are a lot of great, inspiring women who are doing this great stuff.”
Asked how girls can best be engaged with technology, and specifically ethical cybersecurity, and how the industry can retain them, Dr. Rieback says, “Those of us in the field, we need to make sure we present a lot of good role models to the world, because there are a lot of great, inspiring women who are doing this great stuff. Need more platforms for these women, to make them more visible. Girls, at school age, choose other professions Society pushes us in one direction or the other but the more we can have these role models on display, the more girls can think ‘hey, this is actually a possibility for me’. That’s why I think it’s great that we now have excellent films like Hidden Figures. We can try to make sure we get more great girls into the theatres.”
“Pay attention to what you’re curious about.”
In terms of how girls can use their skills to achieve the positive global change we need, Dr. Rieback advises: “Pay attention to what you’re curious about, and what you find interesting, and don’t worry too much about this boys vs girls thing, or even is it easy or hard, but just think about: ‘is this something I care about or which sparks my curiosity?’. If people follow their passions, they’ll develop it. I think sometimes myopically focusing just on technical a technical skill for example, just because it may be useful in the job market is a bit of a shame, as the best folks also in IT are the ones who are passionate about. So in general follow the thing you are most passionate about.”
Speaking of the culture for girls within cybersecurity, Dr. Rieback says, “in the Netherlands, there’s a really nice network of women in cybersecurity” given women are in the minority in terms of the hackers, corporate community and there are fewer technical women in the field, “The ones that are there are really cool. We organise all women Capture the Flag teams to participate in ethical hacking contests, activist stuff that is fun, and it gives a platform to promote role models. We just need to continue with outreach. Things will change.”
“Don’t create content you wouldn’t want your grandmother to see.”
Dr. Rieback’s advice for staying safe online is to exercise “common sense, don’t create any content you wouldn’t want your grandmother to see. Be aware if something sounds too good to be true, it probably is. Don’t give out your personal data. Do antivirus updates. Try not to keep stuff connected to the internet all the time. Make backups offline also.”
“Care. Care about doing something positive. Long road. Once you have some passion, find a problem you care about. You’ll be spending a whole of time on it.. It takes time to build things with integrity.”
Are you inspired and considering setting up a non-profit business? Dr. Melanie Rieback’s advice is to “Care. Care about doing something positive. Long road. Once you have some passion, find a problem that you care about. You’ll be spending a whole lot of time on it. Be really careful to start with the problem and not the solution. It takes time to build things with integrity. Don’t jump on bandwagon of people telling you you need an investor lose control. Investors take equity from whatever you are building. Be very conscious about what you are doing, the effect of what you are doing, the social effects ethics, and general value market value, solution to pain people will pay for solution. Sales marketing to push it on people. If people can’t understand what you’re virally market themselves actually building something with genuine value people want it. “
Many thanks to Dr. Rieback for taking the time to speak with us at Girls in Science and providing us with her example as a leader and thinker, in how to pursue our careers, and future businesses, with integrity.
Inspired and curious to try your hand at Cybersecurity? Here are two legal ways to do so:
- Free Code Camp has some beginner level Capture the Flag challenges, where you can learn ethical hacking.
- QUFARO provides distance learning tuition for students wishing to take an Extended Project Qualification (EPQ) in Cybersecurity.