Dr. Mohit Tiwari of Symmetry Systems: “Organizations lack the tools to understand how data is used and protect it”

Organizations lack the tools to understand how data is used and protect it. And it is very understandable as to why; there is 1 security engineer for every 100 product engineers that are rushing to build the next great feature. So we want to build giant levers that security engineers can use to build guard-rails […]

The Thrive Global Community welcomes voices from many spheres on our open platform. We publish pieces as written by outside contributors with a wide range of opinions, which don’t necessarily reflect our own. Community stories are not commissioned by our editorial team and must meet our guidelines prior to being published.

Organizations lack the tools to understand how data is used and protect it. And it is very understandable as to why; there is 1 security engineer for every 100 product engineers that are rushing to build the next great feature. So we want to build giant levers that security engineers can use to build guard-rails around data.

As a part of our series about business leaders who are shaking things up in their industry, I had the pleasure of interviewing Mohit Tiwari.

Mohit Tiwari is the CEO and co-founder of Symmetry Systems. Before Symmetry, Mohit was a cybersecurity professor at University of Texas, Austin where his lab was funded by DARPA and National Science Foundation, collaborating with teams at General Dynamics, Lockheed Martin, Intel, ARM, Google, and others. His work on high-assurance systems has received multiple industry and scientific awards for applied cybersecurity research, was transitioned to production by a startup (TortugaLogic) and large companies, and ultimately led to Symmetry Systems via pilots with cloud-providers and hospitals.

Thank you so much for doing this with us! Before we dig in, our readers would like to get to know you a bit more. Can you tell us a bit about your “backstory”? What led you to this particular career path?

I am a co-founder at Symmetry Systems and a professor in computer architecture and security at UT Austin. Before that, I spent several years in grad school in CA learning these fields from the very best.

Great teachers and mentors led me down this path. And it helps that both computer security and architecture are great fields to work in, and have been on a tear over the last decade.

It is the perfect storm when what you love to work on is also directly relevant to society and pays well!

Can you tell our readers what it is about the work you’re doing that’s disruptive?

Our work is about building a data security foundation that enables product teams to build fast, safely.

Today, large organizations are custodians of millions of users’ most intimate data. While there is a lot of focus on surveillance capitalism, we find instead that most organizations we talked to — and we have talked to over 50 in the last quarter alone! — want to do the right thing by their customers’ (and their own) data.

But the way applications are set up to work, it is almost impossible to say how this sensitive data is used or whether it is protected appropriately.

Organizations lack the tools to understand how data is used and protect it. And it is very understandable as to why; there is 1 security engineer for every 100 product engineers that are rushing to build the next great feature. So we want to build giant levers that security engineers can use to build guard-rails around data.

Can you share a story about the funniest mistake you made when you were first starting? Can you tell us what lesson you learned from that?

Not signing up for a month-long security background check before visiting NSA.

We were there to present our work on a privacy service that made data available on your devices (phones, tablets,…) depending on your context…e.g., data appeared/dissolved out of the device if you moved in/out of proximity of a data owner, or walked out of a room/building, etc.

But without the security check, I waited outside the building while my ex-students and now founding-team colleagues gave fun demos and got a detailed tour of their IoT-hacking lab.

It hurts, even after all this time.

We all need a little help along the journey. Who have been some of your mentors? Can you share a story about how they made an impact?

My mentors at UCSB and UC Berkeley were great! And then again at UT Austin.

The biggest impact that all made is through setting an example of picking genuinely valuable problems and sticking with them for years! And then translating all that research into practice through startups and working with larger companies.

On a personal level, they have all been extremely generous to me and to many of their colleagues. For example, my UCSB mentor worked hard as hell with me for years on a project and then disappeared from the room when we were to receive the best paper award for it. More than any one incident, watching them put a ton of energy into their students, community, and their research over years made a huge impact.

In today’s parlance, being disruptive is usually a positive adjective. But is disrupting always good? When do we say the converse, that a system or structure has ‘withstood the test of time’? Can you articulate to our readers when disrupting an industry is positive, and when disrupting an industry is ‘not so positive’? Can you share some examples of what you mean?

Sometimes the answer is easy. For example, way back in India, widows were made to ‘willingly’ jump into their dead husbands’ funeral pyres. It is great that that system got disrupted.

In other cases, all side-effects of a change are not evident or easily classified — e.g. billions of people signing up to a social network that aims to make the world more open.

Positive disruption: any intervention that brings more opportunity to more people and hurts few/none hits the magic quadrant — Khan academy, Wikipedia, and similar educational orgs seem to have landed there. I’d put a company like vmware there too — taking out a ton of physical servers and making so many computer functions 100x more efficient seems like a net win. There are a *lot* of deep technical advances under the hood there. Companies that provide better healthcare with lower, transparent costs could be another area that is ripe for positive disruption. Or ones that can figure out how to make money while also helping people through transient downturns (through loans, re-skilling courses, etc).

On the other hand, I can imagine companies can make a lot of money by fueling disinformation to land eyeballs and advertising dollars and take attention away from careful journalism. Arresting, spectacular news and small world graphs make for a money-making, negatively-disruptive combination.

All this said, the time-scale at which this analysis is done is an important parameter.

Can you share 3 of the best words of advice you’ve gotten along your journey? Please give a story or example for each.

It is hard to share one or three words of advice, so I’ll share some sources instead.

The Last Lecture by Randy Pausch has a lot of gems, including a segment on giving people time.

Hamming lecture and Feynman’s books are great at sharing how they systematically had fun with their work.

Man’s search for meaning and Thinking Fast and Slow are both helpful with managing chaotic things that always seem to go on.

Lead generation is one of the most important aspects of any business. Can you share some of the strategies you use to generate good, qualified leads?

Our team, including investors and advisors, are lifelong security and privacy enthusiasts. So we found our first set of design partners and customers through our relationships.

It is clear to us that security practitioners only want to be pitched a product by their peers who have put the product through its paces.

So we’re focused on the product and on customer-success to expand into a vein of customers that have regulated data or otherwise care deeply about earning customers’ trust.

We are sure you aren’t done. How are you going to shake things up next?

We are still some way from rolling out our first product broadly.

There are two big parts to the privacy puzzle. One is to build data-centric services that enable organizations to innovate safely; the second part is to design new, more respectful technical policies that reflect societal goals. We have barely started on the first part and there is a lot of work for us and many others to do to bring both parts to a reasonable first milestone.

Do you have a book, podcast, or talk that’s had a deep impact on your thinking? Can you share a story with us? Can you explain why it was so resonant with you?

Privacy in Context by Helen Nissenbaum really clarifies a lot of the societal/ethical questions around privacy, and it pairs very well with Cynthia Dwork’s work on technical foundations behind privacy.

Both of these are extremely interesting because of the setting they came in. Every data leak or data release still swirls with controversy about privacy, and all companies are routinely hauled up in front of the senate (and fined or acquitted without a clear reason). Both of these lines of workplace structure around what to expect from privacy, what guarantees are impossibly hard to get, and expose much clearer (still hard) questions for our technical and policy people to consider.

Can you please give us your favorite “Life Lesson Quote”? Can you share how that was relevant to you in your life?

I’ve learnt more from examples set by excellent people than from a quote; so I’d have to take a rain-check on this question.

You are a person of great influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. 🙂

Life-long learning. Make it the default expectation (vs. graduating from college and go through a fixed career) and provide a lot of structure (social, tools, …) around it.

How can our readers follow you online?

For our company:

For research:

and me:

Share your comments below. Please read our commenting guidelines before posting. If you have a concern about a comment, report it here.

You might also like...


“5 Things You Need To Know To Optimize Your Company” With Jason Remillard & Michael Wilson

by Jason Remillard

Ed Heinbockel, Jackson, Wyoming on Types of Cyber Security Jobs

by Ed Heinbockel

Sam Munakl of Cytek: “Training”

by Jason Remillard
We use cookies on our site to give you the best experience possible. By continuing to browse the site, you agree to this use. For more information on how we use cookies, see our Privacy Policy.