USMC CAPT NATE FICK
On April 20 (2013), over thirty Endgame employees, family members and friends participated in the Mid-Atlantic Spring 2013 Tough Mudder, supporting the Wounded Warrior Project. Funds raised for the Wounded Warrior Project go towards providing combat stress recovery programs, adaptive sports programs, benefits counseling, employment services and many other critical programs. Endgame is proud to support this important organization and give back to the thousands of Americans returning from the battlefield.

On April 20 (2013), over thirty Endgame employees, family members and friends participated in the Mid-Atlantic Spring 2013 Tough Mudder, supporting the Wounded Warrior Project. Funds raised for the Wounded Warrior Project go towards providing combat stress recovery programs, adaptive sports programs, benefits counseling, employment services and many other critical programs. Endgame is proud to support this important organization and give back to the thousands of Americans returning from the battlefield.

INTERVIEW WITH NATE FICK (AUDIO)

The Silver Bullet Security Podcast with Gary McGraw: Show 096, an Interview with Nate Fick

You can listen it here

Hey! You wouldn't happen to know where I could find that picture of Stark and Nate together would you? I figured if there was anyone to ask first, It'd be you. Thanks for the fantastic blog!

Thank you, glad you like the blog!

Is this the pic you are looking for? 

image

Stark Sands about their meeting:  

Have you met your character, Lieutenant Nate Fick, in person? 

Just recently. It’s weird, but not only do we physically resemble each other, but a lot of our mannerisms are the same — to the point that we were sitting around a table with the real Tony Espera and the real Ray Person, the real Evan Stafford, these guys that were in his platoon for real, and these guys were watching us with their jaws dropped. People were taking pictures of us from across the table just so they could show us how similar we acted.

He’s one of the few commanding officers who seemed to have the respect of his men. 
It’s funny. Over the months in Africa [where we were shooting], you sort of take on the characteristics and qualities and ideals of the character you’re playing, even off set. When we’d take weekend trips to Cape Town and some shit went down and people were about to get in a fight, either with each other or with someone else, I found myself stepping in and fixing it. 

Inside Endgame: A Second Act For The Blackwater Of Hacking 
In the classic hacker career narrative, a juvenile genius breaks into the Internet’s most sensitive networks, gets caught and then settles into a lucrative corporate gig selling his skills for defense. Nate Fick is trying to pull off the same story with an entire company.

Fourteen months ago Fick took over as chief executive of Endgame, perhaps the most controversial name in Washington, D.C. cybersecurity contracting. For years Endgame’s elite hackers worked in the shadows of the Beltway to build and sell “zero-day exploits,” an industry term for malicious code that abuses a previously unidentified vulnerability. As a contractor to military and intelligence agencies including the NSA, it enabled some of those customers’ most intrusive spying practices by offering ways to break into software from the likes of Microsoft MSFT +0.98%, IBM IBM +0.8% and Cisco for millions of dollars.

Fick’s daunting task now: To shift his firm’s focus to the far wider market in commercial defense products–and in the process, to shed its reputation as the Blackwater of hacking. The 36-year-old CEO, a former elite Marine reconnaissance captain who served in Iraq and Afghanistan before developing what he describes as a personal distaste for violence, hints at a motivation for the change beyond profit. An ethical cloud still hangs over Endgame for its track record in undermining the Internet’s security.
Fick’s first move: taking Endgame out of the zero-day exploit game. “The exploit business is a crummy business to be in,” says Fick, sitting at a coffee shop near Endgame’s unmarked office in Arlington, Va., which has never before allowed a reporter inside. “If we’re going to build a top-tier security firm, we have to do things differently…. This is one of those happy circumstances where business realities, reputational concerns and my personal feelings aligned.”

The company now touts itself as a Big Data analysis firm, selling “vulnerability intelligence” software that alerts clients to digital risks. Its tools pull together information from sources ranging from a customer’s antivirus programs and intrusion detection system to its human resources and physical security data, and pairs the information with Endgame’s own research on malware and blacklisted IP addresses. Integrating those feeds into a slick user interface, its software shows any anomaly that might represent a security threat, whether a hijacked computer sending source code to Pakistan or a rogue IT employee badging in at midnight to print the finance department’s sensitive documents.

Endgame’s new business direction helped the company raise a second round of financing last year, led by homeland-security-focused Paladin Capital, bringing its total investment to $60 million after earlier investments by Bessemer Venture Partners, Kleiner Perkins Caufield & Byers and others. By FORBES’ estimate the company earned $20 million in revenue in 2013; Fick aims to more than double that number in 2014 and flip the balance of sales so that the majority within two years comes from the private sector.

But Fick’s friendlier face for Endgame isn’t the full story. Its board still includes former NSA chief Kenneth Minihan, and it’s chaired by Christopher Darby, director of the CIA-backed venture firm In-Q-Tel. Though Fick says Endgame no longer sells exploits, the company doesn’t deny that it still sells tools to the federal government that can be used for offensive hacking–the digital equivalent of stocks, sights and barrels, if not the bullets. After all, the same “vulnerability intelligence” that finds chinks in a customer’s armor can also be used to discover them in a surveillance target.

Case in point: Inside Endgame’s startup-style office, complete with a ping-pong table and entertainment console covered in hacker-themed DVDs, an engineer shows me an older product code-named Bonesaw. (“We’re trying to come up with less ‘interesting’ names,” quips Chief Strategy Officer Niloofar Howe.) Bonesaw pulls Internet data to show what software runs on which machines around the globe, like a Google GOOG -0.55% Maps for hackers. With a few clicks a user can zero in on a computer and see its vulnerabilities along with a list of publicly available techniques to hack it.

Fick won’t say what Endgame’s government customers might do with that tool. In fact, he won’t comment at all on the specifics of Endgame’s government business, citing secrecy agreements. In a year in which the NSA has been accused of out-of-control spying, that lack of transparency leaves critics to assume the worst.

“It sounds to me like they’re trying to put a rose on a pig,” says James Bamford, author of three books on the NSA and a vocal critic of Endgame’s practices. “If you’re saying you’re on the right path but won’t say what you’re doing, the burden’s on you.”

Critics can’t deny, however, that Fick’s Endgame is different from the one he inherited from his predecessor Chris Rouland. In the early 1990s Rouland tried out rogue intrusion as a young hacker under the handle Mr. Fusion before putting his skills to use for the feds. He eventually became the CTO of Internet Security Systems and spun Endgame out of the company in 2008 after ISS was acquired by IBM for $1.3 billion. Under Rouland, the company offered an extensive package of zero-day exploits for $2.5 million a year, boasting of potential targets including Russian oil refineries and the Venezuelan Ministry of Defense, and promising “zero disclosure of discovered vulnerabilities” to software makers who could patch their weaknesses. “We don’t ever want to see our name in a press release,” Rouland wrote to a colleague in early 2010.

That clandestine business came to light only when the hacker group Anonymous penetrated Endgame partner HBGary Federal and published thousands of the company’s e-mails, including HBGary Federal’s proposal to attack donors and supporters of WikiLeaks on behalf of Bank of America. While other companies associated with the hacked firm apologized, Endgame became even more secretive, taking its website offline and scuttling its early commercial offerings. “Going dark was emphatically the wrong approach,” says Fick. “If you’re not telling your own story, people tell it for you.”

Fick, who worked at Bessemer Venture Partners and a Washington think tank after the military, was brought in by Endgame’s board to change that story. Kleiner Perkins’ Ted Schlein says he was impressed with Fick’s military-honed decisiveness. “I see things in him as a first-time CEO that I usually see in a second- or third-time CEO,” says Schlein.

Fick says he quickly nixed the zero-day development business and began hiring executives with commercial-software backgrounds. He considered changing the company’s name but decided it held too much branding value. “The name’s cool,” Fick says.

Endgame has never apologized for its history, and Fick refuses to start. “Apologize for what?” he asks. And he acknowledges that Endgame’s reputation provides a recruiting edge he’s reluctant to give up. “The guys who are really good at vulnerability research don’t want to go play in the sandbox and do penetration testing. They want to do it for real.”

Exactly what “doing it for real” entails, Fick won’t say. He’s visibly uncomfortable stonewalling questions, and cites his preference for transparency. In his days as a marine lieutenant leading one of the first platoons to invade Iraq, he even allowed a Rolling Stone reporter to leave recording devices in his troops’ humvees. Those recordings became the source material for the book and HBO TV series Generation Kill, in which Fick’s character plays a central role. “People have the right to know what’s going on,” Fick says of his decision to shed light on the military’s work. “A society that’s connected to its wars will go to war less often and will be committed to winning when it does.”

The same could be said of cyberwar–and the companies that enable it. Until Fick brings the darker part of Endgame’s business out of the shadows, his hacker-gone-straight story will have a major plot hole.

Inside Endgame: A Second Act For The Blackwater Of Hacking

In the classic hacker career narrative, a juvenile genius breaks into the Internet’s most sensitive networks, gets caught and then settles into a lucrative corporate gig selling his skills for defense. Nate Fick is trying to pull off the same story with an entire company.

Fourteen months ago Fick took over as chief executive of Endgame, perhaps the most controversial name in Washington, D.C. cybersecurity contracting. For years Endgame’s elite hackers worked in the shadows of the Beltway to build and sell “zero-day exploits,” an industry term for malicious code that abuses a previously unidentified vulnerability. As a contractor to military and intelligence agencies including the NSA, it enabled some of those customers’ most intrusive spying practices by offering ways to break into software from the likes of Microsoft MSFT +0.98%, IBM IBM +0.8% and Cisco for millions of dollars.

Fick’s daunting task now: To shift his firm’s focus to the far wider market in commercial defense products–and in the process, to shed its reputation as the Blackwater of hacking. The 36-year-old CEO, a former elite Marine reconnaissance captain who served in Iraq and Afghanistan before developing what he describes as a personal distaste for violence, hints at a motivation for the change beyond profit. An ethical cloud still hangs over Endgame for its track record in undermining the Internet’s security.

Fick’s first move: taking Endgame out of the zero-day exploit game. “The exploit business is a crummy business to be in,” says Fick, sitting at a coffee shop near Endgame’s unmarked office in Arlington, Va., which has never before allowed a reporter inside. “If we’re going to build a top-tier security firm, we have to do things differently…. This is one of those happy circumstances where business realities, reputational concerns and my personal feelings aligned.”

The company now touts itself as a Big Data analysis firm, selling “vulnerability intelligence” software that alerts clients to digital risks. Its tools pull together information from sources ranging from a customer’s antivirus programs and intrusion detection system to its human resources and physical security data, and pairs the information with Endgame’s own research on malware and blacklisted IP addresses. Integrating those feeds into a slick user interface, its software shows any anomaly that might represent a security threat, whether a hijacked computer sending source code to Pakistan or a rogue IT employee badging in at midnight to print the finance department’s sensitive documents.

Endgame’s new business direction helped the company raise a second round of financing last year, led by homeland-security-focused Paladin Capital, bringing its total investment to $60 million after earlier investments by Bessemer Venture Partners, Kleiner Perkins Caufield & Byers and others. By FORBES’ estimate the company earned $20 million in revenue in 2013; Fick aims to more than double that number in 2014 and flip the balance of sales so that the majority within two years comes from the private sector.

But Fick’s friendlier face for Endgame isn’t the full story. Its board still includes former NSA chief Kenneth Minihan, and it’s chaired by Christopher Darby, director of the CIA-backed venture firm In-Q-Tel. Though Fick says Endgame no longer sells exploits, the company doesn’t deny that it still sells tools to the federal government that can be used for offensive hacking–the digital equivalent of stocks, sights and barrels, if not the bullets. After all, the same “vulnerability intelligence” that finds chinks in a customer’s armor can also be used to discover them in a surveillance target.

Case in point: Inside Endgame’s startup-style office, complete with a ping-pong table and entertainment console covered in hacker-themed DVDs, an engineer shows me an older product code-named Bonesaw. (“We’re trying to come up with less ‘interesting’ names,” quips Chief Strategy Officer Niloofar Howe.) Bonesaw pulls Internet data to show what software runs on which machines around the globe, like a Google GOOG -0.55% Maps for hackers. With a few clicks a user can zero in on a computer and see its vulnerabilities along with a list of publicly available techniques to hack it.

Fick won’t say what Endgame’s government customers might do with that tool. In fact, he won’t comment at all on the specifics of Endgame’s government business, citing secrecy agreements. In a year in which the NSA has been accused of out-of-control spying, that lack of transparency leaves critics to assume the worst.

“It sounds to me like they’re trying to put a rose on a pig,” says James Bamford, author of three books on the NSA and a vocal critic of Endgame’s practices. “If you’re saying you’re on the right path but won’t say what you’re doing, the burden’s on you.”

Critics can’t deny, however, that Fick’s Endgame is different from the one he inherited from his predecessor Chris Rouland. In the early 1990s Rouland tried out rogue intrusion as a young hacker under the handle Mr. Fusion before putting his skills to use for the feds. He eventually became the CTO of Internet Security Systems and spun Endgame out of the company in 2008 after ISS was acquired by IBM for $1.3 billion. Under Rouland, the company offered an extensive package of zero-day exploits for $2.5 million a year, boasting of potential targets including Russian oil refineries and the Venezuelan Ministry of Defense, and promising “zero disclosure of discovered vulnerabilities” to software makers who could patch their weaknesses. “We don’t ever want to see our name in a press release,” Rouland wrote to a colleague in early 2010.

That clandestine business came to light only when the hacker group Anonymous penetrated Endgame partner HBGary Federal and published thousands of the company’s e-mails, including HBGary Federal’s proposal to attack donors and supporters of WikiLeaks on behalf of Bank of America. While other companies associated with the hacked firm apologized, Endgame became even more secretive, taking its website offline and scuttling its early commercial offerings. “Going dark was emphatically the wrong approach,” says Fick. “If you’re not telling your own story, people tell it for you.”

Fick, who worked at Bessemer Venture Partners and a Washington think tank after the military, was brought in by Endgame’s board to change that story. Kleiner Perkins’ Ted Schlein says he was impressed with Fick’s military-honed decisiveness. “I see things in him as a first-time CEO that I usually see in a second- or third-time CEO,” says Schlein.

Fick says he quickly nixed the zero-day development business and began hiring executives with commercial-software backgrounds. He considered changing the company’s name but decided it held too much branding value. “The name’s cool,” Fick says.

Endgame has never apologized for its history, and Fick refuses to start. “Apologize for what?” he asks. And he acknowledges that Endgame’s reputation provides a recruiting edge he’s reluctant to give up. “The guys who are really good at vulnerability research don’t want to go play in the sandbox and do penetration testing. They want to do it for real.”

Exactly what “doing it for real” entails, Fick won’t say. He’s visibly uncomfortable stonewalling questions, and cites his preference for transparency. In his days as a marine lieutenant leading one of the first platoons to invade Iraq, he even allowed a Rolling Stone reporter to leave recording devices in his troops’ humvees. Those recordings became the source material for the book and HBO TV series Generation Kill, in which Fick’s character plays a central role. “People have the right to know what’s going on,” Fick says of his decision to shed light on the military’s work. “A society that’s connected to its wars will go to war less often and will be committed to winning when it does.”

The same could be said of cyberwar–and the companies that enable it. Until Fick brings the darker part of Endgame’s business out of the shadows, his hacker-gone-straight story will have a major plot hole.

Fick clears his throat. He is younger than some of the sergeants he commands, and when he addresses the men, he often lowers his voice to a more mature and authoritative-sounding register. He introduces me in this official, Marine-officer voice, then leaves.
Evan Wright, Generation Kill 
- 2009 -

- 2009 -

On Tuesday, October 29, 2013, CNAS hosted a book event for Startup Rising: The Entrepreneurial Revolution Remaking the Middle East by Christopher Schroeder, member of the CNAS Board of Advisors. As a seasoned angel investor in emerging markets, Mr. Schroeder was curious but skeptical about the future of investing in the Arab world. Traveling to Dubai, Cairo, Amman, Beirut, Istanbul, and even Damascus, he saw thousands of talented, successful, and intrepid entrepreneurs, all willing to face cultural, legal, and societal impediments inherent to their worlds. In Startup Rising: The Entrepreneurial Revolution Remaking the Middle East, Mr. Schroeder marries his own observations with the predictions of these tech giants to offer a surprising and timely look at the second stealth revolution in the Middle East-one that promises to reinvent it as a center of innovation and progress.

Speakers at the event included: Christopher Schroeder, Author of Startup Rising: The Entrepreneurial Revolution Remaking the Middle East Member, Board of Advisors, Center for a New American Security and former Chief Executive Officer of HealthCentral.com and Washingtonpost.com, Newsweek Interactive; and Nathaniel Fick, Chief Executive Officer, Endgame, Inc., Member, Board of Directors and former CEO, Center for a New American Security.

"Hometown Heroes:Perspectives on the American Military Experience"

- April, 2013

On friday, always wear something RED to support them.

On friday, always wear something RED to support them.

Hardness, I was learning, was the supreme virtue among recon Marines. The greatest compliment one could pay to another was to say he was hard. Hardness wasn’t toughness, nor was it courage, although both were part of it. Hardness was the ability to face an overwhelming situation with aplomb, smile calmly at it, and then triumph through sheer professional pride.
Capt. Nathaniel Fick