Sikorski Interviews Michael Daniel
The cybersecurity industry faces a peculiar paradox: companies that compete fiercely for customers must collaborate intimately to defend against shared threats. This delicate dance between competition and cooperation creates what Michael Sikorski, CTO and vice president of Engineering at Unit 42, aptly calls a world of "frenemies with benefits."
In a recent Threat Vector podcast conversation, Sikorski explored this dynamic with Michael Daniel, president and CEO of the Cyber Threat Alliance (CTA). Daniel shared insights from his unique vantage point as both former White House Cybersecurity Coordinator and bridge-builder between competing security vendors. He has spent over eight years proving that collaboration can work, even when millions of dollars in revenue hang in the balance. His perspective reveals why the biggest barriers to effective threat intelligence sharing aren't found in server logs or API endpoints, but in boardrooms and corporate cultures.
The Moment Everything Clicked
The first sign that cybersecurity collaboration could transcend competitive instincts came during the 2017 WannaCry ransomware outbreak. As the malware spread like wildfire across global networks, Daniel assembled competing security vendors on a single call to share what they were seeing. Daniel remembered:
At the beginning of WannaCry, everybody thought that [it] was being spread by an email vector. When we assembled the different CTA members on the call and everybody started saying what they were seeing and nobody was finding an email vector for WannaCry, it was one of those things that you could almost feel it around the room…like, well, wait a minute. If nobody among this set of people is seeing an email vector, maybe there's not an email vector.
That collective realization prompted everyone to look in different directions and ultimately helped the industry understand WannaCry's true worm-like propagation method much sooner than they otherwise might have. It was proof that when competitors pool their visibility, the sum becomes greater than its parts.
The Human Barriers to Sharing
Despite breakthrough moments, like the WannaCry response, meaningful collaboration remains frustratingly elusive across the cybersecurity industry. The barriers, Daniel explains, are far more human than technical.
"Some of it is technical but not very much," he notes. "A lot of the barriers are more cultural. They're more legal. They're both real and perceived barriers. There's concern about where am I actually making my money? Are there liability concerns that we might have some downsides to sharing customer exposure?"
The reality is stark: sharing intelligence typically ranks as someone's fifth or sixth priority, not their primary focus. "When you see it work, it's usually because somebody has made it a priority. An executive somewhere has made it a priority for it to happen. Otherwise too many other things just get in the way."
This cultural resistance extends beyond individual companies to entire government frameworks designed to ensure fairness but often creating bureaucratic paralysis instead.
The Government's Impossible Balancing Act
Having navigated both sides of the public-private divide, Daniel sees fundamental tensions that make collaboration challenging. The federal government operates under constraints that don't exist in the private sector. Constraints designed to prevent favoritism but that often hinder an effective response.
"If you are working with one entity in the private sector, you've gotta work with all of them equally," Daniel explains. "And the truth is that in cybersecurity, not all companies are created equal, and some entities in the ecosystem are more important in certain situations than others."
The result? Government agencies struggle to assemble the most capable response teams quickly because they must include everyone equally. Meanwhile, private companies grow frustrated with bureaucratic processes that seem divorced from operational urgency.
"We need to bring a lot more understanding to the collaborations and have respect for the constraints," Daniel emphasizes. "Every minute that private sector companies are spending working on this thing with the government, they're not making money."
The Economics of Sharing
The key insight that makes the Cyber Threat Alliance work lies in understanding what companies actually compete on versus what they can safely share. Daniel's argument is counterintuitive but compelling: Sharing threat intelligence actually makes companies more competitive, not less.
"Virtually no one really makes their money off of providing threat indicators," he explains. "You don't go to customers and say, here's a bunch of indicators for you: Good luck with that. Instead, what you're really competing on is what you do with the threat intelligence. You are competing on the basis that my technology is better, my customer service is better, my understanding of your industry is better."
When companies share raw threat data, they're raising the competitive bar for everyone, forcing differentiation to occur at higher levels of value creation rather than basic threat awareness. The result benefits both individual companies and the broader ecosystem.
Building Trust Through Clear Boundaries
Trust doesn't emerge from good intentions alone; it requires concrete guardrails and consistent enforcement. The Cyber Threat Alliance has built this trust through ruthlessly clear boundaries about what can and cannot be discussed.
"We have an antitrust compliance statement that we say at the beginning of every meeting," Daniel notes. "One of the things we talk about are threats and what the bad guys are doing. One of the things that we do not talk about are products, prices and anything related to a future roadmap for our members."
These well-defined parameters, provided upfront, give companies confidence to share sensitive information because they know exactly what's in scope and what's off limits. Even more importantly, the alliance enforces these boundaries consistently, treating all members equally and maintaining strict embargo protocols for early threat intelligence sharing.
The Path Forward
As threat actors increasingly leverage AI and automation to accelerate their attacks, the cybersecurity industry faces a choice: Continue competing in silos or evolve toward systematic collaboration. Daniel's experience suggests the latter isn't just possible; it's essential for survival.
"Cybersecurity is not impossible," he emphasizes:
The truth is that you can actually materially reduce your cybersecurity risk. And there are things that we could do at the systemic level to reduce our cybersecurity risk. As a society, we are not helpless.
The challenge isn't technical infrastructure or threat intelligence formats; it's building the cultural bridges that turn industry frenemies into genuine allies. In a world where attackers collaborate seamlessly across borders and business models, defenders can no longer afford the luxury of going it alone.