recent

Admiral Thad Allen, SF ’89, and Frank Finelli, SM ’86

The War Between Technological Productivity and Human Skill

50 Years of Coast Guard Sloan Fellows

Alumni

Cybersecurity

Stephen Boyer, SDM ’08

In this episode of Sloanies Talking with Sloanies, host Christopher Reichert, MOT ’04, interviews Stephen Boyer, SDM ’08, co-founder and chief innovation officer at Bitsight. The conversation reflects on the evolution of cybersecurity, including the complexity of cyber threats and the challenges companies face in managing risks. Boyer shares insights from his career, discussing the importance of transparency in cybersecurity incidents and the role of AI in enhancing security practices. He also emphasizes the value of a mission-driven career and the need for continuous learning.

Boyer also discusses his experiences at MIT Sloan, highlighting the impact of the MIT 100K competition and the broader MIT ecosystem on his entrepreneurial journey. He offers advice to prospective Sloanies, encouraging them to immerse themselves fully in the MIT environment and to align their studies with their long-term career goals. The episode provides a blend of practical cybersecurity advice and reflections on the significance of strategic thinking and innovation in one's career.

Sloanies Talking with Sloanies is a conversational podcast with alumni and faculty about the MIT Sloan experience and how it influences what they’re doing today. Subscribe and listen on Apple Podcasts, Google, and Spotify.

Episode Transcript

Christopher Reichert: Hi, I'm your host, Christopher Reichert, and welcome to Sloanies talking with Sloanies. My guest today is Stephen Boyer, a 2008 MIT Sloan System Design and Management graduate. Welcome.

Stephen Boyer: Thank you.

Christopher Reichert: This is a special podcast episode because for a few reasons. First, Stephen and I are in person, which is, I think the first, uh, episode I've done in person in years. It feels like pre-COVID, actually.

Stephen Boyer: Throwback episode.

Christopher Reichert: And it's also our sixth year of doing this podcast, and we're in the same building where we started. So, we've come full circle. And I was thinking that, you know, I think Smoots. You know smoots?

Stephen Boyer: Sure.

Christopher Reichert: I think they measure distance, but I would think that I think we need a unit of Smoot that measures time. And so I was thinking, how would we possibly do that? And I was thinking, well, let's see, Oli Smoot was 18. I'm going to assume when he got measured as a smoot.

Stephen Boyer: Yeah, the first year.

Christopher Reichert: So we've been doing this now for six years. So I guess I would call this we're one third of a smoot old as a podcast. What do you think? Is that going to stick?

Stephen Boyer: Sure.

Christopher Reichert: Maybe it needs more work.

Stephen Boyer: Why not?

Christopher Reichert: Well. Welcome again. So I'm going to give some listeners some background about you. So in 2011 Stephen co-founded and as Chief Innovation Officer at Bitsight. And four out of five top investment firms use Bitsight and almost 40% of Fortune 500 companies do it. Unless it's changed and Bitsight is focused on identity exposure, prioritizing investment, communicating with stakeholders and mitigating risk in an expanding digital ecosystem. So more on that shortly.

So prior to Bitsight, Stephen was the president and co-founder of Saporix, a company spun out of MIT Lincoln Labs. So, good MIT connection. There he worked with the Cyber Systems and Technology Group, focused on vulnerability and network topology, risk analysis, and led R&D programs solving large scale national cybersecurity problems. I sense a theme here.

Stephen Boyer: Yes.

Christopher Reichert: Stephen is a member of the CNBC Technology Executive Council. And interesting. You've been chair or at least a part of the supervisory committee at MIT Federal Credit Union for over 20 years now. That's great. I have some money there. So since my days.

Stephen Boyer: We’re watching out for you.

Christopher Reichert: Great. You also held a Bachelor of Science in computer science from Brigham Young University. So did I miss anything?

Stephen Boyer: That's probably. That's pretty good, actually. I'm impressed.

Christopher Reichert: Excellent. So how do you how do you relax and unwind after all those stressful topics of cybersecurity and national security problems?

Stephen Boyer: Yeah. So I have really a passion for mountaineering. And I used to climb bigger mountains. Maybe that's a different podcast on some of those things. And then during the pandemic, I picked up piano again. And I had played growing up learning the Suzuki method. So maybe some of the listeners remember that it was very auditory, but I never learned to sight read. And so you can pick songs up by kind of plugging away from by sound.

But I just it's really hard to just sight read. So I taught myself how to sight read. And so I played the piano. I find it very cathartic. I'm not any good, so don't ask me to perform. But I just find it's a really great way to de-stress. And I've just developed a passion and love for the kind of the classics, which I hated growing up. I wanted to play like Axel F and journey on the piano, and I couldn't because I was playing, you know, the old song. And I just really appreciate kind of like just the brilliance and genius of some of the masters. So, hey, that's one of the ways I like to relax. And I'm living in Lisbon, Portugal, until we get to go see the sights to around and learn some of the history.

Christopher Reichert: So let's see, how about we start with some startling facts, just to get us all scared out of our wits. Every week, every day we hear about data hacks and leaks. It's almost the norm, not the exception. And I looked up the top ten and it made my hair stand on end.

So the number one was MGM Resort breach, where hackers claim to have exfiltrated data threatening to expose information unless a significant ransom was paid.

Stephen Boyer: Yes.

Christopher Reichert: Then there was First American Financial Corp. 900 more or less million files containing sensitive data from over a 16-year -period were exposed. UnitedHealth. Just recently…

Stephen Boyer: You got it…

Christopher Reichert: …paid a ransom in 2024, and the list goes on Twitter, Quora, Facebook, Cambridge Analytica. And it's all of what you say is that cybersecurity is a potentially existential risk to organizations both large and small, and governments. It's also hugely complex with ever changing threat landscape, but it's also potentially lucrative if ransoms are paid. So because it's so common, it doesn't seem like the shame, like in the early days when you had a breach it was this shameful event for an organization, but now it seems doesn't that doesn't seem to be much of a deterrent. Am I getting that wrong?

Stephen Boyer: So I'm not sure if the shame factor is completely gone, but there was historically a very much a mentality of blame the victim, and what I mean by that is, hey, it's your fault that somebody came in and took your stuff, right? Like you should have kept the door locked with three deadbolts instead of two, right? I think we've come a long way in recognizing that these gaps happen.

I think it's more the question will come, how do companies respond? What was their thinking? What was their risk management process? What was their controls culture? And I think where the market is much more accepting is when people say, hey, we did the best we could, and here's what we did and here's how we communicated and were transparent in that response. Where the market has punished a little bit more has been less transparency. Or in some cases, you know, there's a lawsuit right now against the CSO at SolarWinds, which was another major breach going after an individual. And so it's an interesting one. What the SEC is claiming is that they weren't transparent in their disclosures or didn't follow the proper disclosures. And so I think the trend it will be towards more transparency.

And I think the market will recognize that there is no perfect system. But the question will be, hey, did you have the right risk management process in place? Did you follow that? You know, did you have the right governance? Because I think we have car accidents. We have other sorts of, you know, other sorts of accidents. Over time, I think, you know, air accidents have gone way down. Right. And it's high, you know, high degrees of safety there. We still have them, but we kind of learned where we put the black box in. You had to report the National Transport Safety Board. So we got to learn like where the accidents were.

I think there's an opportunity for that in cybersecurity, which is as companies become more open about it and share best practices. Hey, here's what happened to us. Hopefully that doesn't happen to you. I think we can make a lot of progress. But yes, for a while there it was. Hey, it's your fault. It's embarrassing for you. Uh, where I think some of the stigma is down. However, like for UnitedHealthCare, they predict that's going to cost them $1.6 billion. Right?

Christopher Reichert: In market?

Stephen Boyer: Well, they just in cost, right? In cost to fix it. And then revenue loss etc. And so that may go down as of right now, the single largest, most expensive, MGM Grand was about 100 million. Um, and so it can be very costly. Right. So that could be, you know, some other things that, that hits for more than just kind of perception that may really impact the viability of the company.

Christopher Reichert: So this so they paid the ransom as far as.

Stephen Boyer: As far as I know they did. But it's still a disruption.

Christopher Reichert: Absolutely. Yeah. So it's the old it's not the crime. It's the cover up that punishes.

Stephen Boyer: It's a really interesting debate. And maybe that's another podcast around pain or not. But as you say, MGM decided not to pay and it cost them $100 million. And Caesars, which almost nobody knows about around the same time, did pay, and it was about a $30 million ransom. The disruption is oftentimes much more costly than paying the ransom. Now, you could argue, well, that just enables the criminals to do it again, right? But if you're a rational person, you may say, well, what's the trade off? Right.

So there was a case in Australia where attackers got a hold of medical information. A company called Medibank in Australia, and they said, hey, if you don't pay the ransom, we're going to release it. And that medical information had information about abortions, cancer, etc.. And they decided not to pay. In Australia, they reported 10,000 plus crimes that were directly linked to that information that was leaked. And so, you know, I sit in my seat and I think, hey, if I were in that, I'd probably want to go to each one of those people and say, hey, I did everything I could, including paying the ransom, right? But hey, but they also, you know, they had their own reasons for not doing it. So it's a really tough call. I think the FBI officially says don't pay, but I think each organization is going to have to decide, hey, what's the best for our particular situation?

Christopher Reichert: Right. I imagine it might be. Well, I had two thoughts on this. One was, you know, the with the profit imperative of organizations to quickly get to market or be the best in the market, or in Facebook's parlance, you know, break things, you know.

Stephen Boyer: Go fast...

Christopher Reichert: Go fast and break things. You know, whether it's domestic competition or international competition, you want to kind of like be dominant in in the digital market because it is international. And I wonder, you know, and there's a winner takes all component to that. Right. If you are you know, let's not say monopolistic but close to it. You know, you can really, you know, cream off a lot of the profits. I wonder if that's like a, a built in incentive to not be as rigorous as you could be.

Stephen Boyer: Well, so that that is a really interesting debate was are there market incentives that will incentivize the right behaviors? We certainly participate in that to some degree at Bitsight. We can talk about that a little bit more. But, I think the incentive to go fast, break things, but really grab market share is we're probably investing more in capability and digitizing.

There's huge amount of investment that's happened in digital transformation even in the last five years with the pandemic, but what there isn't, we get all the benefits of that. But if you don't invest in a commensurate level in the controls, you open up to a lot more risks, right? And so I think we've learned in risk management and a lot of other disciplines that for everything you do, there's a tradeoff. And I need to be able to manage that risk a little bit better. And so I think what we're starting to see in cybersecurity is yes, you'll get a lot of those benefits, but there's a downside risk on that. And I think you need to invest some commensurate amount of whatever you're putting towards the move fast and break things. Well, what if something goes wrong? What if we break something and it really goes south? Did we, you know, invest in this other side of it? I think it's still early days in an area called cyber risk quantification, which is well, how big is that risk really in terms of financial terms? Because I think that's how boards and regulators will think about it. It's still early days, but that's one way to be thinking about what is the risk that we're taking here, even though we're investing and trying to grab market share and put out capability, what could really go wrong? And some people will transfer that risk and insurance, or they'll hire or they'll invest in other sorts of controls.

So, there's definitely market pressure to avoid it. But I think that what we're also seeing is increased regulation, which is the SEC new disclosure rules, etc. are going to make it so you can't.

Christopher Reichert: Yeah, I was thinking about the, you know, the safest possible car, for example, you know, is not something we would probably want to buy. Right. Because it's and the same thing might be true for data security. You know, back in 2010, Mark Zuckerberg famously said, he said that the rise of social networking online meant that people were no longer should have an expectation of privacy.

Stephen Boyer: I remember that.

Christopher Reichert: Yeah. I mean, there was a hew and cry, right? But there was also like a he's probably right, darn it.

But I also think that, you know, with the rise of online activities, everything from B to B, B to C, C to C, everything that we do is so much online. Is it reasonable to say the tradeoff is a lot of our information is given away for free in return for some services. You may say that's not a great value, but it seems convenient for us, right? But there's also a lot of our personal information that's out there that I wonder if that's leveraged. I mean, it obviously is leveraged by, you know, the building blocks of identity theft. If they can take bits of information about you, then it can just it can make it even worse. So all these data breaches at MGM or UnitedHealthCare or any one of the other ones, it's not so much the specific information that's captured in that one breach. It's how it goes into the big stew of information that's out there that then gets put together by nefarious minds.

Stephen Boyer: Yeah. So if you take MGM, for example, it was a social engineering attack initially, and at least as reported by the Wall Street Journal, one of the attackers said that they found the information to impersonate the employee in the dark web. All right. Hey, I found their background. Whatever information they gave to the IT group to reset the password was legitimate. It was real. Right.

And so one breach can actually facilitate the next. And that's, you know, kind of what's happened here. I think the horse has probably left the barn in terms of getting that information digitized. Right. We have so many benefits by moving to digital healthcare that the question of this next decade is, how do we secure that? Right? How do we manage that? How do we put the right incentives and because of the damage, can be pretty big. I just use that example in Australia. But I also think that the benefits are so high by making that available, by storing that information. I mean, you think about, hey, how do you protect that and use that in a reasonable way?

We can get to AI maybe a little bit later, but those AI models rely on huge data sets. How do you make sure that none of that data leaks when somebody queries it a certain way? So I think we have huge benefits that we've reaped from, from the digitization. And I just think that now it's become really clear. I mean, maybe ten years ago there were inklings of it and people rumblings, I think today that there's not a board that's not worried about cyber risk. Right. And so I think that could be regulatory or reputation or revenue hits. But I think that's where it's like, okay, which data do we have. Do we need to keep it. Where are we collecting it on. Right. And where is it geographically. So I think some of those conversations have definitely shifted.

Christopher Reichert: You invented the cyber ratings industry and you recently partnered with Moody's. So tell us a bit about how that works. I read that you have the largest risk data set. You monitor over 40 million organizations and over 44 trillion, with a T, events, and you combine that with a correlated cybersecurity risk engine, some AI you mentioned and then obviously human insights. So tie that together for us how that all...

Stephen Boyer: Yeah. So the gap that we were really focused on, I think, and I take it back to what we talk about with advice to other Sloanies, which is we try to understand where there was pain in the market, and it came not just from our own observation, but we were doing something else that we had spun out of MIT and someone came to us and said, you know, it's really hard to figure out is how good the other guy is at cyber. Like, I can look at my own stuff, I can audit myself, but it's really hard to know looking at somebody else, how somebody, how good somebody else is. And so we went and studied and looked around and said, hey, what is a successful model where people have been able to do that? And it turns out consumer credit ratings has been fantastically effective at being able to issue credit by figuring out how good somebody else is, but not relying on their own disclosure, because what people were worried about is, of course, I'm going to ask you, Christopher, how good are you paying your bills?

And you're going to say, I'm amazing. I pay them all, all day, every. I have never had an issue. It's like, well, how do I know? Right. I was like, well, let me go check the record. And so in cyber, there was no equivalent to that. It was mostly everybody attesting to how good they were. And so there was very little trust but verify. And so like, hey, we looked at some of those other models and worked with people who had that pain and said, hey, what if we came up with a novel way of providing that? And the nice thing about the model was we looked at what the credit bureaus are doing, and they were collecting data not from you, but from other places that when no information about you, they're not asking you to submit a spreadsheet in your budget. They're collecting information about your spending patterns and paying back debt. And by doing that and by building those models over time, they've gotten pretty good at the risk of issuing credit to an individual. But from a risk management standpoint, it's actually pretty powerful. And so we really took that model and said, okay, what information can we collect about organizations, not individuals, that's going to give us an idea of how well they're implementing their cybersecurity practices? Can we watch it over time instead of waiting for an annual test or an audit opinion? Can we get something that's much more real time and empirical, as opposed to something that's more episodic and we would call subjective or in some cases aspirational.

Christopher Reichert: And so that's like a second leg of the stool. So Moody’s for example would be sort of financial and governance perhaps. And so this is this is your data governance policies.

Stephen Boyer: Yeah. So what we can we can observe very directly. And let's just take MIT for example. It's a very open campus big IP address space because education owns a huge amount of the internet. We can see what kind of services MIT is running. We can connect to them. You can query them. Of course, Google crawls and we crawl some of the other protocols and we can learn how are they doing, how quickly do they update when new vulnerabilities are announced? How long does it take MIT to patch? It could take them 30 days, 90 days, 180 days. How long it takes them actually says something about the sophistication, their processes, their people. And then you just look at that and you can compare.

That's the type of thing that was really hard to be able to do. When you think about the Moody's partnership, they see cyber risk as a key financial risk, which absolutely makes sense today, which is if you're going to look at credit risk, if somebody's not paying back the debt on time and in full. Well, we think about MGM. Not everybody can handle a $100 million revenue loss. Right? We'll see how it works for UnitedHealthCare. And so they're trying to account. We're working with them to build models to at some future point cyber will factor into the credit rating. And so when somebody goes into the market they'll need to be able to understand how's the governance, how the financials how's the cyber? Which I think is super important as you just started the whole conversation out, hey, cyber risk has a business component and a business risk to it, right. And so blending those two together is really important. So when we tied up with them it's really like, hey this is an important business risk that needs to be accounted for and priced. And a lot of people believe that it just hasn't been priced well because they just haven't had the visibility. So for us, it's about being able to provide that visibility and transparency instead of analytics to make those good cyber risk decisions.

Christopher Reichert: And so talking about artificial intelligence, is that, for Bitsight, a matter of accessing this huge amount of data that you have and making sense of it more rapidly than you ever could before?

Stephen Boyer: There are actually several, several layers, which I think with artificial intelligence, every organization is going to have to bring in and espouse best practices. I don't think anyone today brags about we use spreadsheets. I think a lot of this will happen is you'll have businesses learn to embrace a high degrees of efficiency automation. Gartner's predicted that I think 70 plus percent of developers are going to be using AI coding tools to develop their software. I have good friend, at a major software company, his productivity went up by 10x, he said, by starting to use some of these tools. So I think you have that kind of layer, which is, hey, how do we just get good at doing the things we do? We just need to be able to do that.

The next layer is how do we provide those capabilities to our customers? How do you provide a better experience? Do you have better insights and just make sure that you have better outcomes? Maybe that's lower cost or higher degrees of efficiency. And so we're obviously investing in to be able to provide those to the customers. And then, you know, stay tuned. But I think there's opportunities for a real leap ahead. And for us because we believe our one of one of the key things that we have is data sets. And the data sets drive the models. Right? And so if you have really good data, you're going to be able to provide really interesting models and capabilities. So I think I'm optimistic.

But where I'm most optimistic right now is human, plus AI. What we'll see is huge productivity gains, high degrees of automation, etc., which we've done in a lot of other ways of technology.

Christopher Reichert: Yeah, I mean, one of the things that we talked about it when I was at MIT was the notion of creative destruction. And, you know, it sounds very well. It sounds exciting.

Stephen Boyer: But will that replace the human at this point? I don't see it. I think people using the actual tools know that there are a lot of limitations, but they're actually pretty powerful for some things. And so that's where I think, hey, if you can combine the human and the AI would be for generation of ideas or for support, uh, I think you're making some advancements.

Christopher Reichert: So you had a computer science degree at Brigham Young. And then how did you decide to to get your master's degree for systems design management?

Stephen Boyer: Yeah. So a couple of examples. So I was going to school during the dot com boom, which if you were alive at that time, was magical.

It was truly magical. People were becoming rich off of IPOs. I went to this event. It was a Java one, which was run by Sun at the time, and it was a big event in San Francisco. And there was literally a sign that said, write your app in Java, go public, get rich.

And so I got to live through that time. And I was an engineer. And so I got to see how it worked out from the business. We did go public, which was which was pretty interesting. But I also got to see some mistakes that we made where I was frustrated. And so during that time I decided, hey, I want to go do something a little different. I have an opportunity to work at MIT Lincoln Laboratory in Lexington and work in cybersecurity, which is an area that I was fascinated by. And I saw that as, hey, that's going to be an interesting area of future, and we would work on really some interesting next generation projects for mostly Department of Defense. We got to live the cyber world decades before a lot of the commercial market did.

And so we invented some really cool things. And where I got a little bit frustrated is we would invent something that was really cool. And then we had to shelve it because the funding winds changed, right? It's like, hey, time for that project. Now we're moving on to the next project. And we would disclose some of those things to the MIT Technology Licensing office. And one time we had a group of VCs come in and they said,” hey, we're thinking about licensing this, what's the business model?”

And I thought, hey, for me to really have the impact that I want to have for the things that I work on, we really need to be able to take things that are in the lab and make sure that they're commercialized. And so I applied and got what's called the Lincoln Fellows program to be able to go back and participate. And I chose the SDM program because I thought, hey, that combination of the technical side pulling together these different systems and sort of on the on the business side, have a really interesting, powerful combination.

Ed Roberts was my thesis advisor and I really kind of looked at, okay, how do you take these things and what kind of systems do you need to put in place to have this have a real impact? And so I decided after I wrote it that I needed to walk the walk, you know, can you really go do it? And so we did. We actually spun out some of the patents that we had worked on. And so I left, you know, that company got acquired pretty early on. And that's where we got the ideas for, for Bitsight.

Christopher Reichert: So you were at MIT Technology at the Lincoln Lab and then you came to Sloan.

Stephen Boyer: Exactly. Yeah. And I was taking some courses in Course 6 because I thought I wanted to do more of that. And it's an area that really fascinated me, but it was this other angle that I thought, hey, you could do the best technology, but if you don't have a way to give the business model, you may not have the impact you want.

Christopher Reichert: So is that is that if you look back on your time at Sloan, do you think that's the change that that transformed you, that you came from a technology background?

Stephen Boyer: I think I think I had an idea of what I wanted to do, and I did want to do more entrepreneurship at the time. And so that was motivating.

I think one of the key things for me was the MIT 100K competition. I was able to participate in that and get really exposed to the broader MIT ecosystem, which was fascinating, right? I really enjoyed that. We took second, it was a not-for-profit healthcare company that was going to save the world from disease. And how do you get to compete with that with, you know, cybersecurity. But I think it really just ignited my passion, and it really gave me a vision for where things could go, right.

I mean, we had mentors. We got to get feedback. I was taking the new enterprises course and so I think it gave me a real vision of, hey, I could do this right. And I think it really gave me the confidence and really the support from an ecosystem that really exists here that's really strong. You know, there's the nuts and bolts of business, you know, plan courses. You know, I was taking. And so I'd say that was really helpful. And then of course, I met the people around me. And even just, you know, today was with, you know, several former entrepreneurs that I got to meet.

There's the founder of HubSpot or the founder of Okta. We're all there. We're all there at the same time. And so it's a really great, you know, ecosystem that existed at the time that I think was very inspirational.

Christopher Reichert: So if you think back on your time at Sloan and it was a two year program, right?

Stephen Boyer: Yes.

Christopher Reichert: And you've been out now for a few years. Do you look back and go, wow, I wish I'd taken that course, or I wish I had studied harder on that?

Stephen Boyer: I don't have many regrets. Actually, I've really just loved my time, and I feel like I had to be very selective of where to spend it, because you can do so many things. I didn't ever do a track. I guess maybe that would have been fun. However, I was spending time talking with potential customers, building my business plan and deck for the 100K competition. Right? So you're going to have to trade some things off because there are so many opportunities here at MIT. There's Sloan and there's the broader MIT, as well. So you have to you'll have to be selective.

I found that by having a vision of where I wanted to go after helped me be really selective. One thing I wanted to know is like, how did venture and private equity work? So I volunteered for the private equity symposium and helped out with that. Where you can volunteer and spend your time, it gives you a lot of opportunities to learn. So I'd say I don't have really any regrets. I feel like I just had to be really selective because you just can't do it all. There are so many different, really cool opportunities, and some of it is maybe there are things that I just didn't know about that I could have taken advantage of. But I feel like the people that I met, the experiences that I had, the engagement with the faculty was fantastic. And I think maybe the single most fulfilling thing was a club. You could call that the student run MIT 100K competition. And so I think you may or may not have that vision when you come in, but I think you can get exposed to a lot of things very quickly. And so it's, you know, spend the time to go get that exposure.

But I did not anticipate how valuable the business school curriculum would be. A lot of people are like, I want to go and get the degree and that sort of thing. But I think the curriculum and the, the content was like, okay, I want to do that. And so I want this content. It wasn’t I just need to get through this to get the degree, to go get the job. It was like, I need this content to be able to do the things that I want to do afterward. And so I think that really helped me structure the decisions that I needed to make to decide what to take and what to participate in.

Christopher Reichert: And you started Bitsight here in Boston?

Stephen Boyer: Yes.

Christopher Reichert: And when did you move to Portugal?

Stephen Boyer: About a year and a half ago. It's temporary, really, to just focus on our customers and growth in Europe. What we got feedback from our team was that we were too US-centric. When you're there in country, you're there with the customers. You get to read the local news, you get to understand what are the regulations and what are people facing. So it really gave me a higher degree of empathy for that particular market and the customers in it. So I think that's been great.

And then also our teammates, what are they going through? What are the political situations? What are the taxes? What are the cost of living? And by being there, it's very different than showing up and seeing if you have taken a few meetings and staying in the hotel as opposed to being there. And so I think for me, it's just been a real big dose of empathy for our customers and our teammates that I think has been really helpful. So so stay tuned.

Christopher Reichert: So I have two last questions for you. And you can answer one or both. What is your personal definition of success. That's one. And the other one is do you have any advice for prospective Sloanies?

Stephen Boyer: So what I talk to our teammates is about is most of the studies around humans and where they find happiness is around having some sort of mission, being part of some mission that you really care about.

Do you think it's having some sort of great impact and being part of something bigger than yourself? So I think being able to find that is hugely successful. The other one is kind of like mastery and okay, am I doing something? Am I good at what I do? Right. I think it's like, hey, am I can I be really great at what I do? And I think the third one is, hey, do I have some degree of autonomy? Do I get to decide my fate? Do I get to decide what I want to be really good at, and what kind of mission I want to do? And I think if you do those sorts of things and can align with your values to be able to do those things, and hey, if I really value these things and I can do that while going after those missions, I think that's a pretty, you know, successful career. I feel very fortunate that, you know, what I've been able to do. And I think if you're creating it well, you get to forge those values, right? I mean, by founding the company, we were very deliberate on the culture that we wanted to create and that we wanted to be a part of.

And so I think that's one of one of the benefits. But you can change that culture and create those values wherever you may go. So I'd say, hey, you know, join a mission that you really can believe in. Become really good at what you do, and you're never done with that. And then, you know, work to have some degree of autonomy. If you're really good, you're going to have some amount of decision rights and ability to decide what you want to work on.

Christopher Reichert: That's great. And for prospective Sloanies in terms of choosing, you know, the different programs and for that matter, MIT?

Stephen Boyer: I mean, there's probably not anything that I haven't heard, but you can really immerse yourself in the ecosystem here, which is just fantastic. So many different ways that you can go. I'd say if you're just focusing on the coursework, you're missing out. I mean, you're going to miss out some things. I think the coursework is fantastic, but I think so much more that's going to be enriching to you will be found outside the classroom.

The other thing I would just say is, hey, the content and the experience will be much more beneficial if you know why you're doing it. It's like, I need it because I want to go here, and I know some people go to business school to kind of do a transition or they're not quite sure what they want to do, but I'd say it is really helpful to say, I need this. I'm taking this finance course because I need to know this thing. I'm taking this new business course because I'm doing this thing. Um, and I think that could just make it just that much more beneficial and enriching.

Christopher Reichert: That's great. Well, I'm so glad we caught you on your trip back from Portugal, passing through Boston. So thank you to Stephen Boyer, a 2008 MIT Sloan System Design and Management graduate, for joining us on this episode of Sloanies talking with Sloanies.

Stephen Boyer: Thank you.

Christopher Reichert: You can learn more about Stephen and Bitsight at bitsight.com and contact him at boyer@bitsight.com and you can also learn more about the System Design and Management program at sdm.mit.edu.

So thanks for joining us and thank you very much.

Stephen Boyer: Pleasure.

Christopher Reichert: Sloanies Talking with Sloanies is produced by the Office of External relations at MIT Sloan School of Management. You can subscribe to this podcast by visiting our website, mitsloan.mit.edu/alumni, or wherever you find your favorite podcasts. Support for this podcast comes in part from the Sloan Annual Fund, which provides essential flexible funding to ensure that our community can pursue excellence. Make your gift today by visiting giving.mit.edu/sloan.

To support this show or if you have an idea for a topic or a guest you think we should feature, drop us a note at sloanalumni@mit.edu.