March saw UberKnowledge in conversations with Malcolm Harkins of Cylance, Kristina Podnar author of The Power of Digital Policy, Ajit Sancheti of Preempt, Dr. Andrea Little Limbago of Virtru, and Hema Lakkaraju of Ansa Solutions. We covered topics as diverse as social science and data protection, the rise of the cyber industrial complex, digital policies as a framework for creative freedom, and the need for cooperation in cybersecurity. If you haven’t had time to listen, check out our summaries below.
Dr. Andrea Little Limbago, Chief Social Scientist, explained her unique role with Virtru at the intersection between security, privacy, and the human element. She welcomed the broader awareness of hacks as a privacy issue, as well as a security issue, and felt this offered an opportunity to develop a defense strategy. Andrea pointed to the importance of data quality over data quantity and asserted that companies need to be able to explain what data is going into their AI models and why they need it. Her belief is that you shouldn’t need years of hacking experience or a PhD in Computer Science to understand how to protect your digital assets. She suggested the security industry look at how humans interact with technology, as technology should serve us, not rule us.
Andrea described the security community as a group of really creative group of people and pointed out how many different disciplines – from economics to psychology – are relevant to this field. In Andrea’s experience, the best way to increase gender diversity in this male-dominated field is to amplify and emphasize women and their achievements. She ended the conversation with the powerful observation that increasing diversity is not just the responsibility of the underrepresented, it is everyone’s responsibility.
Malcolm Harkins, CSO at Cylance, described his view of the CISO/CSO role as far more wide-reaching than is traditionally considered. He discussed the three things that business wants: risk managed, cost lowered, and friction controlled. He argued that CISOs should be measured on their ability to deliver those three things.
He offered his controversial opinion that the security industry profits from the insecurity of computing at an economic level and therefore has no economic incentive to solve the problem. He pointed to the fact that companies throughout the industry all purport to sell solutions that manage risk, yet risk has grown unchecked and unmitigated. Even worse, Malcolm believes we are seeing the rise of a cyber industrial complex. His advice is simple: focus on protecting your customers to the best of your ability and the result will be limitation of liability. He ended the podcast by describing himself as a hopeful guy and said, “Focus on the fact that technology done right can connect and enrich lives and can create social and economic benefit.”
Regulations like GDPR are often viewed as a necessary evil, but in her conversation with UberKnowledge Digital Governance Advisor, Kristina Podnar was keen to point out that they offer so many more opportunities than restrictions. She drew a clever analogy comparing digital policies to a boundary fence, explaining that the limits of her family’s backyard fence gave her son the freedom to be creative and that policies can do exactly that in the corporate world. However, she cautioned that policy implementation should be the responsibility of just one person, as clear and delegated authority is essential in this area.
When discussing the lack of gender diversity in cyber, Kristina confessed that she had no negative stories. Her guidance for anyone — male or female — entering the cybersecurity industry was to stay busy and keep learning. In fact, she recommends everyone “just go for it and be one of those people that get things done.” It’s great advice.
Hema Lakkaraju, CEO of Ansa Solutions, brought the unusual topic of compliance and strategy to the table. She argued that compliance should be strategized and integrated to help it keep up with fast-changing industry innovation. She suggested compliance heads seek a more meaningful role and look first to understand the business, the market, and the product, before creating a compliance model. She described what a compliance strategy should look like and insisted that education is key, pointing out that no-one needs to comply with all regulations, but it is essential to know which regulations apply to you.
Hema believes that compliance needs to step above the traditional definition. In a time when people are beginning to understand the value of information, she feels strongly that cybersecurity needs to be built into products from the very beginning. In her opinion, this means compliance teams must be mandatory within the design and product development process. She candidly told businesses that they are answerable to the customers they design for, so they should build trust into their products because without the customer, there is no business.
When asked what he wanted from RSA 2019, Ajit Sancheti, Co-founder and CEO of Preempt Security replied that he wanted to know where enterprise CISOs are finding their biggest challenges. He shared that vendors will need to be more open with each other and their technologies for the cybersecurity industry to truly progress and succeed. He believes we will see mature technologies on platforms and bleeding-edge technologies as point solutions with CISOs having to judge where to use which.
Ajit discussed the overlooked role of cybersecurity in the M&A process pointing out that CISOs need visibility and the tools to gain insight during this crucial time. As CISOs do not have a veto in the M&A process, Ajit recommends they tell the board how they will manage risk post-transaction.