In the arms race of cybersecurity, we know that CISOs have many commitments and priorities to juggle. We’re humbled by the audience we were able to gather at the kickoff, and excited about the insights that emerged from the conversation. Here are some highlights from the session:
- Microsoft principal architect Hyrum Anderson shared a presentation on Securing Machine Learning Models from Adversarial Attacks. While the conversation about ML security is really about risks and not threats at present, he shared that security posture for AI and ML for most organizations is close to zero; that lack of security is actually preventing some organizations from adopting AI and ML solutions. Anderson predicts that when it comes to AI risk management, security needs to be a third pillar of the equation—next to model operations (reliability, predictability) and responsible AI (fairness, ethics).
- KPMG Global CISO Brian Geffert facilitated conversation on his presentation, How the SolarWinds Attack Shifted Industry Thinking. Geffert pointed to the increasing risk of shadow IT and shadow procurement, especially in the wake of this supply chain infiltration. He suggested that the future will require that companies have deeper relationships with suppliers—looking at them not just as vendors, but as partners in security. Geffert promoted the goal of consolidating security technology—a strategy of simplify and fortify—and painted a future-state vision of the CISO office: like a cargo ship, there’s a very light crew leveraging centralized controlled technology to guide their attention.
- Aqua, pure-play, cloud native security, achieved unicorn status last month in the wake of incredible customer momentum. CEO Dror Davidoff explained how their solution enables companies to use containers without compromising their application and security data. As the adoption of the public cloud continues to accelerate, complex environments of multi-cloud architectures introduce new opportunities for data breaches. Davidoff emphasized that securing your cloud workloads at run time and having strong preventive capabilities are keys for your cloud security.
- Authomize, a cloud-based authorization management solution, emerged from stealth just last year. CTO Gal Diskin shared the company’s response to the chaos of industry-standard Identity Governance and Administration (IGA) tools. The co-founder flagged the issue of “permission sprawl”—when employees have access to company assets beyond the requirements for their job function, and the manual approval of hundreds or thousands of permissions and identities. Authomize’s solution constructs an optimal set of access policies for any identity-asset relationship, automating identity management and minimizing access risk.
- Our attendees flagged their top of mind to be address in our programming in future sessions: the merging of privacy and security in the CISO role, reduction of product complexity, organizational structure in the cloud—the merits of centralized vs. devolved approaches, and business continuity in the wake of ransomware attacks.
Yesterday’s meeting was an energizing kickoff. I’m proud of what we’re building with the M12 CISO Network and look forward to sharing more takeaways from our next session this summer. Thank you to Ann Johnson for your partnership on this initiative, to Dror and Gal for sharing more about your technologies, to Hyrum and Brian for presenting at this inaugural event, and to our network members for your active engagement.
For more M12 news, follow us on Twitter.