Our series of Q&A interviews provide a forum for Fortinet executives to share their unique insights and leadership perspectives. The following is from an interview with Jim Richberg, Field CISO at Fortinet, that touches on common challenges that many C-level executives face, the future of cybersecurity, along with some advice for CISOs.
You talk to a lot of C-level executives. What are a few common themes that come up as concerns — across industries, enterprise size, etc.? What are common pain points?
One common pain point is that of not being brought in early on digital transformation discussion and decisions within the organization. We recognize that it is more efficient –and usually cheaper—to consider security at the front end, but organizations often overlook that security can also drive productivity. The same security controls that can identify web application problems can also highlight which of them are important to any given user and help an organization set training priorities.
Are there any disconnects between CISOs and other business leaders within their organization that may be surprising to the security organization?
One such issue is metrics, which ultimately inform why we make decisions and act. CISOs often present metrics on input (such as resources spent compared to industry peers), output (e.g., number of devices protected), and activity (threats mitigated). Boards and the C-Suite, however, are typically focused on more strategic outcomes such as the impact of cyber on organizational risk.
What does the future of security look like?
We will see a consolidation of problems and solutions within security. While we are already seeing this in the IT/OT (cyber – physical security) space, insider and external cyber threat activity will increasingly converge in behavior and drive organizations to further integrate their internal and external security programs. Supply chain integrity and the impact of an organization’s security posture on its external partners or customers will also become more prominent parts of the security discussion. In short, as digital transformation and hyper-connectivity continue, security will mature and become a mainstream consideration for individuals, corporations, and nations.
How does a security fabric approach protect customers in the future of security?
Many lament the impact of the expanding attack surface on cybersecurity, but if this expanding surface is part of a unified security platform or fabric, whose elements are both sensors and control devices, this actually bestows visibility and control on cyber defenders. It brings the ability to discern normal from abnormal activity, to detect malicious activity, to block it within the target — and by the global nature of the fabric, to protect sectors, companies, etc. which have not yet been targeted. This happens in an automated fashion transparent to the protected entity. The rapid visibility and control a fabric brings can also allow intent-based segmentation or ‘zero trust’ operations within an enterprise, which can both dramatically impede the speed and damage of an external attack and help manage insider threat (malicious insider) and insider risk problems.
How does that intertwine with AI-enabled threat intelligence?
AI and Machine Learning (AI/ML) are at the heart of the ability of a fabric-based approach to respond at speed and scale. There simply is no other way to deal with more than 100 billion pieces of security data per day than by the use of AI/ML.
Attacks seldom succeed the first time they are launched, and these failures usually leave some form of discernable footprint. Historically, attackers have been able to rely on the fact that defenders lacked the resources to look for and respond to these indicators. The broad coverage of a fabric approach and the automation of AI-driven threat intelligence takes these advantages of speed and clandestinity away from the attacker, allowing an organization to spot and thwart an attack in progress. These indicators become operationalized as threat intelligence is disseminated across the fabric to enable broad, integrated, and automated action.
Is there specific advice that you find yourself sharing most often in your discussions with other CISOs and CSOs?
At its core, security is about risk management. Maintaining an ongoing dialogue with your stakeholders and partners is key to striking the right balance. There is no magic answer—recognize that the hardest parts of your job are probably not technical; they are problem solving and communication!
Try to strike a balance between the ‘tyranny of the tactical’ (focusing on solving the immediate problem) and maintaining a strategic perspective. The difference between average and exceptional security leaders is that, while both manage current problems well, the exceptional ones are also thinking about how to address the next set of problems. Have at least one person you regular consult—or at least a favorite blog or website you visit routinely—to stimulate your thinking and ensure that part of your time is spent focusing is on the big picture and longer timeframes.
You spent several decades working on cybersecurity within the Federal government. Is there anything that has surprised you as you’ve made the transition to the private sector?
Yes! I was one of the executives who worked on the Comprehensive National Cybersecurity Initiative (CNCI), a Government-wide effort to build a common operating picture of the health of Federal networks and create the ability to respond to threats at machine speed. When I joined Fortinet, I saw that the combination of a unified platform such as Fortinet’s Security Fabric and AI/ML are aligned to that goal, with additional capability such as insider threat detection and zero-trust operations. I think the intersection of a robust platform ecosystem-based approach and the power of AI/ML has the potential to be a game-changer for cybersecurity in both the public and private sectors.
Learn more about the challenges CISOs face in the modern era.
Find out how Fortinet’s Security Fabric delivers broad, integrated, and automated protection across an organization’s entire digital attack surface from IoT to the edge, network core and to multi-clouds.