Dr. Hugh Thompson is the CTO and SVP of Blue Coat. He has spent his career in the information security space systems and has co-authored three books on the topic. For over five years, he has also been the Program Committee Chairman for the RSA Conference.
Kevin West, CEO of K logix, interviewed Hugh to gain the mindshare of this world-renowned expert on IT security.
West: Based on our findings from interviewing CISOs, 76% of CISOs meet with the Board, but only 29% are involved in two-way discussions about business strategy. What are your thoughts on the current relationship between CISOs and the Board? Thompson: One of the biggest things I see CISOs struggle with is being able to translate what they do to protect the enterprise into the language of business that the executive team and board can quickly relate to. To be invited back to the Board Room, not just in emergency situations, but as a partner, CISOs must be great explainers. They must have the ability to take something complex and put it into an analogy that anyone can understand and wrap their head around. As an example, take the processes that enterprises are putting in place today to not only defend against attacks, but to recover from successful attacks. It is similar to the evolution of car safety. If you look at safety features inside of the car, the vast majority are focused on protecting the driver in the event of a crash, like airbags, rollover bars, crumple zones, etc. Failure is built into car safety as a core competency, so when they do fail, they fail well enough to protect you. Because avoidance and recovery are both important, there are also a wide range of features that help you avoid crashes in the first place. The ability to get business executives’ mindset around the concept that failure and recovery are competencies, would be a huge step forward.
West: Do you think there is a lack of talent in security? What skills are most important for a security professional to be successful? Thompson: We are seeing a significant skills shortage in security. One of the biggest challenges is that when kids in high school and college are trying to plan out a path for themselves, Information Security is not one of the careers that typically comes up on a list of jobs in IT or business. Cyber security is a fascinating career for people who love to solve problems, are creative, and have open minds. These are the types of people who do very well in the security space and these are the types of folks we need to attract into the profession of IT security. There are also people who are naturally talented around finding weaknesses in systems. We need to get to them early enough to show them they can take their skills and interest in computing and create an amazing career path in an exciting and fast-growth space.
West: Why is there a lack of women and minorities in IT? How can the industry change this? Thompson: The great thing about IT is that there are so many different paths people can take. It is an industry where creative thinking matters and can make a real difference. The bad guys are made up of an incredibly diverse, talented group of people. To counter their efforts and stay a step ahead, enterprises and governments need a people from all disciplines—whether they are computer scientists, linguists, mathematicians, or statisticians. Attackers think beyond traditional pathways or vulnerabilities, so we need an eclectic group of talented people working on the solutions side. There are terrific examples of incredibly talented woman and minorities in the security field but we don’t have anywhere near the diversity that we need to confront the challenges ahead of us.
West: What are your top priorities? Thompson: Blue Coat is one of the most trusted brands in enterprise security. The most trusted brands in the world trust us to protect them from even the most sophisticated threats while taking full advantage of the cloud mobility and new services on the internet. This is a big mission and we have invested an incredible amount of resources in growing our portfolio to protect against even the most sophisticated attacks, including building out a global cloud infrastructure. It is not only a large business opportunity for Blue Coat, but it is also our responsibility to bring those kinds of capabilities into our customer base.
West: At your recent partner conference in Chicago, it was clear that Blue Coat listens to its customers and respects the investments they have made in various solutions. Does Blue Coat seek out technology partners to ensure customers can leverage their existing investments? Thompson: Blue Coat is a foundational pat of the IT security architecture for about 80% of the Fortune 500. These companies have the resources to evaluate, procure, and deploy the best technologies the marketplace has to offer. We see it as our responsibility to provide an open architecture and be a leader in integrating with the broader technology ecosystem. This is fundamentally ingrained into our company culture. I like to tell our customers that when you bet on us, you are not just betting on Blue Coat, you are betting on the entire security ecosystem. New technologies and whole solution areas may emerge in security, but our customers can be confident that they will be able to integrate well with us. This is an area we feel very passionate about.