Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

<
Back to Main

Snippets from RSA: Part 1

Caroline Wong
Apr 23, 2018

Last week during RSA Conference, I reached out to a few speakers to learn more about what they are up to and hear about their RSA talks.

  1. James Routh, Aetna

Here’s what they had to say about their jobs, their favorite and least favorite things about their work, and their advice for junior engineers.

Current role at Aetna

Jim Routh is the leader of a converged security function (physical and cyber) at Aetna. He is Chairman of the NH-ISAC Board, serves on the Board of the National Cyber Security Alliance and is a member of the Advisory Board of the ClearSky Security Fund. He is also on the Advisory Committee for the UC Berkeley Center for Long-Term Cybersecurity. He previously served as a Board Member of the FS-ISAC. Formerly, he was the Global Head of Application and Mobile Security for JP Morgan Chase. Prior to that he was the CISO for KPMG, DTCC and American Express and has over 30 years of experience in information technology and information security as a practitioner, management consultant and leader of technology, analytic and information security functions for global firms.

What are the key takeaways from your Model-Driven Security talk at RSA this year?

Using AI models to drive front-line security controls is here today and offers CISOs tremendous capabilities to improve security controls moving to more real time protection capabilities.

What would you say are your favorite and least favorite things about being a CISO?

Favorite — Lots of changes and evolution in threat actor tactics drives changes in control design and implementation making it challenging and interesting.

Least Favorite — Having to engage in off-hour incident response is not as much fun.

What advice would you give to junior engineers who are interested in learning more about security?

Be cognizant of the difference between conventional controls (critical path) and enterprise resiliency (essential for job preservation). The gap between the two is growing as risk-driven programs strive for resiliency beyond compliance.