Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

<
Back to Main

Snippets from RSA: Part 3

Caroline Wong
Apr 25, 2018

Last week during RSA Conference, I reached out to a few speakers to learn more about what they are up to and hear about their RSA talks.

  1. James Routh, Aetna | Read blog here

  2. Kolby Allen, Zipwhip | Read blog here

  3. Cory Scott, LinkedIn

Here’s what they had to say about their jobs, their favorite and least favorite things about their work, and their advice for junior engineers.

What is your current role at LinkedIn and what do you like best about it?

Cory Scott is the Chief Information Security Officer at LinkedIn. He is responsible for production and corporate information security, including assessment, monitoring, incident response and assurance activities. Prior to joining LinkedIn, Scott was at Matasano Security, where he led the consulting teams based in Chicago and Mountain View. He has also held technical positions at @stake, Symantec and ABN AMRO/Royal Bank of Scotland. Scott has presented at Black Hat, USENIX, OWASP and SANS.

Explore a day in the life of Cory Scott in his recent blog post: https://www.linkedin.com/pulse/day-life-linkedin-ciso-cory-scott/

What are the key takeaways from your talk at RSA this year?

Cory Scott’s RSA talk dove into the concept of narrative identity, with the main takeaways being:

  • When it comes to building an effective cybersecurity team, it isn’t just about acquiring the right technology and business skills. It’s also about obtaining the right people who have defined their own personal narrative.

  • “One of the things that I see security professionals focus on is they focus on skills, titles, or years of experience at a particular company. And not necessarily on what motivates them, what actually makes them special and what type of unique insight they bring to an organization.”

  • “One of the ways we are going to increase diversity in our field, have the concept of strong narratives that people bring that maybe can be applied to security rather than to just pile security on top.”

  • “We are not going to do the right thing as far as diversity concerned, unless we realized that it is the concept of intersectionality where you a person is more than just one thing.”

  • “It starts from the leadership, the leadership has to be open to this type of approach. Where you are not trying to hire a bunch of people who are cut from the same mold or cut from the same cloth.”

To dive a little deeper into the main concepts of Cory Scott’s talk check out this video interview with Information Security Media Group: http://www.bankinfosecurity.com/diversity-matters-a-10809

What would you say are your favorite and least favorite things about being a CISO?

Favorite — Seeing the positive impact my team makes on our product.

Least favorite — Administrative tasks

What advice would you give to junior engineers who are interested in learning more about security?

Build something!