Cyber Professional Podcast

Andy shares his thoughts and experience with Jeff Chao on the role of Security Leadership


Andy Ellis, former chief security officer for Akamai Technologies, shares his insights on cybersecurity leadership, the importance of enabling and encouraging smart risk-taking, and the joy of using a simple but effective technology like a corkscrew.


  • 🌍 Making a difference in the world with cybersecurity by reducing risk and enabling better risk choices
  • 🤝 Encouraging enablement rather than demanding compliance to build trusted relationships with stakeholders
  • 📈 Creating a roadmap for innovation by envisioning the future and solving problems in scalable ways
  • 🍷 Enjoying the clean mechanics and tactile pleasure of a waiter’s corkscrew as a favorite piece of retro technology
  • 📝 Sharing his cybersecurity expertise with startups, venture fund, and future book on leadership training



good morning everyone this is jeff with the cyber pro podcast where industry leaders share their insights about cyber security hackers never sleep so why should we let’s dive in question number one andy good morning good morning jeff in a few sentences please tell us who you are and what you do sure i’m andy ellis i’m


the former chief security officer for akamai technologies i do a portfolio of things right now so i’m advising a couple of cyber security startups as well as a venture fund and i’m also starting my own business doing leadership training and writing a book wonderful i’m going to get back to writing the


book in a second with your previous experience and your experience as a whole what would you say is the best thing about being in cyber security during these crazy times really so i think the best thing is when you’ve made a change in the world and you see that bear fruit sometimes it’s just an incident that


becomes not as bad as it would have because there was a control in place that you’d put there or that you enabled somebody to do a thing they wouldn’t have been able to do without the safety that you helped give them that’s really the best thing for me is when we can make the world better yeah well put very well put we hear from


other professionals like yourself that cyber security uh has been a a major contributor to most things that are done in the world today but only getting bigger as we speak when you hear that what does that mean to you so security has always been about helping other people make wiser risk choices and


our job is to sometimes give them better options by reducing risk in an area that they really want to go sometimes it’s to solve problems in ways that are scalable you know akamai when i started 20 years ago was just a cdn content delivery network and through the security solutions and services that i


built and brought to market we grew that security business to over one billion dollars in dedicated cyber security revenue that’s making a difference not just for our company but for many other companies as well yes and and only getting bigger uh so on that what insights about security leadership would you like to share with


our community so i think the biggest insight is to recognize that there’s no such thing as perfect security our job is not to eliminate risk it’s to help people make better risk choices and so always find good work that they can do and are willing to do because there’s many things we could demand that folks do


but if you’re always demanding that they do things then they’re not going to want to interact with you and they’re going to see you really as an enemy to them and you really want to be seen as a sidekick security is never the hero in the story we’re the sidekick to somebody else’s heroism and so that’s really our goal is to find


other people and enable them to do better than they would have without us if we stop them from doing anything then we really aren’t doing our jobs yeah yeah um when you when you talk about enablement i’m going to go off script for a second uh when you talk about enablement uh that’s a that’s a big ball to


put your hands around because cyber security can take on so many different facets and every deployment is essentially a new deal a different deal so how do you empower this enablement when there really is no road map so sometimes it’s about creating your own roadmap and your own vision take single sign-on as an example when


we started doing single sign-on 15 years ago everybody said why are you making us do this work on every single website to enable this other site just to log in and when we were done everybody was like wow you had this vision and it was great and then it meant that when we turned to two-factor authentication


we only had to change it in one place not across thousands of websites and that was really the massive you know benefit we got by looking ahead and making our own road map nobody had really told us how to do this and over time we turned on you know x 509 certificates plus push-based authentication and turned off


passwords right that’s no road map for getting rid of passwords we had to forge one by thinking about what the first principles were which was to make people safer than they would have been otherwise but really to get out of the way of the business and passwords suck making people remember passwords


like they hate us every time they type in a password so if you can get rid of passwords you’re their friend yeah yeah i i think my takeaway is monumental leaps and incremental steps yes it’s a great way to put it well uh you know i’m sure that there’s going to be a lot of folks who listen to our podcast and watch our podcast that


may want to learn a little bit more about you kind of find out a little bit more about what you’ve been doing what you’re going to be doing on your next roadmap if they wanted to do so please share with us the best way for them to get in contact with you absolutely so they can find me usually on twitter or linkedin


csoandy is my handle my personal website is wonderful thank you and our final question for the day something fun let’s talk about your favorite piece of retro technology that puts a smile on your face so this one was really hard to think about because there’s such a universe of technology but i’m actually gonna go


with the corkscrew i’m a huge wine aficionado and i’m a big fan of what’s often known as the waiter’s corkscrew which is a simple lever and screw that can open virtually any bottle of wine as long as the cork has an aged and degraded too much so what i love about it is just the the clean simple mechanics of it


and if you get a good one you know either made of you know an an ivory or sorry not an actual ivory but a synthetic ivory or rosewood they’re just they feel so good and loving in your hands so that’s wonderful my favorite one fantastic well thank you very much for those insights we appreciate your time today


andy for those of you who have watched our podcast for a while now or if you’re brand new we post about three or four different podcasts a week with industry veterans that share their perspective on cyber security we look forward to seeing you again thank you again andy for your time and be well thanks jeff