CISO Series: Make Your Friends Jealous with Our Hand-Crafted Passwords

This week’s CISO/Security Vendor Relationship Podcast was actually recorded in front of a small live audience at The Passwordless Summit in Newport, Rhode Island. The event was sponsored by HYPR, our sponsor for this episode as well. Joining me and my co-host, Andy Ellis (@csoandy), operating partner, YL Ventures, was our sponsored guest, Brian Heemsoth (@bheemsoth), head of cyber defense and monitoring, Wells Fargo.

Listen here:

“We're often throwing bodies at solutions as our technologies aren't adequate. We're driven by how many alerts can we show you.”

Collective Intelligence

Collective Intelligence (Mike Mimoso)
Andy Ellis on Zero Trust Security Model

Flashpoint Editorial Director Mike Mimoso talks to Akamai Chief Security Officer Andy Ellis about the company’s implementation of a zero-trust security model.

As such, Akamai has evolved beyond traditional approaches to network security, authentication and authorization, to a model where users, devices and applications are treated as the perimeter. As a result, security controls are moved away from firewalls and virtual private networks to an architecture where an x509 certificate and push-based authentication are the preferred method. Andy says that Akamai can see a day in the not-too-distant future when passwords are no longer a thing at the company.

Throughout the discussion, Andy talks about how the 2009 Aurora attack inched Akamai toward zero-trust, how he got executive buy-in for this model, what the user experience is like, and how this compares to Google’s BeyondCorp implementation.

Security Stories

Security Stories (Hazel Burton)
Creating more opportunities for others, with Andy Ellis

In this episode we chat to Andy Ellis, who, on the very day we interviewed him, was celebrating his 20th anniversary as the Chief Security Officer for Akamai. We cover many topics - from taking down the "booth babe" culture at RSA, to fighting for more representation and diversity on cyber panels, to how he eliminated the password at his organization and built a Zero Trust network, before that became a thing.

Andy also shares one of the most interesting Star Wars theories we've ever heard, and has a fascinating take on heroes vs villains, and how the two overlap depending on who's telling the story. He then talks about why he hires librarians and journalists in his security team, and also, exactly how hard it is to train lizards. (The last two topics aren't related, btw!)

You can read Akamai's "State of the Internet" report here: