LINKEDIN
Share
Reading Time: 3 minutes

Last Updated on June 16, 2022

Between all the digital transformation going on these days, plus moving critical workloads to the cloud and much of the workforce now connecting remotely, you’d be hard-pressed to find a senior executive in any size company who isn’t concerned about protecting information and the privacy of employees and customers.

Was it always like this? Were we equally vulnerable to cyber-attack 20 years ago and just weren’t as aware of it? Or are we blatantly less secure today?

Venture capitalist Alberto Yépez, Co-Founder and Managing Director at Forgepoint Capital and our guest on a recent episode of The Virtual CISO Podcast, calls his work building cutting-edge cybersecurity firms “protecting the digital future.” Alberto and host John Verry, Pivot Point Security CISO and Managing Partner, shared a lively discussion that touched on the history of InfoSec and whether we’re making progress.

Surprised or shocked?

John wonders whether Alberto, if he were able to time-travel forward from his time at Apple 20+ years ago, would be shocked by the state of cybersecurity in 2022?

“I think so,” Alberto replies. “I don’t think anybody predicted it. I knew the world was going to change, but not this much and not this fast. The transformation has been rapid, and it’s only increasing. Which gives all of us in cybersecurity a great opportunity to make a living and make a difference.”

“I thought firewalls were going to change the world,” John adds. “Then, I thought SIMs were going to change the world. Then I thought PKI was going to change the world. Then it was IPS…”

“Every year, there’s been a $100,000 investment that the CISOs of major organizations would go to their C-suite and say, ‘Hey, I need this, and then we’re going to be secure,’” states John. “Yet 21 years later I’m not sure we’re any more secure. I think maybe we’re less secure. And I find that shocking and concerning.”

Why are we less secure?

If we were more secure back in the day, it might have been because all our eggs were in one basket.

“Yes, indeed—because I think we were all very comfortable when everything was centralized,” observes Alberto. “Remember the old days of the mainframe?”

But then along came distributed computing and client/server. Now we have the cloud, which effectively disperses data everywhere.

“What we’re trying to do [as cybersecurity professionals] is protect information,” Alberto emphasizes. “Information is derived from data that is processed by applications. [Applications] are run on a device that has an operating system that is interconnected with a network, and perhaps interoperates with others.”

Alberto continues: “In the early days of the mainframe, everything was in the same place. But now, just think of the mobile apps we have. It’s not an application. It’s really a browser that is invoking all these APIs. You don’t know where that information is or where you’re getting the context to make decisions to process this data.”

The rules have changed

Alberto’s view is that the fundamentals of computing have changed with the decoupling of data and processing. The underlying technology platform we’re all using has evolved and will continue to evolve. We’re also dealing with ever-increasing complexity, which adds to the challenge of protecting information.

“I think the next race is going to be space,” shares Alberto. “We all take it for granted. … I think we’re taking it to that level. And the same questions—the firewall, the IDS and IPS and all those different things are going to be [part of it].”

“You’re saying I’m going to have job security for a while,” jokes John.

What’s next?

To enjoy this episode with Alberto Yépez from the beginning, click here.

Looking for investors for your SaaS business? Here’s why you need to be thinking about your security posture: Looking to Capitalize or Sell Your SaaS Business? Get Out in Front of Data Privacy Issues Now

 

 

LINKEDIN
Share

vCISO Roles and Responsibilities Inforgaphic ThumbnailSuccessful vCISO = All Security Roles Filled

This document outlines the 3 critical roles and responsibilities of a Virtual Chief Information Security Officer: Architect, Builder, and Operator.

Download the free inforgaphic now!