As an Extremely Online Executive, I will of course be attending / twooting this. 
Today we have @ClarkeRodgers (Enterprise Strategist) and @StephenSchmidt (AWS's CISO).
I have to remind myself that this is aimed at executives, but I still flinch at "so what does a CISO do" being a legitimate question.
I have to remind myself that this is aimed at executives, but I still flinch at "so what does a CISO do" being a legitimate question.
"So @StephenSchmidt, you used to work at the FBI. What did you do with AWS as a customer?"
Like so many customer stories, theirs began with S3.
Like so many customer stories, theirs began with S3.
"Then a bunch of us from the same FBI team moved over to work at @awscloud at the same time." Every executive watching this begins sweating immediately at the idea of a staff exodus.
"As a leader, what does innovation mean to you?"
"Well Clark, for a depressing segment of our customers it mostly remains 'something other people do'" is absolutely *NOT* @StephenSchmidt's response because he is and remains a professional.
"Well Clark, for a depressing segment of our customers it mostly remains 'something other people do'" is absolutely *NOT* @StephenSchmidt's response because he is and remains a professional.
"Both @ajassy and @aselipsky care deeply about security. Andy often says it's 'Job Zero'" because whoever was doing slides forgot about it, then went back and put it at the start to avoid having to redo the deck.
That's my headcanon anyway.
That's my headcanon anyway.
Now @StephenSchmidt talks about what boards of directors are looking for from their companies' security apparatuses. It's a good summary for folks who are bored of directors.
"If we had a CIO--we don't!--it would be Charlie Bell."
Now touching on the problems of infosec being the "department of no." I wonder if @StephenSchmidt is going to touch on the "ablative CIO" pattern (or, if you're SolarWinds, the "ablative intern" pattern)?
"I consider it the mark of a poor infosec org if they say 'no.' It may stop a particular thing from occurring but it doesn't stop the problem. Instead, ask what the goal is and how to help." I admit it; I like @StephenSchmidt's entire philosophy.
“How many pre-launch problems have we caught before launch? That’s a metric. That’s a win!”
Now discussing how @awscloud does security at scale. Automation is mentioned. Byzantine billing models are not.
And now we're into audience Q&A, and I have a meeting to drop for. Good event, would attend again.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
