At the start of 2010 I started as Twitter's first security hire. You may recall a number of security challenges we were facing at that time. We had to build out a number of teams to deal with the entire spectrum of security issues. Today Twitter has what I believe to be some of the best security people and teams in the industry.
Today I'm very excited to be joining the Rapid7 team as its first CISO in Residence.
What does a CISO in Residence do? Well, there aren't a lot of examples to go by. This is a new type of position, created by organizations that recognize the need for people who have run security organizations to share their experiences, knowledge, and perspective with other leaders. In my case, I'll be working with Rapid7 customers on topics ranging from security programs, to threat profiling, training, and anything else that contributes to an organization's security posture and health. My role here is to explore, compare, and cross-pollinate. I'll be doing as much learning as anyone else.
I know I'm not the only one asking:
- Why does there seem to be such a gap between what companies state as their security goals, and the behaviors they exhibit?
- Why does it seem that companies are pouring increasing amounts of money into security programs, only to be breached?
- Are there characteristics of highly successful programs that haven't been getting enough attention?
- Why do companies not seem to suffer long term consequences for having under-invested in security?
Under scrutiny, questions like these evolve—and that's when the magic happens.
I believe we're nearing a transition point in how organizations think about security, work with security, and how the world thinks about trust. I'm excited to be able to work with key players in this space to help usher in this new era.
I'd like to thank to Nick Percoco and Corey Thomas who had the vision to create this position. It's going to be a fascinating journey.
If you've been thinking about some of these bigger questions, I'd love to hear from you too. Feel free to reach out to me on Twitter at @boblord.