Advancing Cybersecurity with Trusted Partnerships w/ Renee Tarun, Fortinet & Kevin Kerr, ORNL

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] welcome to the dots and bridges thought leadership consortium my name is pete cerrones a self-proclaimed doc connector a relationship builder in addition to being the founder and ceo of dots and bridges the public and private sectors share a symbiotic relationship one that's necessary to enable efficient operations workforce development and technological modernization however well-intentioned efforts to collaborate across public private academic non-profit entrepreneurial sectors tend sometimes to focus more on the buy cell paradigm versus a seeker solver opportunity the consortium understands appreciates and values how human spirit curiosity and passion are key ingredients that can transform business operations and culture as such we're honored today to feature miss renee taran fortinet deputy chief information security officer and mr kevin kerr the deputy or should i say i'm sorry the chief information security officer and i t risk officer at the oakridge national lab two thought leaders change agents and global influencers who understand how technology humanity and culture intersect welcome both of you today thank you pete thanks for having me yeah i'm ex yeah go ahead and come here yeah yeah no super excited and uh i'm gonna brag a little bit about both of you then folks we're gonna jump right in and and listen to these pearls of wisdom and walk about stories and journeys that are unbelievably compelling and exciting so renee i'm gonna i'm gonna start bragging again deputy chief information security officer and again you're allowed to correct me if i butcher this in some way shape or form not gonna read your bio though because it's too long and impressive over 20 years experience in cyber security information security technology fields engineering ops strategy policy rene does it all focuses on enterprise security in her current role in addition to what she does outside of the fortinet culture uh prior to joining fortinet i think what's exciting is that renee you served in the national security agent in various positions you were the special assistant to the director of national security agency for cyber and the director of the nsa cyber task force in which you advanced nsa's execution not only of cyber security and cyber related missions but you oversaw tons of the resources and those that help support that mission super super super impressive impressive as well as shaping a lot of the strategy that came out of our white house a board member at george mason university school of engineering married with two kids yes loyola university greyhound my brother went to loyola so i'm a big fan bachelor's degree there in management information systems and then she's also a terrapin she has her university of maryland university of maryland university college masters in computer information technology administration and management and that's just a synopsis of this incredible incredible individual so is that all right there renee did i cover a good basis that's perfect thank you you got it and we'll get into that because what i'm excited about is the fact that you've walked in the world of government and now you've translated that out into industry kevin kerr my colleague and friend chief information security officer nit officer at the oak ridge national lab which is one of our 17 national treasures if you follow and understand what these incredible institutions have performed over the years decades centuries whatever you want to think of it as but incredible incredible environments 37 years of experience across again cyber cyber physical information assurance and governance you probably have seen kevin i'm sure speak on a number of occasions but he's been somebody who in that lab understands the role that research and development has upon the impact or impacts our technology roadmaps for our country across all critical infrastructure sectors um kevin's got an innovative approach uh every day of the week and twice on sunday he's super collaborative he represents what open government is all about in terms of just helping establish partnerships but fostering those those relationships that are so important with government and industry he established a joint venture with the veterans administration for the million veterans program we'll talk a little bit about that that exudes partnership he's a true leader in every sense of the word he's worked with senior federal and board leaders to enable missions while focusing on security and resiliency a word that will come up quite a bit today kevin retired from the air force and air national guard as a lieutenant colonel where he was a commander of cyber warfare squadron kevin of course thank you for your service to our great nation and uh he's a if i'm not mistaken sienna right sienna college and you're the sienna saints so that's cool man um i'm a villanova wildcat in the part-time johannes hopkins university blue jay i think they are but oh there you go all right that's it folks that's the beginning our themes today are going to focus on partnerships the greater good and we'll talk a bit about that and of course the fact that cyber security is part of our daily life and the devices we use in our personal but also in our uh office environments uh we'll talk a bit about trust and how we earn that we have two folks who are part of that experience and have some recommendations and solving big problems so there we go renee i'm going to kick it over to you it's 11 14 so we will maximize our time renee fortinet please give us a little bit of your role and sort of why you enjoy so much working at that company given your experience in government yeah i mean fortinet's um you know founded 2000 based in sunnyvale california we're leading cyber security company um we're traditionally known for their firewalls um that's how fortinet started but i will tell you we've expanded so much more beyond firewalls um we have on the broadest portfolios of end to end security solutions um you know and that range all the way from you know on-prem to cloud and hybrid um and so from my perspective you know one of the unique things about fortinet is you know our our friend we have what we call a security fabric and that's kind of what ties our technologies together but it has an open api system so we work and play well with others so we integrate with other technologies beyond um just the fortnite technologies and so from my perspective you know our because we have that security fabric it comes with high degrees of automation and integration built in when i spent time in the government um you know from my perspective one of the things that we try struggled with is we had all of these what i call different solutions or ornaments on the tree and where we struggled was how do we integrate them together and get them work together as a cohesive team and so that's kind of what i've always enjoyed about our security fabric is because that integration is built in and because of the automation you know we've seen you know the adversaries are doing things at speed and scale you know leveraging ai and machine learning you know against us and so because our fabric you know from my perspective has that automation built in um it allows you to do you know cyber detection response um at you know at speed and scale and you know doing more proactive versus you know reactive um and that's kind of why i joined fortinet um you know when i look to lose the government it was very tough tough decision for me um because i felt like you know i was doing greater good for the nation um but for me you know going to fortinet you know i still feel like i am doing that greater good because again we help protect um we are in every major critical infrastructure and so for me you know i still feel like i'm helping you know protect the nation in some form or fashion you know with the technologies we have at work yeah no that that's wonderful i i tend to write down my tweetable moments so i wrote a few when you were talking there i love ornaments on the tree uh shout out because i love the role of being an agnostic i was the chief technology officer at the u.s department of energy i was sold to quite a bit and i loved working with folks like or i didn't get to know rene while i was a fed but i'll tell you talking to companies and kevin will come over here to you in a minute the importance of doing homework and really differentiating what it is you do as a you know whether you're fortinet or some other company um how you support the mission of government i i did my research i mean 450 000 customers worldwide super impressive your i think security processing unit technologies unique and special so folks read about that uh if you're looking at securing your assets and they have a very unique security fabric which in government speak you know i think if you are wondering or think you know about them i found that the visibility integration automation really speaks to our president's management agenda now which is workforce for 21st century automate and leverage data modernize and transform with it so i think fortnite embodies that really well and we'll get to some of that other geeky stuff in a good way as we talk about some of the capability and application in humanity so thank you renee kevin um i think folks think of oak ridge and they go oh summit fast super computers i was doing a little research today uh summit still number one in the us always jockeying for position with our neighbors in other parts of the world uh talk to us a little bit about uh kevin not just your role but but what you love as well about being in one of the most treasured institutions if you will where so much is happening but it's also misunderstood as to what it is they actually do there and of course the importance of cyber physical security i mean like you said oak ridge is one of the national labs here within the department of energy and we range in research of just about everything from a to z uh of course we're more famous for our super computers you know being number one and like you said jocking back and forth between other entities out there in the world um but i mean that's that's what's really cool i mean not only do we have the fastest supercomputer but you know we do other things too we have the splash neutron source we have the high flux isotope reactor and these are one-of-a-kind systems i mean no one else has them and they're enabling research to help us do all kinds of stuff i mean our reactor helps us build isotopes that are used for medical no one else in the world does those you know so that's important and we got to make sure that this you know these systems are secure but open for research so that's my biggest challenge as a ciso is allowing open collaboration with everybody in the world just about and but protecting the information at the same time so it's a little bit of an oxymoron open secure you know how do you really do that it's the balancing act so that that's one of the things i love about being here plus i mean working with super smart people i sit here and i listen to these people and talk about yeah we're working with this or working with that i'm like oh my gosh how do we even do that i mean you know getting doing stuff with technology way way beyond you know what people think i mean we're in biology we're into environmental issues the next generation batteries i mean we cover everything so the lab is here to help the world get better and we do that um for example we were one of the first national labs and our super computer was used with kovid research okay um and we took 80 000 some odd proteins and you know looked at that and narrowed it down to an acceptable number for you know other entities to use the acceptable list of proteins to go figure out a a cure for covid or you know at least how to stop it or slow it down and what would have taken months and years we were able to do on some in our other super computers within hours or maybe a day or so i mean so that's key and that's the level of satisfaction i get here you know working yeah yeah it's phenomenal no i i i've been there a couple times and i always want to go back and i always tell folks what an opportunity to visit i know renee you've you've talked and you can obviously mention as you see fit some of the collaboration you've done with the labs continue it is they are truly amazing wouldn't you say absolutely um in my past life i've gotten to work with a lot of the national labs including oak ridge and oak gorge has done some phenomenal work um there in in their research efforts and um you know oaker just likes a lot of the other national labs um they're truly a national asset um they do a lot of work for the us government as well as the credit infrastructure um so you know their research um you know is really critical to their our digital ecosystem um but it also means that they also need to be protected um because you know just as we see as in this value you know the adversary also sees the intellectual property and research that they're you know having on their networks also um you know as a prime target so yeah that's that's wonderful yeah i see you nodding there kevin let me just say something kevin used a few polysyllabic terms but again this is publicly available major r d facilities that oak ridge include carbon fiber technology nano phase material sciences structural molecular biology and i love this one high flux isotope reactors i kind of know what it means but folks transportation research center oak ridge leadership computing facilities splashing neutron source those are mission areas and i i want to i want to go back to renee because renee and a lot of the the prep call topics that we addressed there really was as i said at the beginning there's in the beltway inside the government buy sell government spends 90 billion a year on i.t they spend and give out close to 140 billion thereabouts in r d for grants and the things so there's a relationship and there's a transaction that's obviously there but some of what uh as two thought leaders that you are and i'm sure when you were a fed were getting a lot of knocks on the door and cards handed to you the partnership the public-private partnership and the collaboration is something i'd like to pivot to because fortinet is clearly a great company the oak ridge national lab is a known entity but it's people and i think those that are watching today and and and listen to this type of consortium it's there's folks saying how can i get in front of kevin there's people saying oh how do i get to talk about my product and that to me is where it's more about seeking and solving and some of the tips that can be offered by folks like you kevin you brought up some really really good ideas so if we can go there um renee you you were one of those sought-after folks who wanted to be who people wanted to sell to what have you found in the fortinet culture to be uh that you're you're helping them with it's not about just the transaction it's about that relationship the trust and the cultivation absolutely it's it's really building that you know that human human relate that relationship um you know it's not helpful to just be seen anymore as just as a vendor you really want to be seen as a partner um you know when there's issues or concerns or i've got challenges that i'm trying to implement things you know you really want you know to have partners that can come in and help you with some of your technology uh solutions um so it's really getting to know um you know who your potential customers are understanding their mission set um i think i shared this on a prep session you know i i get contacted by vendors all the time and you know it's clearly you can see the ones that haven't bothered to do their homework you know i get emails and phone calls you know trying to sell me technology that fortinet already has in our portfolio it's we sell that technology um but you know they're claiming they're gonna solve all my problems um yeah i'm a firm believer you need to understand you know the customer's perspective you know where they're coming from you know what are some of the challenges they face you know because again each industry has different challenges and obstacles they need to overcome um and really take that time to you know get to know um you know who you're reaching out to and you know those prospects so um from my perspective you know if you want to be seen as a partner then you kind of need to be able to almost you know be able to you know take take a step back and look you know take a walk in their shoes yes you know understand what their challenges are um because you know if you can't help them solve their challenges if you don't take the time to even understand what they are exactly yeah kevin i'm going to you on that because i just have to highlight my tweetable moments or at least mentally it's do homework understand mission and i think renee you're uh have been on the other end but i think it's wonderful that good for fortinet to have that on the inside which is even helping the the good people in bd and sales and marketing saying look we have great decks we have great solutions i mean there's no doubt that we're a compelling company but i think kevin back coming over to you on some of that um understanding the role but but the oak ridge national lab you specifically cyber security strategist you probably have tons of tools there's a constant need for keep us educated and how do you view that relationship what are some opportunities for the relationships to be cultivated that you have realized in your walk about what works what doesn't sure i think renee you know hit the nail on the head with many points there about knowing that you know what's important know what i need know my business um just like renee i'm constantly getting emails and calls hey i've got the the best thing since self-slicing buttering bread um and you know that doesn't work come to me and say hey i've got this i know you have this but this is how we can do it this is how it's different i also know you have this other tool this is how we integrate with that and we'll actually help you integrate your tools especially from a cyber perspective how tools will integrate with each other in order to give me the best picture you know everybody always talks about the single pane uh that's really important you know for people in cyber but it's also important for management um in sense of i want to be able to turn around and i want to show management with a single pain of where our risk posture is you know where our threats are what's going on in our environment and i need tools that can help me do that and you know not tool no tool's going to do that out of the box so i want a vendor who's going to help me tune it tweak it build it and you know get it there um and we've had many who do that you know and help us get there so that's key and you got to be willing to sit there and go okay our tool maybe doesn't do this but you know this is where we're going share your roadmap with me let me know where you're going even use you know get us involved with your roadmap i mean national labs we're doing state-of-the-art technology in the next generation stuff i mean our next generation supercomputer the exascale computing system i mean we talk about partnerships work with us and tell us how you can be involved in that partnership you mentioned a million veterans program you know that's a partnership so i mean we talk to them and how we can help them analyze data you know very quickly to help with serving our veterans ensuring they're safe ensuring you know they get the help they need helping identify you know risk factors may be associated with suicide prevention i mean this is real-time threat stuff and you know i appreciate you giving me credit for leading the effort for the joint i it was actually our researchers that did it i was just the guy that made the cyber you know made the cyber um appeasable and acceptable to the veterans program you know so yeah but that's that's important too because i have to go to them and i've got to know their business and their concerns so i have to think as a vendor now i'm going to you know we're trying to work with the veterans you know administration i've got to be able to sell oak ridge and say how we're going to protect their information how we're going to protect all that stuff and all that pii personally identifiable information sorry i try not to use acronyms um you know and protected health information how are we going to protect that and how are we going to ensure that not only to the veterans administration but our vets and we got to be able to do it down to to the person so it's key so i understand what vendors have to do because i have to do it yes as a cisco you know yeah that that's a great comment i see renee you're nodding your head i'm i'm taking it away from that one that that obviously it's again i don't know if it's the word all overused but symbiotic and when i was kevin as you know i called myself the connective tissue officer as the cto i'm like my job is more about knocking on doors and and going and finding requirements in the family of the doe and people say what are you doing here we know what we need i'm like i just want to understand your requirements and i i get a sense as an advocator for industry inside of oakridge but at the same time you're helping share and and be a bit of a shirt before industry and kevin you do that in spades you're an amazing collaborator and i appreciate that insight renee hearing some of that i'm going to come back because again if you go to fortinet you see security driven networking dynamic cloud security ai driven security ops i mean no doubt you can fulfill and support requirements can you talk since kevin brought up road mapping i think what he mentioned there was awesome if you're selling fortnet for example not you but um hey we have roadmaps you have roadmaps maybe there's something that is worth talking together about without discussing you know a transaction how is the roadmap at fortinet evolving is it in constant state of evolution absolutely i mean we were founded by engineers not marketers um so our founders kenzie and michael z um you know are very forward thinking um they look at where we are today but always you know driving to where we need to be tomorrow so we're constantly evolving i look at our portfolio how it's involved over the last you know even two or three years i've been there um you know when i first started you know we didn't have a sore capability we didn't have an edr solution and so we're constantly evolving because again you know as we engage with our you know customers and partners you know we see how that demand and their needs are changing and we're ensuring that we're with them every step of the way that we're providing those solutions that help drive you know their strategies i mean that's that's our goal i mean security is always a business enabler so our job is really to help our customers you know do their their business efficiently effectively and securely as possible yeah i think we we do a lot of those virtual um that we call executive briefing centers and we bring our our customers in to have those strategic dialogues you know so that they understand you know so we understand okay where are you going from a strategic standpoint what is your roadmap for the next you know 12 18 36 months and then understanding you know here's where our vision roman from a technology standpoint is you know and and take that feedback from them we also do our customer advisory boards where we take input from our customers you know understanding where they're trying to go and here's where we're going are we on the right path you know at the end of the day you know we want to be delivering solutions that are going to be seen of value you know to to our customers so that that requires that constant strategic dialogue and interaction back back and forth um it's no longer you know a situation where here's a solution you know good luck with it you know it's got to be that that iterative feedback and you know partnership and collaboration throughout the entire process so kevin comment and then i have a question for kevin about a lot of what renee just said in terms of an actual the protocol for having that engagement kevin what are you what are your thoughts yeah so renee mentioned the customer advisory board and i'm i'm involved with a couple of those across you know the spectrum and which is great what's great about that is i'm usually the only government rep on that okay which is great that they have us in there but it's also a little scary is why why isn't there another government entity or someone you know in there and some cabs don't even have government representation so i sit there and i listen what i learned from the industry folks so it's great um there's other cisos and things like that and i'm you know so i'm learning from them but then i say hey from the government perspective from the government perspective and the the private entities that are in there you know whoever it may be they're learning from oh well yeah yeah we need to start being concerned about nist 800-50 or list 800-34 or whatever you know this you know publication you want any of that there's plenty to do there's a zillion of them out there but i think what's great is in that cab and then those customer advisory boards i get to see where they're going and i'm saying well you're thinking about this you're thinking about that because the government tends to be everybody accuses us of being behind the curve but in a lot of instances i see us ahead of the curve okay um there's things that we've been doing in government for quite a long time you know making sure you know we have some compliance and you know repeatable processes the capabilities maturity model you know things like that that's great um so i think that's very critical and it's important because you know we drive things now the government drives things yeah we're the biggest out there you know and if you can make it in the government you know you're gonna be able to go into industry and other places and if you're able to get into the government you know you're showing other industries that you're meeting to some of the most stringent and sometimes you know regulatory requirements out there so it's good in that respect yeah i am i totally agree and i could tell you that one of the things that i find uh sorry the dog's barking but this is the world we're living in so his name's phineas maximus cerrones and he's a one-year-old puppy you just articulated kevin which to me embodies those tenets of open government we need to be more participatory collaborative transparent but yet we're busy and and i applaud fortinet and obviously um good catch for them to have renee taran uh customer advisory boards people hear those and you know i'm on a few frankly in industry and it's we do get together with companies we talk as former feds about what matters and it's kind of interesting how when you're the former it's like well is that still relevant and i'm like yes um and kevin you just you articulated that um when i hear uh renee you talk about these opportunities do you do you have a a sense you can share with maybe a use case or an exemplar of where having in a whether it's in your cyber threat alliance relationships with other industry partners or being with some agencies where uh an in uh a mention of here's what we need actually influenced a fortinet roadmap like a capability that was needed yeah i mean you know definitely you know one of the challenges we saw even talking with our state and local being able to do that security orchestration automation response and you know even internally having that need um helped drive some of that road map because again you know the adversary is doing things at speed and scale and so having those capabilities that can you know again um provide that you know as kevin said that that single pane of glass but more importantly you do some of that automation and integration and then being able to do those playbooks where you can do um automated courses of action um you know to mitigate um you know potential issues or you know threats within inside your network um i think those are some of the driving forces that we had um but also you know i look at things like our cyber threat alliance um you know one of the things that you know fortinet was the founding starter of the cyber threat alliance and it's you know it's a community of you know technology company companies members that where they all get together and you know we share that timely actionable intelligence um to not only help improve you know our products and services to help protect our customers but also you know really kind of you know take a stand against you know the adversaries and you know work together to improve the overall security of the the digital ecosystem um so again you know helping be part of that you know what i call the the early sharing early warning system um to her you know the overall good of um you know our customers and you know the nation actually right since we're one by company but yeah yeah but that speaks to culture and uh i think that's a great takeaway if anybody watching this that some people i walk on the street and they'll say fortinet that's a firewall company right and i'll say that's a little something they do but just to be clear and i like to translate sometimes for our audience security orchestration automation response that's the drawn out version of the term we've been saying soar there's also security information in event management sim there's user entity behavior analytics ueba and then there's software defined area network sd-wan now that's just four and we used a few of those today but that again is the alphabet soup that if you're thinking of a solution in today's day and age kevin right i know you know that maybe back in the day as boxes and appliances were sold but the world's changed we've got this internet of things you talked about r d and supporting sectors that aren't you know just r d for uh science sake you're working with with with transportation and health care sectors but in this alphabet soup world just again personal perspective hey i'm not going to say i'm older than you were younger than you but i'll say i'm 53 okay i've been around the block staying current um it's it's it's tough in a world that's clouded with so many tools how do you do your technology due diligence in terms of depending on your teams do you have a vendor management kind of hey every friday at two once a month we invite people in who've done their homework mind you how do you how do you stay current with some of your personal uh technology diligence so that's one of the nice things of being one of a bunch of national labs is another national lab may be looking at something and i'm in partnership with the ciso at lawrence livermore or brookhaven or argonne i mean we're in partnership and they're looking at things too and we talk among us okay and they're saying hey we're looking at x or we're looking at why and i'm like oh i looked at that you know a couple months ago and here's some things we saw and we share things so there's that constant collaboration between all the cisos but it's also i talked to industry systems and they're saying hey we're looking at this we're looking at that i'm like oh how did that help you what did it do i know a little bit about them and things like that um so there's a lot of that going on and of course you know um the vendors that are in go hey here's some things we saw you know that we we do a through x or we do a a through c and we we have a vendor that we work with that does d e and f which may help you yeah um and they come in and that's part of the collaboration okay and that's where i i get the best value the biggest bang for the buck with vendors that say you know hey we're doing this or here's someone that works great with us that can integrate and help you and bring you to the next level i mean and rene mentioned it and you you defined it sore the security orchestration that's key you know for us i mean we yeah we're we're pushing petabytes you know and exabytes of data exahops you know of data a lot a lot of big data yeah a lot of big a lot of big data okay and so you know people coming in and saying hey you know here's how you can work with that here's how we can help you protect that to me the future is data okay it's well it's always been data the protection of data and intellectual property but i think the world's coming to the realization um that you know putting in an endpoint protection gives you this much protection you know putting in you know gateways and bridges and firewalls and you know sims and sores and all these things you take you to this level of protection yeah it's defense and depth well another piece of that's going to be in the future is going to be protection of the data yeah you see it with ransomware hey i've stolen your data pay me bitcoins or i'm gonna release your data well if you encrypt your data and they stole it who cares yes yeah okay you stole my encrypted data okay have fun you know yeah what are you gonna do with it okay i may get a black eye because you were able to steal it you know but you you haven't hurt hurt us well i think you just minimized you got that yeah i've got to minimize the risk and the threats i mean there's no way that um you know we have a team here of great people and there's just just under 20 of us on the cyber team here at oak ridge but you look at the the adversaries renee mentioned them nation states they have hundreds if not thousands of them and you can't compete against that so being able to you know get down to the most granular level granular level of protection and automating things to weed out the noise and stuff like that that's critical i mean that's where the future is yeah um renee i and for both of you uh i you know i'm hearing this because actually it's music to my ears i i have had an opportunity over the last five years since i left government to kind of impress upon a lot of what you've spoken to which is building relationships and doing homework and and not always being in cell mode but helping companies really um talk about their technology that evolves and i keep thinking about what you said early on renee about visibility and automation and your security fabric and i think that's really this is a comment embodies that maybe soar was the thing we did and needed but then we needed a sim and then we needed a ueba or maybe we need an point or maybe we now left it just it's so much and and and as a company uh you want to say we can do it all but we're not a silver bullet we're here to mitigate risk we're here to mitigate risk so you can manage it is that a fair statement about fortinet i mean coming from i mean a lot of people say you know you know what what is that silver bullet and i don't think there is any silver bullet when it comes to doing security and i think of what kevin says it's a layer of defense i think if there was a silver bullet fortnite would have created it by now um it just doesn't exist so you do need to do that defense in depth and i'll add on an additional thing to that is also having that security awareness training i mean kevin brought up the whole fact about ransomware well when you look at the ransomware attacks over 50 of them start by social engineering attacks so those fishing this spears fishing um you know attacks um so it's really also important that we don't forget the the people aspect um you know beyond just the technology it takes people processes and technology you can have the best technologies in the world um but they can be circumvented by you know human error or not properly implemented or configured properly so also having that security awareness training is great and that was kind of one of the needs when we saw early on when we started the beginning of this year with you know um you know things have been going on with pandemic people now working you know from home remotely people that never had that experience before and so you know so we offered up you know security awareness training free um to help address that problem because we saw you know not only we have issues as a company but all companies are having issues like how do we make sure we train those people that not didn't normally work remotely knew what that meant you know what are good cyber hygiene what good practice is now because you may be using you know insecure computers and in insecure networks to now access you know your critical organization's information yeah i'm gonna i'm gonna slam dunker underscore the security awareness training still has i think a thing to it i don't want to say it's a stink but it's like oh that thing i have to do but but let's be real it is changing and i remember being in the fed it was oh i can buzz through this i know about not putting passwords on post-it notes i'm aging myself here but but at the same time i think that when when our country is emphasizing 21st century workforce and we've got folks saying automation will will allow the human and its intuition to to still make those decisions i find that training and awareness and um that you've mentioned in kevin 2 how important it is so those of you watching today don't treat it like it's a exercise that you need to be aware through this training about the threats that that have expanded our threat landscape because we want the creature comforts of being connected right kevin but you know there's a threat that comes with that um kevin did you want to comment on that i was just going to say you know i when i when i talk to people i say our biggest threat is our user and i'm not being mean or you know anything like that but our biggest asset and protection is also our user i mean so they have a dual role they see things they get the emails they get they see the links that don't look right and so they're notifying our security operations center hey i got this email is this legit is this right you know now we get 18 million emails a month here easily in the lab and our filtering systems take out 15 million of those as spam or garbage but that's three million emails still coming into the lab on a monthly basis that's a lot of room for stuff to come in yeah plus plus in the cloud world i mean everybody's moving stuff i mean we use the cloud heavily okay we're we're using various cloud vendors and suppliers and document sharing facilities and capabilities you know we're all over the board and we allow our people to do that because they need that for the collaboration for the scientific research but you know i'll get back to information we also have to educate those users and those people okay this is the information that you can put here but you can't put it here you know or that you can share this information with you know this person from this country but not that country or this business not that business you know so it's it's it's a very um you know it goes back to the defense in depth yes i've got a firewall at my perimeter i've got you know firewalls inside i've got endpoint detection but i still have a person with a mouse that's going to go click and game over yeah yeah you know i uh i love that and and i i think that education we talk on the consortium a lot about being uh one who can inform educate and enlighten and both of you are doing that and i hope whoever watches this really takes to heart a lot of what you're saying because i know it's not a moment in time it's stuff that you've seen and and you believe today and tomorrow all right couple questions and we'll hit our parting shots um putting on your little nut little putting on your visionary hats look you're both thought leaders your change agents and you have to deal with operations and stuff that's happening every day but what do you renee when you think of whether it's at fortinet or just your experiences and i call the walkabout what are the technologies of the future that you're most excited about or you're listening and watching and hearing in your day-to-day um again i think one things i'm you know most excited about is really you know looking to leverage more of the ai and machine learning um to help drive you know the the security protection defenses and response um because i think the adversary's is is leveraging those technologies against us and i think we need to be you know leveraging them in our arsenal um you know to kind of fight fire with fire you know in in our ecosystems yeah great great great point and i have a comment on that because i'll just say it i think ai and machine learning are what are underpinning our cities of the future and i like to talk about smart cities but the technology like a fortinet or technology developed in a lab supporting one of those 16 sectors or those 55 national critical functions in our country actually end up impacting society and the individual and i think what you just said is spot on that we need to know technology is not the problem it's just how do we we integrate and implement so great points kevin what about you what what excites you about the future and you know again whether it's something you're working on now at oak ridge or just you think is going to be the game changer uh uh i'll go back to i mentioned it a little early information we need to protect information at the level but you have to do it based on identity you know do i want pete having this data and if i give it to pete do i want him sharing it with renee you know so i want to be able to get to a point where i can say i have this information pete can share it but he can't share it with renee you know and things like that that way you know we're protecting what's really important the intellectual property okay and our information because that's key everybody wants our information i said it earlier we had people coming after our covid stuff you know when we were doing the research and and we protected it well you know because we implemented multi-factor authentication on our super computers early on you know years ago other countries you know if you remember the news when kovu was being researched other countries how to shut down their super computers because people got in because they weren't using multi-factor authentication so we did that you know so there's a lot of little things and you know i think one thing to do is you know just move in that direction if we start thinking you know what's the what's the most important thing is our information i want to i want to get to that and that's what i want vendors to start working on and going toward is how do i protect information you know at the point of creation and associated with you know a person or capability at that point now that's key and of course artificial intelligence it's great it's wonderful we see it it's driving cars it's flying planes i mean it's doing everything and that's key you know we got to be able to use that to our advantage and you got to use it in the sense of being able to detect the bad stuff that's going on the things that shouldn't be happening i mean we know our adversaries are using it to get into us you know my one of my previous life endeavors was i was i was a hacker for 10 years i ran red teams you know so i know how how they think to a point you know um so i have a little different perspective of you know security and cyber security i look at it i want to protect my info yeah i i know that was long-winded and sorry no i love it listen that's the point right nobody can say i don't know how kevin kerr thinks um i love protect information at its creation that's or something that was awesome um all right i said two questions but actually i have one renee what's the most challenging aspect of your job um i i think for from from my perspective um you know it's it's really making sure that you're seen as a strategic partner as an enabler um you know i you know always told my teams that you know our job is yes we we live and breathe security um insecurity is critical to the mission but at the end of the day um our job is to be seen as a strategic partner can't be that organization of um you know we're all good ideas guys to die because security always says no so you really need to work you know with your customers which you know will be the internal organizations for me um to make sure that you you understand their requirements because ultimately you know we're there to help them do their job safely and securely so it's really making sure that you don't get too far down in the weeds and you know the technical side of things um without having your your mind on you know where we're trying to go as a company as an organization from a strategic perspective and making sure that the technology and security strategies align with those business objectives man i love that strategic tactical operational but yeah that that is uh spoken like a true former fed who's now doing great things so keep doing what you're doing in that fortinet culture kevin what about you man what do you find most challenging in your job yeah i think renee hit the nail on the head the cyber security's always been looked at as no i don't want to be the no one innovative okay i you know i i want to i want cyber security to be the partner that's going to enable you to do things right and the the best way for you to ensure your work is your work and it's not messed with i mean i've had to talk to researchers do you want someone publishing your data before you do do you want someone messing with your data such that when you publish it looks false and your reputation shot and that's how i sell security to people that have normally been no run here comes the cyber guy you know so our objective is you know not to be the no and innovative and to enable people by doing the right things right i love it i mean these are man you're going to get all the credit when i use them by the way both of you these are some really really good ones okay we're moving into parting shotland but i just want to emphasize how much i appreciated those last comments um i think that that when you transition out of government while you're still in government we all know it's very hard to have time in the day to to really do a lot of what uh you both are focusing on in your individual and then inside of your business i mean we all want to meet and learn and be educated but look coming from me for what it's worth keep doing that keep expressing that to your your various teams i mean kevin you have a number of incredible people who i know are working with industry and and sometimes the dialogue just to be has to be orchestrated so that there's not just a moment in time but hey you know if it's fortinet great what are they doing that's unique that we can maybe share with other lab institutions and that's great and renee obviously you're doing that and i think it's important even at the most senior executive level that you're in that you you continue to impress upon those who you know carry the bags and say look build a relationship establish the trust and good things will come so that's my takeaway there okay parting shot here's the rule actually you can take as much time as you want but um it's usually what do you want to leave with the audience based on today's topic and you can go in the if it's something cool about fortinet or oak ridge or just what you feel folks should take away and and ideate over so you know we we leave a lasting impression uh i'll start with renee parting shot yeah i mean from my perspective um i think we've seen you know a lot has changed you know in the operating environment um you know especially over the last year um and so obviously as the attack surface grows you know you need to make sure that you're really looking at those risk mitigations to really address you know this new operating paradigm and again like i said it takes people processes and technologies um you really need to be focusing on things you know like you know your xero trust you know security driven networking security in the cloud you know whether you're doing on-prem in calling cloud or hybrid um and also making sure you're having those ai driven security um operations um and so from my perspective you know the adversaries aren't slowing down if anything they've you know accelerated um over the last year and so from my perspective um you know it's key that you're really looking for you know solution providers or suppliers that are partners um not just vendors and you should be looking at solutions that provide you that broad visibility across the entire attack surface integrated they work and play well with others and that they're automated from my perspective that's really going to be the key for meeting the challenges of today and tomorrow well said wonderful kevin parting shot so my parting chart shot is you know partnerships you know we can't do it alone we need we need everybody you know it's all hands on deck you know this is this is not an easy world and it's only going to get worse you know information has been monetized you know by the by industry and by us that's great but it's also been monetized by the bad folks okay so the partnerships to make sure we're all in this together we either sink or swim together um i mean it's that's got to be there and you got to rely on your people i mean technology can only do so much it can do a lot i mean they can prov it can drown you with information but if you don't have the people to to be able to look at and go that doesn't look right or you know i don't i just don't have a gut feeling about that i mean technology's not going to replace that so it's partnerships and people wonderful i'm going to say that a for a big thank you um i mean some of these are truly pearls of of wisdom and i it's just affirming for me so thank you both for being on the consortium i would only hope that that you continue to do and take your passion your authenticity and humility are so so obvious and i hope again people watching this can learn a bit about how you establish partnerships and cultivate those over time because it doesn't just happen so renee you're wonderful keep changing the world kevin can't wait to see you again but keep changing the world stay healthy and we will absolutely talk again soon [Music] you

Info

Channel: Dots and Bridges

Views: 359

Rating: undefined out of 5

Keywords:

Id: 9tVkgpEkpK8

Channel Id: undefined

Length: 50min 5sec (3005 seconds)

Published: Wed Dec 30 2020