His new job at Cisco is a great fit for the San Francisco native and graduate of both Princeton and Harvard. His resume reads like a Top 5 technology company list, including stints at VMware, AOL, and RSA, the Security Division of EMC. I’m not sure how they found him, but he’s sure to give Chambers, Warrior, and Dominguez a run for their money when Cisco Live rolls around.
As a former VP at RSA, Young built the company’s identity protection and verification business, which today protects millions of online accounts. Before that, while at AOL, he served as VP of safety and security premium services.
Young said that his reason for joining Cisco was simple. “Just like everybody here at the RSA Conference, I’m passionate about security. And even when I wasn’t in a security-focused role while at VMware, security kept coming up everywhere I turned,” Young explained. “It was one of the key challenges or issues that always needed to be solved, so when I had the opportunity to come back to a security-focused role – I couldn’t say no.”
Young explained that more transparent and efficient networks are needed today as employees want to connect their own devices (BYOD) to their workplace networks. These intelligent networks are also needed at a time when organizations are moving to the cloud as well as balancing stricter IT security policies.
At the conference keynote, Young said CISOs and security administrators have a challenge going on with the seamless integration of technology into our lives. “Now what we need to go along with this transition is the seamless integration of security into our lives,” he said.
“Security is cumbersome for the average users, and they’ll go to great lengths to avoid us whenever they can either to enjoy their job, to do their job, or to be more efficient at their job,” Young said. “That presents all of us here at the RSA Conference with a major problem.“
“Do we lock it down or do we free it up?” he asked. “In the security community, we’re constantly torn between these two different extremes. Every time we push toward one of these approaches and we begin to adopt it, something else happens and it causes us to reverse our course and implement the other.”
Young continued that there’s a constant struggle among those in charge of IT security. On the one hand, users demand the ability to connect their devices to your network, connect to your network from anywhere, and while they’re at it, use third-party applications. In other words, they want you to free it up.
On the other hand, users demand privacy protection, integrity of the network, secured company data, and defense against malware, botnets, or any other unforeseen threats out there. In other words, they want you to lock it down.
Young reported that the enterprise is experiencing an average of 339 malware encounters per month. That’s a 200% increase over last year.
What’s a CISO to do?
“I believe that as security professionals what we’ve been given in most cases is a false choice. We all keep thinking it’s either free it up or it’s lock it down, but it can’t be one or the other,” Young continued. ”We need to have a way to have our cake and to eat it too. I believe we don’t have to make this compromise. We can have both.”
According to Young, while you can’t completely lock down your network or open it up entirely, the key is striking a balance between allowing users to be productive and keeping your network secure.
Young said it comes down to a higher level of network visibility and control knowing precisely where, when, and how access to your data and network occurs and by what or whom.
Luckily, the key to all this for security pros is easy to find. “It turns out that the answer has been hiding in plain sight. The answer is: use the network!” said Young. “Everything we do touches the network today, and our network is the connective tissue that binds us together.”
“When it comes to security, the network can deliver capabilities that we need unlike any other part of the infrastructure,” he said. “As the network has become the source for delivering our most critical voice, video, and data, so too should it become the source for delivering security.”
Of all the keynotes last month at RSA, I have to confess Young’s was the most compelling. I look forward to seeing what he brings to Cisco, and what Cisco offers security pros in the coming months under his watch.