By Sean Martin &  Marco Ciappelli

During our RSA Charge 2019 event coverage in Orlando, Florida, we connected with RSA executives, keynote speakers, presenters, panelists, and the InfoSec community to keep the CyberSecurity and Risk Management conversations going.

This is the collection of those chats:

• Rohit Ghai, President (RSA Security)

• Dr. Zulfikar Ramzan, PhD, CTO (RSA Security)

• Holly Rollo, CMO (RSA Security) and Tracy Edwards, MBE, British Sailor

• Jim Ducharme, VP, Identity Products (RSA Security)

• Tim Belardi, Director, GRC Technology & Third-Party Risk Management, Highmark Health

• Brian Drotleff, Director of GRC & Risk Assessments, KeyBank

• Steve Schlarman, Director (RSA Security) and Kelly White, Founder & CEO, RiskRecon

Rohit Ghai, President (RSA Security)

Digital technologies are driving significant transformations in business, government, and society. It’s the data that is fueling this transformation. Because of this, almost every company is a technology company; even when the main business or product has nothing to do with technology. The velocity of innovation can be mind-boggling—and with it comes an equal amount of mind-boggling risk.

The challenge for most companies is to identify that risk. Even more challenging is reducing exposure and mitigating the anticipated exposure and risk before the tech-enabled business processes and infrastructure are implemented.

To address this challenge head-on, Rohit tells us that companies need to learn to fight fire with fire—to battle risk with risk. It was a key element of his opening keynote during the Charge conference, and we got to dig deeper into this topic when we spoke with him.

We hope you enjoy the conversation.

Dr. Zulfikar Ramzan, CTO (RSA Security)

Ask 20 people what “business risk” is, and you will likely end up with 20 different responses. On top of that, it’s very likely that all 20 answers not only won’t match, but they probably won’t even relate to risk itself. 

Business risk is about how often something bad could happen paired with the impact it can have on the company activity and performance. There’s a small, yet precise, distinction between risk and threats, or even vulnerabilities: per RSA Security’s CTO, Dr. Zulfikar Ramzan, you’ll get a much clearer picture of what matters to the business and its operations when you think of risk in these terms.

We had a fun, in-depth, and educational conversation with Zulfikar, taking full advantage of being in the story-telling world of W. Disney, and even making some connections with his creativity, legacy, and business acumen.  

Have a listen and see if your own risk management story will end as you want it to.

Holly Rollo, CMO (RSA Security) and Tracy Edwards, MBE, British Sailor

Sometimes the best way to understand a topic is to talk about it while borrowing a different perspective, looking at it through a different set of lenses—either familiar ones or those that take us far outside of our comfort zone.

The team at RSA Charge—notably, RSA Security's CMO, Holly Rollo—did just that by bringing to the stage Whitbread Round the World Race winner, Tracy Edwards, MBE.

What does sailing have to do with risk management, you ask? The parallels are many. Don't take our word for it though, listen to our chat with Holly and Tracy as we take you around the world on a sailboat, telling stories of navigation, aggravation, competition, diversity, inclusion, and communication. Perhaps most importantly, this chat brings with it inspiration over tactics.

"We might die. Let's try not to."

—Tracy Edwards, MBE on Risk Management

This is an excellent story to learn about risk management, but it is so much more than that. It is an inspirational story about opportunities over the status quo, perseverance over adversity, and diversity over egos.

There's a ton to glean from this conversation. We hope you enjoy it!

Jim Ducharme, VP, Identity Products (RSA Security)

Knock, knock.
Who there?
A citizen of our beloved town. Lower the gate!
Password?
Ah__ mmm, 12345?
Yup. Welcome back!

—————

Now that you know the secret code, you can listen to this podcast with Jim Ducharme, VP of Identity at RSA Security.


Identity is not what it used to be. Our society has changed more in the last few decades than in the history of humanity — and that is because of technology.



One can argue that our habits, our rules, and the way we interact with each other haven’t changed as much — or maybe haven’t adapted, yet, to the way that technology has created a new social reality that brings new conveniences as well as new risks.

Maybe what we need is a new paradigm, a new way to look at what privacy and identity mean in this new cyber society.

In this conversation, we discuss the history, current state, and the future of identity, passwords, and overall access control in the digital world.

A conversation with Tim Belardi, Director, GRC Technology & Third-Party Risk Management, Highmark Health

If we want to seriously think about risk and risk management, there’s no better place to get a real sense of what it is than in the healthcare space — if something goes awry with a piece of technology here, the consequences can be dire.

However the medical and societal health benefits driven by the advancements in technology could be immeasurable; certainly life-changing for many. This is where the patient-centric business environment and operational model come in to play. Technology advancement is not just about making things better, faster, cheaper, but also more secure and safe - and why not, ethical.

We had the chance to talk about this topic with Tim Belardi, Director, GRC Technology & Third-Party Risk Management, Highmark Health. We spoke about exploring the need for trust and assurance throughout the entire healthcare ecosystem, including those operating as third-party vendors and suppliers to the core healthcare system.

Listen up and think about it.

Brian Drotleff, Director of GRC & Risk Assessments, KeyBank

Operationalizing security and risk doesn’t have to be tedious or discouraging. If done correctly, it can be advantageous and help the business build and deliver useful and fun services — securely, of course. This is precisely the philosophy that Brian Drotleff and his team at KeyBank adopt to approach and tackle the development of their security and risk management programs.

One primary goal at KeyBank is to make the banking experience as enjoyable as possible for its customers. To do this, they look at technological advancements - embracing digital transformation - that can power applications and services with features that balance security with customer satisfaction and excitement.

Ultimately, Drotleff and the team are working hard to become the team of “yes, securely” as opposed to being the department of “no, sorry.”

Get inspired.

A conversation with Steve Schlarman, Director (RSA Security) and Kelly White, Founder & CEO, RiskRecon

Only a small segment of the industry has gotten on board with the idea that they own the risk associated with the end-to-end supply chain that makes their business run. Many focus on their internal security posture, leaving the rest of the technology and information chain up for grabs when it comes to exploiting a weakness in a system, a service, or a partner’s employee’s user behavior.

Those that have taken steps to evaluate the security posture of their vendors often perform the evaluation when they onboard the new partner, leaving the posture to change over time without any updates to the risk profile they bring to the business.

Obviously, and given the relevance of this problem, there must be a better approach.

That’s where RSA Security and their partner RiskRecon come into play: together, they allow organizations to streamline the onboarding risk assessment process for their vendors while also providing a continuous security assessment that parallels how internal security teams assess, manage, and mitigate risk.

Learn more about this topic by listening to this conversation.