Jeff Schwartz, CISSP, is the VP of Engineering, North America, for global cyber security company, Check Point Software. He manages a team of 200~ engineers across multi-disciplinary fields, and is responsible for all security engineering resources across a $700 million portion of the business, in North America. Over his 20-year career in cyber security, Jeff has consulted, designed, and overseen the implementation of the largest network security deployments across all major industries and with Fortune 500 and major government agencies.
In this second interview of our two-part interview series, Jeff Schwartz discusses important issues for CISOs around automation and his visions for the future. Did you miss Part 1? Click here.
- What should CISOs consider with an automated security solution?
“Automation increases what CISOs can accomplish and achieve. Central questions to think about in determining whether or not to purchase automated security solutions include:
- How can CISOs support their business partners with greater agility?
- How can CISOs reduce the security failure rate, from a security ops perspective? The smallest of security failures can have an outsized outcome.
- How quickly can CISOs identify, quarantine and remediate the small fraction of failures that they are seeing? To encourage business partnerships, qualitative advantage is essential.
As a general rule, an ounce of prevention is much more valuable than a pound of cure.”
- What are the industry sectors that wouldn’t necessarily benefit from automation?
“The reality is that everyone would benefit from automated security, but for some companies, there are tradeoffs.
For example, a pipeline oil and gas company that wants to be innovative also risks the potential consequence of a pipeline disruption if they make a mistake. An outage in a pipeline business can cost millions of dollars per second, or per day.
Some of the airlines are highly innovative from an automation perspective. For example, for an arriving aircraft that needs maintenance, automation allows staff to have mechanical parts ready and waiting at a destination. At the same time, an automation-related mistake within air travel can be disruptive, both operationally, and in terms of public safety. The possibility that a mistake could occur through automation means a huge risk.
So, there is a way to create a balance, but in each industry, in each company, there needs to be a cultural determination between being able to fail forward (to take a risk, and see unwelcome consequences) and being able to bring stability and resilience to that environment.”
- Where is the field of security automation headed?
“I think that automation is going to be applied to an increasing number of environments. In a past interview, we spoke about specific use cases within healthcare and retail…These industries require a lot of infrastructure, but they’ve also been able to adapt to an automated model. So, I think automation has a long way to go, and when we look at the average enterprise, most are far from actualizing automation to its full extent.
In addition, as things like 5G, edge computing and IoT become more pronounced, these types of assets will also need security. The demand for proper security of these environments will increase over time.
I think that it’s incumbent upon organizations to consider the security consequences of their automation-related decisions, and to be able to introduce needed solutions that can mitigate the threats and address the concerns.”
- Do you think that the prospect of automated functionalities will dissuade young people from pursuing careers in cyber security?
“No, I think that cyber security has never been more in vogue and in greater need.
In security, the threats are growing, and as a result, there will be more for security teams -especially those that are offering AI-based solutions- to address.
The innovation will accelerate, and the need for that innovation, and those able to produce and sell it, will increase.”
Jeff Schwartz, VP of Engineering, North America for Check Point Software, thank you for your insights.
Did you find these interviews informative? Check back for more exclusive interviews with high-level industry experts, only on Cyber Talk.