David is the Senior Vice President for the Oracle SaaS Cloud Security engineering and operations organization. Previously, David was the public Cloud Security Engineering Director in the Google Security and Privacy organization and his preceding 18 years were spent with Microsoft in numerous security cloud, product and engineering leadership roles. David holds a B.S. in Computer Information Systems as well as an MBA with a Management Information Systems concentration and is a longtime advocate of security application and technology, stemming from his U.S. military service background.
In this edited interview excerpt from the CISO’s Secrets podcast, SVP & CISO for Oracle SaaS Cloud Security, David Cross, shares insights into his unique career journey, the cloud security evolution, and artificial intelligence. Don’t miss this!
We are very fortunate to host this interview with David Cross!
It’s pretty exciting to be here.
I like to say that I’m just a ‘worker bee’, but one who likes to make things happen. I’m a multi-tasker; a quality that’s inherently relevant to security.
Cyber security is not a single task. It’s multi-tasking. You’ve got to jump into many things, all at the same time.
You’ve got to keep things moving. And that’s why it’s a great fit for some people, like myself.
You know one of the things I’ve said for a long long time is and that’s really so awesome about this industry is that no matter when you get in, you’re getting in at the beginning of something.
Would you like to share a bit about your background, which is quite storied and impressive?
Sure thing. At the very beginning of my career, I was in an electronic Navy attack squadron, the EA-6B Prowler. I am very thankful to the United States Service. It really helped me in my career…
This kicked off my passion for security. Electronic warfare. The threats. The offensive attacks, those type of things that are both virtual and electronic.
And that was early too…For you to have been thinking about the intersection of the virtual world and security, at such a point in time, is pretty interesting.
Well, going back to my earliest days with the squadron, we didn’t really have network computers. We had embedded weapons systems that were based on DOS.
And as we evolved, in just in a couple of years…we went to Banyan Vines for their computer systems. But then in our plane, we had our prototype — and I can’t go into much more detail than this — but we had the Toshiba laptop, with NT 3.5 on it…And at this point, the world was changing…And the threats and risks changed with it.
You talk about the attack squadron…Here we are 20-30 years later…How do you feel that your experience in the military influences your role today?
At that point in time, not a lot of people were thinking about security.
Long story short, we were coming back from our last deployment, I was in an aircraft carrier. I was standing watch in the ready room. My commander wants me to sign-up and do another tour. And my thinking was ‘no, my time is done’.
I then stopped at the naval exchange bookstore, in Naples, Italy, and I picked up Bruce Schneier’s first book, Applied Cryptography. And as I was reading that, I realized ‘this is what I need to do’.
And it wasn’t my domain at that point. I was not a cryptographer and I wasn’t into cyber security. But after my experience and after I saw the transformation in terms of what was going on in the military…I felt that it was the time to jump in.
What are your views on cloud and how the cloud is evolving within the security space?
Absolutely. I spent a lot of my time on the operating system layer and on things like Windows. But then it became clear that the cloud was emerging…And you really just had to jump in.
Otherwise, it would be like saying ‘no, I’ll never use online bill pay, it’s too dangerous!’ Not for me. But, once the gate opened…
Right, otherwise it would be like saying, ‘I’d rather keep buying stamps!’
…It’s not ‘if’ everybody’s moving to the cloud, it’s ‘when’ you’re moving to the cloud. There’s no getting around it.
For how long do you think that your favorite mail server on bare hardware is going to be produced and supported at this point? It’s going away.
There could be some things that remain on-premise, but let’s look at reality. We have to accept emerging technologies. Just like AI.
Is AI going to go away? We already know the answer to that, don’t we?
Right, not a chance. With your background, I’d love to hear you talk a little bit about your views on AI.
With AI, we’ve had ML for a long time, but now we’re witnessing a transformation. Pretty exciting, right? I think that now is the opportune time for us to develop applications, as we did when computer infrastructure came out.
My real question to you is, when are we going to adopt the laws of robotics that Issac Asimov came up with so long ago? Isn’t that the same as AI?
That’s a great question, David…
I was born and raised in Detroit, an area home to the auto industry. At one point, it was thought that automation within the auto industry would kill jobs.
But it hasn’t. The auto industry has survived. The manufacturing and the roles have not changed.
AI is likely to have a similar effect. People fear that it’s coming for jobs, but the reality is that it probably won’t make a dent in that regard.
Another element that’s been hinted at a few times is that — whether you’re an engineering leader, a security leader or any other type of leader — things are going to change, and you have to keep learning.
The moment you stop learning is the moment that you’ve plateaued, and then you’re declining into the ocean.
AI is the next big thing — Am I going to reject it? No. Am I going to embrace it and learn it? Yes. It’s just like the cloud. We had to embrace it and learn it…
Another thing that I like to say is that it’s not about how hard you work, it’s about how much you invest in yourself. And that is what really makes a difference in people and the world.
You can choose to ignore the latest technology…But I think your point is spot-on. The fascinating stuff is the unknown; it’s not the stuff we know.
And I think that’s what’s exciting about this industry, right? The cloud, IoT, SASE…The list goes on in terms of things that are coming to the fore.
Listen to the full podcast here.