Paul Vixie (08:30):
My introduction to CISO Circles was, “Gee, Paul, could you go to…” — it was Madrid in this case — “and participate in a CISO Circle?” So I had to say, “What is that, and what would my participation look like?” I'd only been here a year at that time. It may be that this calls for somebody with greater expertise about sort of who we are and how we got here than I currently have. And I went and it was terrific because what we had was a bunch of CISOs from a particular industry who had come together. And the whole thing is under a bit of an NDA, you're expected to be able to speak freely because the other people in the room are not going to repeat what you've said.
Clarke Rodgers (09:20):
Chatham House rule.
► Watch the video: Get to Know the AWS CISO Circles Program
Paul Vixie (09:21):
Chatham House rules, and these are, in some cases, competitors. They're CISOs of companies that are in the same industry maybe or in the same region, and they wouldn't normally share ideas or share experiences. But because they were in our house and we were there and we were kind of moderating the discussion and seeding the discussion with some presentations about various bits of technology and then encouraging discussion, encouraging challenges, encouraging, ultimately, what turned out to be an argument among themselves.
It was beautiful to see, because that's one of the things that any mid to large company has got to be able to do, is to benefit from the experiences of their competitors. And we should not be trying to compete based on who is more secure, because if you and I are in the same industry and you get popped, that still hurts me and it probably means I'm next. So in this way...
Clarke Rodgers (10:24):
So sharing information and best practices...
Paul Vixie (10:26):
Yeah, we need to stand shoulder to shoulder in some areas, even while competing in others. And they ended up getting to know each other, figuring out how much trust they could extend without risking their company's secrets and so forth. And the intent is that they stay in touch with each other after the event. And of course, inevitably that means somebody will say, “Oh, well, I had this terrible experience with some API in the cloud that day,” and somebody else will say, “Well, it works for me,” and if they end up complaining to each other about us, well, if we have it coming, then we should embrace that too.
"That's one of the things that any mid to large company has got to be able to do, is to benefit from the experiences of their competitors… We need to stand shoulder to shoulder in some areas, even while competing in others."
We're not going to be able to get better at serving our customers if we don't know what's going wrong. So, it turns out to be a huge source of business intelligence for us. “Oh, I wish I had…” and sometimes you get to say, “Actually, that exists.” We're a very big company and we innovate a lot, and we do create new features or new technologies at a rate that no customer could keep up with. I mean, it's my job to do so, and I have a hard time keeping up with it.
So, we have to have that customer interface where somebody knows what the customers’ problems are and what the industry's problems are and what they're doing and how they're doing it, what their pain points are. Turns out we have people that are doing that that the customers don't know they should be making time to meet with on a regular basis. And if the CISO Circle helps that happen, onesie-twosie, I hope it then spreads by word of mouth and becomes a movement.
Clarke Rodgers (11:59):
Fantastic. Well, Paul, thank you so much for joining me today.
Paul Vixie (12:02):
It has been great. Thanks again for having me.