AWS Executive Insights / Security / ...
Security Leaders Share Their Thoughts on Generative AI
A conversation with security leaders from People.ai, Trellix, Red Canary, and AWS
Companies all over the world are in a race to onboard generative AI technologies and gain a competitive edge. However, identifying the right use case and knowing where to start is a major hurdle for many business and technology leaders. In this video, hear from three AWS customers and security leaders about how their companies are approaching generative AI.
Watch the video to hear generative AI perspectives from security leaders at People.AI, Trellix, and Red Canary. Listen in as these leaders share their thoughts on the security risks and benefits of generative AI and how they identified secure ways to start leveraging Gen AI for business.
What are CISO Circle participants saying about generative AI?
Danielle Ruderman (00:03):
Security and AI is a very broad topic, and we found that our CISOs are concerned in a couple of different areas, one obviously being ChatGPT, large language models. Their teams want to use them, their coders want to use them, so we have to talk about, as a CISO responsible for securing your organization, what policies and procedures do you put into place? How do you think about your teams using this?
I think what's interesting is that many CISOs want their teams to use it. They really see the potential of these tools, so we talk about what kind of guardrails you need to have in place, how to use them responsibly. Those are very important discussions.
Aman Sirohi (00:34):
What I think we are going to run into pretty quick is going to be around the AI risk. What is this risk exposure to your company, to your customers?
Every contract that I know about says third-party data cannot leave your environment and go to a third-party source. Now whether it's whichever AI model you want to use, that data is now leaving your environment, going to a third-party source and coming back and giving you some answer. So I think there's going to be a lot of change in how legal looks at it, how risk is assumed by the customer, by the company. I think there's going to be a lot of innovation in the space.
Danielle Ruderman
Senior Manager, WW Security Specialists, AWS
Aman Sirohi
Chief Information Security Officer, People.ai
How are CISOs finding secure ways to leverage generative AI?
Danielle Ruderman (01:19):
We also see some real aspirational thinking in what the future means with AI. Some of our CISOs feel that this is an amazing opportunity for us to scale bringing new talent into security.
Sometimes the on-ramp, like getting people the knowledge they need, can be challenging, but maybe these tools are something that can help a junior SOC analyst or other security folks really lean in and get the tools they need and develop skills faster, which will really help us as an industry develop more security professionals.
Martin Holste (01:45):
Well, in business terms, you have to start using generative AI or you're going to fall behind. So as a CISO, you have to find a way to allow your people to be productive, but also, do it in a safe way.
I'm a huge proponent of using generative AI as much as possible in a standard business. And so, we do a lot of training internally on how to use all kinds of different AI so that they can be more productive. Along those lines, we also have controls in place to make sure that it's impossible for them to accidentally copy and paste something to go where it shouldn't.
Martin Holste
CTO, Cloud, Trellix
Do the benefits of generative AI outweigh the security risks?
Danielle Ruderman (02:14):
I think the third thing that's been very interesting is the promise of AI to help even mature security professionals lean into what they have to do. Imagine if you're analyzing logs and you've learned to code in a certain language, maybe Python, but now you need to go analyze logs and learn how to write SQL queries. The barrier there is having to learn these different languages to extract. You know where the data is, but you have to learn how to pull it out with the different code. Imagine if you could just tell the AI what you want to do and what data you want to pull together to do your analysis, without having to learn all these different esoteric coding models.
There's a lot of power there that can really help us speed the time to investigations, and really help everyone from our junior security professionals to our very mature professionals do their jobs faster.
Chris Rothe (02:58):
The big challenge in security ultimately is there's not enough people to go around. And so that's why it's so important the work that AWS does in terms of making the platform more secure and the services more secure, inch by inch, mile by mile.
Generally speaking, we want everyone across the Red Canary team using generative AI in a way that makes sense for their roles. Whether you're a sales person and you've just had a great call with a customer and you need to put together a follow-up email, let's make that faster and make the quality of that communication better. Because ultimately, that's better for the customer and better for you, because it took you five minutes instead of maybe an hour.
So that's been our approach, is to make sure that everyone can use it in a safe way. But I think we're early in that in terms of learning what are the pitfalls and what are the challenges associated with that? What type of legal things are going to come up over the next several years as it relates to generative AI?
Chris Rothe
Co-Founder & CTO, Red Canary
About the leaders
Aman Sirohi
Chief Information Security Officer, People.ai
Aman Sirohi is the Chief Information Security Officer at People.ai. He has broad experience envisioning and delivering a wide range of security solutions in complex, multi-stakeholder environments globally in industries including technology, consulting retail, fintech, and supply chain. Aman is passionate about security and helps organizations build deep levels of trust with customers, employees, and partners. This passion has driven him to stand up high performing teams that deliver transformational outcomes for customers and partners. A people-first leader with diverse business experience, Aman has been considered a trusted advisor and strategic problem solver who enables the business to raise the bar while delivering better for customers.
Martin Holste
CTO, Cloud, Trellix
As CTO for Cloud, Martin is responsible for shaping cloud security and AI offerings, developing the corporate cloud security strategy, and passionately working with customers to improve their security outcomes. Prior to serving as CTO for Cloud, Martin led teams working on machine learning and founded the cloud-native Helix XDR Platform at Trellix. Before Trellix, Martin spent nearly a decade in penetration testing, incident response, and threat hunting while serving as the Incident Response Team Lead for the State of Wisconsin.
Chris Rothe
Co-Founder & CTO, Red Canary
Chris co-founded Red Canary in 2014, leads technical strategy, and has built many of the tools and teams that Red Canary uses to acquire and serve customers today. Prior to co-founding Red Canary, Chris led software development teams and architected large data-processing systems for the defense and intelligence community.
Danielle Ruderman
Senior Manager, Worldwide Security Specialists, AWS
Danielle Ruderman is a Senior Manager in the Worldwide Security Specialist organization at AWS, where she leads a team of global security specialists. Danielle has been with AWS since 2016. Her technical career has spanned more than 20 years, with enterprise companies as well as startups and government organizations. Today, Danielle enjoys discussing how to build organizational cultures that reinforce security controls, and design systems and mechanisms that "make the right thing easy" so security can be a business enabler.
Take the next step
Innovation
Learn how industry leaders sustain continual innovation that grows their business and delivers differentiated customer experiences.
Listen and Learn
Listen to executive leaders and AWS Enterprise Strategists, all former C-Suite, discuss their digital transformation journeys.
Stay Connected
AWS Executive Insights is a digital destination for business and technology leaders where we share information, best practices, and event invitations.
Unlocking the Value of Generative AI for Business Leaders
Learn how to integrate generative AI/ML into your organization.