Security leadership

Insights and strategies to secure the modern enterprise

AWS security conversations

Security is in our DNA: A Conversation with AWS CEO Matt Garman

In this Executive Insights podcast, Clarke Rodgers, Director of AWS Enterprise Strategy, interviews Matt Garman, CEO of AWS, exploring the company’s deeply rooted security culture. Garman, who was also AWS’s first product manager, discusses how security has been "priority zero" since the company's inception. From upholding cloud security best practices to navigating AI security challenges, Garman discusses how AWS embeds security into every aspect of its operations.

Watch the video

Right-Sizing Security Across Amazon Businesses

Security leadership requires a holistic approach across physical and digital domains — and Amazon's diverse business portfolio presents unique challenges and opportunities in both realms. In this interview with Steve Schmidt, Amazon's Chief Security Officer, we'll explore how Amazon implements security across AWS, amazon.com, Whole Foods, Prime Video, Kuiper and more. Join the conversation as Clarke Rodgers, Director of AWS Enterprise Strategy asks Steve about how Amazon standardizes security across businesses, leverages generative AI to improve application security, and enables comprehensive threat intelligence through tools like MadPot.

Watch the video

Adapting Security Practices to the New Threat Landscape

In this Executive Insights podcast, Amazon CSO Steve Schmidt, AWS CISO Chris Betz, and AWS VP, Security Assurance Sara Duffer for an insightful panel discussion about the evolution of security best practices in the modern era. Learn how emerging technologies are reshaping the risk landscape, how to prep for new compliance regulations, and how to enact the right governance strategies to keep your organization secure at every level.

Watch the video

Conversations with Security Leaders

Join Clarke Rodgers, Director of AWS Enterprise Strategy , as he interviews security leaders across the AWS organization and beyond, discussing everything from establishing a security department, to mitigating security risks, to achieving regulatory compliance, and building security culture into everything we do. Click here to browse the full series.

Securing Generative AI: What Matters Now

IBM and AWS recently partnered with Oxford Economics to survey 200 executives regarding their generative AI initiatives and enablement. The study revealed a concerning trend of executives prioritizing innovation over security (70%), despite also stating that secure and trustworthy AI is essential to business success (82%). Read the report to learn what it takes to implement generative AI data security.

Read the report

 

Securing Generative AI: What Matters Now

Security foundations

No business can thrive without a strong security foundation. But what elements make some organizations more secure than others? Learn from executives why it’s essential to prioritize security culture, data strategy, and enabling innovation as key functions of your security organization.

Establishing security standards and educating your workforce on the importance of security is a crucial first step to reinforce your organization’s security posture. After all, many malicious actors still rely on basic phishing schemes. In this video, hear from Sara Duffer, Director of AWS Security Assurance and former Technical Advisor to the Amazon CEO about why security culture is so important and what role the CEO plays in building and reinforcing security standards.

Watch now

As generative AI continues to reshape industries, organizations must adapt by cultivating a robust and secure plan for data storage and management. In this podcast, AWS Enterprise Strategist Clarke Rodgers joins guests from IBM Security to discuss the importance of data strategy for AI use cases.

Listen now

Discover how to mitigate vulnerabilities earlier in the development process through the principles of Secure by Design. AWS recently partnered with SANS Institute to explore how security by design helps organizations prioritize foundational security that meaningfully improves technical and business outcomes. Read the whitepaper to learn how you can get started on the path to building secure products with a multi-layered strategy.

Read now

In this interview with AWS CISO Chris Betz, learn how the role of the CISO is evolving. Where security organizations were often seen as blockers to innovation, AWS advocates for a security org that enables greater innovation through trusted security mechanisms.

Watch now

Find your community with AWS CISO Circles

CISOs and CSOs come together in locations all around the world to discuss the biggest security topics of the moment with their peers in our CISO Circle communities. With NDAs in place and Chatham House Rule in effect, security leaders can feel free to speak their minds, ask questions, and get feedback from peers through candid conversations facilitated by AWS Security leaders.

Learn more

Podcasts for security leaders

Security never sleeps, that’s why we’ve prepared a robust catalogue of audio content to inform and entertain security leaders on the move.

Two-minute security trainings

At AWS Security, we talk with CISOs daily, covering everything from common challenges they’re facing to their security aspirations for the future. We often hear a lot of the same questions around security culture, compliance, and threat mitigation. Start your conversation off right by watching these two-minute training videos on our most-requested topics. And catch our full Cloud for CISOs training series on YouTube.

Cloud for CISOs training series

Research and resources for security leaders

Refine your search:

 Clear your search
  • Publication Date
  • Alphabetical (A-Z)
  • Alphabetical (Z-A)
  • Recently Added
 We could not find any results that match your search. Please try a different search.
1

Frequently Asked Questions

Security leadership embodies the proactive stewardship of an organization's safety and integrity. It signifies a commitment to safeguarding sensitive data and the trust and confidence of customers, partners, and stakeholders. Put simply, a security leader is responsible for creating and implementing robust security measures that mitigate risks, protect against immediate threats, and anticipate the evolving security needs of the business. And at AWS, every employee is a security leader, trained to prioritize security in every aspect of work, protect and use data responsibly, and report any perceived security threats or vulnerabilities to the business.

Security leadership is not merely a reactive posture but a strategic necessity—one that involves staying ahead of emerging threats, complying with regulatory requirements, and nurturing a culture of security awareness among employees. Effective security leadership fosters an environment where innovation can thrive securely, enabling adoption of technologies like generative AI and machine learning.

Overall, the concept of security leadership goes beyond just guarding against breaches; it entails shaping a resilient, forward-thinking organization that can navigate the complex and evolving landscape of cybersecurity while also embracing opportunities for growth and innovation.

Just as data security is fundamental to business success, a leader's commitment to cybersecurity is essential. Business leaders of every level, from the Board of Directors to the CEO, must champion a culture of security within their organizations. This entails instilling awareness and best practices among employees, emphasizing the importance of data protection and cybersecurity best practices.

Beyond fostering a security-conscious workforce, leaders are responsible for crafting and implementing robust cybersecurity strategies. They must allocate resources, invest in state-of-the-art technologies, and remain informed about emerging threats. Compliance with industry-specific regulations is also part of their purview, as non-compliance can lead to severe financial and reputational consequences.

Ensuring proactive risk management is another responsibility for business leaders. They must anticipate and mitigate potential threats, ensuring the organization is resilient in the face of evolving cyber challenges. Leaders should also encourage innovation in security practices, embracing technologies like generative AI to remain vigilant against emerging threats.

Having a modern security practice is pivotal in safeguarding the organization's data and reputation—its most precious resources. Data breaches not only put sensitive information at risk but also damage the confidence of customers, partners, and stakeholders, potentially resulting in severe financial setbacks and harm to the organization's overall image and standing.

Furthermore, regulatory compliance is a non-negotiable aspect of modern business. Security leaders ensure the organization adheres to industry-specific regulations, avoiding crippling fines and legal repercussions that could disrupt operations and create a devastating domino effect.

Apart from mitigating risks, cybersecurity maturity is the foundation for an atmosphere of trust and assurance throughout the organization. As data remains secure, businesses can boldly venture into advanced technologies, propelling innovation and securing a competitive advantage.

In summary, having a modern and mature cybersecurity program is essential to protect assets, ensure compliance, and enable innovation. Every organization should ensure security leaders have a seat at the table when planning strategic business objectives. Only when security dependencies and innovations are prioritized can the business ensure sustained success in an environment filled with constant threats and evolving challenges.