Robb Reck: Embedding Security Throughout The Organization

If you want to scale security you can’t command it; you have to embrace it as a functional part of the organization.

“You can’t scale security if it’s being done by the security team,” said Robb Reck, CISO of Ping Identity in conversation with Cyalnce at the 2017 RSA Conference in San Francisco.

Security has to be embedded in the technology environment you’re deploying (think DevOps) or within the other departments, explains Reck. That’s the only way security can grow within an organization.

Watch the full video interview with Robb Reck here:

VIDEO: Robb Reck Interviewed at RSA 2017

Security As Part of a Product’s Functionality

Security has to be part of everyone’s job. But security doesn’t become everyone’s job just because the CISO has asked for it to be. It becomes part of everyone’s job because the organization embraces it, says Reck.

As a security professional, if you want to help the business, go back to the product teams and ask them what makes them successful, says Reck.  

“Once you’ve done that, and you’ve really been able to put yourself in the seat to say, ‘Hey, in order for us (security) to succeed they’re (the product departments) going to have to succeed,’ then when you come to them and say, ‘Here’s what we need to do to achieve the security goals of the company,’ they know you’re coming from the right perspective,” says Reck. “They know what you’re out to accomplish and they’re a whole lot more receptive to it.”


Ping Identity is the leader in Identity Defined Security for the borderless enterprise, allowing employees, customers and partners access to the applications they need. Protecting over one billion identities worldwide, the company ensures the right people access the right things, securely and (Read more...)

*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Cylance Videos. Read the original post at: