There are great stories in the security industry that aren’t being told. Fascinating people who fly below the radar and aren’t being heard. We know because we encounter them in hallways, hotel lobbies and just about everywhere imaginable across the globe. Everytime we think “I wish I had recorded that conversation so that everyone could hear it…” Our goal with Security Voices is to provide a place for clear-headed dialogue with great people that’s unencumbered by the hyperbole and shouting that’s far too common in security circles. We don’t have anything against sponsors or sales pitches, but they run counter to our goal of cutting through the noise,  so we don’t have either. We’re aiming for 100% clear signal. 

Got feedback? Drop us an email: info@securityvoices.org



Chief Technolgy Officer,  RSA

Discussing cryptography is usually a surefire way to end a dinner conversation. It combines two things that intimidate (and bore) many people: hard tech and complex math. In spite of this, cryptography is on center stage today as it is the very foundation of defending our privacy and perhaps unlocking how we can safely share health information in the midst of the pandemic. There are few people who both understand and can explain cryptography in plain English better than Dr. Zulfikar Ramzan, CTO of RSA.


Our hour long conversation with Zully tackles how concepts such as zero knowledge proofs and multiparty computation might be applied during the current COVID-19 pandemic.  Historically, sharing healthcare information has been an “all or nothing” affair with difficult privacy trade-offs being made in  the name of ensuring we receive the right care at the right time.  Zully takes us through how long standing encryption concepts, now made practical by advances in computing, may allow us to selectively share vital health information such as vaccination records or test results without sacrificing our personal privacy.

Zully also explains how cryptographers are preparing for a world where quantum computers can make short work of our current encryption practices. He draws perspective from the mid-90s when the Advanced Encryption Standard (AES) was being developed and explains the road ahead for promising lattice-based methods that could form the basis of a new, post-quantum AES replacement.


Beyond cryptography, we discuss Zully’s role as CTO at one of the most iconic brands in security. He takes us through “a day in the life” and explains his responsibilities beyond being the company’s spokesperson. Perhaps more importantly, Zully explains how he balances all of this with his family where making crispy cauliflower takes priority over factoring prime numbers.

About Zully

As CTO, Zulfikar Ramzan leads the development of RSA’s technology strategy and focuses on bringing to market the innovations that protect RSA customers from the growing number of advanced threats.

Prior to RSA, Ramzan served as CTO of Elastica (acquired by Blue Coat), where he leveraged machine learning and natural language processing to enable customers to more securely use cloud services.


Before Elastica, he served as Chief Scientist of Sourcefire (acquired by Cisco) and malware analytics company Immunet (acquired by Sourcefire). Ramzan was previously Technical Director of Symantec’s Security Technology and Response division and architect for the company’s reputation-based malware detection technology.


Ramzan holds over 50 patents and a Ph.D. in electrical engineering and computer science from MIT.



Chief Security Officer, Akamai

The average tenure of a CISO is 26 months due to high stress and burnout, according to a recent survey. In stark contrast, Andy Ellis has now been CSO at industry titan Akamai for over 20 years. Jack & Dave explore Andy’s longevity formula in a 70 minute interview that spans everything from his advice to young security leaders to the death of live events and why it’s perfectly fine if your favorite wine is a $16 malbec. 


While most of our episodes gradually ease into a more focussed conversation, our discussion with Andy jumps straight into the subject of applied human cognition— a common theme of his presentations and writing.  He explains how his understanding of human thought patterns and biases directly influences his approach to conducting risk assessments and dealing with especially thorny conflicts. Far from theoretical, Andy breaks down exactly how he and his team enable Akamai to self assess and internalize risk in a fashion that expedites projects where the security team might otherwise be a bottleneck.


From his vantage point at Akamai surveying a sizable amount of the Internet’s traffic, Andy shares their insights from both observing and responding to the pandemic, starting with their move to a ZeroTrust model. Some aspects of COVID-19, such as customers’ struggling to pay bills and how to best help them, are similar to past crises. Others are utterly unique. Jack and Andy explain the crisis likely permanent impact on live events (e.g., industry conferences) and what they may evolve to in the future.


We also discuss the fine line Andy, Jack and Dave walk in the cybersecurity community of being both a vendor and a practitioner. How does one remain objective when you also represent a company that has to sell products or services to exist? How can one neutralize the perceived bias or even the stronger allergic reaction that some have against vendors? While there’s no surefire solution to such a complex matter, each of us shares our tips and learnings as we (and the industry as a whole) aim to strike the right balance.


We wrap up with Andy taking us through how to pick a good bottle of wine. In the same manner as he tackles complicated cybersecurity issues, Andy breaks it down into simple steps that are illustrated with his own colorful experience.

About Andy

Andy Ellis​ is Akamai’s Chief Security Officer, and his mission is “making the Internet suck less.” Governing cybersecurity, compliance, and safety for Akamai’s planetary-scale cloud platform since 2000, he has also designed and brought to market Akamai’s TLS acceleration network, its DDoS defense offerings, and several of the core technologies behind its security solutions. Andy has also guided Akamai’s IT transformation from a flat password-based network to a distributed, zero-trust enterprise based on strong authentication.

Andy is a graduate of MIT with a degree in computer science, and has served as an officer in the United States Air Force with the 609th Information Warfare Squadron and the Electronic Systems Center.

Also active in Internet policy and governance circles, Andy has supported past and present Akamai CEOs in roles on the NIAC and NSTAC, as well as serving on the FCC’s Communications Security, Reliability, and Interoperability Council. He is an affiliate of Harvard’s Berkman Klein Center, and a guest lecturer in executive education at MIT and the Harvard Kennedy School. He is a frequent speaker on topics of Internet security, anthropocentric risk management, and security governance; and occasionally blogs at www.csoandy.com. He can be found on Twitter as @csoandy, where he discusses security, wine, American football, and hairstyling.



Researcher, Co-Founder Open Crypto Audit Project

The misinformation spread during the COVID-19 pandemic has made what happened with the 2016 U.S. elections look like the “good old days.” Epidemiologists are on center stage trying to explain complex topics to billions of people concerned for their lives-- and sometimes politicians are aiming to do the same. The multiplier effect is how hopelessly entangled challenging technical issues like end to end encryption and contact tracing via bluetooth on mobile phones are now also being publicly debated.


The most natural reaction? Confusion. Kenn White is here to help.


During our 60 minute conversation with Kenn, Jack and Dave go past the headlines trumpeting Zoom’s security issues in an attempt to lay bare the real issues with their recent missteps.  Their initially misleading claims around end to end (E2E) encryption is our primary focus, but before diving deep into Zoom, Kenn explains exactly how hard it is to make it work by describing his 2 year journey to deliver E2E encryption at MongoDB. We pull apart the remaining concerns and Zoom’s impressive response to provide our take on just how worried you should be, from Johnson Elementary School to the defense industrial base.


Kenn has a unique perspective on the idea to use contact tracing via Bluetooth to identify who infected people have been in proximity to in order to slow the spread of a disease.  Having spent 10+ years supporting clinical trials, he explains why using our mobile phones to make contact tracing during the COVID-19 pandemic is unlikely to be successful in the near future. 


We hope this conversation with Kenn brings you clarity and calm at a time when both are in short supply.

Note: We spend the first ~15 minutes talking about coping strategies during the pandemic. If you’d like to jump straight to the content focused on E2E encryption it begins right around the 15 minute mark.

About Kenn

Kenneth White is a security engineer whose work focuses on networks and global systems. He is co-founder and Director of the Open Crypto Audit Project and led formal security reviews on TrueCrypt and OpenSSL. He currently leads applied encryption engineering in MongoDB's global product group. He has directed R&D and security Ops in organizations ranging from startups to nonprofits to defense agencies to the Fortune 50. His work on applied signal analysis has been published in the Proceedings of the National Academy of Sciences. His work on network security and forensics has been cited by the Wall Street Journal, Reuters, Wired, and the BBC. He tweets about security, privacy, cryptography, and biscuits: @kennwhite.

  • Facebook
  • Twitter

© 2019 Security Voices.org