Rich Mogull - CEO/Securosis, CISO/DisruptOps
Our conversation with Rich Mogull was intended to provide an analyst view point on public cloud security. While Rich certainly delivered on this promise, the episode turned into something more important: therapy.
If you find yourself wondering if you’re burnt out from cyber security and life in general, this is for you. Our conversation with Rich starts with the work he does in disaster response, focusing on his recent time responding to the COVID-19 pandemic as a paramedic. He explains how key concepts of anti-fragility from responder culture such as “trench foot” and “changing your socks” also apply to the rough and tumble world of cyber security— especially in assessing yourself for burnout.
If you find yourself drowning in work and straining to catch up to the rest of the organization's push to the public cloud, this is for you. We discuss how this happens quite naturally in most places, resulting in a dysfunctional norm of security teams inadvertently being left behind but still responsible for protecting the public cloud. Rich lays out a recipe for getting back on track, starting with making sure it simply isn’t time to throw in the towel and find a better gig.
If multi-cloud seems impossible to defend with the skills and resources you have, you’re probably right. Rich takes us through the mind-boggling complexity of what it takes to stay on top of a single public cloud environment, let alone several. He doesn’t mince words in his unflattering assessment of the challenges with all 3 major cloud service providers: Amazon, Google & Microsoft.
We wrap up with a hopeful look at what lies ahead for protecting the public cloud. Rich and Dave share examples of how long standing problems such as re-architecting are now solvable and operational challenges can truly be simplified when mantras like “shift left” move from buzzword bingo to new reality.
Rich is the CEO of Securosis, a security research and analysis firm, and the CISO of DisruptOps, a cloud security automation platform based on his research. He has over 25 years of security experience and currently specializes in cloud security and DevSecOps, having started working hands-on in cloud nearly 10 years ago. He is also the principal course designer of the Cloud Security Alliance training class, primary author of the latest version of the CSA Security Guidance, and actively works on developing hands-on cloud security techniques.
Prior to founding Securosis and DisruptOps, Rich was a Research Vice President at Gartner on the security team. Prior to his seven years at Gartner, Rich worked as an independent consultant, web application developer, software development manager at the University of Colorado, and systems and network administrator. He is also an active disaster response paramedic.