Anish Saripalli, Vice President of Offensive Security Research and Attack Surface Validation at Wells Fargo explains how analytics and technology advancements are shaping the future of cybersecurity
C: How do you perceive the current landscape of data security and analytics and how it's evolving? What kind of strategies do you think are pivotal at the moment for staying ahead?
A: The current landscape of data security is rapidly evolving, driven by the proliferation of various sources that provide data, including cloud computing, mobile devices, IoT devices, and other sensors. This is leading to increasing sophistication of cyber threats as hackers use the same data to improve their hacking tools.
Key strategies include integrating analytics with security. Traditionally, analytics were used to measure business metrics, but now, incorporating them into security can greatly enhance an organization's security posture using new technologies like machine learning and AI to identify patterns and flag behaviors indicating potential threats.
Another strategy is continuously validating security posture through testing such as red team testing, blue team testing, and penetration testing to identify and remediate vulnerabilities before they are exploited.
Lastly, investing in cyber resilience is crucial—not just in tools or teams, but in creating a culture of security awareness throughout the organization. Everyone from the CEO to the janitor needs to be aware of the potential cyber threats they could face, such as phishing links for CEOs and compromised physical security like broken locks or IDs for janitors. It's essential for all organizations to employ these strategies proactively as data security and analytics become increasingly critical.
C: Following up on the proactive approach to monitoring enabled by recent technology advances, particularly in machine learning, how has this changed your capabilities?
A: With the rapid changes in AI and machine learning, we're really changing the way we detect and respond to security threats. By employing these technologies, we can analyze patterns and learn from historical data, which allows us to predict and identify potential threats with high accuracy and often before they occur.
This is a game changer because, in the past, there was a significant delay from the time we were attacked to when it was detected. Now, this time is getting shorter, allowing us to respond to incidents much faster and mitigate them before they escalate. AI and machine learning enable us to detect anomalies and remediate them often before they become exploitable and known to the public at large.
This shortening of the time between an attack and its discovery is a significant advancement in our response capabilities.
.png?width=1200&name=CDAO%20APEX%20Financial%20Services%202024%20-%20Register%20Now%20(8).png "CDAO APEX Financial Services 2024 - Register Now (8)")
C: How do governance, compliance, and ethical considerations shape your approach to offensive security research and attack surface validations?
A: Governance, compliance, and ethical considerations play a critical role in our research testing. Governance provides a structured framework and authorization oversight to ensure our activities align with company intentions and protect our customers' data and reputation.
Compliance is about adhering to all legal and regulatory standards, such as HIPAA, which is crucial when handling customer data to ensure privacy and safety. This involves documenting and reporting every aspect of our testing from start to finish, demonstrating due diligence and compliance with security practices.
Ethically, we ensure our testing stays within an approved scope, protecting sensitive customer data from leaks and unauthorized access. If we discover vulnerabilities, we disclose them to the business immediately and collaborate with teams like the Blue Team and Purple Team to remediate and validate the issues before they become public. Thus, governance, compliance, and ethical considerations are integral and the first thing we consider in our testing process.
C: How do you think quantum computing will affect data security, particularly encryption, and what are your preparations for this emerging technology?
A: Quantum computing represents a significant transformation in technology, offering both opportunities and challenges. One of the key opportunities is its ability to process larger datasets and more transactions at a faster pace.
However, a major challenge is that current encryption standards cannot keep up with quantum computing and will be easily broken once quantum computers become widespread. It’s estimated that by 2030, most organizations will be using quantum computers, and shortly after, quantum computers might become household items. This poses a risk as hackers could use these to break traditional encryption methods.
At Wells Fargo, we are proactively adapting to quantum computing. We predict that within the next ten years, we will have fully adapted our systems to use quantum computers securely. We are currently focusing on developing quantum-resistant cryptography, known as post-quantum cryptography (PQC), to secure customer data against the potential threats posed by quantum computing.
To prepare for quantum computing, organizations should engage in research and development to explore quantum-resistant algorithms and invest in quantum technologies. It's also crucial to enhance education on quantum technology for employees, similar to how cloud certifications are currently emphasized. This preparation is a long-term strategy that requires ongoing effort and adaptation as the field evolves rapidly.
C: Can you discuss the challenges and opportunities presented by strategically integrating and having a unified approach across different teams and technologies in cybersecurity?
A: At Wells Fargo, we have a comprehensive cybersecurity team that includes a red team, a blue team, and a purple team, along with cyber threat management. This integration is crucial because cybersecurity is ultimately a team effort, and we all must work together.
One challenge in a unified approach is coordinating access to tools and software across different teams. Delays in access can increase the window of opportunity for hackers, so reducing these delays is critical. Ensuring everyone is on the same page is another challenge due to the scale of our teams and the diversity in their functions and skills.
Communication is key, especially when it involves explaining complex vulnerabilities to different parts of the organization that may not have technical backgrounds. We strive for all team members to be proficient in current technologies, such as cloud computing, and we are preparing for future standards involving AI and quantum computing.
The opportunities of a unified approach are substantial. It enhances our threat detection capabilities by ensuring that all teams are informed and can act quickly on threats detected by any part of the cybersecurity infrastructure. It also fosters a culture of security awareness throughout the organization and gives us a competitive advantage, as customers are more likely to trust an organization that demonstrates robust and coordinated security practices. The unified approach not only improves our operational efficiency but also our ability to anticipate and respond to threats more effectively.
C: What advice would you give to professionals looking to navigate the complexities of data security and analytics today, especially those aspiring to lead in areas like offensive security research and attack surface validation?
A: Building a strong foundation of technical knowledge is crucial. I started over ten years ago as a help desk analyst, which is often seen as one of the entry-level positions in tech. From there, understanding the basics of networks and servers is essential before moving into specialized fields like data security or information security.
Education is also key. There are many resources available, from online platforms like Hack the Box and TryHackMe, which offer practical cybersecurity exercises, to traditional education like obtaining a college degree in computer science or information technology.
For those who may not pursue a college degree, cybersecurity boot camps are a viable alternative, offering intensive training and certifications that can open doors in the IT field.
Networking is incredibly important. Platforms like LinkedIn allow aspiring professionals to connect with others in the field. Don't hesitate to reach out for guidance; many are willing to help. Attending conferences is another great way to network, learn from others, and understand how they entered the field.
Initiative is also vital. Start personal projects in cybersecurity to demonstrate your interest and initiative to potential employers. Even without formal education or certifications, showing that you have worked on relevant projects can be highly beneficial.
Overall, the cybersecurity field offers numerous pathways and requires persistence and hard work. It’s about building knowledge, networking, and taking initiative. This industry is continually hiring and provides ample opportunities for advancement, making it a rewarding career choice for those who are passionate and committed.
C: Could you elaborate on some emerging technologies that you believe are crucial for the future of cybersecurity, particularly in the areas of data protection and threat mitigation?
We've already touched on technologies like AI, machine learning, and quantum computers, which are at the forefront of technological advancement. Moving forward, blockchain technology will play a crucial role in securing data. Unlike the common association with cryptocurrencies like Bitcoin, blockchain's application in data security and cybersecurity will become increasingly significant.
Another important area is edge computing security. As we incorporate more IoT and mobile devices, securing the edge network becomes vital. Using predictive analytics for real-time analysis of vulnerabilities on the edge network will be key to enhancing security measures
Zero trust architecture is also essential. It operates on the principle of continuously verifying credentials, which helps limit internal lateral movements within networks. This method ensures that even if hackers penetrate the system, they are contained quickly and cannot move far within the network.
These technologies—AI, machine learning, quantum computing, blockchain, zero trust architecture, and edge computing—are integral to the future of cybersecurity. While we've only briefly discussed these, I plan to delve deeper into each during my keynote speech, highlighting their importance and application in greater detail.
Want to learn more?
CDAO APEX Financial Services kicks off on May 14th, 2024 in Charlotte, NC. Join the leading data and analytics professionals in financial services to learn about the latest trends and opportunities in the industry. Register to attend here.
