EP201 Every CTO Should Be a CSTO (Or Else!) - Transformation Lessons from The Hoff

Guest:

• Chris Hoff, Chief Secure Technology Officer at Last Pass

Topics:

• I learned that you have a really cool title that feels very “now” - Chief Secure Technology Officer? What’s the story here? Weirdly, I now feel that every CTO better be a CSTO or quit their job :-)
• After, ahem, not-so-recent events you had a chance to rebuild a lot of your stack, and in the process improve security. Can you share how it went, and what security capabilities are now built in?
• How much of a culture change did that require? Was it purely a technological transformation or you had to change what people do and how they do it?
• Would you recommend this to others (not the “recent events experience”, but the rebuild approach)? What benefits come from doing this before an incident occurs? Are there any?
• How are you handling telemetry collection and observability for security in the new stack? I am curious how this was modernized
• Cloud is simple, yet also complex, I think you called it “simplex.” How does this concept work?

Resources:

• Video (LinkedIn, YouTube)
• EP189 How Google Does Security Programs at Scale: CISO Insights
• EP104 CISO Walks Into the Cloud: And The Magic Starts to Happen!
• EP80 CISO Walks Into the Cloud: Frustrations, Successes, Lessons ... And Does the Risk Change?
• EP93 CISO Walks Into the Cloud: Frustrations, Successes, Lessons ... And Is My Data Secure?