Redefining CyberSecurity

Celebrating 15 Years of Leadership in Cloud Security: Preview of CSA AI Summit at RSA 2024 with Jim Reavis and Illena Armstrong | An RSA Conference 2024 Conversation | On Location Coverage with Sean Martin and Marco Ciappelli

Episode Summary

Join Sean Martin as he hosts an engaging discussion with industry experts Illena Armstrong and Jim Reavis to learn more about the upcoming AI Summit, where they delve into the evolving landscape of cloud security, generative AI technology, and the importance of shared responsibility in cybersecurity. Get ready to gain valuable insights and perspectives from leading voices in the field at the RSA Conference's AI Summit.

Episode Notes


Jim Reavis, CEO at Cloud Security Alliance [@cloudsa]

On LinkedIn |

Illena Armstrong, President at at Cloud Security Alliance [@cloudsa]

On LinkedIn |



Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine |

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine |


Episode Notes

Join Sean Martin as he hosts an in-depth discussion with Illena Armstrong, President of Cloud Security Alliance, and Jim Reavis, CEO and Founder. Illena shares her excitement for celebrating the 15th anniversary of the organization while highlighting the industry's shift towards cloud adoption and AI technology. She emphasizes the importance of maintaining security controls, especially in the context of regulatory compliance and cloud provider obligations. The conversation also touches on the rising trend of zero trust security frameworks and the global perspective on AI integration in cybersecurity practices.

Jim Reavis adds valuable insights into the intersection of AI and cloud security, highlighting the need for a holistic approach that combines human intelligence with AI capabilities. He emphasizes the role of security as a catalyst for innovation and business transformation, citing examples of innovative approaches taken by European banks. The discussion also covers thesignificance of shared responsibility in cybersecurity and the collaborative efforts required to address evolving threats.

The CSA AI Summit promises an engaging lineup of speakers, including industry leaders from Google, Microsoft, and Zscaler, who will shed light on key topics such as incident response, secure development, and business transformation. The full-day event, which kicks off the week at RSA Conference, aims to bring together a diverse audience, ranging from C-suite executives to developers and compliance professionals, fostering meaningful discussions and knowledge sharing. Attendees can expect thought-provoking sessions that explore the intersection of AI and cybersecurity, providing valuable insights for enhancing security practices in the digital age.

Be sure to follow our Coverage Journey and subscribe to our podcasts!


Follow our RSA Conference USA 2024 coverage:

On YouTube: 📺

Be sure to share and subscribe!



CSA AI Summit at RSAC:

Learn more about RSA Conference USA 2024:


Catch all of our event coverage:

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

To see and hear more Redefining Society stories on ITSPmagazine, visit:

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉

Want to tell your Brand Story as part of our event coverage?

Learn More 👉

Episode Transcription

Celebrating 15 Years of Leadership in Cloud Security: Preview of CSA AI Summit at RSA 2024 with Jim Reavis and Illena Armstrong | An RSA Conference 2024 Conversation | On Location Coverage with Sean Martin and Marco Ciappelli

Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.


Sean Martin: [00:00:00] Here we are, another chats on the road to RSA conference. This is usually, uh, an on location with Sean and Marco, but, uh, Marco's off producing some of the content that we've recorded. There's tons of it, which is good. There's a lot of interesting talks, a lot of interesting speakers, uh, the years, this year's theme is the art of possible, which, uh, is pretty inspiring for me anyway. 

And, uh, There's a lot of, a lot of cool things to look at when you think about what's possible. Technology is advancing and, uh, hopefully. The, uh, the security and privacy measures we, we, uh, all care about are advancing as well. And, and especially when you think about the, the topic that you can't avoid in any conversation it seems, which is AI. 

And, uh, so we're going to be talking about a summit that's taken place during RSA Conference, uh, CSA AI [00:01:00] Summit. And, uh, two good friends on with me, Jim Rivas and Lena Armstrong. Thank you both. For joining me for this conversation. 

Illena Armstrong: Thank you for having us. 

Sean Martin: Definitely. Yeah, it's been, uh, it's been fun. I've, I've, I've been, uh, been watching you grow and progress in your careers. 

And I'm glad to see the two of you together doing a cloud security alliance and, uh, see the success of the summit year after year and. Yeah, I'm excited to hear about what's going on this year. So before we do that, though, a few words from each of you to kind of let us know who you are and what you're up to at the moment. 

Illena, I'll start with you.  

Illena Armstrong: Um, so I'm Ilena Armstrong and I am currently the president of Cloud Security Alliance. I've been now with Jim and the crew for three years. I think, uh, and I'm looking forward to another RSA. We were talking about that before we came on. That's, I don't know how many now we've [00:02:00] had 20, something like that. 

Um, so I'm really looking forward to celebrating our 15th year, uh, anniversary, uh, at, at this one for our AI summit. So I'll hand it off to Jim. Well,  

Jim Reavis: I'm Jim Reavis. CEO, um, founder, um, and, uh, just delighted that Ileana has, uh, um, joined us over the past few years. Uh, she gets along with almost everybody in the company, and she's, uh, um, Gets things done and she's really helped, uh, take the organization to the next level. 

But, uh, it's been a lot of fun to, to see over the last 15 years, how, how the world's changed so much and the technologies change, the threats change, but you see just a lot of the same very devoted. people that are, are dedicated to this mission, but they [00:03:00] have sort of that sense of purpose, sense of humor. 

And they, um, it's always great to see those people at, at CSA.  

Sean Martin: And 15 years, it, uh, we've seen a lot of things come and go and the cloud is holding strong. It's, uh, it's, it's at the base of everything, I think, even though it's Cloud. But anyway, uh, yeah, non more stuff moves. There becomes more integral, no question. 

What you, what you're up to is, is important stuff. So give me, give me a little history, Jim, 15 years. Um, I was recalling, I think one of the first times I met you is in London, one of the early days of the summit. And so, like I said, it's been fun watching you grow. So give us a little history of what, uh, cloud security alliances started as, and has become. 

Jim Reavis: Yeah, so it's kind of, um, it's maintained a lot of continuity, but, you know, we started observing, [00:04:00] you know, these very early cloud organizations. And I remember there was a interesting white paper from Harvard Business Journal about how, um, IT has a lot of similarities to the electrification of America and how, um, Organizations had, um, a vice president of electricity when early manufacturing, they had to figure out how to generate their own because there was no grid. 

And then the grid came and you didn't see any electricity and they're trying to say the same thing about compute becoming this utility, which cloud was in this ubiquitousness of, of compute and being able to get things on demand. We're really going to change things. So. We kind of took that and got a coalition of the willing and started working on papers, but we always sort of had this idea that the organization was going to have a foundation for [00:05:00] research. 

We were going to have chapters to be very international and we understand all the different issues, regulatory issues, cultural issues. We're always going to do education. We're always going to do certification of people as well as organizations. And really that template has been. How we have proceeded. 

But the thing that was just so hard to predict is like, when is it going to take off? And then just all the whiplash from all the different technologies that we have seen. And now we think of cloud is really it's this. It's, it's not too recognizable from those very early days where you were talking about a new business model with, with traditional it services. 

Now it's all cloud native and we've seen the blockchain come and now generative AI obviously is the, the big topic. It's all sort of coalesced around cloud as sort of that infrastructure delivery platform [00:06:00] for all sorts of new technologies. Whether they reside in the cloud or using cloud just to manage the rest of the technology world that surrounds us. 

Sean Martin: And you look at 5G and 6G and it extends in other directions as well. And Ilena, you've seen a lot of stuff. You have your, I look at you and I think of the, you have the finger on the pulse of a lot of things. And I, I'm curious to get your perspective on the last three years. Um, a lot has changed in those three years as well. 

So what, what do you see is cause some of the hot topics that, uh, the CSA members are most interested in and, and how's the program kind of evolving to, to adhere to that or address those things?  

Illena Armstrong: I mean, it definitely is interesting because I remember, you know, uh, back in the day when CSA launched and at that point, everybody was sort of. 

You know, at least many of the, uh, chief information security officers or even, you know, even, even the term their titles were sort of in [00:07:00] flux. What, what should these individuals leading cybersecurity teams be called? Um, everybody was kind of questioning, um, whether or not cloud was the answer. If they would adopt cloud services, uh, there were just, you know, often repeated concerns about, um, exposing the crown jewels and things of that nature. 

So, um, having, and I, you know, I've known Jim for years, so it's, it's just serendipitous to kind of take this full circle and, and join him as part of his team. But, uh, when I first started, we were, we were kind of still in the pandemic. Uh, and so, You know, I was reaching out to many of my CISO friends in the industry, as well as talking to members, and they were, um, speaking about how, uh, they were sort of, uh, Those who were still somewhat skeptical were suddenly, um, kind of being pushed to adopt, uh, cloud as sort [00:08:00] of their, their main, um, compute source of compute. 

And so as a result of that, it's been this now we're seeing cloud services pretty much ubiquitous. They, uh, they, as you rightly noted, um, underpin everything we do and that's led to this, um, crazy. Um, quick adoption of generative A. I. Uh, we've seen this, uh, certainly generative A. I. And it's the embrace of that be hastened through this intersection with cloud services were hearing a lot about zero trust, especially in North America, but not necessarily globally. 

That is to say, um, Perhaps if you talk to some of our European counterparts, they might just be sort of beginning the journey there a little bit. So zero trust is a very top, um, AI is, is something else that we're really looking at, certainly compliance and regulation and how one can, um, maintain the, you know, the security [00:09:00] controls that they themselves are executing, but then also how are they, uh, assuring that their cloud providers. 

Are meeting their needs and obligations to kind of adhere to their, um, security strategies, their resiliency strategy. So those are some of the most recent things were, and all of those are, we're having multiple conversations with a number of entities and partners.  

Sean Martin: So, yeah, yeah, I love it. Yeah, sovereign cloud. 

That seems to be the topic as well.  

Illena Armstrong: Yep, absolutely.  

Sean Martin: And it's interesting, I was talking to some CISOs the other day, um, and I was asking them about, I mean, say the word digital transformation, and I think most people would go to cloud, right, as the, kind of the, you use the word underpinning there. Um, and I was asking, asking them, has security had a transformation yet? 

Yep. And [00:10:00] his response or the one, one CSO in particular said, yes, a lot. We see a lot of security technologies moving to the cloud. And I thought that's interesting, but I think there's probably more to it there. And then I still think the cloud is part of it, but more than just moving on prem security to the cloud, but enabling secure business. 

In the cloud where security is kind of baked into it. I, I don't know how it's a different view, uh, maybe a broader, bigger view of it, but I don't know that trigger any thoughts for you when I, when I tell you that story.  

Jim Reavis: Yeah. I mean, I think it's, it's one thing to look at our industry as, you know, a bunch of hammers out there or a bunch of different tools, but sort of that, that holistic view of, uh, You know, I hate to use like the cliched stuff, but the shift left [00:11:00] and like really being part of how we, we actually think about how a business should operate completely differently and, and, and how, You know, secure security is not just this like overhead that protects the organization, but you know, you, you, for, for decades, you, you would not have been able to have access to your money at any street corner around the world and an ATM were not for security to go do that. 

So security is much more than that. And so, um, well, yeah, certainly we, we've been seeing for years, we think. Like cloud security, just from the investment market, capitalization, deployment, it certainly is the foundation for cybersecurity now from a technology perspective. But really, I think the, the more interesting things go where we look at how we don't like secure traditional business processes, but how security is actually that spark of innovation. 

That says, you [00:12:00] know, maybe, maybe we get rid of this business process. Maybe we do this differently. Maybe we, you know, one thing we've seen some, some European banks is let's, let's not use the traditional vendor onboarding, um, third party assessments. Let's do it as a pool and trust each other as a group of banks. 

And let's go do this differently. And let's go document this differently. Let's go figure out how to put blockchain inside of the, uh, It audit process. So that's kind of where I think we're going when you think about it from like a bigger picture and then certainly the technology enables that.  

Sean Martin: Fantastic. 

I wanna, I wanna bring it to the, to the, you're speaking my language there. Didn't mind . Uh, I wanna bring it to the, to the summit and couple things come to mind here. I mean, first thought is. Always amazing speakers, great content, great group of folks sitting in the audience that, that, uh, you can have conversations with as well.[00:13:00]  

Um, this year is no different. And we're going to talk some about that. But the other thing that comes to mind is the, the insertion of AI summit. So this is the first year you've. Defined it as a AI summit. So what, what's the, uh, what's the reasoning behind putting that in there specifically?  

Jim Reavis: Well, I, um, wanted to call it the, um, Taylor Swift summit, but I can't be right, but, you know, seriously, we, we wanted to lean in where we, we felt like the interest and we're. 

It was on, you know, the people's strategies and roadmaps there, and it's really interesting. And Eileen, maybe you want to share like our kickoff, um, you know, it's like a couple of very well known people in the industry, but really they're they're leaning into the perspective on what they've been doing. 

Illena Armstrong: Yeah, absolutely. Um, and that took a minute to [00:14:00] secure, but we reached out. Obviously, Google is a long time, um, corporate member, executive member, and they're extremely supportive, uh, and engaged with us on a number of different initiatives that we have ongoing right now. But so I reached out to Phil Venables, uh, probably around Christmas time, I think it was, uh, to ask if he thought it might be, uh, Um, something we could organize to have him do a fireside chat, uh, with Kevin Mandia, um, after that acquisition of Mandiant. 

Uh, and so they were able to come back and agree to do it just as long as we could, uh, you know, shape the, um, timing around Kevin's main stage presentation. But back in the day at my former gig, um, we would have Kevin present at a number of our different forums. Uh, and he was just always so informative. 

Engaging and, uh, Phil, of course, I've seen him speak. He's the same way. So having these two, uh, stalwarts of the industry [00:15:00] kind of kick this off and talk about, uh, what they're seeing, what they're hearing from their clients, their customers, some of the challenges, and then also perhaps talk about some of the different, uh, activities, uh, related to our AI safety initiative that we're undertaking with them, you know, what that will lead to, uh, I think is going to be a really nice. 

beginning to what is a very robust program. We've got a lot of heavy hitters. So, um, I know I'm certainly excited about the, about the day.  

Sean Martin: Yeah. I'm excited for that keynote too. And I've, I've had the pleasure of speaking with some of the, uh, some of the security team at, uh, Google and talk about a vision for what's possible, um, in terms of securing the environment and then also monitoring and responding to stuff that you don't want to happen. 

Uh, there's some visionary stuff going on there, so it should be really fun to hear your Kevin and Phil.  

Jim Reavis: Yep. I, I'm, I'm excited about a lot of the different. Uh, [00:16:00] talks, you know, Microsoft, CrowdStrike, Zscaler, like they're bringing like really end user enterprise perspectives into just different aspects from like incident response, secure development, business transformation. 

Um, and we have Caleb, Caleb Sima, who's he's going to take the actual very specific viewpoint of how is generative AI actually going to improve cyber security very specifically because we're spending a lot of time on, oh, we got to protect us. We got, we got to protect ourselves from generative AI, or we got to, we got to do it securely. 

We got to securely enable the organization with it, but he actually Kind of go into that next step there. So, you know, excited about that. Um, and then he's going to be interviewing, uh, Lisa Einstein, who is very well named by the way, who she's leading up the AI efforts at CISA and, um, to kind of hear about their roadmap. 

Um, [00:17:00] and how they think it's going. Um, so they've been a great partner in helping us, um, stand up our, our A. I. safety initiative.  

Illena Armstrong: And I'll just add one other thing. One thing that's really cool about these types of events is that we are bringing, so the team, uh, some of the members of our team and I participated in CISA CyberStorm exercise, uh, CyberStorm nine, a couple of weeks ago, and it was just huge. 

And it was all about, you know, um, cloud threats and how there could be this cascading effect. Um, it kind of got a little bit, uh, Cormac McCarthy's, uh, The Road, uh, but it was fun to participate in. And one of the things that certainly came out of that is this idea of how, um, some of the players realized that they re they perhaps needed to revisit, um, their incident response plans and really shore up. 

their understanding of shared responsibility. Um, and that's yet another topic. Certainly, since [00:18:00] I've been with CSA, that often comes up in conversations as well. So, um, that's where it's very important to bring, uh, CISOs from those enterprise organizations, You know, like, like Kraft Heinz or Paramount Global, um, and, and get these, the hyperscalers, the major cloud providers in the room and talk shop and figure out how we, how we address all of these different challenges we're facing. 

Sean Martin: Yeah, huge fan of shared responsibility. And there's another, another talk here that it's intriguing to me. And it's harnessing AI for end to end cloud security. Cause I, I think when we think of AI, we have grand visions for what it can do. It can do everything for everyone all the time, right? Um, but the reality is we're kind of, it can do specialized things, um, well for some people, some of the time. 

So this idea that we perhaps can train our, Chain some of those [00:19:00] smaller things for an end to end and cloud secure. I'm assuming that's what the talk's going to be about. Um, maybe share a little bit about what, uh, what Naeem is going to be doing in that shot.  

Jim Reavis: That's a good question. Who's going to be doing that? 

Sean Martin: Naeem Islam  

Illena Armstrong: from Qualys. And that one's definitely an interesting one too, because I think, um, this idea of, I 

AI executes faster than human beings can think, right? So you're always going to need, um, like, uh, the creativity, the critical thinking skills, the, you know, emotional intelligence, all of those things come together to make sure that how we're leveraging AI actually really addresses some of these more complicated challenges. 

So, um, getting at this talk and kind of understanding how AI [00:20:00] can be used through that whole process, I think is going to, to get at that, that it definitely is this, um, intersection between what, um, all of these, uh, uh, leading minds bring to the table and then how we actually leverage AI. to address perhaps some of the more mundane, um, uh, activities, you know, deal with some of the larger data sets to just enable us to be that much more, um, You know, uh, proactive, uh, and successful, um, and, and addressing some of the, the, the cybersecurity challenges we face. 

Sean Martin: So practitioners to C suite, exactly. I see Larry Whiteside, the name I recognize they're talking to the, to the C level and practitioners. So who Who, um, as we start to wrap here, who do you want to join you? I'm assuming it's everybody has a finger on something, cybersecurity, but it [00:21:00] sounds like we have DevOps, DevSecOps. 

We have operations, we have monitoring, response, detection, all kinds of stuff in there. So.  

Jim Reavis: Yeah, I mean, it's it's, uh, always for me interesting to have like diversity in the audience because some of the best things just as I think back on them as we've actually had some of our coolest projects come about as side conversations on the Monday summit. 

At RSA. And so certainly we expect that mix of hey, there's sea levels in there that they need to check on certain things. You see a lot of like the really senior cloud and security architects that they're they're Trying to figure out what makes sense and kind of get a sanity check on their projects for the next couple of years. 

But I love to have the developers in there. I love to have the red teamers in there. The [00:22:00] compliance people to go, like, share what they're seeing. We try to try to do that. And because it's You have that accessibility. There's sort of something for everyone. And, and we do see people like, Hey, I want to, I'm just going to jump in for this session and I'm going to jump across the street and no, it's fine too. 

So, um, but yeah, we, we, we want to see people who are passionate about where this industry is going and want to be part of that and, you know, want to be that tip of the spear and that's the kind of program we're trying to deliver on Monday.  

Sean Martin: Yeah, no, no question. It's the way. To kick off the week. Um, so thank you. 

A full day, eight to three. Monday, May 6th, Moscone South, uh, room 3 0 3. So, uh, be there, be square as they say. . Yeah, the, the agenda's amazing. So we'll include the link obviously to, uh, to that session and, uh, [00:23:00] encourage everybody to, uh, to join you there. So I had Alina and Jim meet your peers and colleagues and, uh. 

And learn something, share something. Have a good old chat.  

Jim Reavis: Everybody have a good time. Enjoy RSA, pace yourself. Don't go crazy the first night of parties. So, but Sam, hope you have a great time. Absolutely.  

Sean Martin: Exactly. Well, Jim and Lena, thank you so much for, uh, putting this together and, uh, for joining me to share a few bits with everybody today and, uh, most importantly, safe journey to San Francisco. 

And thanks everybody for listening, watching and stay tuned. Lots more coming. See you Monday at the CSA I AI summit, not IA, that's a different thing. Thanks everybody.  

Illena Armstrong: Thank you. And thank you for having us. Take care. Bye.  

Jim Reavis: Bye.