A conversation with Zulfikar Ramzan

Editor Note: 

Mr. Zulfikar Ramzan, CTO of the RSA conference, described information-rich cyberspace by using the "ripple effect" during his keynote speech, “Planning for Chaos”,at RSA 2017.  He said it is in the very nature of our existence that we live in a disruptive and chaotic world, be it nature-made or man-made. The disruptions, while presenting both challenges and opportunities, cause ripples.  Through the ripples we generate connections.  In an increasingly networked cyberspace, we depend on each other more than ever to defend and plan for unexpected chaos.   I greatly appreciate that Mr. Ramanz has shared not only his industry insights with our readers, but his generous spirit to unification. I hope to create a dialogue via the CyberAsia 360 media platform, to build a bridge and make connections between West and East.
Below is the conversation with Mr. Zulfikar Ramanz.

1.  You are a first generation immigrant from Tanzania, received your BA with a double major from Cornell University, earned a Ph.D from MIT, published 59 books, and acquired 47 patents. Please tell us your story growing up—how did an immigrant child accomplish so much in the US, and why did you choose to focus on cyber security? 

I had the opportunity to grow up in the midst of the “PC” revolution and when I was in elementary school, I asked my parents to buy me a Commodore Vic 20 computer. At the time, the Commodore 64 had just come out and the prices for the Vic 20 were very low. We purchased the basic CPU, with no other peripherals, and hooked it up to the back of an old black and white television. Because we hadn’t purchased any accessories, the only thing I could do was to learn how to program it myself by actually reading the manual. This ignited a lifelong interest in computers and programming at a time when it was much easier to understand how computers worked at a fundamental level. Over time, my interest continued to grow. Years later, my high school was given a few Internet connected terminals and a group of us spent time exploring these systems and finding weaknesses along the way. Around this time, I also read a remarkable book called “The Cuckoo’s Egg” by Cliff Stoll, a true account of tracking down a hacker who compromised the systems at a national research lab. From that point onward, I was basically hooked!    

2. You have been in the cybersecurity industry for most of your career. What you have witnessed that poses the most significant cyber threat, and the potential breaches that continue to plague businesses and executives?

What makes cybersecurity so fascinating is that the only constant is change. Threat actors constantly morph their approaches and force our industry to keep innovating. As a company, RSA has continued to bring new technologies to market to address these trends. Our historical roots were in cryptography, but we recognized that cybersecurity is highly multifaceted. Consequently, we moved into the space of authentication and identity management with our SecurID technology. We have more recently evolved this technology to a more comprehensive suite offerings that provide secure access to both cloud and on-premises applications, robust multifactor authentication capabilities, and risk-based analytics for identity assurance. In addition, RSA offers the Netwitness Suite for comprehensive security monitoring, the Archer Suite for GRC, and finally our Fraud and Risk Intelligence suite. As we look to the future, we have to continue to evolve and incorporate the latest innovations into our offerings.

Certain fundamentals, however, continue to hold constant. For example, identity continues to be the most consequential attack vector since every attack, at some point, involved co-opting the access afforded to a legitimate user. Visibility continues to be foundational to security since you cannot even begin to protect what you cannot see. Finally, companies need to take a risk-based view so they can allocate the resources they have in the most optimal way possible.

3.  RSA's themes for many years were focused on how information was generated, distributed, and protected.  The 2017 RSA was themed "Power of OpportUNITY”, emphasizing UNITY and business driven security.  What does this entail? What will be the theme for 2018? 

The RSA Conference, which we have had the honor of hosting given our role as a pioneer of the information security industry, provides an opportunity to bring the industry together. To me this is the essence of unity – a group of people collectively working towards common objectives. Today’s organizations are struggling on the weight of a rapidly expanding attack surface, a sharp rise in threats, and a steady increase in the sophistication of attackers. The only way to move forward is to take a business driven view of security. Trying to deal with each threat you see separately will ultimately fail. Instead, organizations must use business context to understand which threats matter most and prioritize accordingly. In this way, they can align their security program with the ultimate objectives of their business. As a company, RSA provides products and services geared towards the aim of helping our customers implement a business-driven security strategy.

4. China’s Ministry of Foreign Affairs and the Cyberspace Administration of China recently published "International Strategy of Cooperation on Cyberspace". What is your viewpoint on this?

Cyberspace isn’t constrained by the tangible boundaries of the physical world. Motivated threat actors are simply one network connection away and not limited by geographic distance. Given these circumstances, cooperation among different entities becomes all the more important. Of course, achieving these ideals is far easier said than done. It is important to define roles and responsibilities carefully to foster the development of mutual trust.    

5. How do you perceive collaboration on cyber defense among the different countries? And what role does the NATO Cooperative Cyber Defense Center Of Excellence ("CCD COE”) play? 

In general, we can gain tremendously from effective collaboration. It’s clear that from an attacker’s perspective, a single dollar of offense beats a dollar of defense every time. Cybersecurity measures can quickly become a war of attrition. To address this concern, it’s important to work together and share insights in a way that mutually benefits all the involved parties. Again, it’s critical to engender trust, which requires that roles and responsibilities be carefully defined.

6. How do you perceive the direction of machine learning and automation? What would be its potential impact on changes to the societal structure?

These technologies hold tremendous promise. In the security context, RSA has been using machine learning techniques for over a decade in the context of identifying threats and other types of malicious activity. We have successfully used machine learning techniques in production customer environments to find sophisticated threats, including those developed by nation states. However, it’s important to recognize that machine learning is a tool, not a panacea. Like any tool, it must be used correctly and appropriately. When it comes to machine learning, I see many organizations conflate the means with the ultimate objective. As an organization, RSA’s goal is help our customers take command of their evolving security posture. Machine Learning represents one approach for helping us achieve this objective.   

7. The March issue of “The Economist" discussed the "Quantum Leaps” of the number of patent applications filed on quantum computing, quantum cryptography, and quantum sensors. Both China and United States are ranked at the top, with China's 156 patent applications and the United States' 151. What is your view on the cyber security technology in China?  Will RSA plan on collaborating with China's cyberspace industry in the near future?  If yes, how so? 

Quantum computation is a highly fascinating field of study. There is still a wide chasm between the potential impacts of quantum computers and what they can actually achieve in practice today. From an engineering perspectives, there are still massive challenges to developing scalable quantum computers. No one is even close today. However, the rate of human progress can be breathtaking. Perhaps we are just a handful of “quantum leaps” away from realizing the full potential of quantum computers and having to deal with their corresponding ramifications from a security perspective.    

8. Lastly, what is your advice for companies, large and small, on the proper security strategy and preparation needed for 2017 and beyond? 

Simply put, take a business driven view of security. No organization has unlimited resources.  It is critical to approach security intelligently and with the purpose of furthering broader objectives, whether it be a business objective of today’s modern enterprise or a mission objective of a government agency. Don’t simply pile on different security technologies and vendors. Understand how these technologies can work in concert and how they can leverage business context to protect what matters most.

Posted in Featured Article | Tagged


Learn more:

Magazine Category

Join our mailing list!

Get the latest news delivered straight to your inbox by joining our mailing list.




Copyright © 2012 Recharge Asia Corp. All Rights Reserved. Terms under which this service is provided to you.
京公网安备: 11010802008822 号    京ICP 证 09052955