Netskope named a Leader in the 2022 Gartner® Magic Quadrant™ for Security Service Edge. Get the Report.

  • Plataforma

    Visibilidade incomparável e proteção de dados e contra ameaças em tempo real na maior nuvem privada de segurança do mundo.

  • Produtos

    Os produtos Netskope são construídos na Netskope Security Cloud.

A Netskope oferece uma pilha de segurança na nuvem moderna, com capacidade unificada para proteção de dados e ameaças, além de acesso privado seguro.

Explore a nossa plataforma

Netskope é nomeada Líder no Relatório do Quadrante Mágico™ do Gartner de 2022 para SSE

Obtenha o Relatório

Mude para serviços de segurança na nuvem líderes de mercado com latência mínima e alta confiabilidade.

Saiba mais

Previna ameaças que muitas vezes contornam outras soluções de segurança usando uma estrutura SSE de passagem única.

Saiba mais

Soluções de zero trust para a implementação de SSE e SASE

Saiba mais

A Netskope permite uma jornada segura, inteligente e rápida para a adoção de serviços em nuvem, aplicações e infraestrutura de nuvem pública.

Saiba mais
  • Customer Success

    Proteja a sua jornada de transformação digital e aproveite ao máximo as suas aplicações na nuvem, na web e privadas.

  • Atendimento ao cliente

    Suporte proativo e o compromisso em otimizar seu ambiente da Netskope e acelerar seu sucesso.

Confie na Netskope para ajudar você a enfrentar ameaças emergentes, novos riscos, mudanças tecnológicas, mudanças organizacionais e de rede, e novos requisitos regulatórios.

Saiba mais

Contamos com engenheiros qualificados no mundo todo, com experiências variadas em segurança na nuvem, redes, virtualização, entrega de conteúdo e desenvolvimento de software, prontos para prestar assistência técnica oportuna e de alta qualidade.

Saiba mais
  • Recursos

    Saiba mais sobre como a Netskope pode ajudá-lo a proteger sua jornada para a nuvem.

  • Blog

    Saiba como a Netskope viabiliza a segurança e a transformação de redes através do security service edge (SSE).

  • Eventos e workshops

    Esteja atualizado sobre as últimas tendências de segurança e conecte-se com seus pares.

  • Security Defined

    Tudo o que você precisa saber em nossa enciclopédia de segurança cibernética.

Podcast Security Visionaries

Episódio bônus: a importância do Security Service Edge (SSE)

Reproduzir o podcast

Leia as últimas novidades sobre como a Netskope pode viabilizar a jornada Zero Trust e SASE por meio dos recursos do security service edge (SSE).

Leia o Blog

Netskope na RSA 2022

Conheça e converse com especialistas em segurança da Netskope na RSA.

Saiba mais

O que é o Security Service Edge?

Explore o lado de segurança de SASE, o futuro da rede e proteção na nuvem.

Saiba mais
  • Empresa

    Ajudamos você a antecipar os desafios da nuvem, dos dados e da segurança da rede.

  • Por que Netskope

    A transformação da nuvem e o trabalho em qualquer lugar mudaram a forma como a segurança precisa funcionar.

  • Liderança

    Nossa equipe de liderança está fortemente comprometida em fazer tudo o que for preciso para tornar nossos clientes bem-sucedidos.

  • Parceiros

    Fazemos parceria com líderes de segurança para ajudá-lo a proteger sua jornada para a nuvem.

A Netskope possibilita o futuro do trabalho.

Saiba mais

A Netskope está redefinindo a nuvem, os dados e a segurança da rede para ajudar as organizações a aplicar os princípios de Zero Trust para proteger os dados.

Saiba mais

Pensadores, construtores, sonhadores, inovadores. Juntos, fornecemos soluções de segurança na nuvem de última geração para ajudar nossos clientes a proteger seus dados e seu pessoal.

Meet our team

A estratégia de comercialização da Netskope, focada em Parcerias, permite que nossos Parceiros maximizem seu crescimento e lucratividade enquanto transformam a segurança corporativa.

Saiba mais
Security Transformation Playbook Episode 08: Everything Starts with People

Episode 08:
Everything Starts with People

Focusing on security design and making sure that the way we approach security is not just with a whole bunch of tools, we should be really stepping back and designing security into the overall organization and process.

—Rehman Khan, Director of Security Strategy Research & Design at Charles Schwab
Rehman Khan, Director of Security Strategy Research & Design at Charles Schwab

This episode features an interview with Rehman Khan, Director of Security Strategy Research & Design at Charles Schwab. Rehman has over 20 years of technology innovation and transformation experience in the financial, biotechnology, hospitality, and technology industries.

 

On this episode, Rehman shares his love for teaching the next generation of security leaders, how cloud security is changing the security landscape, and what goes into a successful security team.

 

 

Timestamps

*(1:53) - Rehman’s background
*(18:17) - A.I and cyber security
*(4:25) - Segment: Deep Dive*(22:03) - How cloud security is changing the landscape
*(7:28) - Rehman’s most/least favorite security domains
*(26:41) - Best career decisions Rehman has made
*(10:37) - Teaching the next generation of security leaders
*(30:20) - Segment: The Future
*(16:11) - How to keep up with the industry*(32:48) - Segment: Quick Hits

 

Other ways to listen:

On this episode

Jason Clark
Chief Strategy and Marketing Officer at Netskope

Jason brings decades of experience building and executing successful strategic security programs to Netskope.

He was previously the chief security and strategy officer for Optiv, developing a comprehensive suite of solutions to help CXO executives enhance their security strategies and accelerate alignment of those strategies with the business. Prior to Optiv, Clark held a leadership role at Websense, where he was a driving force behind the company’s transformation into a provider of critical technology for chief information security officers (CISOs). In a prior role as CISO and vice president of infrastructure for Emerson Electric, Clark significantly decreased the company’s risk by developing and executing a successful security program for 140,000 employees across 1,500 locations. He was previously CISO for The New York Times, and has held security leadership and technical roles at EverBank, BB&T and the U.S. Army.

Rehman Khan, Director of Security Strategy Research & Design at Charles Schwab Rehman Khan, Director of Security Strategy Research & Design at Charles Schwab

Rehman Khan
Director of Security Strategy Research & Design at Charles Schwab

Over the last five years, Rehman has focused on leading enterprises to public cloud services securely and enabled digital transformation initiatives. At TD Ameritrade, he leads the Cloud and Data Security team and reports to the CISO. He holds a BS in computer science and an MS in software engineering, along with CCSP and CISSP certifications. He is an Adjunct Professor at the University of Missouri Graduate Computer Science and Washington University Graduate Cyber Security programs. Khan is a University of Missouri, IS and Technology Advisory Board member. He has presented talks at RSA Conference about innovation in the cloud securely. Rehman is also an Adjunct Professor at the University of St Louis Graduate Computer Science Department Adjunct Professor at Washington University St Louis Cybersecurity Graduate Program and Speaker at the 2019 RSA conference.

 

Connect with Rehman on LinkedIn

Follow Rehman on Twitter

Jason brings decades of experience building and executing successful strategic security programs to Netskope.

He was previously the chief security and strategy officer for Optiv, developing a comprehensive suite of solutions to help CXO executives enhance their security strategies and accelerate alignment of those strategies with the business. Prior to Optiv, Clark held a leadership role at Websense, where he was a driving force behind the company’s transformation into a provider of critical technology for chief information security officers (CISOs). In a prior role as CISO and vice president of infrastructure for Emerson Electric, Clark significantly decreased the company’s risk by developing and executing a successful security program for 140,000 employees across 1,500 locations. He was previously CISO for The New York Times, and has held security leadership and technical roles at EverBank, BB&T and the U.S. Army.

×

Over the last five years, Rehman has focused on leading enterprises to public cloud services securely and enabled digital transformation initiatives. At TD Ameritrade, he leads the Cloud and Data Security team and reports to the CISO. He holds a BS in computer science and an MS in software engineering, along with CCSP and CISSP certifications. He is an Adjunct Professor at the University of Missouri Graduate Computer Science and Washington University Graduate Cyber Security programs. Khan is a University of Missouri, IS and Technology Advisory Board member. He has presented talks at RSA Conference about innovation in the cloud securely. Rehman is also an Adjunct Professor at the University of St Louis Graduate Computer Science Department Adjunct Professor at Washington University St Louis Cybersecurity Graduate Program and Speaker at the 2019 RSA conference.

 

Connect with Rehman on LinkedIn

Follow Rehman on Twitter

×

Transcript

Open for transcript

Rehman Khan: I think it will be the design, security design. Like I said, really focusing on security design and making sure that the way we approach security is not just with a whole bunch of tools, but we should be really stepping back and designing security into the overall organization, the process.

Producer: Hello and welcome to Security Visionaries, hosted by Jason Clark, CSO at Netskope. You just heard from today's guest, Rehman Khan, Director of Security Strategy, Research & Design at Charles Schwab. With more than 20 years under his security belt, Rehman has worked with all kinds of people. With this kind of experience, there's a reason one of his top recommendations is to double down on people. Security leaders picking the right team members has a profound ripple effect. The importance of these decisions make or break careers in security. So choose wisely. Before we dive into the interview, here's a brief word from our sponsor.

Ad: The Security Visionaries podcast is powered by the team at Netskope. Netskope is the sassy leader offering everything you need to provide a fast, data-centric and cloud-smart user experience at the speed of business today. Learn more at netskope.com

Producer : Without further ado, please enjoy episode eight of Security Visionaries with Rehman Khan, Director of Security Strategy, Research & Design at Charles Schwab, and your host, Jason Clark.

Jason Clark: Welcome to Security Visionaries. I'm your host, Jason Clark, CSO of Netskope. And today, I am joined by a new guest, Rehman Khan. Rehman, tell us a little about yourself.

Rehman Khan: Hey, Jason. Yeah, glad to be here. I am basically leading the Charles Schwab Security Strategy, Research & Design Organization. And, I live in St. Louis, Missouri, and have lived there for eight years almost. And, before that, I was in Minneapolis, working in cybersecurity for roughly 12 to 15 years, and doing other things along the way. So, that's me.

Jason Clark: Yeah, in the time I've known you, you've been an architect, head of architecture for a lot of really big companies, global companies. You've made a big impact in your organizations you've been in. But, one thing I did just noticed is that your hair's a lot shorter than the last time I saw you. Was that kind of a result of the pandemic and then kind of coming out where, I don't even know how many inches you cut off just now.

Rehman Khan: Well, yeah. Hey, I think we're all kind of tinkering with our little needs and wants, I guess. Yeah, I'd probably say I got six inches off just a couple of weeks ago. Thought I'd just clean up for the new year. That goes and maybe get a fresh start, but this pandemic absolutely has given us kind of this opportunity to maybe grow our hair long.

Jason Clark: How'd your family or at work, who reacted the best or worst to you cut everything off?

Rehman Khan: I think they took me as I presented. I guess there's always something going on with me. I mean, I'll have a goatee, and then all of a sudden, a couple years later, I'll have a beard. And so I think people are sort of used to the way things change about my, I guess, look. But, I'll tell you, I think people in general were very complimentary, but I did have a couple of times where, I think it was actually one of the chairperson at Wash U, they looked at me and they're like, "Wow, were you at the Survivor show?" I mean, it was literally, their reaction was like, "Where were you?" And so, yeah, I think that there's a kind of a mixed bag, but mostly people were nice and they understood that.

Speaker 5: Deep dive. Dive. Dive. Dive. Dive.

Jason Clark: So you speak six languages. Tell us a little bit what those are and how they've been valuable to you.

Rehman Khan: Yeah. So really, if my background, growing up, I was born in Kuwait. I grew up there, then went to Abu Dhabi. And my dad worked for Lufthansa, so you can start seeing kind of the pattern of us being able to travel the world. And then I moved up to Minneapolis from Abu Dhabi, which was a huge change. But I guess, coming back to your question, really, I would say Abu Dhabi was a city where I got to learn and interact with international crowd. And, I've learned German. Arabic was already there, Urdu, and just kept on going. And I think that resonates with me, and it kept on building up my palette.

Jason Clark: I think about that. So I grew up globally as well, being a military brat. And, I think about the fact that, how do I give that same exposure to my kids? I want them to grow up global citizens and not just sitting in one city their whole life. And what I've decided is that, starting in two years, every single summer, we will spend that summer in a different country. And that's how I'm going to make them, as much as I can, global citizens.

Rehman Khan: Yeah. No, I think that's a great idea. I feel that we have, I mean, hoping that with the pandemic, in the next couple years, we can get that kind of a chance to freely mobilize. Because part of it is not only, you could sit at home and learn all these languages, and we do the same with cybersecurity, so on and so forth. But some of this is about interaction. And you really, when you interact with people, both in personal life, you learn. And I think that by traveling, you learn. You instill the confidence in your children. And I think that's a great plan. I myself want to do that, but I think it's about going to an environment where you have to deal with the situation and then you start-

Jason Clark: It's the culture.

Rehman Khan: Yeah.

Jason Clark: It's like, there's two types of people, the ones that go somewhere and say, "All right. Here's the 10 sites. I want to go see them," which you can basically see by Googling it, or the people that say, "I want to embrace the culture. I want to try the food. I want to meet the people. I want to go to the local bars." It's a very, very different essence of what you're trying to accomplish. So, I normally ask this question a little later, but I'm curious right now, from getting into security, what's your favorite security domain? You run architecture, and you've done that over and over again, which means you kind of get to oversee, like a CSO, every security domain. What's your favorite domain?

Rehman Khan: Boy, that's a tough one. Can I give you two?

Jason Clark: Yeah. Give me your first, and then your second.

Rehman Khan: Okay. I'll say it. Look, identity and access management is where I grew up and what I learned, and I continue to see it evolving. I think that's my first one. That's kind of the go to, and right behind it is data security. Those two are been always there. Yeah. I mean, I think that they kind of go hand in hand. You could look at it from an application security perspective. But yeah, I think those are kind of the domains.

Jason Clark: Those are great domains. And if I had to ask you, what's your one that you hate the most?

Rehman Khan: And this may apply to all the above, but it's kind of the security operations, if you will. It's such an important aspect, but I also feel that, I think security operations and maybe I can tell you why.

Jason Clark: It's a different kind of stress. Tell us why you hate operations.

Rehman Khan: Well, I'm a designer. I have always been a designer. I'm after the aesthetics. I am after the actual design. And I feel that the reason we have operations in its current state, the way it is, is that we're not focusing on design. We're not designing security solutions and applications and so on and so forth with security in mind. And well, there's a residual risk and effect of that. And that's what security operations is today. I mean, I think that's what makes me kind of stay away from it, because why do we have to be so stressed about it? Why can't it be like other operational domains that are automated. They're working, functioning, manufacturing. I mean, you take any of the other business domains, so-

Jason Clark: You don't want to be the result of other people's bad designs. You don't want to be the tail. You want to fix things and design them right.

Rehman Khan: Yes.

Jason Clark: Makes lot of sense. I get it. And so you're frustrated in operations when you see bad designs basically.

Rehman Khan: Yeah. Yeah. And then you see them over and over again. I mean, we're seeing it with Log4j. It's kind of an interesting landscape, if you will.

Jason Clark: That one, I think, hurt a lot of people's Decembers. It hurt a bunch of vacations of people. Everybody I talked to for at least 45 days was like, "Oh, what's going on?" "Yep. Log4j. That's what's going on. We're just scrambling because of that." So you teach at a couple of universities, which I always applaud, to helping the next generation. And one of them is Wash U where I got my MBA, and love, love seeing that on your background and what you're working on. So, why do you do it? What's your view on the next generation and the importance of teaching them cybersecurity? And what do you teach them?

Rehman Khan: Yeah. I look at it as a learning process, really. By teaching, I'm learning. I think that's the one thing that I really focus on, because you have this interaction with the students, and you're getting questions. And sometimes, I have the answers and sometimes I don't. It's such a different question that I was not expecting. So, part of it is that, it's something that, maybe call it kind of self-fulfilling prophecy. I'm trying to get ahead of things.

Rehman Khan: What do I teach? So at Wash U, when I was first approached about the program, Wash U did not have an identity and access management course. So, Joe and I met, and we discussed it. And I said, "Well, look, I have spent quite a bit time on identity and access management, and I think that's an area that we're not really spending more time on, as it relates to cybersecurity certificates and programs. So, let's do something with that, but let's not make it only a theoretical thing. Let's actually implement labs and work on something like that." So I created the whole curriculum for that course. And, as I had a few classes, I started observing that there is a lot of work that needs to be done in identity and access management. Even though it's such a relative to other areas, I would say it's been there. It's been around for-

Jason Clark: It's old, but the least mature. I would say the same thing for data security, by the way. Both of those are old industries, or old areas, with the least amount of maturity, the most amount of fragmentation.

Rehman Khan: Yeah. So, that's what I continue to be amazed about and it's been great. So, the other thing that have been transforming, if you will, there was an enterprise network security course, and I actually co-taught it with a couple of other instructors, and just more in the observation mode. And, I started observing that we weren't covering zero-trust networking or zero-trust concepts. And we were still kind of talking about kind of the traditional firewall and just kind of a, almost I feel, obsolete type of concepts. So, what I did is I took that course and transformed it. And now we're focused on zero-trust networking. I mean, I've now taught it for the last two years. I've done really well with the course, and yeah.

Jason Clark: So is there a zero-trust course or just zero-trust networking?

Rehman Khan: So, that's a good question. How we did this is that, because it was under the enterprise network security course, we kept the network security aspects in the course, but also introduced the person identity as well as device identity concepts, and started to put the picture together that, look, there's an underlying network that this information rides on, but you also need to know who this person is, what device are they coming. So I would say it's a zero-trust, but mostly focused on the networking aspects of it. The control plane and the data plane that I talk about in the course and work on with students is really focused on, where is this traffic originating from? How do we know it's good traffic?

Jason Clark: What's one of the hardest questions that you've gotten from a student?

Rehman Khan: I think the hardest one is really around, how do we take our current environments, and move them into this zero-trust thinking and implementation? How do we actually do that? And that's a tough one, because I feel that we're not there yet with zero-trust. There's a lot more work that needs to be done. For example, there's a notion of, okay, we need to know all the devices, all the configurations in our environments, in order for us to actually certify that this device is legit, this device is allowed access. Well, how many organizations really have that information, in a way that we can actually rely on, the data quality isn't a challenge? So it's hard to always explain that, because it just varies organization by organization. I think that's what I find to be a tough one.

Jason Clark: The job of security is very tough. Many people have written that it's one of the hardest jobs in the C level, if not the hardest other than the CEO, because of so much complexity around it. But as you look at that, how do you personally keep up? As head of all new tech, all architecture for a very large company, how do you keep up with it all?

Rehman Khan: I think it's a great question. And it's a struggle. I think that, for me... I focus on, like I said, a couple of domains in particular. And then, the idea is that, through interaction with our peers, you stay up to speed. I obviously read a lot, so I'm always reading all sorts of different articles.

Jason Clark: Do you have a favorite?

Rehman Khan: I would say not really. I just think that there is... The traditional [Bruce Dyer 00:17:04] and those type of-

Jason Clark: Yeah, yeah. Dark Reading, CSO Online, and-

Rehman Khan: Yeah.

Jason Clark: There's not any new one amazing... There's not a Wall Street Journal and New York Times version of cybersecurity stuff.

Rehman Khan: Yeah, no. It's really picking information really from different sources. And, one of the segments that I do for my students is, I really talk about the news of the day, from a cybersecurity perspective. And, I'll be very honest. I mean, that's probably the place where I go, almost on a daily basis, and I collect that information, and then they really talk about the reasons, why things are happening the way they are and what can be done to manage the risk. Outside of that, I'm mostly reading books around artificial intelligence. I will read certain reports kind of the Gartners and so on and so forth. But yeah, that's kind of [inaudible 00:18:18].

Jason Clark: Okay. So, you just said artificial intelligence. Let's talk about that. You've been reading about it, and obviously, that's clearly an interest of yours. Tell us more about the impact of that, from a cybersecurity perspective to you.

Rehman Khan: I think, as you mentioned, the complexity of our environment, and it continues to begin, getting more complex, I think we have to find a way to scale in cybersecurity. And, in our current model, our current models are just not going to scale with the amount of information that's being generated. And, I think the burnout that we may be creating in security organizations are security professionals focused on the right problems. Are they working on reasoning, or are they working on reacting? So, I think that, where artificial intelligence can come into play is that, if we start looking at kind of our narrow domain of security, cybersecurity, we can look at certain narrow tasks, and really start automation and driving decisions on those narrow tasks. So for instance, there are ways to classify the events that are taking place. Do we need to have a analyst looking at those events all day long? Why can't we use machine learning to actually catalog the events, actually use some level of intent, and match it to the outcome, and actually look at the outcome and see if this was the intent we had using machine learning.

Rehman Khan: So, I think that machine learning can help us from that angle, where we can start moving some of the workload to narrow focused artificial intelligence algorithms that can filter and evaluate certain decision points.

Jason Clark: Have you seen many... Who is the best at that, as an architect? Who have you seen do a really good job of that, vendor wise?

Rehman Khan: Vendor wise? I would say I don't know. I don't know. I have not run into a vendor that can... I think there are certain aspects of it. There are certain algorithms that are behind the scenes. But, out in the open, at least I'm not seeing a vendor that has completely [inaudible 00:20:57]

Jason Clark: Okay. Even a little bit, has there been anybody that you're like, "Okay, they're on the right track. What they're doing is interesting." Startup or big, doesn't matter.

Rehman Khan: Yeah. I would say, you have the likes of CrowdStrike and obviously some of those Palo Alto. There's a little bit of that going on there. I think that there's a lot of research that's being done. But I don't necessarily see a productized version of... There's deepwatch. There are companies that are attempting, but I don't necessarily see a winner yet.

Jason Clark: Okay. So you're uninspired. At this point, you're uninspired. Tech wise, what does have you excited?

Rehman Khan: Complexity, difficult problems, I guess. I mean, I love to solve problems.

Jason Clark: All right. So, we look at cloud. When we look at cloud security, how would you say that's changing the landscape for security? I mean, cloud being adopted at your organization as an example, how is that changing the way security executes and functions, for everything, for CSO?

Rehman Khan: Yeah. I think, the public cloud, I actually find it to be kind of actually almost kind of a saving grace for us, because... There's two aspects of this, two perspectives that I have. One is that, public cloud gives us kind of the scale that we've always wanted. I can leverage that scale to stand up my security services. And by the way, these security services don't need to be a product that I buy from a vendor or procurer. It can be our own security product. But now, I don't have to stand up this infrastructure and these capabilities. I can actually leverage the public cloud to stand up my security abilities. And I think that's where some of the data science aspects are going to be more scalable for organizations that are focused on artificial intelligence and building their own universe, if you will, from a detection and prevention perspective.

Rehman Khan: I think the second aspect of public cloud that I think is difficult, to answer your question directly is that, I think, again, we don't have security professionals or enough security professionals, if you will, with the experience of public cloud. So, the challenge becomes, we need people to develop solutions or even assess cloud solutions and applications that are being migrated. So, we need to be able to have people that are skilled. We need to be able to understand the mindset, which is at very much a logical layer of the architecture. We're not anymore dealing with physical devices or firewalls, appliances. We're dealing with software. We're dealing with code. And, how do you take an organization, a security organization, that has been mostly focused on either risk assessment type of an approach, more of a kind of reactive approach of assessing risk, and at the same time, really leveraging off the shelf security products and implementing those products. So, you need to be able to pivot that.

Rehman Khan: What that requires, from my experience, is a team of individuals that have a good grasp on coding. They have a good grasp on distributed systems programming. And, you bring that team together in the security organization. And, I think that that really goes a long ways. There's some other mechanisms of delivery, such as [inaudible 00:25:17] you could create automation. You can create things such as policy as code. All of those aspects are kind of the byproducts. But I think you need to, in my mind, it's the people. I think you have to start with the right team.

Jason Clark: I love how you said cloud is kind of the saving grace for security, and I 100% agree. In fact, I say, it's the perfect reset. It's like the reboot. It is a new opportunity to get leverage that we've never had before. Cloud is extremely beneficial to us, if we use it correctly.

Rehman Khan: You're obviously, at Netskope, I mean, you're seeing that, right? You're seeing the use of cloud, how your organization's able to scale. I feel that for enterprises, it's an opportunity, and I think it's a one-time opportunity to be able to take your current applications, and really deploy them in a way, and design them, redesign them, in a way that they can leverage the scalability of the public cloud, but yet also be secured. I think it's the one-time opportunity, because I think if we don't do this correctly, I think we're going to end up in the same situation. Now, we're just going to have more code and may not have structure around it. So, I think you have to think about it that way.

Jason Clark: So, as you look back at your career, what would you put as one of the best decisions you've ever made, and why?

Rehman Khan: Well, there's couple of times, but the first thing that I'll say is that I actually, when I was in college, I started my journey in the electrical engineering space. And, as I was going through electrical engineering courses, I started looking at, wow, there's software being used, drafting software and this and that. And I'm looking at this and I'm saying, "Okay, well, why am I not focused on computer science? Where do I want to go with this?" And I would say it was the best decision I made. I switched from electrical engineering. I actually was halfway there, and I switched to computer science, because I was always fascinated by computers.

Rehman Khan: And, the interesting thing that I have to share this story with you. I actually started my career in embedded programming. So, I basically worked up in Minneapolis. I worked for a medical device company. We were in the business of infusion pumps, basically delivering insulin or pain medication. And, I started my career there writing an interface for infusion pumps. So basically, you would put the patient's pump in a control mode, where the physician would dial into that pump and reprogram it based on your symptoms. So you [inaudible 00:28:16]

Jason Clark: How many lines of code is one of those?

Rehman Khan: Oh boy, I don't even remember. I mean, it's hundreds of lines of code, and back then, it was all serial communication and then really taking that through connectivity process. But anyways, I started in that embedded systems world. Actually, I had to write a protocol, because you needed to make sure that this connectivity was secure and reliable, because you don't want the patient to be in pain and that yet the connectivity drops and you can't reprogram their pump. So I started in that, and again, as I was doing that and looking at software, I started looking at the power of software, and I was like, "Wow, this is great. I mean, this is where..." So I think that was kind of that inflection point, where I was doing my degree, switched into computer science and then just kind of kept on going. And then, I would say switching from there, the second point, sorry, is the switching from that to business applications. That was kind of the second.

Jason Clark: Where'd that happen at?

Rehman Khan: That happened when I left the embedded systems. Actually, I went to Carlson Companies. And, I started there as application developer and spent time there developing applications, then started seeing opportunities. It was mostly focused on J2EE applications, and started seeing opportunities from a security perspective. Boy, I mean, we need to be writing code more securely. We need to be thinking about user access. We need to be thinking about how certificate management works. I mean, all of those aspects started to become a reality. So yeah, those kind of were my...

Jason Clark: Fast forwarding, go five or 10 years in the future.

Speaker 6: Future. Your future.

Speaker 7: Future. Future. Future.

Jason Clark: What do you think people will wish they had been investing in now? From a architecture, strategy, technologies to perspective, what should they be investing? What's going to be some of the most significant changes that you think... Use your org or any org, that's going to see.

Rehman Khan: I think it's a couple of things. I feel that people. I think really picking the right team members and making those decisions now will pay dividends. I think we're all struggling with that area, that we don't have enough talent. And, we need to be able to invest in talent. So I think, part of it is, I think looking back, it's really, in my opinion, going to be, we should have been investing even more into our people, into the cybersecurity domain, if you will. I think that there's still a lot more opportunity there, that I think people will look back and say, "We should have been looking at people with more of the computer science background, or maybe getting them to that background."

Rehman Khan: I think the second thing I would say is that, I think it will be the design, security design. Like I said, really focusing on security design and making sure that the way we approach security is not just with a whole bunch of tools, but we should be really stepping back and designing security into the overall organization, the process. I think those are a couple of things that I feel like, when organizations will look back, I think they would've missed those opportunities. And I think that's why there's a huge talent grab right now. All the technology organizations tend to be bringing more people in the cybersecurity space because they see the value.

Jason Clark: So final segment here, slightly personal.

Speaker 8: Quick, quick, quick.

Speaker 9: Go. Got to move fast.

Speaker 10 : I want to go fast.

Jason Clark: You know every domain in security. You've been head of architecture for many major Fortune couple of hundred companies. When do you want to be a CSO? Do you ever want to be a CISO? Or do you look at the job and say, "Yeah, no."

Rehman Khan: I think like we talked, right? I think we are saying that it is a strategic role, but I don't know if it has gotten there yet. I think it's still a role that is viewed to be operational in nature that, "Hey, let's just protect our assets, and let's do it quick." And yeah, there'll be a time where I may pursue that. But for me, there's so much work to be done, Jason. There's just so much work to be still done from a design perspective, and really, architecting the right security solutions, that I feel like that's where I should be contributing. And I think that's where I want to be able to influence the organization.

Jason Clark: Love it. You'll take that gig one day, I'm sure of it. In the next 10 years, we'll talk. I think you'll be in it. So, if you weren't doing security, what would you be doing, if security didn't exist?

Rehman Khan: I would be a head chef somewhere.

Jason Clark: Love it. What type of food?

Rehman Khan: Well, so it's mostly Indian-Pakistani food. That's my background. But, I love to fuse. I love fusion. So.

Jason Clark : So what would you fuse with that? So if you took Indian-Pakistani food, what would you fuse that with?

Rehman Khan: Well, I'll give you an example. Americans love steak. So the way I prepare my steak, and of course, I'm going to brag about this, my daughters love the steak that I made. They think it's the best in the world. But I use Pakistani spices. I have certain rubs that I don't get out there. It's all my own concoction of spices. And I want to be able to create that American steak, but with kind of the Pakistani flair.

Jason Clark: Yeah. Yeah. I love it. That's amazing. We're going to have to hang out sometime.

Rehman Khan: Yeah.

Jason Clark: Yeah, in these confusion. So what's a skill, or you can do both, skill or hobby that isn't on your resume? So whether you want to focus on the hobby that you have that most people don't know about, or a skill? What's anything that people, and it might be cooking?

Rehman Khan: Well, I mean, cooking is one. But hobby, cooking is also spiritual for me. In a lot of ways, it actually really helps me kind of relax. Actually, it's kind of nice. I would say I used to remix music, and it was like house music. I love that. And I love music in general, but yeah, I think that remixing music somewhere, I really-

Jason Clark: Love it. And you fuse that too.

Rehman Khan: Yeah.

Jason Clark: I'm sure you do some fusion on music. Totally. I remember days where I would spend five or six hours just downloading music and just trying to [CatGrab 00:36:29] every little MP3 I could of any song. So yeah, that's a good answer. So last question, what would be your top piece of advice for somebody that was a person that wanted to aspire to be in your role? What would you tell them to go do?

Rehman Khan: I would say, if you're a people leader, I think you want to empower people around you and really get the best team under you, the best team you can pull together, the team that you can build trust with. I think that is the measure of success. And if we can build that with people around us, I think the problems, it becomes so easy to solve problems. I can't even stress.

Jason Clark: Yeah. And all sorts of people. I think that you could easily say that, in the end, the people is absolutely the number one most important thing you can do. And especially in your role, leading architecture, your job is to inspire people. It's to motivate them. Because you have a small team, but you have to get, I don't even know how many technology employees exist in your organization, but I'm sure it's 5,000, 10,000 people, you have to motivate all of them to do something for you, for security. And to actually accomplish that, it's not through policy. It's through inspiring them. It's through motivating them to want to, to care. And what you're saying is, is your team, your direct reports, have to do that same thing. They have to inspire the rest of the organization to care.

Rehman Khan: Yeah, no, I mean, as a leader, it just brings so much confidence in the organization. And you also want them to be able to make mistakes, where you let them try something. And I think you have to back them up. And I think that's very important. If somebody wants to lead a team of architects and engineers, you have to depend on their skill. You have to listen to them.

Jason Clark: That's all we have time for today. But, if anybody runs into Rehman and wants to reach out to him, you can find him on LinkedIn. He's a great guy, loves to talk about anything security architecture especially, the changes we have coming, anything. If you ever run into him, ask him for what are the spices he puts on his steak. I'm definitely going to.

Rehman Khan: Yeah, that's a secret recipe. My daughters just protect it like you wouldn't believe it. And they're like, "This is Dad's secret recipe." And I'm like, "Well, that is little recipe. I'm just doing it all but-"

Jason Clark: They want to create a restaurant. They want to create a restaurant.

Rehman Khan: Yeah.

Jason Clark: But no, this has been awesome. Thank you so much for your time and just sharing just your personal life and your loves and a lot about cybersecurity. So all we want to do is just help this industry get better, and like you said, it's about... You said it like 50 times, I think, in this conversation, it's all about the people, and that's the key, and that's what we're trying to do here, is help to people. Thank you so much.

Rehman Khan: Yeah. Thank you. Thank you so much, Jason, for the opportunity.

Jason Clark: Awesome.

Ad: The Security Visionaries podcast is powered by the team at Netskope. Looking for the right cloud security platform to enable your digital transformation journey? The Netskope Security Cloud helps you safely and quickly connect users directly to the internet, from any device to any application. Learn more a netskope.com.

Producer: Thank you for listening to Security Visionaries. Please take a moment to rate and review the show, and share it with someone you know who might enjoy. Stay tuned for episodes releasing every other week, and we'll see you in the next one.

Subscribe to the future of security transformation

Ao enviar este formulário, você concorda com nossos Termos de Uso e reconhece a nossa Declaração de Privacidade.