The Future of Zero Trust and SASE is Now! Watch on-demand

close
close
  • Why Netskope chevron

    Changing the way networking and security work together.

  • Our Customers chevron

    Netskope serves more than 3,000 customers worldwide including more than 25 of the Fortune 100

  • Our Partners chevron

    We partner with security leaders to help you secure your journey to the cloud.

Highest in Execution. Furthest in Vision.

Netskope recognized as a Leader in the 2023 Gartner® Magic Quadrant™ for Security Service Edge.

Get the report
Netskope recognized as a Leader in the 2023 Gartner® Magic Quadrant™ for Security Service Edge.
We help our customers to be Ready for Anything

See our customers
Woman smiling with glasses looking out window
Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.

Learn about Netskope Partners
Group of diverse young professionals smiling
Your Network of Tomorrow

Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.

Get the white paper
Your Network of Tomorrow
Introducing the Netskope One Platform

Netskope One is a cloud-native platform that offers converged security and networking services to enable your SASE and zero trust transformation.

Learn about Netskope One
Abstract with blue lighting
Embrace a Secure Access Service Edge (SASE) architecture

Netskope NewEdge is the world’s largest, highest-performing security private cloud and provides customers with unparalleled service coverage, performance and resilience.

Learn about NewEdge
NewEdge
Netskope Cloud Exchange

The Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.

Learn about Cloud Exchange
Netskope video
The platform of the future is Netskope

Intelligent Security Service Edge (SSE), Cloud Access Security Broker (CASB), Cloud Firewall, Next Generation Secure Web Gateway (SWG), and Private Access for ZTNA built natively into a single solution to help every business on its journey to Secure Access Service Edge (SASE) architecture.

Go to Products Overview
Netskope video
Next Gen SASE Branch is hybrid — connected, secured, and automated

Netskope Next Gen SASE Branch converges Context-Aware SASE Fabric, Zero-Trust Hybrid Security, and SkopeAI-powered Cloud Orchestrator into a unified cloud offering, ushering in a fully modernized branch experience for the borderless enterprise.

Learn about Next Gen SASE Branch
People at the open space office
Designing a SASE Architecture For Dummies

Get your complimentary copy of the only guide to SASE design you’ll ever need.

Get the eBook
Make the move to market-leading cloud security services with minimal latency and high reliability.

Learn about NewEdge
Lighted highway through mountainside switchbacks
Safely enable the use of generative AI applications with application access control, real-time user coaching, and best-in-class data protection.

Learn how we secure generative AI use
Safely Enable ChatGPT and Generative AI
Zero trust solutions for SSE and SASE deployments

Learn about Zero Trust
Boat driving through open sea
Netskope achieves FedRAMP High Authorization

Choose Netskope GovCloud to accelerate your agency’s transformation.

Learn about Netskope GovCloud
Netskope GovCloud
  • Resources chevron

    Learn more about how Netskope can help you secure your journey to the cloud.

  • Blog chevron

    Learn how Netskope enables security and networking transformation through security service edge (SSE)

  • Events and Workshops chevron

    Stay ahead of the latest security trends and connect with your peers.

  • Security Defined chevron

    Everything you need to know in our cybersecurity encyclopedia.

Security Visionaries Podcast

Elections, Disinformation, and Security
This episode takes a look at aspects of election security around voter registration and physical controls at polling places.

Play the podcast
Blog: Elections, Disinformation, and Security
Latest Blogs

Read how Netskope can enable the Zero Trust and SASE journey through security service edge (SSE) capabilities.

Read the blog
Sunrise and cloudy sky
SASE Week 2023: Your SASE journey starts now!

Replay sessions from the fourth annual SASE Week.

Explore sessions
SASE Week 2023
What is Security Service Edge?

Explore the security side of SASE, the future of network and protection in the cloud.

Learn about Security Service Edge
Four-way roundabout
  • Company chevron

    We help you stay ahead of cloud, data, and network security challenges.

  • Leadership chevron

    Our leadership team is fiercely committed to doing everything it takes to make our customers successful.

  • Customer Solutions chevron

    We are here for you and with you every step of the way, ensuring your success with Netskope.

  • Training and Certification chevron

    Netskope training will help you become a cloud security expert.

Supporting sustainability through data security

Netskope is proud to participate in Vision 2045: an initiative aimed to raise awareness on private industry’s role in sustainability.

Find out more
Supporting Sustainability Through Data Security
Thinkers, builders, dreamers, innovators. Together, we deliver cutting-edge cloud security solutions to help our customers protect their data and people.

Meet our team
Group of hikers scaling a snowy mountain
Netskope’s talented and experienced Professional Services team provides a prescriptive approach to your successful implementation.

Learn about Professional Services
Netskope Professional Services
Secure your digital transformation journey and make the most of your cloud, web, and private applications with Netskope training.

Learn about Training and Certifications
Group of young professionals working
Post Thumbnail

This episode features an interview with Rehman Khan, Director of Security Strategy Research & Design at Charles Schwab. Rehman has over 20 years of technology innovation and transformation experience in the financial, biotechnology, hospitality, and technology industries.

On this episode, Rehman shares his love for teaching the next generation of security leaders, how cloud security is changing the security landscape, and what goes into a successful security team.

Focusing on security design and making sure that the way we approach security is not just with a whole bunch of tools, we should be really stepping back and designing security into the overall organization and process.

—Rehman Khan, Director of Security Strategy Research & Design at Charles Schwab
Rehman Khan

 

Timestamps

*(1:53) - Rehman’s background
*(18:17) - A.I and cyber security
*(4:25) - Segment: Deep Dive*(22:03) - How cloud security is changing the landscape
*(7:28) - Rehman’s most/least favorite security domains
*(26:41) - Best career decisions Rehman has made
*(10:37) - Teaching the next generation of security leaders
*(30:20) - Segment: The Future
*(16:11) - How to keep up with the industry*(32:48) - Segment: Quick Hits

 

Other ways to listen:

green plus

On this episode

Rehman Khan
Director of Security Strategy Research & Design at Charles Schwab

chevron

Rehman Khan

Over the last five years, Rehman has focused on leading enterprises to public cloud services securely and enabled digital transformation initiatives. At TD Ameritrade, he leads the Cloud and Data Security team and reports to the CISO. He holds a BS in computer science and an MS in software engineering, along with CCSP and CISSP certifications. He is an Adjunct Professor at the University of Missouri Graduate Computer Science and Washington University Graduate Cyber Security programs. Khan is a University of Missouri, IS and Technology Advisory Board member. He has presented talks at RSA Conference about innovation in the cloud securely. Rehman is also an Adjunct Professor at the University of St Louis Graduate Computer Science Department Adjunct Professor at Washington University St Louis Cybersecurity Graduate Program and Speaker at the 2019 RSA conference.

Connect with Rehman on LinkedIn

Follow Rehman on Twitter

Jason Clark
Chief Strategy and Marketing Officer at Netskope

chevron

Jason Clark

Jason brings decades of experience building and executing successful strategic security programs to Netskope.

He was previously the chief security and strategy officer for Optiv, developing a comprehensive suite of solutions to help CXO executives enhance their security strategies and accelerate alignment of those strategies with the business. Prior to Optiv, Clark held a leadership role at Websense, where he was a driving force behind the company’s transformation into a provider of critical technology for chief information security officers (CISOs). In a prior role as CISO and vice president of infrastructure for Emerson Electric, Clark significantly decreased the company’s risk by developing and executing a successful security program for 140,000 employees across 1,500 locations. He was previously CISO for The New York Times, and has held security leadership and technical roles at EverBank, BB&T and the U.S. Army.

Rehman Khan

Over the last five years, Rehman has focused on leading enterprises to public cloud services securely and enabled digital transformation initiatives. At TD Ameritrade, he leads the Cloud and Data Security team and reports to the CISO. He holds a BS in computer science and an MS in software engineering, along with CCSP and CISSP certifications. He is an Adjunct Professor at the University of Missouri Graduate Computer Science and Washington University Graduate Cyber Security programs. Khan is a University of Missouri, IS and Technology Advisory Board member. He has presented talks at RSA Conference about innovation in the cloud securely. Rehman is also an Adjunct Professor at the University of St Louis Graduate Computer Science Department Adjunct Professor at Washington University St Louis Cybersecurity Graduate Program and Speaker at the 2019 RSA conference.

Connect with Rehman on LinkedIn

Follow Rehman on Twitter

Jason Clark

Jason brings decades of experience building and executing successful strategic security programs to Netskope.

He was previously the chief security and strategy officer for Optiv, developing a comprehensive suite of solutions to help CXO executives enhance their security strategies and accelerate alignment of those strategies with the business. Prior to Optiv, Clark held a leadership role at Websense, where he was a driving force behind the company’s transformation into a provider of critical technology for chief information security officers (CISOs). In a prior role as CISO and vice president of infrastructure for Emerson Electric, Clark significantly decreased the company’s risk by developing and executing a successful security program for 140,000 employees across 1,500 locations. He was previously CISO for The New York Times, and has held security leadership and technical roles at EverBank, BB&T and the U.S. Army.

Episode transcript

Open for transcript

Rehman Khan: I think it will be the design, security design. Like I said, really focusing on security design and making sure that the way we approach security is not just with a whole bunch of tools, but we should be really stepping back and designing security into the overall organization, the process.

Producer: Hello and welcome to Security Visionaries, hosted by Jason Clark, CSO at Netskope. You just heard from today's guest, Rehman Khan, Director of Security Strategy, Research & Design at Charles Schwab. With more than 20 years under his security belt, Rehman has worked with all kinds of people. With this kind of experience, there's a reason one of his top recommendations is to double down on people. Security leaders picking the right team members has a profound ripple effect. The importance of these decisions make or break careers in security. So choose wisely. Before we dive into the interview, here's a brief word from our sponsor.

Ad: The Security Visionaries podcast is powered by the team at Netskope. Netskope is the sassy leader offering everything you need to provide a fast, data-centric and cloud-smart user experience at the speed of business today. Learn more at netskope.com

Producer : Without further ado, please enjoy episode eight of Security Visionaries with Rehman Khan, Director of Security Strategy, Research & Design at Charles Schwab, and your host, Jason Clark.

Jason Clark: Welcome to Security Visionaries. I'm your host, Jason Clark, CSO of Netskope. And today, I am joined by a new guest, Rehman Khan. Rehman, tell us a little about yourself.

Rehman Khan: Hey, Jason. Yeah, glad to be here. I am basically leading the Charles Schwab Security Strategy, Research & Design Organization. And, I live in St. Louis, Missouri, and have lived there for eight years almost. And, before that, I was in Minneapolis, working in cybersecurity for roughly 12 to 15 years, and doing other things along the way. So, that's me.

Jason Clark: Yeah, in the time I've known you, you've been an architect, head of architecture for a lot of really big companies, global companies. You've made a big impact in your organizations you've been in. But, one thing I did just noticed is that your hair's a lot shorter than the last time I saw you. Was that kind of a result of the pandemic and then kind of coming out where, I don't even know how many inches you cut off just now.

Rehman Khan: Well, yeah. Hey, I think we're all kind of tinkering with our little needs and wants, I guess. Yeah, I'd probably say I got six inches off just a couple of weeks ago. Thought I'd just clean up for the new year. That goes and maybe get a fresh start, but this pandemic absolutely has given us kind of this opportunity to maybe grow our hair long.

Jason Clark: How'd your family or at work, who reacted the best or worst to you cut everything off?

Rehman Khan: I think they took me as I presented. I guess there's always something going on with me. I mean, I'll have a goatee, and then all of a sudden, a couple years later, I'll have a beard. And so I think people are sort of used to the way things change about my, I guess, look. But, I'll tell you, I think people in general were very complimentary, but I did have a couple of times where, I think it was actually one of the chairperson at Wash U, they looked at me and they're like, "Wow, were you at the Survivor show?" I mean, it was literally, their reaction was like, "Where were you?" And so, yeah, I think that there's a kind of a mixed bag, but mostly people were nice and they understood that.

Speaker 5: Deep dive. Dive. Dive. Dive. Dive.

Jason Clark: So you speak six languages. Tell us a little bit what those are and how they've been valuable to you.

Rehman Khan: Yeah. So really, if my background, growing up, I was born in Kuwait. I grew up there, then went to Abu Dhabi. And my dad worked for Lufthansa, so you can start seeing kind of the pattern of us being able to travel the world. And then I moved up to Minneapolis from Abu Dhabi, which was a huge change. But I guess, coming back to your question, really, I would say Abu Dhabi was a city where I got to learn and interact with international crowd. And, I've learned German. Arabic was already there, Urdu, and just kept on going. And I think that resonates with me, and it kept on building up my palette.

Jason Clark: I think about that. So I grew up globally as well, being a military brat. And, I think about the fact that, how do I give that same exposure to my kids? I want them to grow up global citizens and not just sitting in one city their whole life. And what I've decided is that, starting in two years, every single summer, we will spend that summer in a different country. And that's how I'm going to make them, as much as I can, global citizens.

Rehman Khan: Yeah. No, I think that's a great idea. I feel that we have, I mean, hoping that with the pandemic, in the next couple years, we can get that kind of a chance to freely mobilize. Because part of it is not only, you could sit at home and learn all these languages, and we do the same with cybersecurity, so on and so forth. But some of this is about interaction. And you really, when you interact with people, both in personal life, you learn. And I think that by traveling, you learn. You instill the confidence in your children. And I think that's a great plan. I myself want to do that, but I think it's about going to an environment where you have to deal with the situation and then you start-

Jason Clark: It's the culture.

Rehman Khan: Yeah.

Jason Clark: It's like, there's two types of people, the ones that go somewhere and say, "All right. Here's the 10 sites. I want to go see them," which you can basically see by Googling it, or the people that say, "I want to embrace the culture. I want to try the food. I want to meet the people. I want to go to the local bars." It's a very, very different essence of what you're trying to accomplish. So, I normally ask this question a little later, but I'm curious right now, from getting into security, what's your favorite security domain? You run architecture, and you've done that over and over again, which means you kind of get to oversee, like a CSO, every security domain. What's your favorite domain?

Rehman Khan: Boy, that's a tough one. Can I give you two?

Jason Clark: Yeah. Give me your first, and then your second.

Rehman Khan: Okay. I'll say it. Look, identity and access management is where I grew up and what I learned, and I continue to see it evolving. I think that's my first one. That's kind of the go to, and right behind it is data security. Those two are been always there. Yeah. I mean, I think that they kind of go hand in hand. You could look at it from an application security perspective. But yeah, I think those are kind of the domains.

Jason Clark: Those are great domains. And if I had to ask you, what's your one that you hate the most?

Rehman Khan: And this may apply to all the above, but it's kind of the security operations, if you will. It's such an important aspect, but I also feel that, I think security operations and maybe I can tell you why.

Jason Clark: It's a different kind of stress. Tell us why you hate operations.

Rehman Khan: Well, I'm a designer. I have always been a designer. I'm after the aesthetics. I am after the actual design. And I feel that the reason we have operations in its current state, the way it is, is that we're not focusing on design. We're not designing security solutions and applications and so on and so forth with security in mind. And well, there's a residual risk and effect of that. And that's what security operations is today. I mean, I think that's what makes me kind of stay away from it, because why do we have to be so stressed about it? Why can't it be like other operational domains that are automated. They're working, functioning, manufacturing. I mean, you take any of the other business domains, so-

Jason Clark: You don't want to be the result of other people's bad designs. You don't want to be the tail. You want to fix things and design them right.

Rehman Khan: Yes.

Jason Clark: Makes lot of sense. I get it. And so you're frustrated in operations when you see bad designs basically.

Rehman Khan: Yeah. Yeah. And then you see them over and over again. I mean, we're seeing it with Log4j. It's kind of an interesting landscape, if you will.

Jason Clark: That one, I think, hurt a lot of people's Decembers. It hurt a bunch of vacations of people. Everybody I talked to for at least 45 days was like, "Oh, what's going on?" "Yep. Log4j. That's what's going on. We're just scrambling because of that." So you teach at a couple of universities, which I always applaud, to helping the next generation. And one of them is Wash U where I got my MBA, and love, love seeing that on your background and what you're working on. So, why do you do it? What's your view on the next generation and the importance of teaching them cybersecurity? And what do you teach them?

Rehman Khan: Yeah. I look at it as a learning process, really. By teaching, I'm learning. I think that's the one thing that I really focus on, because you have this interaction with the students, and you're getting questions. And sometimes, I have the answers and sometimes I don't. It's such a different question that I was not expecting. So, part of it is that, it's something that, maybe call it kind of self-fulfilling prophecy. I'm trying to get ahead of things.

Rehman Khan: What do I teach? So at Wash U, when I was first approached about the program, Wash U did not have an identity and access management course. So, Joe and I met, and we discussed it. And I said, "Well, look, I have spent quite a bit time on identity and access management, and I think that's an area that we're not really spending more time on, as it relates to cybersecurity certificates and programs. So, let's do something with that, but let's not make it only a theoretical thing. Let's actually implement labs and work on something like that." So I created the whole curriculum for that course. And, as I had a few classes, I started observing that there is a lot of work that needs to be done in identity and access management. Even though it's such a relative to other areas, I would say it's been there. It's been around for-

Jason Clark: It's old, but the least mature. I would say the same thing for data security, by the way. Both of those are old industries, or old areas, with the least amount of maturity, the most amount of fragmentation.

Rehman Khan: Yeah. So, that's what I continue to be amazed about and it's been great. So, the other thing that have been transforming, if you will, there was an enterprise network security course, and I actually co-taught it with a couple of other instructors, and just more in the observation mode. And, I started observing that we weren't covering zero-trust networking or zero-trust concepts. And we were still kind of talking about kind of the traditional firewall and just kind of a, almost I feel, obsolete type of concepts. So, what I did is I took that course and transformed it. And now we're focused on zero-trust networking. I mean, I've now taught it for the last two years. I've done really well with the course, and yeah.

Jason Clark: So is there a zero-trust course or just zero-trust networking?

Rehman Khan: So, that's a good question. How we did this is that, because it was under the enterprise network security course, we kept the network security aspects in the course, but also introduced the person identity as well as device identity concepts, and started to put the picture together that, look, there's an underlying network that this information rides on, but you also need to know who this person is, what device are they coming. So I would say it's a zero-trust, but mostly focused on the networking aspects of it. The control plane and the data plane that I talk about in the course and work on with students is really focused on, where is this traffic originating from? How do we know it's good traffic?

Jason Clark: What's one of the hardest questions that you've gotten from a student?

Rehman Khan: I think the hardest one is really around, how do we take our current environments, and move them into this zero-trust thinking and implementation? How do we actually do that? And that's a tough one, because I feel that we're not there yet with zero-trust. There's a lot more work that needs to be done. For example, there's a notion of, okay, we need to know all the devices, all the configurations in our environments, in order for us to actually certify that this device is legit, this device is allowed access. Well, how many organizations really have that information, in a way that we can actually rely on, the data quality isn't a challenge? So it's hard to always explain that, because it just varies organization by organization. I think that's what I find to be a tough one.

Jason Clark: The job of security is very tough. Many people have written that it's one of the hardest jobs in the C level, if not the hardest other than the CEO, because of so much complexity around it. But as you look at that, how do you personally keep up? As head of all new tech, all architecture for a very large company, how do you keep up with it all?

Rehman Khan: I think it's a great question. And it's a struggle. I think that, for me... I focus on, like I said, a couple of domains in particular. And then, the idea is that, through interaction with our peers, you stay up to speed. I obviously read a lot, so I'm always reading all sorts of different articles.

Jason Clark: Do you have a favorite?

Rehman Khan: I would say not really. I just think that there is... The traditional [Bruce Dyer 00:17:04] and those type of-

Jason Clark: Yeah, yeah. Dark Reading, CSO Online, and-

Rehman Khan: Yeah.

Jason Clark: There's not any new one amazing... There's not a Wall Street Journal and New York Times version of cybersecurity stuff.

Rehman Khan: Yeah, no. It's really picking information really from different sources. And, one of the segments that I do for my students is, I really talk about the news of the day, from a cybersecurity perspective. And, I'll be very honest. I mean, that's probably the place where I go, almost on a daily basis, and I collect that information, and then they really talk about the reasons, why things are happening the way they are and what can be done to manage the risk. Outside of that, I'm mostly reading books around artificial intelligence. I will read certain reports kind of the Gartners and so on and so forth. But yeah, that's kind of [inaudible 00:18:18].

Jason Clark: Okay. So, you just said artificial intelligence. Let's talk about that. You've been reading about it, and obviously, that's clearly an interest of yours. Tell us more about the impact of that, from a cybersecurity perspective to you.

Rehman Khan: I think, as you mentioned, the complexity of our environment, and it continues to begin, getting more complex, I think we have to find a way to scale in cybersecurity. And, in our current model, our current models are just not going to scale with the amount of information that's being generated. And, I think the burnout that we may be creating in security organizations are security professionals focused on the right problems. Are they working on reasoning, or are they working on reacting? So, I think that, where artificial intelligence can come into play is that, if we start looking at kind of our narrow domain of security, cybersecurity, we can look at certain narrow tasks, and really start automation and driving decisions on those narrow tasks. So for instance, there are ways to classify the events that are taking place. Do we need to have a analyst looking at those events all day long? Why can't we use machine learning to actually catalog the events, actually use some level of intent, and match it to the outcome, and actually look at the outcome and see if this was the intent we had using machine learning.

Rehman Khan: So, I think that machine learning can help us from that angle, where we can start moving some of the workload to narrow focused artificial intelligence algorithms that can filter and evaluate certain decision points.

Jason Clark: Have you seen many... Who is the best at that, as an architect? Who have you seen do a really good job of that, vendor wise?

Rehman Khan: Vendor wise? I would say I don't know. I don't know. I have not run into a vendor that can... I think there are certain aspects of it. There are certain algorithms that are behind the scenes. But, out in the open, at least I'm not seeing a vendor that has completely [inaudible 00:20:57]

Jason Clark: Okay. Even a little bit, has there been anybody that you're like, "Okay, they're on the right track. What they're doing is interesting." Startup or big, doesn't matter.

Rehman Khan: Yeah. I would say, you have the likes of CrowdStrike and obviously some of those Palo Alto. There's a little bit of that going on there. I think that there's a lot of research that's being done. But I don't necessarily see a productized version of... There's deepwatch. There are companies that are attempting, but I don't necessarily see a winner yet.

Jason Clark: Okay. So you're uninspired. At this point, you're uninspired. Tech wise, what does have you excited?

Rehman Khan: Complexity, difficult problems, I guess. I mean, I love to solve problems.

Jason Clark: All right. So, we look at cloud. When we look at cloud security, how would you say that's changing the landscape for security? I mean, cloud being adopted at your organization as an example, how is that changing the way security executes and functions, for everything, for CSO?

Rehman Khan: Yeah. I think, the public cloud, I actually find it to be kind of actually almost kind of a saving grace for us, because... There's two aspects of this, two perspectives that I have. One is that, public cloud gives us kind of the scale that we've always wanted. I can leverage that scale to stand up my security services. And by the way, these security services don't need to be a product that I buy from a vendor or procurer. It can be our own security product. But now, I don't have to stand up this infrastructure and these capabilities. I can actually leverage the public cloud to stand up my security abilities. And I think that's where some of the data science aspects are going to be more scalable for organizations that are focused on artificial intelligence and building their own universe, if you will, from a detection and prevention perspective.

Rehman Khan: I think the second aspect of public cloud that I think is difficult, to answer your question directly is that, I think, again, we don't have security professionals or enough security professionals, if you will, with the experience of public cloud. So, the challenge becomes, we need people to develop solutions or even assess cloud solutions and applications that are being migrated. So, we need to be able to have people that are skilled. We need to be able to understand the mindset, which is at very much a logical layer of the architecture. We're not anymore dealing with physical devices or firewalls, appliances. We're dealing with software. We're dealing with code. And, how do you take an organization, a security organization, that has been mostly focused on either risk assessment type of an approach, more of a kind of reactive approach of assessing risk, and at the same time, really leveraging off the shelf security products and implementing those products. So, you need to be able to pivot that.

Rehman Khan: What that requires, from my experience, is a team of individuals that have a good grasp on coding. They have a good grasp on distributed systems programming. And, you bring that team together in the security organization. And, I think that that really goes a long ways. There's some other mechanisms of delivery, such as [inaudible 00:25:17] you could create automation. You can create things such as policy as code. All of those aspects are kind of the byproducts. But I think you need to, in my mind, it's the people. I think you have to start with the right team.

Jason Clark: I love how you said cloud is kind of the saving grace for security, and I 100% agree. In fact, I say, it's the perfect reset. It's like the reboot. It is a new opportunity to get leverage that we've never had before. Cloud is extremely beneficial to us, if we use it correctly.

Rehman Khan: You're obviously, at Netskope, I mean, you're seeing that, right? You're seeing the use of cloud, how your organization's able to scale. I feel that for enterprises, it's an opportunity, and I think it's a one-time opportunity to be able to take your current applications, and really deploy them in a way, and design them, redesign them, in a way that they can leverage the scalability of the public cloud, but yet also be secured. I think it's the one-time opportunity, because I think if we don't do this correctly, I think we're going to end up in the same situation. Now, we're just going to have more code and may not have structure around it. So, I think you have to think about it that way.

Jason Clark: So, as you look back at your career, what would you put as one of the best decisions you've ever made, and why?

Rehman Khan: Well, there's couple of times, but the first thing that I'll say is that I actually, when I was in college, I started my journey in the electrical engineering space. And, as I was going through electrical engineering courses, I started looking at, wow, there's software being used, drafting software and this and that. And I'm looking at this and I'm saying, "Okay, well, why am I not focused on computer science? Where do I want to go with this?" And I would say it was the best decision I made. I switched from electrical engineering. I actually was halfway there, and I switched to computer science, because I was always fascinated by computers.

Rehman Khan: And, the interesting thing that I have to share this story with you. I actually started my career in embedded programming. So, I basically worked up in Minneapolis. I worked for a medical device company. We were in the business of infusion pumps, basically delivering insulin or pain medication. And, I started my career there writing an interface for infusion pumps. So basically, you would put the patient's pump in a control mode, where the physician would dial into that pump and reprogram it based on your symptoms. So you [inaudible 00:28:16]

Jason Clark: How many lines of code is one of those?

Rehman Khan: Oh boy, I don't even remember. I mean, it's hundreds of lines of code, and back then, it was all serial communication and then really taking that through connectivity process. But anyways, I started in that embedded systems world. Actually, I had to write a protocol, because you needed to make sure that this connectivity was secure and reliable, because you don't want the patient to be in pain and that yet the connectivity drops and you can't reprogram their pump. So I started in that, and again, as I was doing that and looking at software, I started looking at the power of software, and I was like, "Wow, this is great. I mean, this is where..." So I think that was kind of that inflection point, where I was doing my degree, switched into computer science and then just kind of kept on going. And then, I would say switching from there, the second point, sorry, is the switching from that to business applications. That was kind of the second.

Jason Clark: Where'd that happen at?

Rehman Khan: That happened when I left the embedded systems. Actually, I went to Carlson Companies. And, I started there as application developer and spent time there developing applications, then started seeing opportunities. It was mostly focused on J2EE applications, and started seeing opportunities from a security perspective. Boy, I mean, we need to be writing code more securely. We need to be thinking about user access. We need to be thinking about how certificate management works. I mean, all of those aspects started to become a reality. So yeah, those kind of were my...

Jason Clark: Fast forwarding, go five or 10 years in the future.

Speaker 6: Future. Your future.

Speaker 7: Future. Future. Future.

Jason Clark: What do you think people will wish they had been investing in now? From a architecture, strategy, technologies to perspective, what should they be investing? What's going to be some of the most significant changes that you think... Use your org or any org, that's going to see.

Rehman Khan: I think it's a couple of things. I feel that people. I think really picking the right team members and making those decisions now will pay dividends. I think we're all struggling with that area, that we don't have enough talent. And, we need to be able to invest in talent. So I think, part of it is, I think looking back, it's really, in my opinion, going to be, we should have been investing even more into our people, into the cybersecurity domain, if you will. I think that there's still a lot more opportunity there, that I think people will look back and say, "We should have been looking at people with more of the computer science background, or maybe getting them to that background."

Rehman Khan: I think the second thing I would say is that, I think it will be the design, security design. Like I said, really focusing on security design and making sure that the way we approach security is not just with a whole bunch of tools, but we should be really stepping back and designing security into the overall organization, the process. I think those are a couple of things that I feel like, when organizations will look back, I think they would've missed those opportunities. And I think that's why there's a huge talent grab right now. All the technology organizations tend to be bringing more people in the cybersecurity space because they see the value.

Jason Clark: So final segment here, slightly personal.

Speaker 8: Quick, quick, quick.

Speaker 9: Go. Got to move fast.

Speaker 10 : I want to go fast.

Jason Clark: You know every domain in security. You've been head of architecture for many major Fortune couple of hundred companies. When do you want to be a CSO? Do you ever want to be a CISO? Or do you look at the job and say, "Yeah, no."

Rehman Khan: I think like we talked, right? I think we are saying that it is a strategic role, but I don't know if it has gotten there yet. I think it's still a role that is viewed to be operational in nature that, "Hey, let's just protect our assets, and let's do it quick." And yeah, there'll be a time where I may pursue that. But for me, there's so much work to be done, Jason. There's just so much work to be still done from a design perspective, and really, architecting the right security solutions, that I feel like that's where I should be contributing. And I think that's where I want to be able to influence the organization.

Jason Clark: Love it. You'll take that gig one day, I'm sure of it. In the next 10 years, we'll talk. I think you'll be in it. So, if you weren't doing security, what would you be doing, if security didn't exist?

Rehman Khan: I would be a head chef somewhere.

Jason Clark: Love it. What type of food?

Rehman Khan: Well, so it's mostly Indian-Pakistani food. That's my background. But, I love to fuse. I love fusion. So.

Jason Clark : So what would you fuse with that? So if you took Indian-Pakistani food, what would you fuse that with?

Rehman Khan: Well, I'll give you an example. Americans love steak. So the way I prepare my steak, and of course, I'm going to brag about this, my daughters love the steak that I made. They think it's the best in the world. But I use Pakistani spices. I have certain rubs that I don't get out there. It's all my own concoction of spices. And I want to be able to create that American steak, but with kind of the Pakistani flair.

Jason Clark: Yeah. Yeah. I love it. That's amazing. We're going to have to hang out sometime.

Rehman Khan: Yeah.

Jason Clark: Yeah, in these confusion. So what's a skill, or you can do both, skill or hobby that isn't on your resume? So whether you want to focus on the hobby that you have that most people don't know about, or a skill? What's anything that people, and it might be cooking?

Rehman Khan: Well, I mean, cooking is one. But hobby, cooking is also spiritual for me. In a lot of ways, it actually really helps me kind of relax. Actually, it's kind of nice. I would say I used to remix music, and it was like house music. I love that. And I love music in general, but yeah, I think that remixing music somewhere, I really-

Jason Clark: Love it. And you fuse that too.

Rehman Khan: Yeah.

Jason Clark: I'm sure you do some fusion on music. Totally. I remember days where I would spend five or six hours just downloading music and just trying to [CatGrab 00:36:29] every little MP3 I could of any song. So yeah, that's a good answer. So last question, what would be your top piece of advice for somebody that was a person that wanted to aspire to be in your role? What would you tell them to go do?

Rehman Khan: I would say, if you're a people leader, I think you want to empower people around you and really get the best team under you, the best team you can pull together, the team that you can build trust with. I think that is the measure of success. And if we can build that with people around us, I think the problems, it becomes so easy to solve problems. I can't even stress.

Jason Clark: Yeah. And all sorts of people. I think that you could easily say that, in the end, the people is absolutely the number one most important thing you can do. And especially in your role, leading architecture, your job is to inspire people. It's to motivate them. Because you have a small team, but you have to get, I don't even know how many technology employees exist in your organization, but I'm sure it's 5,000, 10,000 people, you have to motivate all of them to do something for you, for security. And to actually accomplish that, it's not through policy. It's through inspiring them. It's through motivating them to want to, to care. And what you're saying is, is your team, your direct reports, have to do that same thing. They have to inspire the rest of the organization to care.

Rehman Khan: Yeah, no, I mean, as a leader, it just brings so much confidence in the organization. And you also want them to be able to make mistakes, where you let them try something. And I think you have to back them up. And I think that's very important. If somebody wants to lead a team of architects and engineers, you have to depend on their skill. You have to listen to them.

Jason Clark: That's all we have time for today. But, if anybody runs into Rehman and wants to reach out to him, you can find him on LinkedIn. He's a great guy, loves to talk about anything security architecture especially, the changes we have coming, anything. If you ever run into him, ask him for what are the spices he puts on his steak. I'm definitely going to.

Rehman Khan: Yeah, that's a secret recipe. My daughters just protect it like you wouldn't believe it. And they're like, "This is Dad's secret recipe." And I'm like, "Well, that is little recipe. I'm just doing it all but-"

Jason Clark: They want to create a restaurant. They want to create a restaurant.

Rehman Khan: Yeah.

Jason Clark: But no, this has been awesome. Thank you so much for your time and just sharing just your personal life and your loves and a lot about cybersecurity. So all we want to do is just help this industry get better, and like you said, it's about... You said it like 50 times, I think, in this conversation, it's all about the people, and that's the key, and that's what we're trying to do here, is help to people. Thank you so much.

Rehman Khan: Yeah. Thank you. Thank you so much, Jason, for the opportunity.

Jason Clark: Awesome.

Ad: The Security Visionaries podcast is powered by the team at Netskope. Looking for the right cloud security platform to enable your digital transformation journey? The Netskope Security Cloud helps you safely and quickly connect users directly to the internet, from any device to any application. Learn more a netskope.com.

Producer: Thank you for listening to Security Visionaries. Please take a moment to rate and review the show, and share it with someone you know who might enjoy. Stay tuned for episodes releasing every other week, and we'll see you in the next one.

Subscribe to the future of security transformation

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.