For this new episode of Techzine Talks on Tour we sat down with Alex Stamos during RSA Conference. Stamos is Chief Trust Officer at SentinelOne, and - among other things - also a Stanford professor and former Chief Security Officer of Facebook. We took a deep dive with him into the concept of trust.

Trust is a key component of our digital lives. It plays a role in our personal as well as in our business lives. Organizations need to know who they can trust before entering into a relationship with a vendor. At least, that's how it should be. In practice, though, a lot of time is wasted on things like vendor risk management.

The existence of vendor risk management and its accompanying forms in itself isn't a bad thing, according to Stamos. However, thinking that potential problems with some kind of product or system that is based upon tens or hundreds of millions of lines of code are going to be solved by someone filling out some kind of spreadsheet is far from realistic.

Know who to trust

One of the key questions we discuss during our conversation is how organizations can know who to trust. That's a big question that deserves a substantial discussion. We go into the role a big player like Microsoft plays in this aspect. Should you let the company that builds Windows be responsible for your cybersecurity as well? And how can a cybersecurity company prove to their customers that they're worthy of their trust? In other words, how do you provide enough transparency?

Another topic we discuss during this episode of Techzine Talks on Tour is how AI will impact the cybersecurity industry. Not only from a trust perspective, but also from an architectural and process perspective. Stamos is of the opinion that the world moves towards automated cybersecurity, thanks in large part to AI. This will give the defenders an advantage over the attackers, at least for a while.

Automation will be crucial, because of the sheer amount of defending organizations need to do. This also implies, according to Stamos, that the industry as a whole will have to move towards a centrally orchestrated way of gathering and analyzing data. Only then will it be possible for organizations to properly defend themselves. There's obviously a self-serving component to this statement, but we think fundamentally Stamos isn't wrong. It's a good concept to discuss, that's for sure.

Listen to this new episode of Techzine Talks on Tour now!