RSAs Ex-CEO Coviello Back In The Game

  /     /     /  
Publicated : 22/11/2024   Category : security


RSAs Ex-CEO Coviello Back In The Game


Art Coviello, former head of RSA Security, has returned to the security industry after retiring from RSA for health reasons.



Art Coviello, the longtime head of security company RSA, in February
stepped down
from his role as executive chairman of RSA and executive vice president at parent company EMC due to undisclosed health reasons. The former executive took about a month off and since then has quietly returned to the security industry.
Coviello and RSA were under fire in late 2013 in the wake of a Reuters report that the NSA in 2006 had paid RSA $10 million in a secret contract to use the Dual EC DRBG random-number generator algorithm in RSAs Bsafe software in order to facilitate the NSAs spying programs. The encryption algorithm reportedly was one that the NSA was able to crack. 
The company dismissed the allegations in
a blog post
, and Coviello
later said RSA had been doing business with the NSAs cyberdefense arm, the Information Assurance Directorate, which was a matter of public record.
 NSAs IAD traditionally has worked with security firms in the standards space, for instance.
In one of his first interviews since retiring from RSA, Coviello this week spoke with
Dark Reading
 about his new role in the security industry now, how he sees the security and privacy debate shaping up, and what its like to be semi-retired. Coviello will take the stage later this month at the Privacy.Security.Risk 2015 conference in Las Vegas, where he will deliver a keynote address.
I do plan to stay in the game, he says of his future plans in security.
Dark Reading: First and foremost, how are you doing health-wise?
Coviello:
Ive got an ongoing health issue that needs to be kept an eye on. Im being monitored. If anything, the last physical I had was one of my better ones in years. You should see a slightly leaner and meaner me [now].
Dark Reading: What have you been up to since you left RSA in February?
Coviello:
Rally Ventures is one of a number of things Im engaged in. I help them with deals, selections, and also help advise the companies they invest in. Ive set up a little consulting firm -- Art Coviello Associates -- and am doing a big of consulting to one of the consulting firms … Im also on a number of boards [including EnerNOC and AtHoc].
I can get a lot done working in my home up in New Hampshire for three or four hours, gazing out at the lake. Then Im hopping on jet skis with my wife, and Im playing golf in the morning. Its not a bad life. I focus more on my health [now]. Im training for a half-marathon with my wife and daughters.
Dark Reading: What security issues are on your radar screen right now?
Coviello:
My thinking has evolved … and its clear to me that … you cannot have privacy without security. But by the same token, the level of security being provided cant be a major threat to privacy. So how do you reconcile those kinds of points of view on a macro basis, on a national and international basis and on an organizational basis? Its amazing how complex this is.
I come at it from a security bias. RSA invented the kind of encryption that protects peoples privacy, and Im a huge advocate for privacy. But by the same token, if you look at it from the law enforcement persons perspective, they [are saying] I cant do my job if everything is encrypted and I cant get at it. I can understand his perspective if I put myself in his shoes. But I can also understand the perspective of people about their Internet freedoms and how they can potentially be abused.
Dark Reading: How did the fallout from the NSA document leaks ultimately help or hurt security and privacy?
Coviello:
That pre-supposes that the tech industry was in wholesale cahoots with the NSA, which it was not. The fact is ... the NSA doesnt have the ability to bulk-collect like they used to. I do think there has been a huge change in attitude among politicians about respecting privacy and recognizing the need to not just have the appearance of it. And peoples privacy is not going to be abused as we try to protect them.
The only way were going to reach an agreement on an issue such as security and privacy is if we have true dialog, and recognize you have these native biases and try to put yourself in the other persons shoes and understand where they are coming from. Now youre in a better position to compromise and to understand the other side. Thats what we desperately need in this security and privacy discussion.
Dark Reading: What do you see as some of the main failures in security to date?
Coviello:
Quite frankly, the core AV technologies. Its not keeping up. Things like VPNs and firewalls, they are table stakes things. Theyre commodities. What I worry about less is technology being eclipsed, and more about how you keep adding control after control, which is why I am such a fan of technologies that gather input from multiple controls.
Dark Reading:  What do you consider the more promising trends in security today?
Coviello:
I think we can do a gigantically [better] job at rooting out … vulnerabilities in software. Thats one of the reasons Im excited about Bugcrowd [a Rally Ventures client]. A crowd of ethical hackers finds these vulnerabilities and theyre matching with companies who want to see their products securely brought to market.
Ive been saying for years we have to be able to detect breaches more rapidly … so not surprisingly, Im still a fan of RSA and what it has been able to do with security analytics.
We need more data science and data scientists to add more value atop data analytics. Another major area in data science … is to as rapidly as possible spot these breaches as they are happening [and to] prevent harm.
A third area Im excited about is automating the responses. People [traditionally] really never thought about this [as a viable solution] because they didnt want to automate false positives [which then] would shut down a commercial application or an element of the infrastructure. But as we start seeing the first elements of this [approach] with several startups, thats [automated response] an exciting prospect for the future because we dont have the security professionals to cover all the companies and vulnerabilities that exist out there in our infrastructures.
[Then] there is next-generation AV … I used to think that had to be behavior-based. But Cylance [for instance] is using pure math.
Dark Reading:  Have Internet of Things security risks been overblown or justified?
Coviello:
  Internet of Things represents to me just another [vector] … in the ever-expanding attack surface.
I dont think were exaggerating it [as a threat]. I do think we are a little ahead of the power curve than we were with Windows. I dont know a single vendor not thinking about how they can build security and safety into their products; that [perspective] didnt exist a decade ago.
I worry about people trying to minimize the threat. But on the flip side, some really cynical people out there … say they are not going to fix [security in their IoT] until a catastrophic event occurs. Thats way too cynical of a view.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
RSAs Ex-CEO Coviello Back In The Game