Participants Allen Badeau
CTO, NCI Information Systems
Daniel Carroll
Field CTO for Cybersecurity, Dell Technologies
Ian Dickinson
Chief Operating Officer, BryceTech
Sujey Edward
CTO, Octo Consulting
Garland Garris
Senior Cybersecurity Lead, Accenture Federal
Larry Henry
CTO, GDIT
Jeff Mims
ChiefTechnologist, Leidos
Jason Starkey
Director ofTechnical Services, Darkblade Systems
Bobbie Stempfley
Vice President, DellTechnologies
Note: Washington Technology Editor- in-Chief Nick Wakeman led the
Sept. 23 roundtable discussion.The virtual gathering was underwritten by DellTechnologies, but both the substance of the discussion and the published article are strictly editorial products. Neither Dell nor any of the participants had input beyond their Sept. 23 comments.
you have to protect inside your sys- tems, and you only give people as much access as they need to do their jobs.”
Zero trust is based on the assumption that bad actors are always inside IT sys- tems, which makes a castle-and-moat type of protection obsolete. “The zero trust model gets you into a place where you can control movement inside your assets,” another executive said.
A third participant used the analogy of a naval vessel with compartments that can be sealed off to keep a ship afloat even if it has been damaged. That segmentation approach means organi- zations must have a discussion about how to segment their systems and how information will flow back and forth across the enterprise.
They also need to identify their most valuable assets — those that cannot be breached without risking mission failure.
Good IT governance and a system inventory are essential. “If you don’t know what you’re defending, then you can’t really defend it,” one execu- tive said.
Although zero trust might sound
restrictive, the group said it improves the user experience because it sup- ports single sign-on along with multi- factor authentication, which helps miti- gate password-based attacks.
The need for talented security professionals
Wider use of zero trust will go a long way toward securing enterprise IT, but the executives said hackers are always evolving, which means new technolo- gies can be a double-edged sword. For example, artificial intelligence is a pow- erful tool for cyber defense, but hackers
also use AI to improve their attacks. “It seems the very tech that we’re building to protect ourselves is the same tech that’s being weaponized against us,” one executive said. “We’re seeing a lot of sophisticated use of AI
and machine learning.”
A bad actor’s AI can often learn
about the defensive AI based on how it responds to an attack, another execu- tive said. “You need AI models that are constantly retraining and learning and constantly being ahead,” the executive
added. “We are just at the beginning parts of that.”
All our roundtables include a discus- sion about people, and the topic came up when we started talking about AI. “There’s a lack of talent around AI and that’s the ‘keep me up late at night’ type of thing for me,” an executive said.
Others suggested that automation could be a solution. “You get rid of the mundane through automation, and you can focus on closing the skills gap,” a participant said. “You don’t want to overwhelm your security professionals with mundane tasks that don’t require their deep thinking.” n
November/December 2021 FCW.COM 49
DANI CHOI