KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Okay. I don't see rinky at the moment in the screen.
Hi, you're behind me. Okay. I'll turn around. I was expecting you there. Hi rinky. That's very nice that you're talking to us. I'm really pleased to see a lady like you in this role, and I'm really honored to interview you. So where are you at the moment? What's your location now? Yeah. Yeah. COBA it's an honor to be here and do this with you.
Another, another female leader in identities. So I am currently in Cupertino, California. I live very close to the apple headquarters. It is 8:49 AM here so early in the morning. Oh yeah. And at nine you have your next, so I just skip a lot of questions, but one interesting question that I would have to you, how did you end up in cybersecurity? Was there a specific topic or just let tell me I'm uninterested to know. Yeah. I actually got into cybersecurity by accident. So I graduated college with a computer science engineering degree during the.com bust.
And it was a time where there were very few jobs for college, new grads, and I was looking for jobs. So were my fellow students. And a lot of the students decided to go get their master's degree, but I was in the boat where I said, no way, I don't wanna go back home or study anymore. I need to get a job and be self sufficient. And I went to, there was a company, a utility company that was recruiting on campus. And so I went to their event, free pizza and I was a starving college student.
So I went and I ended up talking to one of the hiring managers and he asked me rinky, what's your favorite class that you're taking? And I said, cryptography, oh, find it fascinating. And he said, not a, not a programming class. And I said, I love programming, but this is something different than my day to day. And he said, we have an information protection role open, and we would love to interview you for it. And that was my entrance. I ended up getting that job and that was my entrance into cybersecurity. And now two decades later, I'm still in cybersecurity and I just absolutely love it.
Yeah. It's really a sort of, yeah. Mesmerizing topic and it's never good enough. So there will be lots of work in this area.
So, and now you are the CSO for Twitter. And since when did you get this role?
Yeah, it's been over a year. I hit my year, a couple months ago at Twitter. I joined Twitter after the security breach that was widely publicized and right before the us election, which yeah, many of you know was a very chaotic time in the us history. And so a lot to do around how do we protect the public conversation? Yeah. And make sure that that's, it's considered critical infrastructure that we're allowing it to, for people to consume the news that they need in a very responsible, accurate way. Yeah.
And I joined Twitter also in the middle of the pandemic, which was a very interesting time to join. Yeah. So what were the first actions as a CSO you were taking in your new role the first weeks or the first things you did? Yeah.
When I, so this is my second CSO role and I think about my previous roles at any company that I've been at. And usually you spend your first 30 days observing, learning kind of yeah. Getting your notes together. Right. Then the next 60 days, you build a strategy and say, here's what I'm thinking about going and executing on based on all the input that you've gathered. And then by 90 days, you're ready to go and really tackle that strategy that, and you know, once you've socialized it and you've gotten approval on it, Twitter was unlike that I came in, it was middle of the pandemic.
You know, when you join a new company, there's already cynicism, especially in the security community where they're like, who is she? And what is she gonna do here? And You don't get trust by nature, right?
Yeah, yeah, exactly. You don't naturally get trust. And so building that during a pandemic took a long time. Not only that, like I mentioned, I joined during a time that was very, very, very eventful at Twitter. And so I was just thrown into the mix and at, to basically start thinking about, do we protect and prepare for the election and this time that was coming. And so my first, I would say 30 to 90 days was extremely chaotic after which, you know, the new year hit and we settled down a little bit and then we're able to really build that strategy. Yeah.
Well, it's very interesting. And what does the, the it landscape, the, the, the, let's say the crown jewels of Twitter, what do they look like? Is that a lot of cloud or server park, or how would you describe the crown jewels of Twitter that you have to protect?
Yeah, we're a very hybrid environment and like very like all other companies. When you talk to any CSO, you hear kind of what the most important areas are to protect, you know, around identity and access management customer data, of course, in, in different types of environments, ensuring that you have good cloud security, you have good, and you have a really strong security culture within the company. And so just like most other companies, the focus areas are really the same.
So the focus areas are the same, but maybe the dimensions of the landscape, the, I mean the number of servers or the number of clouds could be really large. If you have to, you have a global user community, how many users of Twitter have today? Yeah. We have billions of users. Yeah. And we have, you know, most folks come to me and they say, you know, we thought Twitter was cloud native, but we actually have a very hybrid infrastructure and it's huge right. To be able to serve the conversation globally. Okay. And what is your biggest fear as CSO?
What, what would be the, the worst case scenario that you are preparing for? Is that something with availability or confidentiality of the data or the integrity of the data? Where is the biggest vulnerability that you would fear?
Yeah, there's a few areas when I think about it, right. One is what I mentioned. I came to Twitter for, and which is protecting that public conversation. So people rely on Twitter for the news people. They it's like a news source and folks go to Twitter to see what's current. And if that goes down at any point that could affect people's lives in a very meaningful way. Yeah.
And so that to me is the biggest fear that we as security, you know, we can never have a security breach, take Twitter down or affect any accuracies in the public conversation, meaning that somebody's account gets hack somebody very, very well known account gets hacked and there's misinformation or something like that. So those are things that come to mind. And then of course, consumers really care about security and privacy these days. And so anything that would taint the security of privacy of customer data is top priority.
So that would be a big reputation risk next to business continuity, I guess. Exactly.
And, and did you already have a few successes, your biggest success so far at Twitter or something that made you really happy? Yeah, we've skilled the organization.
Gosh, gotten so much more investment and skilled the organization in a big way, but I think the thing that I'm most proud of is being able to leverage the platform to really kind of spread the word about security and to develop the security culture within Twitter itself. One of the things I'm proud of, and one of the reasons I took the role is I think there needs to be a lot more awareness around security and being able to use my voice to amplify, like, and get other people into cybersecurity too. And so I use Twitter in the platform to do a lot of that. And so I'm very active on Twitter.
Yeah. So you are a role model in a way. I think also culture. I hope so. Yeah. Do you also, apart from privacy legislation have to answer or be compliant with other regulations that we couldn't think of, but that would be a surprise for Twitter. Yeah.
I mean, we have to, we have to comply to the same regulations as any other company. We do take payments. So there's a lot of payment regulations that we need to follow. And then of course, all the privacy regulations and other security, you know, anything that would require security compliance, just like any other large company.
Well, it sounds good. Yeah. It sounds familiar. And then this is going to be my last questions.
Do you, what are your three predictions for the long and the short term future in security? Yeah, I think zero trust is incredibly important. I think we saw that with the, during the pandemic that you are no longer reliant just on your perimeter. You are now reliant on how people are protecting their network and their environment at home. And zero trust became a principle that I think every company's try, trying to adopt or accelerating their adoption of. And I think that's gonna continue to do be very, very important. I think you can't lose sight of human error, right?
Human error still causes most of our security breaches. And so everything we can do to reduce the reliance on humans or ensuring that we're able to teach people, right, the right practices around security is gonna continue to be so, so important. And then lastly, I think we, as practitioners have to be prepared and we keep saying this right, that crises are gonna happen.
If anything, the pandemic taught us that and being prepared for secure for crises, making sure you have a robust disaster recovery business continuity plan, you have good security crisis management incident response plans, and that you're practicing those so that you can prevent any kind or at least make sure that it's low amplification on any kind of security issues is gonna be super, super critical. And I think those three of the themes we're gonna continue to see in the, in the next year. Okay.
Well, I think we've come to the end of our time. I wish you very nice day. That is going to start for you for us today is ending here in Berlin. I hope really hope to meet you in person now in the near future or the far future, whatever. And so thanks for being with us and sharing your experience. Thank You. Thank you. Thank you so much for having me.