In the ever-evolving landscape of cybersecurity, Alex Stamos, Chief Trust Officer at SentinelOne, is advocating for security by design to become an industry standard. With over 20 years of experience in the industry, including roles at tech giants like Yahoo and Facebook, Stamos has a deep understanding of the recurring mistakes made in the field of security.
Stamos, along with former CISA director Chris Krebs, founded the Krebs Stamos Group in 2021, which was later acquired by SentinelOne. This acquisition brought both Stamos and Krebs onboard to bolster the company’s security efforts. Stamos has been a vocal figure in the cybersecurity space, recently sparking discussions with his LinkedIn blog post criticizing Microsoft’s approach to security revenue following a breach caused by a Russian nation-state actor known as Midnight Blizzard.
Speaking with TechTarget Editorial, Stamos delved into the importance of security by design, a concept that emphasizes prioritizing security in product development. This concept has gained traction in the industry, with organizations like SentinelOne signing CISA’s Secure By Design pledge to commit to implementing secure design principles.
Stamos pointed out that security by design has become a focal point in the industry, highlighted by initiatives like Microsoft’s Secure Future Initiative and CISA’s efforts to promote secure development lifecycle practices. He also criticized Microsoft for prioritizing revenue over product security, underscoring the need for a shift in mindset towards proactive security measures.
At SentinelOne, Stamos emphasized the importance of secure by design principles, particularly in light of the SolarWinds incident, where the supply chain was exploited by adversaries. With millions of machines running SentinelOne’s security products, the company understands the critical nature of securing the supply chain to protect its customers.
When it comes to generative AI, Stamos highlighted the benefits AI offers to defenders but cautioned about the security risks associated with AI manipulation by adversaries. He stressed the need for a humble risk management framework to address vulnerabilities in AI systems and recommended deploying AI in environments with limited exposure to potential manipulation.
Regarding the involvement of high-level executives in prioritizing secure software development, Stamos noted the shift in boards’ understanding of their security responsibilities. He recommended establishing a technical risk committee separate from the audit committee and advocated for having a technologist on the board to provide insights into cybersecurity matters.
Overall, Stamos’ advocacy for security by design reflects a broader industry trend towards proactive security measures and a shift in mindset towards prioritizing security in product development. By learning from past mistakes and embracing secure design principles, organizations can better protect themselves against evolving cyber threats.