What’s it like to spend time with two renowned leaders in the cybersecurity field? Enlightening, to say the very least.

I recently sat down to speak with Sridhar Muppidi, chief technology officer (CTO) of cloud security and identity and access management (IAM) at IBM Security, and Shamla Naidoo, global chief information security officer (CISO) at IBM. During our conversation, Muppidi and Naidoo covered topics ranging from the research and development behind Watson and the roles of artificial intelligence (AI) and blockchain in cybersecurity to advice for responding to emerging threats.

IBM Security CTO Talks AI, Orchestration and More

In addition to his role at IBM Security, Muppidi is one of 101 active IBM Fellows. He’s an executive sponsor of the IBM Australia Development Lab on the Gold Coast and encourages an open client engagement approach. As I observed him hosting a number of clients, we discussed a wide variety of cybersecurity innovations.

IBM is currently focused on bringing AI into the world in a safe manner. AI can help security teams boost their threat detection and response capabilities, minimize identity fraud, thwart insider threats and reduce false positives in application testing — to name just a few examples.

However, since adversaries have access to the same AI tools as defenders, IBM Research developed an Adversarial Robustness Toolbox to help secure AI systems from threat actors.

IBM is also developing several orchestration playbooks to ensure that the right analysts are using the right tools to perform the right tasks in the event of any security incident. Clients can experience a simulated cyberattack and practice their incident response playbooks at the IBM X-Force Command Center. These simulations help organizations understand the importance of a strong security culture, a robust response playbook and competent leadership in the face of a crisis.

Muppidi stressed that security is a team sport. For this reason, IBM created an ecosystem of vendors who work together through open interfaces and share intelligence and analytics to foster collaboration and defend against increasingly sophisticated threats.

Finally, Muppidi talked about the emergence of decentralized identity, which gives control of identity information back to users while mitigating the burden of data ownership for organizations. This is based on blockchain’s distributed ledger technology and cryptography. IBM is focused on developing open standards and enabling clients to create or participate in identity networks to solve business problems.

IBM CISO Says Size Doesn’t Matter When It Comes to Security

Naidoo is responsible for securing the entire corporation from emerging threats as the global CISO at IBM. She has the power of IBM Security technologies at her fingertips and uses them extensively in her role. I joined her for two board round tables and several client meetings in Melbourne and Sydney, Australia.

These peer-level conversations exposed the following:

  • The importance of scale: Cybersecurity challenges, approaches, investments and execution are the same for all companies — both large and small. The only difference is scale. As scale increases, it’s essential to invest in the right security technologies to account for the expanded threat surface that comes with this growth.
  • Consider organizational structure: It’s also important to consider your organizational structure. While security leaders should supply all executives and line-of-business leaders with best-in-breed technologies to protect data, they should also empower them to manage their own security and compliance whenever possible through training and awareness initiatives.

These insights reflect the diversity of thinking the cybersecurity community needs to combat the rising volume of threats and protect clients from increasingly sophisticated attackers.

A Critical Advantage in the Fight for Security

Organizations that aim to deliver cybersecurity services to their own customers should be prepared to be “customer zero” with these services. This helps to ensure that the quality of offerings stands up to market scrutiny and that clients experience the best possible outcome.

By delivering the same quality of products they use to protect their own networks, industry leaders like Muppidi and Naidoo can give their clients a critical advantage in the endless battle to protect corporate and customer information from data thieves.

Read the stories in the ‘Secure Start’ blog series — and learn from others’ mistakes

More from Artificial Intelligence

How AI can be hacked with prompt injection: NIST report

3 min read - The National Institute of Standards and Technology (NIST) closely observes the AI lifecycle, and for good reason. As AI proliferates, so does the discovery and exploitation of AI cybersecurity vulnerabilities. Prompt injection is one such vulnerability that specifically attacks generative AI. In Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations, NIST defines various adversarial machine learning (AML) tactics and cyberattacks, like prompt injection, and advises users on how to mitigate and manage them. AML tactics extract information…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

How I got started: Cyber AI/ML engineer

3 min read - As generative AI goes mainstream, it highlights the increasing demand for AI cybersecurity professionals like Maria Pospelova. Pospelova is currently a senior data scientist, and data science team lead at OpenText Cybersecurity. She also worked at Interset, an AI cybersecurity company acquired by MicroFocus and then by OpenText. She continues as part of that team today. Did you go to college? What did you go to school for? Pospelova: I graduated with a bachelor’s degree in computer science and a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today