Or listen in your favorite podcast app
Apple Podcasts / Google Podcasts / Stitcher
What keeps you up at night? For Jon Green, it’s making sure that his company’s network is secure because that, in turn, is keeping you secure, too. Jon serves as VP and Chief Technologist for Security at Aruba and in that role, he is responsible for building out secure networks for enterprise companies, federal governments, militaries and more. On this episode of IT Visionaries, he explains what all that means and the challenges he faces to keep bad actors out and our data secure.
Best advice: “Listen a lot. I see a lot of people move into [C-suite] roles with some immediate ideas about how they’re going to change the world and change their organization. And a lot of those things end up failing just because of moving way too quickly without getting the lay of the land before starting those things. So a healthy dose of listening will go far.”
Key Takeaways:
- There are two main questions you must always ask when securing your network
- The idea that everything has to be connected is a mistake
- Working with federal agencies as very similar to working with enterprise companies
Jon’s start in technology and current role
Jon’s love of technology began as early as kindergarten when he remembers he would often try to take things like radios apart and then put them back together again. By the age of eight, Jon was fiddling with his first computer and at 12, he was already a decent programmer. While he considers himself a lousy programmer today, he has nevertheless followed his love of technology to Aruba, where he started as a product manager and eventually became the VP and Chief Technologist for Security. When people ask, Jon just says that he’s “the security guy,” but in reality, he is responsible for all of Aruba’s security products as well as looking three to five years into the future and figuring out where Aruba needs to be and how to get there. His teams include the Aruba Threat Lab, which is responsible for breaking things, finding vulnerabilities and then fixing them before products get out to customers. And some of those customers include federal governments, militaries, and other national security entities.
Common problems Aruba helps solve
When executives come to Jon and Aruba, one of the most common problems they are looking for help with is securing their network. According to Jon, doing that ultimately comes down to asking a few simple questions to anyone trying to access your network: Who are you? And What should you be allowed to do? These questions also work at the application level and are part of the recent “zero trust” movement in the security industry. One of the ways that Aruba is helping companies answer those questions and move forward is with Aruba ClearPass.
Looking at the big picture, though, Jon says that the thing that keeps him up at night is how to stop bad actors who want to compromise Aruba as a way to get to Aruba’s customers. To combat that, Jon and his team are hyper-aware of every line of code, process, system and employee at the company so that they are constantly monitoring the situation and can head off problems.
“If I look at the types of solutions we try to provide in network security, the questions we ask if something is coming for network access or trying to access your network, the first question is, who are you or what are you? The second question we have to ask from a systems perspective is what should you be allowed to do?”
“Aruba’s ClearPass is designed to deal with the authentication piece and the authorization piece.”
“If you think about us as a wifi vendor providing a wireless network that extends outside of people’s buildings, and we’re doing it for some of the top customers in the world, that makes us a target for people that want to do harm to those people and do it through us. So we spend an inordinate amount of time trying to make sure that sort of thing can’t happen from the way that we write code, from the checks that we make on products, from just even being paranoid about our own people and our own processes and our own hardware and our supply chain….That’s not really visible to the outside world, but I think it’s really important because the bad guys out there are getting more and more creative in terms of how they decided to go after things.”
The current state of security
According to Jon, there is definitely not a technology problem when it comes to security — there is plenty of technology to work with to secure what you need. In fact, Jon thinks there could be too much technology. Everyone is trying to make all of their devices and technology connect and talk to each other, but Jon thinks that is a mistake and allows for more vulnerabilities. Shifting the mentality of constant connection is one of the big things Jon is working on.
“I don’t think we have a technology problem. I think we have an inertia problem.”
“We connected everything together with this fast network and everything can talk to everything. Everything doesn’t need to talk to everything. And when you provide that type of excessive access into a network, it sets up the opportunity for bad things to happen.”
Working on the edge and in the cloud
When thinking about edge computing, Jon says that the industry is still not paying enough attention to the technology. There is an immense amount of computing power at the edge, and therefore an incredible opportunity.
On a similar note, Jon explains that working in the cloud was an opportunity that many have taken advantage of, but it took a long time for some people to come around to the idea. Many were concerned that there was no reliable way to secure the cloud — Jon among them. There was a period of time when old-school thinkers had to move past the fact that just because they couldn’t touch the hardware securing their data didn’t mean that the data wasn’t secure.
“We look at edge primarily as the place where the user first interacts with some kind of network service, an enterprise service, a cloud service, whatever. But it’s that final step where there’s a device in the user’s hand or a device connected in a user’s home or office that defines the edge to us — it is really that last point where you have some kind of physical interaction.”
“I was in that camp for a long time of the cloud can’t be secure because it doesn’t live in the four walls of my building. And I can’t lay hands on the piece of hardware that’s actually holding that piece of data. It’s something I just had to get over.”
Working with federal governments and agencies
Jon says that working with government entities and working with enterprise companies is actually fairly similar. For example, if someone hacked Twitter and sent certain messages from various official accounts, huge amounts of damage could be done on a national security level. So when you’re dealing with national security at the source, you’re doing many of the same things to keep everything secure. The major difference, though, is that when you work with the federal government, the pace is much slower than an enterprise company.