Security Q&A with MacStadium’s CISO, Ken Foster
Last week, our chief information security officer, Ken Foster, presented to the Army's Joint Advanced Cyber Warfare Class as part of a panel discussion held by the National Technology Security Coalition (NTSC). We thought this (a) sounded really cool, and (b) was a good excuse to share a bit about Ken and how he is helping MacStadium customers be more secure.
Tell us a bit about your security career. I’ve been working in security for over 20 years. In the late 1990s, I served as information assurance officer for my command in the Navy. After leaving the Navy, I held various security engineer roles for companies in the Atlanta market. I have also contracted for the US government, including being deployed to Afghanistan to work for the US intelligence community. Before joining MacStadium, I was the CISO for Rollins, a $1.5-billion global consumer and commercial services company.
How is your expertise useful in presentations like this one? With my background in security combined with my knowledge of enterprise infrastructure, I am able to help people understand how to operationalize security. By strategically aligning security efforts with business risks, security becomes the business enabler it should be.
What are some ways you’re helping MacStadium customers be more secure with their services? Currently, I’m implementing a strategic plan that will result in ISO certification for our environments and will ensure customer data protection is the highest priority at MacStadium. One of the ways we are accomplishing this is by including security assessments as part of the sales process. Our team will review a customer’s security needs and concerns, and tailor the security of the customer’s environment to their specific use case. We want our customers to be able to accomplish their goals without being over encumbered by security controls and processes. For all of our solutions, we are striving to create secure environments where the security is as transparent as possible and does not impact your workflow.
How are the security concerns around CI/CD different from those of other workloads? With continuous integration and/or delivery, the speed and number of changes occurring can lead to higher exposure to vulnerabilities. Ensuring that proper security controls are in place minimizes the threat without interfering with the release cycle. We work closely with DevOps teams to put the correct security and infrastructure architecture in place at the beginning of the process, so impact can be minimized and the customer knows the proper protections are in place.
How does the presence of Mac hardware in the environment change things? There really is no difference from a hardware standpoint. However, many security software products are not yet compatible with macOS. Thankfully, we are starting to see more support as Mac proliferates in the business world. An uptick in malware and breaches that target macOS is pushing more security-specific tools to become available as well.