“Zero Trust is a journey, and the destination is a well-defined set of integrated and automated security activities validated by a third party and recognized around the world.”
Hi. Welcome to our Interview Series. Please tell us about your journey and how you arrived at Dell Technologies?
I began my career as a GE-trained engineer and manager. From there, I became a successful software entrepreneur, an IBM-trained architect, IBM’s first CTO for Cyber Security, and the Chief Architect for a U.S. Department of Defense mission support of the agency’s global portfolio.
During my career, I supported the Intelligence Community around the world after 9/11, designing secure clouds, secure networks, and agency-wide mission infrastructures. In fact, I was deployed to create the operational watch for our National Counter Terrorism Center and invent analytics for social media intelligence. I designed healthcare data analytics for the Affordable Care Act, implemented cognitive solutions for IBM Watson, and applied blockchain to secure software supply chains for globally distributed IOT devices.
My journey at Dell started in 2021 when I was brought on to work in the Federal Chief Technology Office and lead Dell’s security strategy development.
Information security and data protection policies are finally finding more voice in the overall IT industry. Could you please tell us about Dell’s role in making these more prominent in the recent months?
Over the past year and a half, we have been keenly focused on building our security strategy that looks to Zero Trust as our north star. Zero Trust is a security model that provides continuous verification of users and resources in an IT environment to ensure only known entities and actions are authorized. There are two key initiatives that support our Zero Trust north star:
- As a leading global IT technology provider, we have a rich legacy of building in advanced security features across our product and services portfolios. We are also continuing to build in Zero Trust foundations throughout our portfolios – from servers to PCs and storage to the edge. With our commitment to speed Zero Trust adoption for organizations, we’re focusing even more resources on native integration of Zero Trust foundations in our offerings moving forward.
- We recently announced a Zero Trust ecosystem which brings together technologies from more than 30 technology and security companies to deliver a repeatable blueprint of the U.S. Department of Defense Zero Trust architecture that will provide a quicker path to Zero Trust adoption for our customers.
Dell is building a Zero Trust ecosystem. Could you please tell us more about the ecosystem, the key players and the kind of resources it has taken you to think of such a concept?
As we looked at Zero Trust and talked to our customers, they told us the biggest problem they have is the integration burden – how to bring together many different technologies to solve their security challenges and implement a Zero Trust architecture.
In our work to understand what it takes to build a complete Zero Trust solution as a private cloud, we recognized no company can do this alone. It would take many different technologies from a variety of companies to replicate the U.S. Department of Defense Zero Trust architecture. Through many of our existing partnerships, we brought together best-in-class technology and security companies to form a Zero Trust ecosystem.
Building our Zero Trust solution involves three critical components:
- Learning about the challenges our customers face in their Zero Trust journeys
- Understanding which products from our business align with the Zero Trust architecture
- Establishing a team from Dell’s Chief Technology Office and OEM organization to build the infrastructure, coalesce the partner ecosystem and build an integrated solution together
Since we have a robust global partner ecosystem at Dell and tapped into many of these relationships for our Zero Trust ecosystem, we’re able to get our Zero Trust work in motion quickly.
How soon could we expect to see a universally-accepted mandate on Zero Trust frameworks that everyone can adhere to?
That’s an interesting question. It’s important to note that often IT mandates are driven by the U.S. government, and Zero Trust is no exception. The U.S. government has one of the largest IT infrastructures in the world. With the Biden Administration’s Executive Order on Improving the Nation’s Cybersecurity, it was determined the government must have Zero Trust architectures in their environments in order to protect the assets of the nation. By extension, they’re going to require them for every organization that works with the federal government – including foreign governments the U.S. does business with, as well as organizations in critical infrastructure sectors such as healthcare, energy, transportation, etc. The U.S. government’s decision to mandate a Zero Trust architecture and environment, though originated locally, will have an impact globally.
What are the core challenges in meeting a globally accepted Zero Trust mandate?
Zero Trust is a journey, and the destination is a well-defined set of integrated and automated security activities validated by a third party and recognized around the world. Once organizations decide Zero Trust is their destination, there are a few areas to tackle – integration, migration, and expertise. While Dell Technologies is helping with Zero Trust integration on the technology side, there is still some work that needs to be done to prepare your organization and your people for a security-first mindset. Secondly, how organizations go about adopting or migrating applications into this type of environment is similar to doing a cloud migration where applications are moved off your premises into a cloud environment. Lastly, how do organizations collect all of the talent that’s needed to build Zero Trust? This relates to the integration burden I mentioned earlier. It takes a village to build a Zero Trust architecture– not only are many different partners and technologies required but having the right people to support the environment is few and far between.
What kind of talent and expertise are needed to build and scale an organization with Zero Trust requirements?
To build and scale a Zero Trust environment, organizations need a partner who fundamentally understands networking, how hackers attack systems, and who can design a system that doesn’t create so much overhead that it slows operations. Highly skilled cybersecurity practitioners are needed and there’s not enough of that talent to go around. Given the global cybersecurity workforce and talent gap, not every organization has the staff to build and support their own Zero Trust environments. This is why we are building a Zero Trust private cloud to speed adoption for global organizations.
Please tell us more about your upcoming event Dell Technologies World 2023 and the kind of topics you would be covering there?
At Dell Technologies World during May 22-25, 2023, we have several breakout sessions where we’ll share our learnings and best practices on Zero Trust, as well as an exciting announcement on our Zero Trust strategy. What I’m most excited about is having our 5G-connected, Zero-Trust-protected Mobile Operations Center on the show floor. The Mobile Operations Center vehicle will showcase one of the three deployment models that our Zero Trust Center of Excellence will address—tactical edge. We will have use case demos and provide a live view of our tactical edge deployment as part of the work coming out of the Center of Excellence.
Your prediction on the role of Artificial Intelligence and Robotic Automation in validating end-to-end Zero trust policies and its monitoring of threats in real-time:
AI and automation capabilities are at the center of the innovations that are required to make Zero Trust successful. One of the core elements of a Zero Trust architecture is to apply intelligent automation to detect and respond to threats more quickly and apply security policies more consistently. To do this, systems need to collect data from the network, confirm those data sets are clean, organize that data to create the cleanest machine learning models possible, train them, and apply them back in.
Thank you, Herb! That was fun and we hope to see you back on cioinfluence.com soon.
[To participate in our interview series, please write to us at firstname.lastname@example.org]
Herb is the security strategy program lead in Dell Technologies’ Federal Chief Technology Office, building on an extensive multi-decade career. He began his career as a GE trained engineer and manager, and subsequently as a successful software entrepreneur, an IBM trained architect, IBM’s first CTO for Cyber Security, and the Chief Architect for a US Department of Defense’s mission support agency’s global portfolio.
Herb supported the Intelligence Community around the world post 9/11, designing secure clouds, secure networks, and agency-wide mission infrastructures. He was deployed to create the operational watch for our National Counter Terrorism Center and invent analytics for social media intelligence. Herb participated in joint R&D activities, including the system that became IBM Streams. In the commercial arena, Herb has designed healthcare data analytics for the affordable care act, implemented cognitive solutions for IBM Watson and applied blockchain to secure software supply chains for globally distributed IoT devices.