RSA 2023 USA Teaser - April 2023

Roseann Guttierrez [00:00:00]:
We have a great guest today. We have Jason Keirstead, also known as JK, more likely known as JK, I should say. He is a distinguished engineer with, IBM, also, the CTO of Threat Management and is an OCA co-chair. Hi, Jason. How are you doing today?

Jason Keirstead [00:00:15]:
Hey, Rose. Great to talk to you today.

Roseann Guttierrez [00:00:18]:
Did you have any other things that you wanted to add to your intro before we get started?

Jason Keirstead [00:00:23]:
No.

Roseann Guttierrez [00:00:25]:
The okay. No problem. I always like to give everybody a chance.

Jason Keirstead [00:00:29]:
No, I mean, I'm co-chair of the OCA, I helped found the organization a couple of years ago. My day job is CTO of threat at IBM, as you mentioned. I do, I'm kind of the open security focal for for IBM Security. So in addition to the stuff at the OCA and Oasis, I'm involved in things at FIRST and MITRE and OpenSSF and a bunch of other, open activities as well.

Roseann Guttierrez [00:00:57]:
So I'm gonna start off real easy. Give me your elevator pitch on the OCA.

Jason Keirstead [00:00:56]:
Well, okay, elevator pitch. The OCA we founded back in 2019 to address the problem of interoperability in cybersecurity. And what kind of led myself and the others who cofounded it to this point was We were seeing that, you know, there's a lot of great work going on in standards, and there was a lot of folks that were looking to adopt standards. But the standards didn't seem to be really moving the needle in terms of getting things to just kind of work out of the box. And the other trend that, I saw, was that in the industry, because we don't have common ways to create what I call the connective tissue of cybersecurity. Every vendor was building their own set of integrations to every other vendor. So Right. You know, to explain this a little bit more detail, cybersecurity, you know, a lot of us say it's it's like a team sport.

Jason Keirstead [00:02:02]:
There's no one company that can solve cybersecurity for an enterprise. All everybody who's trying to solve the problem of cybersecurity has to deal with many vendors. And, you know, our our data at IBM shows that people tend to have, on average, 15 or more different vendors protecting their SOC. So Imagine you have 15 different products, and you're trying to get them all to communicate to each other. Now put yourself in the shoes of the people that actually build those products. Right. So you've got 15 different companies, every one of them having to work with the 100 other companies in the industry And try to do that multiplication. Right? You've got a 100 companies building a 100 integrations to a 100 other companies.

Jason Keirstead [00:02:41]:
It's this giant spider web of madness. Right?

Roseann Guttierrez [00:02:02]:
Yes, for sure.

Jason Keirstead [00:02:45]:
And imagine how much money the collective industry is spending on all of those integrations, all the engineering time, all the testing, all the support, or blah blah blah. And none of that is really moving the needle in helping defend against threat actors. It's just work that has to be done. The OCA was founded to try to push things and assist in doing things in a better way. Where can we build these integrations in the open and let many different companies and communities all collaborate around them and share the source code for them so that we can over time reduce that cost of integration and, you know, hopefully, eventually get to a point where We don't have to have all of these different one off integrations that people can just, you know, collaborate around one common way to integrate, One common messaging fabric, one common source code library, etcetera. So the if you look at the projects in the OCA, All of them are kind of lined up to that mission of how do we improve interoperability, improve data transfer, reduce the friction, reduce The cost of integration, etcetera, just sharing his insights and up level things. So that's that's the elevator pitch to the spiel.

Jason Keirstead [00:04:00]:
So if you're a defender Right? So if you're a defender, if you're a large company trying to protect yourself, the benefits of the OCA are, you know, reducing vendor lock in, Being able to move your, insights from 1 product to another, being able to see more things. Right? Because The more information you can share between your products at the higher fidelity, the more you can, detect. Right? So see things that you might otherwise miss. And if you're a vendor, or, the the pitch is why spend all of these 1,000,000 of dollars building integrations When other people have already done the work for you. Right? So it's literally saving that engineering time. So there are benefits both for Vendors as well as the consumers, and it's kind of a different pitch for each of them, though.

Roseann Guttierrez [00:04:50]:
So that's a perfect lead up to my next question, though. So Why is OCA important to you?

Jason Keirstead [00:04:56]:
Well, yeah, I mean that I did yeah. I guess I kinda covered it a little bit, but I mean the reason it's important to me is because I'm passionate about this whole idea of open security and collective defense. Right? I think that as folks that work in this industry, that work in cybersecurity, we, I hate to say the word moral obligation, but, like, you know, we we should be trying to think about how we can work more closely together to help our customers improve their defense and help society improve its defense against these threat actors that are, you know, tearing things apart at the seams nonstop day after day.

Roseann Guttierrez [00:05:41]:
Yeah.

Jason Keirstead [00:05:42]:
You know, in my job, I I deal with a lot of Fortune 500 companies, and, you know, it it's frustrating when we, you know, talk to a Client, and you hear that client talk about one of their major cybersecurity challenges. Then you talk to another client the next day, And they're literally describing word for word almost exactly the same thing that you heard about the day before. And, You know, you can't necessarily connect those dots because of confidentiality and and, you know, having to, You know, you you can't necessarily connect those dots to those people saying, hey. You know, the person this other person you just talked to him because you're working on the exact same problem. Why don't you work on it together? That's not really our place. What I'm trying to say is in the industry, we need to realize that this is happening day in and day out. Like, there is no one who should be going this alone. I think that, you know, I say all the time that we've made a lot of progress in cybersecurity and sharing threat intelligence over the years, and and that took a long time.

Jason Keirstead [00:06:50]:
It took a long time to get to the point that people were more comfortable both sharing and consuming Threat Intelligence. And we're finally getting to that point, but we're still years and years lagging behind in collaborating around detections.

Roseann Guttierrez [00:07:02]:
Right.

Jason Keirstead [00:07:02]:
Sharing the detections for the threats, the analytics for the threats. And part of that part of the reason is because the interoperability isn't there. Part of it is just because people don't know that they could collaborate. Part of it, there's also this idea of holding the cards to the chest around, If I share about how I'm detecting this threat, then the adversaries will know that, the adversaries will know that I know how they operate. Right?

Roseann Guttierrez [00:07:31]:
Right.

Jason Keirstead [00:07:32]:
And there's this

Roseann Guttierrez [00:07:33]:
Don't wanna give away too much information. Yeah.

Jason Keirstead [00:07:31]:
Yeah. But In in my opinion, we lean way too far on that side of the equation, and we've just gotta be a lot more aggressive about sharing and collaborating more because it's the only way that we can counter this. Like, right now, everything in this industry is so incredibly inefficient compared to other parts of information technology. It is incredibly inefficient. Right? And that's what, that's what we're trying to help with the OCA is improve that efficiency.

Roseann Guttierrez [00:08:03]:
Makes sense. Makes sense. We're gonna be at RSA, right, the OCA, and I understand that we're having a breakfast. You wanna tell me a little bit more about that?

Jason Keirstead [00:08:03]:
Yeah. I'm excited about this. So it's kind of, let's say, the sequel. We ran a successful OCA breakfast event last year And had a lot of people come out, you know, some people who didn't weren't familiar with the organization, a lot of excitement about what we were doing This year so it was very successful. We decided to do it again this year. It's going to be at, the W Hotel, which is, strategically located right across the street basically from Moscone. So if you're if you are going down to RSA events that morning, it's really close by. We're gonna be, you know, having some great food and just talking about what we're doing in the OCA.

Jason Keirstead [00:08:49]:
So give some status updates on the existing projects As well as announcing, let's say announcing, pseudo announcing a couple of exciting new initiatives, right, that that are going on right now.

Roseann Guttierrez [00:09:00]:
That sounds exciting.

Jason Keirstead [00:09:02]:
It it is. So if you're attending RSA and you're watching this video, registry registrations are picking up, and there's only a certain number of seats. So once it fills up, it'll fill up. You know, looking very forward to that event and and seeing folks come out.

Roseann Guttierrez [00:09:17]:
Great. Alright. Well, that actually kind of answered my last question because I was gonna ask you to give us kind of a teaser on the new initiatives, which you did. Did you have anything else that you wanted to add today?

Jason Keirstead [00:08:48]:
Yeah. I mean, just a teaser on those new initiatives. You know? So one of them is gonna be you know, without getting into the Weeds of it. One of them is related to XDR and the whole XDR marketplace and how the OCA can help with that. And the other is actually kind of a new area for the OCA. It's it's actually in, application security and threat modeling. Just a teaser. Again, if you want if you want more details, come out to the breakfast.

Jason Keirstead [00:09:57]:
Obviously, if you don't make it to the to the breakfast, we're gonna be sharing that all in public anyway.

Roseann Guttierrez [00:10:01]:
Right. Right? Well, thank you so much, JK, for being with us today.