AWS CISO On Why Its Security Strategy Tops Microsoft, Google
‘We’re not playing checkers, we’re playing chess. And we’re playing chess at 150 miles per hour, on the internet, with everybody watching,’ says CJ Moses, a cloud cybersecurity pioneer and CISO at AWS.
Why do you think AWS has the securest cloud in the world compared to Microsoft and Google Cloud? Google Cloud, for example, just announced it would buy Mandiant for $5.4 billion.
Kevin Mandiant [founder and CEO of Mandiant] was my partner at OSI [U.S. Air Force Office of Specialist Investigations].
Kevin and I worked together at the FBI on an investigation when he was there at Air Force OSI, so Kevin and I are good friends and have been forever.
First off, we don’t bolt security on. We built it from scratch.
Every service team that’s been hired, has been hired with a security culture in mind. So that’s every individual person that’s part of the team.
[For example] when we do acquisitions, that’s the one area where we have to go in and actually rewash acquisitions sometimes to make sure that they have the security culture. You get the Amazonian culture, it’s part of that, but then the security culture of, ‘How do you think about doing things?’
If you’re a software development engineer in AWS, it’s part of your day-to-day responsibilities to be thinking about the things that you’re doing and making sure that they’re secure.
That’s the differentiator—having the culture from day one, carrying it forward, building the infrastructure and all the services and everything was built thereafter—was built with security not only in mind, but as job-zero.
Straight up, the number one thing you got to do is security.
Andy Jassy and Adam Selipsky have made that very clear over the years in weekly security meetings.