AWS Gets New CISO As Stephen Schmidt Takes Amazon.com Role
CJ Moses, AWS’ deputy CISO and vice president of security engineering since 2016, will succeed Schmidt.
CJ Moses will be Amazon Web Services’ new chief information security officer (CISO) as Stephen Schmidt leaves that role to become the CISO of parent company Amazon.com.
Moses, who has worked for AWS for 14-plus years, has been its deputy CISO and vice president of security engineering since 2016, according to his LinkedIn page. He also was AWS’s deputy CISO from March 2010 to October 2012 before becoming general manager of AWS’ government cloud. Moses will continue reporting to Schmidt in his new role.
AWS announced the appointments internally on Monday.
Prior to joining AWS in 2007 as senior management of virtual private cloud, Moses was an assistant section chief for the Federal Bureau of Investigation for close to four years with a team that provided technical investigative analysis involving software and hardware.
Moses is an avid racecar driver. A previous Sports Car Club of America national divisional champion, he now competes with CrowdStrike Racing in a Honda Civic Type R TCR as part of the GT World Challenge Powered by AWS, according to a Facebook page for CJ Moses Racing.
Stephen Schmidt’s New Role
Schmidt will lead Amazon’s overall information security organization, which will be organized in a similar way to the Seattle company’s finance, human resources, legal and corporate affairs functions, the company confirmed. Amazon’s security teams will be part of a unified security organization led by Schmidt, while remaining “deeply embedded” in and working directly with their line-of-business teams.
The changes are intended to make it easier for Amazon’s security teams to learn from one another, leverage the company’s best security tools and practices across divisions, and create and apply consistent standards/practices/mechanisms, according to the company.
Schmidt, another 14-year Amazon veteran, will report directly to Andy Jassy, who became CEO of Amazon in July after launching AWS in 2006 and serving as its founding leader. Schmidt also is joining Amazon’s S-Team, a group of senior Amazon executives that meets regularly with Jassy to confer on strategic decisions facing the company.
Cybersecurity has become the top challenge for technology and other companies, as well as government agencies, as cyberattacks and ransomware attacks have grown rapidly in number and sophistication, with AWS rival Microsoft taking a big hit last year with its Exchange Server attack after being ensnared in the massive SolarWinds hack.
The White House was slated to meet today with tech executives from Amazon, Microsoft, Google parent company Alphabet, Apple, IBM, Facebook and Oracle to discuss software security. In May, President Joseph Biden signed an executive order to improve the nation’s cybersecurity posture.
“If we can cut down on flat-out human mistakes, we’ll be more than halfway to a more secure world,” Schmidt said during his keynote address in August for re:Inforce 2021, AWS’ security, identity and compliance conference.
Security Is ‘Job Zero’
In what it called an industry first, AWS that month announced a new partner competency for managed security service providers. The AWS Level 1 MSSP Competency creates a new baseline standard for managed security services that protect, monitor and respond to security events of essential AWS resources and are delivered to customers as a fully managed service.
“Security is job zero at AWS,” Adam Selipsky, who succeeded Jassy as AWS CEO in July, told CRN
in an October interview. “It comes before anything else. We actually apply a tremendous amount of resources to security, both in centralized dedicated security teams as well as to a large amount of headcount inside of each of our service teams who are focused on security. We have a very, very strong culture around security and a lot of mechanisms to ensure that we are constantly understanding where we have opportunities to improve our security posture for our customers -- both automated capabilities as well as human-based capabilities. As a result, AWS has a very strong track record in security and in operational excellence, which I believe is second to none in the cloud industry.”