Think about future threats, not present vulnerabilities: Eddie Schwartz

Think about future threats, not present vulnerabilities: Eddie Schwartz

RSA US chief information security officer says companies need to be producing intelligence products, not reports

Security threats are changing so fast that drawing up vulnerability reports is a "worthless endeavour", according to RSA US chief information security officer, Eddie Schwartz.

Schwartz, as a newcomer to the role who began on 10 June 2011 following the acquisition of NetWitness by RSA, said security professionals should change their priorities to anticipate what threats are coming next and how they can protect customers.

“At RSA, part of my job is influencing the technology roadmap so we can help our customers find intelligence driven approaches to security,” he said.

“If all I am doing is producing lists of how many vulnerabilities I have, that’s a worthless endeavour compared to what new things are on the horizon that I need to worry about.”

When it comes to what keeps Schwartz awake at night, he admits that it is the unknown threats.

“If something hits the news when I wake up in the morning, how can I respond effectively to it? These are the kind of issues I worry about constantly, not only for our internal security, but also RSA’s product roadmap.”

Schwartz, who began his career working as a Foreign Service officer with the US State Department in 1985, also criticised the information security industry for not viewing risk using an adversarial threat model.

“I was stationed in Poland from 1986 to 1988 during the Cold War,” he said. “These were times when you were worried about the Communists so I’m very much an artefact of that era when you had to protect computers in a certain way and had to think about the adversaries.”

“We can no longer try to lock down everything because we can’t,” he said. “Nobody has the resources to do that so we need to focus on high value assets.”

According to Schwartz, the world is in a new phase of the “spy game” with criminal activity and espionage now online.

This is because it is far more profitable and easier to avoid detection from law enforcement agencies.

“We need to adjust our thinking because we can’t just say `we’re all gentleman and we won’t spy on each other’. Everyone is spying so we need to defend ourselves,” he said.

Turning to the advanced persistent threat (APT) attack on RSA in March 2011, which resulted in an attempt to infiltrate one of its customers, US defence contractor, Lockheed Martin, Schwartz said that an unexpected upside for RSA was that it became part of a new community of defence contractors who had been hacked.

“All of a sudden, you have brothers in arms," he said. "If you look around the defence industrial base, companies that support the defence community, they’ve all been hacked and had weapon systems and airplane designs stolen.”

As a result of these contacts, RSA now shares information and better practices with other affected companies to detect hackers.

“That was a lesson learnt because you think you’re fighting a very difficult battle in isolation,” he said.

Got a security tip-off? Contact Hamish Barwick at hamish_barwick at

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags rsa securityNetWitnessadvanced persistent threats (APTs)Eddie Schwartz

More about APTLockheed MartinRSA

Show Comments