5 mins with Tom Kellermann, cyber security leader at VMware

Tom Kellermann is June's exclusive guest in Technology Magazine's 5 Mins With this month. He is currently Head of Cybersecurity Strategy at VMware, one of the industry's biggest companies with a revenue of US$11.77 billion last year.

Prior to this role Tom was the Chief Cybersecurity Officer for Carbon Black and has served as Wilson Center’s Global Fellow for Cybersecurity Policy and the  Secret Service Cybercrime Investigations Advisory Board.

His vast experience includes being CEO and founder of Strategic Cyber Ventures; Chief Cybersecurity Officer for Trend Micro; Vice President of Security for Core Security and Deputy CISO for the World Bank Treasury.

Back In 2008, Kellermann was appointed a commissioner on the Commission on Cyber Security for the 44th President of the United States and he has co-authored the Book “Electronic Safety and Soundness: Securing Finance in a New Age.”

He took the time to sit down with Technology Magazine to discuss all things cyber...

What wider role does VMware have in the cyber world and how is the paradigm shifting?

As I head cyber security policy at VMware, I advise the Five Eye governments on proactive cybersecurity public policy. 

I also serve as a trusted advisor to Fortune 100 customers on all challenges posed by cyber crime and espionage, as well as corresponding mitigation strategies.

VMware delivers built-in, distributed security solutions designed specifically for the threats customers face today, like ransomware and attacks targeting the anywhere workforce. Our threat telemetry is among the best in the industry given our client roster and we have powerful visibility into some of the most challenging places for enterprises to monitor. Put simply, we can stop attacks that others can’t because we can see threats that they don’t.

An interesting shift is how everybody now has to have an ‘assumption of breach’ mentality. Organisations must now operate under the assumption that they will be impacted by a cyber attack, or that an attacker already has an avenue into their environment. We see this as a fundamental pillar of cyber security best practice at VMware to operationalise consistent security across environments. This helps our customers to secure modern applications, workloads, and the anywhere workspace, while responding to threats with speed and hunting attackers with accuracy.

You've mentioned in regards to threats to business, that there needs to be a pivot away from prevention to intrusion suppression. Can you elaborate?

With geo-political tensions spilling over into cyber space, organisations must now invert the security paradigm and ‘assume a breach’ in order to effectively defend from within. Our new stark reality is that intruders can and will get into any environment. But, to prevent escalation we have to suppress their threat campaign by detecting, deceiving, diverting and containing, all without revealing ourselves to the adversary.

The core of this strategy should see endpoint detection and response integrated with network detection and response solutions, while also using deception technology to divert intruders. Attackers typically use nation state attack campaigns to hijack complex digital transformations and execute integrity attacks. Organisations need to recognise the urgency required in pivoting away from prevention techniques and towards intrusion suppression to combat these advanced cyber threat adversaries.

Why is cyber vigilance so critical and how can it be achieved with zero trust?

We’re currently living in a cyber insurgency, where the cyber space is becoming increasingly hostile and attacks are more destructive than ever before. The practice of suppressing intruders is critical to navigating this insurgency and remaining vigilant against cyber cartels, but this can only be upheld through a zero trust strategy.

It's critical that organisations take a proactive approach to security and acknowledge that threats exist both inside and outside of traditional network boundaries. A zero trust approach allows users access to only what’s necessary to effectively do their jobs, with continuous verification. The defender gains situational awareness as a result of adopting a zero-trust mindset, as well as a unified view of operations to help speed up detection and response to potential threats. In essence, zero trust instills the sensible notion of, ‘prepare for the worst, and hope for the best’, as organisations endeavour to give security teams the means to remain vigilant.

What does success look like to you in your role? 

Success is helping VMware and our customers both defend and civilise cyberspace from the growing cyber insurgency.