This week’s Five-Minute CIO is Jason Soroko, an experienced security technology innovator with Sectigo.
He’s responsible for facing customers, researching, innovating, educating and contributing to strategy, national-level guidance, intellectual property development and consortium standards. On a daily basis, Soroko solves business problems by synthesising security with state-of-the-art real-world operational needs.
Tell us about your own role and your responsibilities in driving tech strategy.
I work very closely with customers and listen in order to understand their needs. This usually means having a common understanding of the desired outcome to mitigate the specific set of risks that apply to that customer. My role is to take time to synthesise the learning from those activities and communicate in conferences, podcasts and other ways.
Is Sectigo spearheading any major product or IT initiatives you can tell us about?
Sectigo, as a public certificate authority, is spearheading device integrity through embedded software that we brand as Icon Labs. Our customers see our value as a security partner with the breadth and depth of product and experience to solve their problems for the long term.
How big is your team? Do you outsource where possible?
My team includes product management, product development, engineers, sales, marketing, HR, legal and others. In some cases, we outsource for strategic purposes.
What are your thoughts on digital transformation and how are you addressing it?
Almost all businesses are now digital businesses. Enterprises that used to make unconnected products now find themselves with networking and software challenges. Manufacturers who once relied on vertically integrated, essentially isolated systems now find themselves wanting to access valuable operational data.
To be successful, these systems must be secured. This includes protecting enterprise computing, cloud-based systems and DevOps, as well as IoT devices. Our role at Sectigo is helping OEMs [original equipment manufacturers] and enterprises secure these systems.
What big tech trends do you believe are changing the world and your industry specifically?
Connectivity is essential for digital transformation, but this comes with risk. Legislation and guidance are all pointing to the same thing: device identity is at the core of mitigating risk. Soon it will not be a choice to ignore security in connected devices.
In terms of security, what are your thoughts on how we can better protect data?
Lessons learned in enterprise IT regarding authentication, authorisation and data integrity have to be matched to operational systems knowledge of uptime and reliability. Strong identity-based authentication, coupled with strong data encryption-in-transit and encryption-at-rest technologies exist, even for constrained devices.
Device integrity can be achieved through bootloader and firmware code signing, as well as embedded firewalls. All of this leads to better data protection, but is less about product and more about secure design.