Our CISO, Diana Kelley, was interviewed for Silicon Republic
Protect AI’s Diana Kelley discusses cybersecurity trends, from the rise of ‘GreenOps’ to the best ways to address security in AI development.
Diana Kelley is the chief information security officer (CISO) at Protect AI, a Seattle-based cybersecurity company that focuses on AI and machine learning systems.
Kelley has extensive experience in the cybersecurity space, having held various security leadership positions across a range of companies, including cybersecurity field chief technology officer (CTO) at Microsoft, global executive security adviser at IBM Security and general manager at Symantec, just to name a few.
She also serves on the boards of a number of cybersecurity organizations, including Women in CyberSecurity (WiCyS), the Executive Women’s Forum, InfoSec World and CyberFuture Foundation, as well as serving on several advisory councils.
Here, she talks about her role and some of the latest trends in the cybersecurity space.
‘The best way to address AI security is to build security into the AI lifecycle’
Describe your role and your responsibilities in driving tech strategy.
I am responsible for building and managing the corporate security program and strategy for Protect AI. I am also responsible for the physical security at the company and manage our compliance and TPRM (third-party risk management) processes. Since we’re a fast-moving start-up, I’m focusing on an active, proactive program that protects assets and supports engineering innovation.
What are your thoughts on digital transformation in a broad sense within your industry?
Digital transformation and the adoption of the cloud has been one of the most important inflection points in business in the last decade. Because we are a newer company, we are ‘born in the cloud’, which means we embraced digital transformation from the get-go. Advances in ‘as code’ (policy as code, infrastructure as code) deployment patterns allow us to create the environments we need quickly and with appropriate governance in place.
Sustainability has become a key objective for businesses in recent years. What are your thoughts on how this can be addressed from an IT perspective?
IT intersects with sustainability in the areas of energy use and spend. I’m very interested in the rise of ‘GreenOps’ – the practice of evaluating what and how money is spent in the cloud and looking at ways to reduce sprawl and expenditures. What’s great about this approach is that it not only saves the company money, it also reduces environmental impact by decreasing energy use. GreenOps can also be part of a strong security program by reducing the attack surface and cloud complexity.
What big tech trends do you believe are changing the world and your industry specifically?
AI! It’s transforming so much about how companies and people advance innovation and transform the organization and even automate mundane, repetitive tasks. Security has long faced the issue of having voluminous amounts of data, but limited ability to contextualize that data to find anomalies and risks. AI is perfect for this use case and is helping companies find risks and exposure points, and to turn massive amounts of log data into security insights which is really exciting.
I’m also excited about some of the work being done on AI-assisted threat modeling, because many organizations don’t know where to start; having an AI assistant start the process is a meaningful step forward.
What are your thoughts on how we can address the security challenges currently facing your industry?
Although AI will be a hugely useful tool for cyber defenders, it will also be weaponized by attackers. They are already hiding malicious operators in models and exploiting attacks in the AI supply chain. The best way to address AI security is to build security into the AI lifecycle and deliver better visibility and control.
It’s also really important for security teams to lean into AI and machine learning use by creating policies for adoption and educating teams on responsible use of AI tools without putting the organization at risk.