CISOs scrambling to stay ahead of the rapid changes coming in security and positioning themselves to proactively divine new threats just over the horizon should tune into Tuesday’s InfoSec World 2020 keynote address led by Jimmy Sanders, head of security at Netflix DVD.
Cybersecurity at the DVD mail order service – which launched the company’s brand in 1998 and shipped its 5 billionth DVD in August — is managed separately from Netflix’s other operations, though both have seen an uptick in demand during the Covid-19 lockdown. SC Media did a quick take with Sanders before his talk, which will draw on his two decades of experience in computer technology — 13 years of it spent in security — and offer insights on innovative approaches as companies push the boundaries of security practices.
SC Media: Based on your email and title, does Netflix split its DVD by mail and streaming businesses in regard to IT security?
Jimmy Sanders: DVD.com is a wholly owned subsidiary of Netflix.
SC: Do you have a counterpart overseeing the streaming business?
JS: Jason Chan, an amazing security leader, is the CISO/VP of security for Netflix.
SC: Was the breach at Sony Pictures four years ago your sort of worst nightmare scenario, especially since Netflix has so much original production going on (e.g., talent salaries, scripts in production, etc.)?
JS: The Sony scenario was bad, but not the worst nightmare for DVD.com. Our customers are our highest priority. Any big event that negatively impacts our customers’ experience is the things that keep me up at night.
SC: Your InfoSec World 2020 keynote is titled “Beyond the Curve.” Is that a pandemic reference alluding to people being locked down for several months so that they could flatten the curve?
JS: My presentation was not a reference to Covid-19; the topic was selected in early 2019. However, the world has definitely changed its views of many things. The title was meant to entice security leaders to incorporate and practice techniques that are just around the corner. These are techniques that have not filtered into mainstream ideas, but the technology and companies are available to incorporate the practices into your security environment.
SC: How has Netflix responded to increased traffic since so many can now take more advantage of their membership?
JS: We have always tried to build scale and stress tests within our various environments. Everything we build and all the tests we conduct are to ensure a great customer experience.
SC: How many Netflix members still get their movies via DVD vs. streaming?
JS: We do not disclose the specific number; however, we are still a profitable business unit.
SC: Does that present any different cybersecurity challenges, or is the PPI the common denominator?
JS: Protected personal information is a common for the two business units, although we have full street address, whereas for streaming it’s optional. The DVD.com subsidiary has the added goal of also protecting a physical good. Entities see DVD.com as a target. Thus, we must ensure our security capabilities are as robust as possible.
SC: Have you leveraged your degrees in psychology and behavioral science to help get inside the head of attackers?
JS: Attackers have such a diverse motivation for attacks that I believe that it would be hubris to think that I was able to get inside of the head of all attackers. I believe my degrees allow me to work with our internal team in a more effective manner.
SC: What can your fellow CISOs do to stay ahead of threats and attacks?
JS: I would encourage CISOs to broaden their network of advisors and peers as much as possible. Holistically and together we can build amazing solutions. In addition, work to have an open mind to new ideas. Attackers are constantly retooling with new techniques. We should ensure we are revamping our techniques as well.
SC: What’s your favorite DVD and why?
JS: My favorite DVD would be almost any James Bond movie. I first started reading James Bond books in grade school. I then progressed to watching James Bond movies, starting with Sean Connery as Bond. The vision of the patriotic spy eluding the bad guys and saving the day captured my imagination.
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .