Welcome to the CTA board of directors. We are delighted to have you on the board. What inspired you to want to be on the CTA board?
I have been engaged with the CTA from its inception, having seen the importance of an industry voice specifically for cybersecurity. Our industry is quite fragmented, and I feel that it’s important to extend beyond the smaller, exclusionary partnerships that intend to “change the industry” but more often do little other than promote singular objectives for commercial gain.
The CTA is very different, with parties that may commercially compete with one another having a vehicle to actually drive the change that’s needed to truly transform our space.
What do you hope to accomplish as a CTA board member?
I feel there are so many issues threatening the ease with which we as cybersecurity practitioners can gather information in order to protect society. As many know, I have been exceptionally vocal on the impact GDPR has had on WHOIS information as just one example. In joining the board, I will be sure to raise these issues so that as an industry body, we can find solutions that help benefit CTA’s membership and the community as a whole.
What role does CTA play in the global sharing ecosystem?
Rapid7 has been a global sharing partner of threat artifacts with CTA for a number of years, also providing early visibility of our research to enable other CTA partners. As we move forward, I anticipate the breadth of our data sharing to expand into areas such as vulnerability research.
Today’s cyber threat actors are relentless and cyber threats can be sophisticated, disruptive and damaging. What role do you think CTA plays in addressing and responding to this ever-evolving cyber threat landscape?
Well much like the earlier question – we as an industry have been very good at sharing IoCs. However in certain cases this approach is not applicable since criminals will bypass the traditional security controls. Therefore sharing TTPs in real time, and disseminating this information is an area which will demand more attention.
Where do you see CTA in 5 years?
To use an American analogy, I envision CTA as a quarterback. In this role, they are serving as a source of truth for the availability of actionable information, as well as guidance regarding public policy as it impacts our ability to do our work, to help shape our industry.
What should be CTA’s next priority?
We have so many threats to our way of working. Unfortunately, our challenge will be to navigate this uncertain world and provide not only a unified voice, but also a call to action for a community that wakes up to business threats such as funding being pulled for assets that are critical to our industry.
Do you have a favorite book you’d like to share?
The Cuckoo’s Egg by Clifford Stoll is a book I will always recommend, as it was what inspired me to focus on security as a career path.
What do you like to do for fun in your downtime outside of work?
What downtime! It seems that every weekend there is another critical vulnerability or threat campaign that demands attention. Where there is some spare time, I can typically be found playing my guitar.
Raj Samani is a computer security expert with more than 25 years’ experience building a stronger, more resilient cybersecurity community through organizational leadership and industry activism. As Senior Vice President and Chief Scientist at Rapid7, Raj is responsible for extending the scope and reach of Rapid7’s research initiatives to further inform and equip business and government leaders.
Immediately prior to joining Rapid7, Raj was a senior executive at McAfee, where he served as McAfee Fellow and Chief Scientist after serving as VP and Chief Technical Officer in EMEA. Raj has assisted multiple law enforcement agencies in cybercrime cases, and is special advisor to the European Cybercrime Centre (EC3) in The Hague.
Raj has been recognized for his contributions to the computer security industry through numerous awards, including the Infosecurity Europe hall of Fame, Peter Szor award, and Intel Achievement Award, among others. He also co-authored the book “Applied Cyber Security and the Smart Grid” as well as “CSA Guide to Cloud Computing,” and he has served as a technical editor for numerous other publications.
In addition to speaking at myriad cybersecurity industry events, Raj is sought after for his commentary on breaking news such as major security breaches and emerging threats. His commentary has appeared in Forbes, The Wall Street Journal, Business Insider, The Daily Beast, and more. He can be found on X at @Raj_Samani.