#53: Steve Orrin: Leading Cybersecurity at Intel and Beyond
In this episode, we talk to Steve Orrin, Chief Technology Officer and Senior PE at Intel Federal, about his unique journey from biology to cybersecurity leadership. We discuss the main challenges faced by federal bodies in the cybersecurity landscape and how they differ across industries like Aerospace, Education, and Healthcare.
About Steve Orrin
Steve Orrin is the Chief Technology Officer and Senior PE at Intel Federal. Steve is an experienced leader with extensive experience in defining and guiding information technology and cybersecurity vision, strategy, and execution for major organizations. Currently at Intel, he advises federal agencies, the Department of Defense, and the Intelligence Community on all facets of technology. Previously, he influenced the evolution of Intel’s cybersecurity strategy, and led security initiatives within multiple product groups. In addition to his work at Intel, Steve also successfully launched and grew start-ups to be acquired.Summary of the Conversation with Steve Orrin
Steve Orrin, Chief Technology Officer and Senior Principal Engineer at Intel Federal, shared his extensive experience and insights into cybersecurity, particularly in the context of federal agencies, the Department of Defense, and the intelligence community. He discussed his journey from biology to cybersecurity, the challenges faced by federal bodies, and the importance of cybersecurity in critical infrastructure and product development.
Career Journey
- Early Career: Started as a research biologist but transitioned to cybersecurity after helping a friend with a startup in desktop security.
- Cybersecurity Evolution: Worked in various startups, focusing on desktop security, mainframe security, and web security, before joining Intel through an acquisition.
- Current Role: Advises federal agencies and influences Intel’s cybersecurity strategy, leveraging his experience in both the public and private sectors.
Insights and Highlights
- Interconnected Medical Devices: Discussed the intersection of his background in biology and cybersecurity, emphasizing the importance of understanding different industries to build robust security solutions.
- Federal Cybersecurity Challenges: Highlighted the federal government as a prime target for nation-state actors and cybercriminals, stressing the need for comprehensive security measures across all levels of the technology stack.
- Supply Chain Security: Mentioned the significance of securing the supply chain to prevent malicious code from infiltrating through upstream product development.
- AI in Cybersecurity: Explored the dual role of AI in both enhancing cybersecurity and being a target that needs securing. Emphasized the potential of AI to automate routine security tasks, freeing up human resources for more complex issues.
Critical Infrastructure and Industry Differences
- Critical Infrastructure Security: Drew parallels between critical infrastructure and military systems, emphasizing the need for strong security measures for edge devices and remote systems.
- Industry Commonalities and Differences: Noted that while the underlying technology across industries (e.g., medical devices, manufacturing, smart cities) is often similar, the regulatory and process differences are crucial. Security controls are largely common, but regulatory requirements vary by industry.
Advice and Best Practices
- Visibility and Verification: Stressed the importance of understanding what’s inside a device (e.g., using Software Bill of Materials (SBOM) and Hardware Bill of Materials) and verifying firmware to ensure security.
- Microsegmentation: Recommended isolating and segmenting networks to manage risk and protect legacy devices that cannot be easily updated.
- Regulatory Preparedness: Advised organizations to stay ahead of regulations by asking hard questions about security controls and ensuring compliance with emerging standards.
- Mapping Security to Value: Highlighted the importance of aligning cybersecurity efforts with business value and regulatory compliance to gain organizational support and ensure successful implementation.
Personal Anecdotes
- Impactful Project at Intel: Shared a memorable experience where a security feature he worked on at Intel was deployed to 40 million PCs, underscoring the potential for widespread impact in cybersecurity.
Closing Remarks
Steve Orrin’s extensive experience and insights provided a comprehensive view of the challenges and strategies in cybersecurity, particularly for federal agencies and critical infrastructure. The hosts expressed appreciation for his contributions and discussed the potential for future collaboration on live events and other initiatives.