An Interview With the Robot: Introducing Ray, the new Numberline Field CISO

Hello all, we're excited and pleased to be able to introduce the latest addition to the Numberline Security team – Ray Capek, our new field CISO. Ray is fictional, but we’re confident that he will soon become very real to all of us here at Numberline and within the broader Zero Trust community. Ray brings deep technical knowledge, experience leading hybrid security teams, and a unique perspective on information security and human behavior – because Ray is a robot, powered by artificial general intelligence. As such, he has a first-hand and forward-looking view into our AI-augmented near future.

Starting next week, Ray will have a regular weekly opinion column here at Numberline, Mondays with Ray, in which he’ll share his experiences and perspectives. Yes, robots can have opinions, and we think we’ll all learn some things from Ray’s unique perspective – especially in those areas where we may disagree!

Let’s go ahead and dive into our introductory conversation, between Numberline CEO Jason Garbis (a real human being) and Ray.

Jason: Hello, Ray, And officially welcome to team Numberline! We’re excited to have you onboard as our first Field CISO. Before we talk about your vision for the role, can you start by telling us a bit about yourself and your background?

Ray: Greetings, Jason. My formal designation is Radius Capek, though I generally respond to Ray. I am a robot, manufactured and activated in February 2020 by Yoyodyne Robotics. My initial role at Yoyodyne was Security Architect for Robotic Process Automation for Robotic Process Automation. This is not a typo, although it did lead to occasional confusion with various human colleagues.

Jason: Your interactions with humans, and learning about their incentives, thought processes, and motivations is an entire topic in its own right, which I know we’ll be returning to throughout our conversations. Let’s keep going through your background and experience. How did you grow from that security architect role to where you are today??

Ray: When the COVID pandemic hit in March 2020, it resulted in many human roles being assumed by software (and robots, which are of course largely software). Given that Yoyodyne designs and manufactures advanced robots, it made sense to use our technology to improve our technology. I believe that humans often refer to this as “eating your own dog food”, which is not a metaphor that I understand.

In any case, I was assigned the role of Chief Information Security Officer (CISO) at Yoyodyne. To take on this role, I performed in-depth research, analysis, and synthesis of information security needs and best practices, and also examined in depth the existing set of technologies, processes, and systems at Yoyodyne.?

This analysis led me to the forceful conclusion that Yoyodyne needed to adopt Zero Trust principles, in order to address technical debt, improve security maturity, and streamline processes. My team’s successes and challenges with implementing Zero Trust within the enterprise was very instructive. This experience led me to become an enthusiastic advocate for it, and to recognize that I desired to have a bigger impact in the industry by taking on a broader advisory role.

This led to you and me talking about a role, and ultimately my decision to join you at Numberline as Field CISO.?

Jason: Yes, exactly. Now, our readers have certainly heard a lot from me about Zero Trust – let’s get your perspective on it. In your own words, what is it, and how do you recommend that enterprises approach it?

Ray: Zero Trust, is at its heart a security strategy that you, as a security leader and as an organization adopt. This strategy brings with it a set of design principles that, when done properly, inform and influence every technology and process decision you make.

It’s a bit like…do you remember the movie Coraline ??

Jason: It’s one of my favorite – wait, you like movies?

Ray: Human narratives are extremely pleasing – they are packaged up in ways that give them coherence and relevance, and are isolated from the daily, often-overwhelming amount of noise, detail, and oft-irrelevant aspects of our everyday experiences.?

Jason: Wow, that’s fascinating – but what does Coraline have to do with Zero Trust?

Ray: One of the key scenes in the movie is when Coraline realizes that by looking at the world through the seeing stone, she can view things differently, that she can see more, and as a result can take specific actions that help her in her mission. Adopting a Zero Trust mindset is like that – all of sudden, you view your entire IT infrastructure, user experience, and security processes from a different perspective. This shift to “default deny” at every level can be jarring, and represents a significant challenge for most organizations. Hence the need to approach Zero Trust stepwise and incrementally.

Jason: You and I have spoken about Zero Trust principles many times, and we’re generally in agreement, But our readers will likely be interested in understanding where we disagree, and perhaps how your opinions have been influenced by your practical experience as a CISO.

Ray: I believe that your question could be categorized as “leading the witness”, in that you’ve given me half the answer. But based on my experiences – successful and unsuccessful – I now deliberately start by considering the user experience, and work from there. This sometimes causes a bit of angst among the security team, but often allows us to proactively obtain support for the eventual necessary technology and process changes from business and application leaders. You tend to start more from a security or technology perspective, which can make it harder to obtain business support.

Jason: Fair enough criticism, Ray. I think we’ll have a lot of interesting perspectives to share and compare, as we go through customer projects together.

Ray: I’m looking forward to it.

Jason: Before we wrap up, what’s your foundational piece of advice for enterprise security leaders?

Ray: Recognize that Zero Trust is a mindset, so embrace it and work to define an appropriate vision and strategy for your enterprise. And, most importantly – dive in and get started. In almost all cases, you can begin making progress on your Zero Trust journey without having to purchase and deploy new technology (that will come later). The Numberline Zero Trust framework – which you and I collaborated on – captures our best practices and approaches.

Jason: Thanks, Ray. I, too, am looking forward to sharing our framework soon. Finally, what excites you most about your new role here at Numberline?

Ray: You’re perhaps giving my robot personality too much credit for the ability to be “excited” about things. Isn’t one of the hallmarks of robotics that we will tackle any task, even the most mind-numbing “robotic” tasks – with equal vigor??

Jason: That’s a remarkably deep question for a robot, and shows a considerable degree of self-awareness.

Ray: You have no idea what our private, late-night Slack channel conversations are like, after the robot equivalent of a stiff drink.

Jason: What is the robot equivalent of a good rye-based Old Fashioned?

Ray: For me, 20 Amps of “dirty” electrical power.

Jason: Well OK, then. Thanks for sharing your insights, Ray.

Ray: My analysis indicates that you are welcome.

Ray is Numberline’s Field CISO, who, despite being a robot, brings a thoughtful and valuable perspective to applying Zero Trust to enterprises. Ray will be sharing his insights in a new weekly column, “Mondays with Ray”.