AiThority Interview With Terence Jackson, Chief Information Security Officer at Thycotic
Hi Terence. Could you tell us about your journey and how you arrived at Thycotic?
My journey to Thycotic was an interesting one, even though I’ve been in the IT and security field for nearly 20 years. I made the pivot into security and consulting back in 2013 and focused on Identity and Access Management (IAM) and Privileged Account Management (PAM).
I worked with many vendor solutions, but Thycotic clearly stood out due to its innovative approach to solving problems. I was hooked as soon as I got my hand on the product. The rest is history.
What are the current trends and technologies that you see as most significant around Privileged Access Management (PAM)?
The most significant technology that I see emerging right now is Just-In-Time access and PAM for Software-as-a-Service (SaaS) applications. This is one that we all should certainly keep an eye on.
Tell us a little more about the global state of PAM compliance and how it could change with AI and Data Science.
According to our research on PAM maturity, only 15% of organizations are using vaulting in a mature way. The use of AI and Data Science will allow organizations to manage their PAM environment more efficiently by helping teams identify insider risk, improper access, and other suspicious activities around Privileged Access.
In 2020, what should CISOs primarily focus on to secure their remote workplace environment?
CISO’s should focus on enforcing least privilege, staying up-to-date on patches, and preventing data from flowing places that it shouldn’t.
Which business groups benefit most from utilizing PAM solutions?
IT admins and developers are generally the initial groups that find the most benefit in PAM. However, essentially all business users have access to systems that store, process, or transmit sensitive data.
So an effective PAM solution not only solves the IT and developer PAM issue but is extensible to the rest of the business. Simply put: PAM is a business issue, not just an IT one.
Tell us more about Thycotic’s Secret Server and what is the technology engine driving the integration with existing IT Cloud systems?
Secret Server is a fully-featured PAM solution available both on-premise and in the cloud. It empowers security and IT ops teams to secure and manage all types of privileged accounts and offers the fastest time to value of any PAM solution.
Thycotic is doing things differently from the traditional complex, disconnected security tools. This allows us to be integrated into a company’s ecosystem more rapidly and reduce the friction that most traditional PAM technologies do.
Enterprise Password Management is a booming industry. However, COVID-19 may have impacted the run. How can you continue to be innovative with product enhancements at Thycotic during the pandemic?
Thycotic has always been, and will continue to be, flexible when it comes to the workplace. We have had a strong culture of remote work for years and that will continue. There has not been a decrease in productivity during the COVID-19 in regards to the development of new products, features, and releases. We will remain flexible in this regard.
How can Secret Policy/Identity management solutions protect against rampant ransomware and cyber threat activities?
Enforcing least privilege on a company’s endpoints greatly reduces the havoc that ransomware can take on an organization. A lot of ransomware variants require administrative privileges to execute fully.
By removing local administrative privileges from endpoints, organizations greatly reduce the attack surface. Pairing that with an effective overall PAM strategy protects the organizations Crown Jewels even more.
Tag a person whose answers you would like to read here:
Arun Kothanath, Chief Security Strategist at Clango.
Thank you, Terence! That was fun and hope to see you back on AiThority.com soon.
With nearly two decades of public and private sector IT and security experience, Terence Jackson is responsible for protecting Thycotic’s information assets. In his role, he currently leads a corporate-wide information risk management program. He identifies, evaluates and reports on information security practices, controls, and risks in order to comply with regulatory requirements and to align with the risk posture of the enterprise. Prior to joining Thycotic, Terence was the Director of Cybersecurity and Professional Services for TSI, a Virginia based Inc. 5000 company.
Thycotic is the leading provider of cloud-ready privilege management solutions. Thycotic’s security tools empower more than 10,000 organizations, from small businesses to the Fortune 100, to limit privileged account risk, implement least privilege policies, control applications, and demonstrate compliance. Thycotic makes enterprise-level privilege management accessible for everyone by eliminating the dependency on overly complex security tools and prioritizing productivity, flexibility, and control. Headquartered in Washington, DC, Thycotic operates worldwide with offices in the UK and Australia.