Google Senior Director of Information Security and Privacy Heather Adkins joins Jaya to talk about the changing trends and future needs of cybersecurity
“She doesn’t just talk the talk, she also walks the walk every day in and day out for a service most of the planet has come to depend on,” says Avast CISO Jaya Baloo, introducing Heather Adkins, Senior Director of Information Security and Privacy at Google and founding member of the Google Security Team. That “service” Jaya mentions only happens to be keeping the most popular internet tool in the world safe and secure for all.
In Episode 9 of Avast Hacker Archives (AHA), Heather tells Jaya that she didn’t set out looking to work in cybersecurity, cybersecurity just happened to find her. She was studying marine biology at Humboldt University when she took a job at a local ISP. Then something fateful happened that changed the direction of her life – they got hacked.
All at once, Heather was intrigued, curious, and excited. This new cyber world fascinated her, and she headed down to Silicon Valley. She was referred to Google, got the job, and spent the next 19 years of her life dedicated to leading the pack in strong cybersecurity, tweaking as necessary to stay on top of the newest tech, tricks, and traps.
The old way of deploying cybersecurity was site-specific. A company would have a building full of employees, those employees would work within an internal network, and a firewall would be placed around it. This is known, Heather says, as “the bonbon model” – a hard exterior protecting a soft interior. It seemed a sensible and sound method, and at first it worked.
But then, in 2009, Operation Aurora struck. This was a series of cyberattacks that lasted for half a year targeting a variety of organizations like Adobe, Yahoo, Morgan Stanley, and Dow Chemical. The attacks originated from Chinese state-sponsored APT groups, and Heather and her team realized that things needed to change. The problem was that the bonbon model placed too much trust in the internal network. Cybersecurity needed to shift from protecting the building as a whole to protecting the individual machines. The shift would also cater to the emergent trend of remote workers. It required more stringent identity validation and authentication but allowed employees, in theory, to work safely from anywhere.
And that is approximately where we stand currently in the evolution of cybersecurity, but more changes are imminent. Cyberspace is experiencing something of a security paradox at the moment, where most people depend on collected data – search engines, trends, etc. – but at the same time, they want more privacy.
“If I were to make a prediction,” Heather confides to Jaya, “and this is not a Google opinion, this is a Heather prediction – I think consumers will get very comfortable with the idea that data yields solutions, but they’re going to want more control and more insight in simple ways over this data. And because of that, we will see more computing moving down to the endpoints, we will see more cloud-based storage and use by NCrypted, and more agency for the user.”
Heather continues, “It’s all going to come down to the endpoints. That, plus the presidential order that came down in 2021 will really drive this idea of reshaping the ecosystem because we really have to do things differently than we’ve been doing them for the last 30 years or so.”
That presidential order from Joe Biden mandates that all government agencies invest in stronger cybersecurity. This will affect the entire world of security, as vendors will find new solutions to meet the president’s order, and those solutions will then trickle down to the consumers.
Heather is a female leader in a male-dominated field, and she finds inspiration, even a bit of connection, with another female leader from centuries ago – Mary Queen of Scots. Not only was Mary a strong leader of Scotland in the mid-1500s, but she has a historical footnote that still resonates today with the security industry. She met her end due to lack of privacy. Her messages were intercepted. In a way, it was death by 16th-century data breach. She’s both a model of strength and a reminder of caution.
All this is only part of the info-packed conversation Jaya has with Heather. There’s a lot more, including the increased use of homomorphic encryption, the importance of “cyber hygiene,” and Heather’s secret formula for getting the masses comfortable with a new change. You could say Avast Hacker Archives Episode 9 is our only episode where a thought leader from the Googleplex shares a googolplex of her security insights with us. Click the link below to hear it all for yourself!
You can also listen to the episode as a podcast (additionally on Apple Podcasts and Google Podcasts as well as on Spotify.