Byson Koehler, the Equifax CTO and CISO, delivered the keynote at DevSecOps Days during the 2020 RSAC. Equifax contributed to multiple sessions and panels during the conference. The message was consistent: "Yes, we had a major problem. Here's what we're doing about it. Here's what you can learn from us."
From a technical perspective, Bryson Koehler, CTO, and Jamil Farshchi, CISO, took on all questions from the audience. Nothing was out of bounds. They stayed after the session to talk one-on-one with those who had more questions. The words I heard most from the audience about the session was 'humility' and 'transparency'. That's a far cry from the poster child of breaches image the company has had to carry since 2017.
Bryson and I sat down after the session at DevSecOps Days to go more into detail on what Equifax is working on, not just to re-gain user confidence, but to make a difference in the technology industry when it comes to lessons learned. He and Jamil are in the process of rebuilding the technology infrastructure at Equifax. They want to create a self-service, customer driven platform, that will include security as part of an automated solution to the future of data privacy. They are willing to openly share what they are working on, what has worked, what hasn't worked, all while building transparency into the process so that everyone can learn, not just the engineering team at Equifax.
In the episode linked above, we start with how Bryson felt the audience responded to the message from the stage, and what he had hoped to accomplish by stepping into the public spotlight.
Learn more about how Equifax uses Nexus Lifecycle as part of their security transformation in this case study.