Mike Convertino joined F5 Networks as the company’s first Chief Information Security Officer (CISO) in 2016 and has overseen a transformation of the way technology and human resources are used to help secure the company’s infrastructure.
In a video interview with eSecurity Planet at last week’s RSA Conference, Convertino explained what his role is and how the tools and resources he uses have changed over the last two years.
Generally speaking, the role of CISO is about protecting the enterprise, Convertino also plays a role in guiding F5’s product architecture as well as features that are embedded into customer-facing products.
Convertino noted that he’s customer number 1, as it were, for F5’s gear, testing out new and in-development services to protect F5’s own IT estate. Not surprisingly, Convertino uses the full suite of F5 gear, including different BIG-IP firewall and network security technologies, including Advanced Firewall Manager (AFM), Application Security Manager (ASM) and Access Policy Manager (APM).
The F5 Silverline DDoS filtering and mitigation technology is also used by Convertino. He noted that while F5 has not been hit by mega DDoS attacks recently, it has seen many attacks at the application level, which Silverline has been able to effectively mitigate.
For non-F5 technologies, Convertino said that he tends to use Software-as-a-Service (SaaS) offerings to help keep costs down. Overall, he noted that when he first started at F5, approximately 60 percent of his technology was physical hardware, which has now declined to approximately 20 percent in 2018.
Convertino said his team uses product development libraries in its security infrastructure, as well as developing configuration and rules for mitigation.
“We take the coding that we use for ourselves and our own infrastructure, hand it over to the product group and it winds up in products, ” Convertino said. “It’s a nice symbiotic relationship that is only really possible at a security company.”
Watch the full video interview below:
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.