Jonathan Jaffe, CISO at Lemonade, Talks Privacy, AI, and Industry Trends

In this week's interview, we sit down with Jonathan Jaffe, Chief Information Security Officer at Lemonade, to talk trends shaping cybersecurity, the funding landscape, automation’s role, and how AI is reshaping the game. Read the full interview below 👇

P.S. Was this email forwarded to you? If so, sign up to receive Cloud Control interviews delivered to your email each week here.

Question 1 💭

Give us a quick overview of who you are and what it is you do. You’ve transitioned from being a privacy litigator to your current role as the CISO at Lemonade. How has your legal background influenced your approach to information security?

Answer 1 🎯

I’ve been in security since 1997, primarily doing IAM implementations for large enterprises. Mid-career, I went to law school (at night), something I had wanted to do since I was ten. I did this while working full-time and as a father of two young children. A year after admission to the Bar, I found and prosecuted some large privacy class actions, the biggest being against Facebook. 

That experience was like no other, but I also realized that I enjoy building things, and working with new technologies, more than motions, discovery, or depositions. 

I returned to security, as a security product manager for a while, and then back into technical development, taking on more responsibility along the way. Now, I’m the CISO at Lemonade.

My knowledge of the law, and how to approach problems in the structured, logical manner that the law teaches, gives me a powerful approach to dealing with security and technology. When I have two risks to prioritize against one another, I consider how legally defensible my choices will be, both from technical and regulatory perspectives.

Question 2 💭

What cybersecurity trends or emerging technologies have recently caught your attention? Are there any that you think will reshape the industry?

Answer 2 🎯

The trend is to automate as much as possible. The short-term trend is to provide on-point detection and response, and to automate both. The longer-term trend is to use AI, some GenAI but much of it deterministic AI, to support the automation of these things.

AI is already reshaping the industry. It’s just the dawn of AI, but I’m already seeing—and using—AI to enhance my team’s ability to do better work with less effort.

Question 3 💭

With your knowledge of the cybersecurity investment landscape, what shifts and patterns do you see in the funding and support ecosystem for security start-ups, and how does SVCI plan to navigate these changes in the years ahead?

Answer 3 🎯

The overall trend in terms of money is still upwards over time. I don’t see meaningful changes with regards to investment, in spite of short term responses to the economy. 

In terms of security domains receiving investment, fads will always come and go. Last year, it was data security. This year, it’s AI-sec. Fads will always be fads. However, the long-term trend for security technology investments is to invest in technologies and companies which automate solutions. It’s primarily through automation that buyers can keep up with the evolving threat landscape at the scale of cloud services.

Question 4 💭

How can security start-ups adapt to the advancements in AI, cloud, and other emerging technologies? What impact do these technologies have on their ability to provide effective cybersecurity solutions?

Answer 4 🎯

Security start-ups can adapt to AI advancements by meaningfully integrating AI to solve real problems, not just adding cute features. Done well, they amplify the effectiveness of security teams and allow them to increase security with less effort. AI can do this when applied with sincere intent, and not just marketing value.

Question 5 💭

Having worked with smaller startups and large enterprises, how do you anticipate the role of CISOs evolving in the next five years? What challenges and opportunities do they face?

Answer 5 🎯

I’m not willing to predict anything out five years, but with regards to challenges, I think CISOs will take on more legal liability. Over the long run this should increase budgets, improve security, force maturation of processes, and, here is the good news, increase salaries to reflect the new personal risks. I don’t think this trend will happen quickly, though. It will be a gradual one over many years.

Read the Full Q&A on Gomboc.ai

What’s New at Gomboc

In the magical land of Silicon Valley, where dreams and code converge, a tale is about to unfold…Imagine a sunny day in the Valley, with Kubernetes on the horizon, ready to set sail into production waters. But, as fate would have it, chaos ensues, and our beloved character, Streamline Willie, finds himself in the midst of a cloud conundrum 🚢💻

Watch Mickey as he goes on a rollercoaster of tech shenanigans, only to be saved by Gomboc 💪

Latest AWS and Azure Updates You Don’t Want to Miss

1. Azure Red Hat OpenShift is now available in Italy North region

2. Use your preferred Socket.IO APIs, while letting Azure handle messages and scaling for you

3. The ability to encrypt health data in the cloud with customer-managed keys using Azure Health Data Services is generally available

4. Announcing AWS IAM Identity Center APIs for visibility into workforce access to AWS

5. AWS Amplify Hosting extends server-side rendering (SSR) support to additional frameworks

Top Articles and Resources of the Week

Articles

1. Amazon Offers Free Courses on Generative AI

2. The 10 Biggest Cyber Security Trends In 2024 Everyone Must Be Ready For Now

3. Predator AI ChatGPT Integration Poses Risk to Cloud Services

4. Illumio Delivers Zero-Trust Segmentation Platform With the Addition of CloudSecure

5. VX-Underground Malware Collective Framed by Phobos Ransomware

Resources

1. Major Cloud Security Events and Conferences

   1. Opt-in to this resource to receive updates on events and conferences in cloud security. Meet like-minded cloud-security professionals from around the globe to learn, exchange ideas, network, and more.

2. Top 50 InfoSec Networking Groups to Join

   1. Join these top 50 associations, LinkedIn groups, and meetups to stay ahead of the curve on all things InfoSec.

3. CIS Benchmarks

   1. The Center for Internet Security (CIS) is a fantastic resource for initiating, implementing, and upholding a robust cloud security strategy. Access their detailed benchmarks tailored for AWS, GCP, Azure, and more. For a deeper understanding, explore the CIS Controls Cloud Companion Guide.

4. SANS Practical Guide to Security in the AWS Cloud

   1. In collaboration with AWS Marketplace, SANS introduces an in-depth guide tailored for AWS enthusiasts. Whether you're a novice or an expert, this extensive resource delves into the intricacies of AWS security.

5. Security Best Practices for Azure Solutions

   1. Learn key security practices tailored for Azure solutions and understand their significance. This comprehensive guide offers insights into developing and deploying a secure Azure environment.