Episode 243: An Interview with Chris Hoff Chief Secure Technology Officer at LastPass Episode 243: The CSTO is a thing- a conversation with Chris Hoff of LastPass

In our latest podcast, Paul caught up with Chris Hoff (@Beaker) on the sidelines of the Black Hat Briefings to talk about his new role as Chief Secure Technology Officer (CSTO?) at the password management firm LastPass, what the CSTO role entails and how companies need to do more to confront the security implications of “software eating the world.” You can listen to our podcast using the player below, or check it out on iTunes, Spotify, Stitcher, Radio Public and [name your favorite podcast platform]. “Software is eating the world” was the now-famous observation made by legendary Silicon Valley venture capitalist Marc Andreessen. The phrase was intended to capture the trend of formerly brick and mortar businesses – indeed, entire industries- shifting to a software and services model. It’s how Amazon dethroned retail giants like Sears and Toys R Us, and Netflix transformed movie-watching. Writing in 2011 in the Wall Street Journal, Andreessen predicted that, in the next 10 years, he expected many more industries to be disrupted by software.  Software is eating security, too! The last decade certainly proved him right. But what Andreessen failed to mention in this Op-Ed, and what escaped the attention of industry for years – were the unique, new challenges and struggles that running an online, software driven business presents. At the top of that list is cybersecurity. As we have seen: the rapid embrace of software as a service and shift from on -premises to cloud based infrastructure has amplified cyber risk and also spread it around in ways that are difficult to counter.  Christopher Hoff is the Chief Secure Technology Officer at LastPass Enter the CSTO… So what’s the solution? Alas there’s no easy fix or silver bullet here, according to our guest this week, Chris Hoff, (@beaker) who stepped into the role of  Chief Secure Technology Officer at the firm LastPass, the cloud-based password management providers, in May. Prior to that, Chris was the head of BoA’s “Never Down” Critical Business Services group and a former CISO at Citadel.  In this conversation, which was recorded on the sidelines of the Black Hat Briefings, Hoff talks about his new role and new title. We talk about how the notion of a CSTO – something like a mix of CISO and CTO – is a response to the challenges of securing large scale, highly sensitive cloud based services in an age of stealthy supply chain compromises.  One note: this conversation took place before news of a security compromise at Last...