Skip to main content

AWS Executive Insights

Security leadership

Insights and strategies to secure the modern enterprise

AWS security conversations

Security is in our DNA: A Conversation with AWS CEO Matt Garman

In this Executive Insights podcast, Clarke Rodgers, Director of AWS Enterprise Strategy, interviews Matt Garman, CEO of AWS, exploring the company’s deeply rooted security culture. Garman, who was also AWS’s first product manager, discusses how security has been "priority zero" since the company's inception. From upholding cloud security best practices to navigating AI security challenges, Garman discusses how AWS embeds security into every aspect of its operations.

Watch the video

Right-Sizing Security Across Amazon Businesses

Security leadership requires a holistic approach across physical and digital domains — and Amazon's diverse business portfolio presents unique challenges and opportunities in both realms. In this interview with Steve Schmidt, Amazon's Chief Security Officer, we'll explore how Amazon implements security across AWS, amazon.com, Whole Foods, Prime Video, Kuiper and more. Join the conversation as Clarke Rodgers, Director of AWS Enterprise Strategy asks Steve about how Amazon standardizes security across businesses, leverages generative AI to improve application security, and enables comprehensive threat intelligence through tools like MadPot.

Watch the video

Invisible Security: Achieving a Seamlessly Secure User Experience

Ever wonder how AWS protects the data of millions of customers while staying ahead of evolving security threats? Get a peek behind the curtain as AWS CISO Chris Betz discusses threat intelligence tools and cloud security at scale. In this candid conversation, AWS Enterprise Strategist Clarke Rodgers sits down with Betz to discuss AWS's philosophy of "invisible security" - protecting customers seamlessly without disrupting their operations. Learn how AWS leverages tools like MadPot, Sonaris, and GuardDuty to detect emerging threats and enhance security operations. Betz also shares valuable insights on board communication, talent development, and building versus buying security solutions at scale.

Watch the video

The DDoS Takedown: How AWS is Disrupting the Disruptors

Step inside AWS's cutting-edge approach to network protection with AWS VP and Distinguished Engineer Tom Scholl. In this eye-opening conversation, discover how threat detection tools like MadPot are helping AWS identify and disrupt DDoS-as-a-service providers who sell attack capabilities on the dark web. Scholl reveals how AWS's massive network scale provides unique insights into emerging threats, enabling proactive security measures and even the take down of criminal organizations like Anonymous Sudan. He also discusses AWS's approach to seamless security integration and the importance of implementing strong "front door" security measures to reinforce potential entry points in your network. This conversation is a must-watch for CISOs and security leaders looking to enhance their cloud security posture in 2025 and beyond.

Watch the video

Conversations with Security Leaders

Join Clarke Rodgers, Director of AWS Enterprise Strategy , as he interviews security leaders across the AWS organization and beyond, discussing everything from establishing a security department, to mitigating security risks, to achieving regulatory compliance, and building security culture into everything we do. Click here to browse the full series.

Missing alt text value

Securing Generative AI: What Matters Now

IBM and AWS recently partnered with Oxford Economics to survey 200 executives regarding their generative AI initiatives and enablement. The study revealed a concerning trend of executives prioritizing innovation over security (70%), despite also stating that secure and trustworthy AI is essential to business success (82%). Read the report to learn what it takes to implement generative AI data security.

Read the report

 

Missing alt text value

Security foundations

No business can thrive without a strong security foundation. But what elements make some organizations more secure than others? Learn from executives why it’s essential to prioritize security culture, data strategy, and enabling innovation as key functions of your security organization.

Establishing security standards and educating your workforce on the importance of security is a crucial first step to reinforce your organization’s security posture. After all, many malicious actors still rely on basic phishing schemes. In this video, hear from Sara Duffer, Director of AWS Security Assurance and former Technical Advisor to the Amazon CEO about why security culture is so important and what role the CEO plays in building and reinforcing security standards.

Watch now

As generative AI continues to reshape industries, organizations must adapt by cultivating a robust and secure plan for data storage and management. In this podcast, AWS Enterprise Strategist Clarke Rodgers joins guests from IBM Security to discuss the importance of data strategy for AI use cases.

Listen now

Discover how to mitigate vulnerabilities earlier in the development process through the principles of Secure by Design. AWS recently partnered with SANS Institute to explore how security by design helps organizations prioritize foundational security that meaningfully improves technical and business outcomes. Read the whitepaper to learn how you can get started on the path to building secure products with a multi-layered strategy.

Read now

In this interview with AWS CISO Chris Betz, learn how the role of the CISO is evolving. Where security organizations were often seen as blockers to innovation, AWS advocates for a security org that enables greater innovation through trusted security mechanisms.

Watch now

Find your community with AWS CISO Circles

CISOs and CSOs come together in locations all around the world to discuss the biggest security topics of the moment with their peers in our CISO Circle communities. With NDAs in place and Chatham House Rule in effect, security leaders can feel free to speak their minds, ask questions, and get feedback from peers through candid conversations facilitated by AWS Security leaders.

Learn more

Podcasts for security leaders

Security never sleeps, that’s why we’ve prepared a robust catalogue of audio content to inform and entertain security leaders on the move.

Podcast

Scaling Security Operations in the Age of AI

Listen now
Podcast

Building a Diverse and Empowered Security Organization

Listen now
Podcast

Identifying and Fixing the Internet’s Security Flaws

Listen now

Two-minute security trainings

At AWS Security, we talk with CISOs daily, covering everything from common challenges they’re facing to their security aspirations for the future. We often hear a lot of the same questions around security culture, compliance, and threat mitigation. Start your conversation off right by watching these two-minute training videos on our most-requested topics. And catch our full Cloud for CISOs training series on YouTube.

Cloud for CISOs training series
Video

How Do I Build a Culture of Security?

Empower a security mindset throughout your workforce.

Watch now
Video

How Can I Mitigate Ransomware?

Identify how to mitigate ransomware.

Watch now
Video

How Do I Build My Compliance Program on Top of AWS?

Understand the cloud value proposition from the security perspective.

Watch now

Research and resources for security leaders

Refine your search:

Clear your search
Loading
Loading
Loading
Loading
Loading

Frequently Asked Questions

Security leadership embodies the proactive stewardship of an organization's safety and integrity. It signifies a commitment to safeguarding sensitive data and the trust and confidence of customers, partners, and stakeholders. Put simply, a security leader is responsible for creating and implementing robust security measures that mitigate risks, protect against immediate threats, and anticipate the evolving security needs of the business. And at AWS, every employee is a security leader, trained to prioritize security in every aspect of work, protect and use data responsibly, and report any perceived security threats or vulnerabilities to the business.

Security leadership is not merely a reactive posture but a strategic necessity—one that involves staying ahead of emerging threats, complying with regulatory requirements, and nurturing a culture of security awareness among employees. Effective security leadership fosters an environment where innovation can thrive securely, enabling adoption of technologies like generative AI and machine learning.

Overall, the concept of security leadership goes beyond just guarding against breaches; it entails shaping a resilient, forward-thinking organization that can navigate the complex and evolving landscape of cybersecurity while also embracing opportunities for growth and innovation.

Just as data security is fundamental to business success, a leader's commitment to cybersecurity is essential. Business leaders of every level, from the Board of Directors to the CEO, must champion a culture of security within their organizations. This entails instilling awareness and best practices among employees, emphasizing the importance of data protection and cybersecurity best practices.

Beyond fostering a security-conscious workforce, leaders are responsible for crafting and implementing robust cybersecurity strategies. They must allocate resources, invest in state-of-the-art technologies, and remain informed about emerging threats. Compliance with industry-specific regulations is also part of their purview, as non-compliance can lead to severe financial and reputational consequences.

Ensuring proactive risk management is another responsibility for business leaders. They must anticipate and mitigate potential threats, ensuring the organization is resilient in the face of evolving cyber challenges. Leaders should also encourage innovation in security practices, embracing technologies like generative AI to remain vigilant against emerging threats.

Having a modern security practice is pivotal in safeguarding the organization's data and reputation—its most precious resources. Data breaches not only put sensitive information at risk but also damage the confidence of customers, partners, and stakeholders, potentially resulting in severe financial setbacks and harm to the organization's overall image and standing.

Furthermore, regulatory compliance is a non-negotiable aspect of modern business. Security leaders ensure the organization adheres to industry-specific regulations, avoiding crippling fines and legal repercussions that could disrupt operations and create a devastating domino effect.

Apart from mitigating risks, cybersecurity maturity is the foundation for an atmosphere of trust and assurance throughout the organization. As data remains secure, businesses can boldly venture into advanced technologies, propelling innovation and securing a competitive advantage.

In summary, having a modern and mature cybersecurity program is essential to protect assets, ensure compliance, and enable innovation. Every organization should ensure security leaders have a seat at the table when planning strategic business objectives. Only when security dependencies and innovations are prioritized can the business ensure sustained success in an environment filled with constant threats and evolving challenges.