EP258 Why Your Security Strategy Needs an Immune System, Not a Fortress with Royal Hansen

Описание: Guest:


• Royal Hansen (  / royal-hansen-989858  ) , VP of Engineering at Google, former CISO of Alphabet


Topics:


• The "God-Like Designer" Fallacy: You've argued that we need to move away from the "God-like designer" model of security—where we pre-calculate every risk like building a bridge—and towards a biological model. Can you explain why that old engineering mindset is becoming risky in today's cloud and AI environments?

• Resilience vs. Robustness: In your view, what is the practical difference between a robust system (like a fortress that eventually breaks) and a resilient system (like an immune system)? How does a CISO start shifting their team's focus from creating the former to nurturing the latter?

• Securing the Unknown: We're entering an era where AI agents (https://security.googlecloudcommunity...) will call other agents, creating pathways we never explicitly designed. If we can't predict these interactions, how can we possibly secure them? What does "emergent security" look like in practice?

• Primitives for Agents: You mentioned the need for new "biological primitives" for these agents—things like time-bound access or inherent throttling. Are these just new names for old concepts like Zero Trust, or is there something different about how we need to apply them to AI?

• The Compliance Friction: There's a massive tension between this dynamic, probabilistic reality and the static, checklist-based world of many compliance regimes. How do you, as a leader, bridge that gap? How do you convince an auditor or a board that a "probabilistic" approach doesn't just mean "we don't know for sure"?

• "Safe" Failures: How can organizations get comfortable with the idea of designing for allowable failure in their subsystems, rather than striving for 100% uptime and security everywhere?


Resources:


• Video version (   • EP258 Why Your Security Strategy Needs an ...  )

• EP189 How Google Does Security Programs at Scale: CISO Insights (https://cloud.withgoogle.com/cloudsec...)

• BigSleep (https://cloud.google.com/blog/product...) and CodeMender (https://deepmind.google/blog/introduc...) agents

• "Chasing the Rabbit" (https://www.amazon.com/Chasing-Rabbit...) book

• "How Life Works: A User's Guide to the New Biology" (https://www.amazon.com/dp/0226826686?...) book