At Relativity Fest in London, I spoke to Amanda Fennell, Chief Security Officer at Relativity. I started by asking her what her role encompasses.
Amanda Fennell said that the Chief Security Officer role at Relativity differs from most Chief Information Security Officer roles. The CSO has to protect the company’s own data, its products, the physical premises – everything.
Why did Relativity decide that now was the time to expand the existing role? Relativity asked itself why it was looking only at product security – why not cover cybersecurity as well? Relativity put together architecture which is “exhaustive” coming at it from an adversarial angle so they could “think like the bad guys”.
I asked Amanda Fennell what happened in a typical day and what range of subjects come up.
She said that most of her time was spent in discussions with clients. As Relativity moves to the cloud, the clients’ primary concern is trust and security, and they need to feel confident that Relativity is on top of this, and not just with frameworks, governance and compliance controls etc. To some extent, therefore, Amanda Fennell’s role is a marketing one as well as a technical one.
Giving priority to this reflects market research which shows that security is on top of every client’s list. Relativity felt that it had to be “amazing” and “ridiculously awesome” to meet this challenge.
Is it a growing problem with new challenges?
The challenges are in the integration points between the different responsibilities. The way attackers come at you changes with time, and constant monitoring is needed. It is different also for different customers – the risks faced by a government customer are different from those faced by a law firm.
The three teams – product, cyber and compliance – handling all this has grown from 15 people to 28 in three months, and more hiring is planned. The main core of the team is in Chicago but there are plans to expand to Relativity’s office in Kraków.