CSA Community Spotlight: Educating the Security Industry with CISO Rick Doten

Can you believe that CSA has been defining and raising awareness of cloud security best practices for 15 years? Over the course of these several years, we’ve been educating the community with our volunteer-driven research publications, trainings, certificate programs, in-person and virtual events, and many other initiatives based on top-of-mind security concerns. These offerings would not be possible without our vast network of dedicated members, volunteers, subject matter experts, speakers, chapter leaders, trainers, and advocates. This year, we’re interviewing 15 longtime partners that have been integral to the success and growth of the CSA community.

Today we’re speaking with Rick Doten, VP, Information Security at Centene Corporation and CISO of their Medicaid Healthplan based in Charlotte, NC. In his prior role, Rick worked as a Virtual CISO educating corporate boards, developing security programs, and creating the curriculum for a cybersecurity master’s degree program for an international university. Rick has alternated between being a cybersecurity management consultant and CISO throughout his 25+ year cybersecurity career, and has led many ethical hacking, incident response, and risk management teams. Learn all about Rick’s involvement with CSA below.

What are the various ways you’ve been involved with CSA over the years?

Over the last 4 years I have been a speaker and panelist at SECtember and CSA Summits at RSAC numerous times. I’m also the VP of our local CSA Chapter here in Charlotte, NC.

What’s your favorite memory of the CSA community?

The first SECtember event in Bellevue. We were still under COVID restrictions, but it was such a great event, and a wonderful group of people coming together to talk about cloud security.

Why do you continue to be a part of the CSA ecosystem?

Cloud security continues to be misunderstood by the security community. I’ve done many keynotes at events talking about how cloud security is different from the on-premise security approaches we’ve used for the last few decades. But I continue to see organizations trying unsuccessfully to shoe-horn legacy tools and processes to manage cloud security operations.

What do you see as one of CSA’s most significant contributions to the cybersecurity industry?

The wealth of freely available cloud security papers and articles. Also the Certificate of Cloud Security Knowledge (CCSK); it gives a terrific overview of cloud security concepts which everyone should have as a foundation.

What are your predictions for CSA in the next 15 years?

It will continue to grow in size and importance to the industry as cloud computing expands across industries and communities. I also believe it will have significant contributions to new standards and frameworks, which will be used by companies and providers.

Question from interviewee Heinrich Smit: What can CSA do to better connect and unify with international standards bodies and communities, while at the same time maintaining uninfluenced standards and truths in cybersecurity?

I think it can maintain its objectivity in standards by continuing the support of its membership, which is a diverse set of organizations from different industries and maturity levels. And by keeping out the influence of security vendors.

Do you have a question for the next interviewee to answer?

What is the one thing you tell people is different about cloud security as opposed to traditional on-premise security?

Make sure to check out more insights from the CSA community here.