What is the difference between a chief information security officer and a chief security officer? In some companies, it’s a matter of semantics rather than responsibilities.

But for Shawn Henry (pictured, right), president of the Services Division and chief security officer of CrowdStrike Holdings Inc., the distinction is important. While a CISO oversees all things related to information technology security, a CSO is responsible for all things security, whether physical or virtual.

“If you’ve got adversaries that want to gain access to your organization, they might do it remotely by trying to hack into your network,” Henry said. “But they also might try to get one of your employees to take an action on their behalf, or they might try to get somebody hired into your company to take some nefarious acts. So, from a security perspective, it’s about building an envelope around all things valuable.”

Henry and Kevin Mandia (pictured, left), chief executive officer of Mandiant Inc., spoke with theCUBE industry analysts Dave Vellante and David Nicholson at theCUBE @ Fal.Con 2022, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed changes in the threat landscape and how collaboration between companies is important to build a strong defense against criminals. (* Disclosure below.)

Cybersecurity community collaborates against the common enemy

CrowdStrike has both a CSO and a CISO who work together to secure the company against potential threats. But CrowdStrike was founded on the premise that the unstoppable breach is a myth. While the statement is still far more of a future vision than a statement of fact, CrowdStrike is still striving toward the goal.

“It’s like healthcare; you’re not going to stop every disease, but there’s a lot of things that you can do to mitigate the consequences of those things,” Henry stated. “The same thing with network security. There’s a lot of actions that organizations can take to help protect them.”

As with personal health, companies that take a lackadaisical “don’t-care” attitude to security should expect to suffer the consequences, according to Henry. Companies have learned that battling an enemy that is well-funded and motivated requires collaboration. Mandiant and CrowdStrike may compete head-to-head in the market, but they put that aside to work together in the greater fight against their common adversary.

“If I see something that’s new and novel, I certainly contact Shawn and the team at CrowdStrike … because they protect so many endpoints and they defend nations,” Mandia said.

Microsoft Inc. and other companies that “have a large capability to do shields up,” are also on his immediate contact list.

“You can’t sit on new and novel [vulnerabilities]. You get to the vendor where the vulnerability is,” he added.

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of theCUBE @ Fal.Con 2022:

(* Disclosure: CrowdStrike Holdings Inc. and Mandiant Inc. sponsored this segment of theCUBE. CrowdStrike, Mandiant and other sponsors do not have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE