You need to sign in or sign up before continuing.

Robert Hughes | Source | Chief Information Security Officer at RSA

RH

Robert Hughes

Chief Information Security Officer at RSA
On the record
Represented by:
Share profile 
Link:
Bio
Edit

As the Chief Information Security Officer (CISO), Robert leads the Security and Risk Office and is responsible for ensuring the security of RSA products and solutions and the RSA corporate environment, leading the organization’s cybersecurity, Information Security Governance Risk and Compliance (GRC), corporate physical security, privacy, product and IT application security functions. Rob has more than 25 years of experience leading security and cloud infrastructure teams, including life-critical operations and business-critical PCI-DSS level 1 transaction processing environments. Previously, he worked in the Philips Home Monitoring division, leading the Security and Systems Design team and co-founded the original Geek.com website, where he served as Chief Technologist. Rob has a BA in Computer Science and Mathematics from Brandeis University.

Employment
Sign up to view all
  • RSA
    Chief Information Security Officer
Media
Sign up to view all
  • Secret CSO: Rob Hughes, RSA

    What metrics or KPIs do you use to measure security effectiveness? “There’s no one metric that’s going to tell the full security story.”

    Article
Story Ideas
Sign up to view all
  • US Cyber Command's Pause on Russia: A Call for Heightened Cybersecurity Vigilance
    Rob warns that the pause in US cyberoffensive actions may embolden Russian threat groups, increasing risks. He advises leaders to adopt a security-first mindset and prioritize identity and access management. Rob emphasizes, "No one is an island," highlighting the importance of understanding third-party risks. Cybersecurity leaders must prepare for potential increased threats.
Recent Quotes
Sign up to view all

  • My philosophy is that there are millions of KPIs and there’s no one metric that’s going to tell the full security story. What I like to do is use a maturity matrix to understand how advanced a given security control or compliance program is today and work to improve them tomorrow. You can use some metrics to get a sense of that maturity, but there’s no KPI silver bullet that will tell you the full story. I suggest to use your maturity of controls as a metric and measure with KPI’s to make sure you are improving the maturity over time.

Headshots