Endpoint Security , Internet of Things Security , Next-Generation Technologies & Secure Development

Amazon CISO Amy Herzog on Embedding Security in Ring, Alexa

How Amazon Accelerates Product Development While Securing Customer Data
Amy Herzog, CISO, Ads and Devices, Amazon (Image: Amazon)

Embedding security in the product development process has given Amazon two major capabilities it needs out of its product releases - innovation and speed, said Amy Herzog, CISO of Ads and Devices at Amazon.

See Also: Live Webinar | Old-School Awareness Training Does Not Hack It Anymore

Security is integrated from the design phase at Amazon, with product and cyber teams working together to enhance speed and safety rather than applying post-development fixes. While security principles such as encryption are generally consistent across Amazon's portfolio, popular products such as Alexa and Ring have unique security requirements based on customer expectations as well as the nature of the devices, Herzog said (see: The Rise of Memory-Safe Languages in Secure Development).

“I was really excited to take this CISO role at Amazon because during my interview process it became really clear that at Amazon, we are all aligned with my own beliefs about security, which is that we can be at our best an accelerant for product development, a velocity accelerator where we're really working, co-creating, building with product teams to make sure that what we release is secure," Herzog said.

In this video interview with Information Security Media Group, Herzog also discussed:

  • Security strategies for consumer-facing products such as Alexa and Ring;
  • Differing security expectations between corporate and consumer tools;
  • How Amazon balances security transparency and usability for consumers.

Herzog joined Amazon in February 2023 after holding IT management positions at Travelers insurance and at Pivotal, which was acquired by VMware in December 2019. She has a deep security engineering background, working as a principal security engineer for the MITRE Corp. for more than 15 years at the start of her career. At MITRE, Herzog was the co-inventor of two patents relating to cybersecurity.


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.