惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

L
LINUX DO - 最新话题
G
Google Developers Blog
J
Java Code Geeks
The GitHub Blog
The GitHub Blog
F
Full Disclosure
H
Help Net Security
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Vercel News
Vercel News
酷 壳 – CoolShell
酷 壳 – CoolShell
Recent Announcements
Recent Announcements
Help Net Security
Help Net Security
The Hacker News
The Hacker News
IT之家
IT之家
Y
Y Combinator Blog
Martin Fowler
Martin Fowler
L
Lohrmann on Cybersecurity
C
CERT Recently Published Vulnerability Notes
V
Visual Studio Blog
博客园 - 聂微东
Hacker News: Ask HN
Hacker News: Ask HN
H
Hacker News: Front Page
Know Your Adversary
Know Your Adversary
Security Latest
Security Latest
Security Archives - TechRepublic
Security Archives - TechRepublic
Simon Willison's Weblog
Simon Willison's Weblog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
T
Troy Hunt's Blog
Last Week in AI
Last Week in AI
Schneier on Security
Schneier on Security
N
News and Events Feed by Topic
博客园 - 【当耐特】
有赞技术团队
有赞技术团队
AWS News Blog
AWS News Blog
Blog — PlanetScale
Blog — PlanetScale
博客园_首页
Google DeepMind News
Google DeepMind News
Cloudbric
Cloudbric
N
News | PayPal Newsroom
A
About on SuperTechFans
S
Schneier on Security
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Hugging Face - Blog
Hugging Face - Blog
M
MIT News - Artificial intelligence
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
雷峰网
雷峰网
T
The Exploit Database - CXSecurity.com
罗磊的独立博客
K
Kaspersky official blog
The Cloudflare Blog
I
Intezer

Okta Security RSS Feed

OpenSSL HollowByte: A DoS Hiding in 11 Bytes Datadog and Okta Combine for New Customer Detections Detecting OpenClaw at Sign-In Okta Hardening Guide Updated to Secure Non-Human Identities Okta Pooled Security Audits: a One-Year Retrospective Account Recovery, without Password Resets Okta’s Response to React2Shell Uncloaking VoidProxy: a Novel and Evasive Phishing-as-a-Service Framework Attackers Target Hotelier Accounts in Malvertising and Phishing Campaign Using Auth0 Logs for Proactive Threat Detection Controlling Cross-App Data Sprawl in Google Workspace How this ClickFix campaign leads to Redline Stealer Paving the Path: Pooled Audits with Okta Security Building Confidence in Support Comms with Caller Verify at Okta Enabling ISO/IEC 27001:2022 Compliance with Okta Okta’s Secure by Design Pledge - One Year On Leveraging Okta System Logs for Proactive Threat Detection Enhancing Customer Trust Through a Comprehensive Audit Program Okta's new Security Technical Implementation Guide (STIG) A Guide to DORA Compliance with Okta How AI services power the DPRK’s IT contracting scams Detect and Prevent Cross Device Authentication How Responsible Disclosures are Shaping a Safer Cyberspace Cybersecurity’s Next Gen Next.js CVE-2025-29927 Empowering Security with Customer Trust Solutions Putting Security First with Secure Development One trick finds the root of any Okta troubles CSO Conversations: Stephen McDermid, Regional CSO of EMEA Content-Security-Policy in a Complex Environment CSO Conversations: Keiko Itakura, Regional CSO of Japan How Okta Embraces Identity Verification Using Persona CSO Conversations: Matt Immler, Regional CSO of Americas East Raising the Bar for our Industry with IPSIE Cyber-Safety over the Holidays Okta Social Engineering Impersonation Report - Response and Recommendation Five Reasons to Upgrade your Org to Okta Identity Engine Okta’s Ongoing Commitment to Secure By Design Unveiling the Essence of the Security Customer Trust Function Security Education Through the Art of Storytelling Seven Ways to Reduce Super Admins in Okta The Case for Zero Standing Privileges FastPass: The battle-hardened authenticator Detecting Cross-Origin Authentication Credential Stuffing Attacks How to Block Anonymizing Services using Okta Why Cyber-heroes need a Zero Trust CAEP! Okta Verify Vulnerability Disclosure Report - Response and Remediation Defensive Domain Registration is a Mug’s Game Protecting Administrative Sessions in Okta How to Secure the SaaS Apps of the Future Okta October 2023 Security Incident Investigation Closure October Customer Support Security Incident - Update and Recommended Actions Unauthorized Access to Okta's Support Case Management System: Root Cause and Remediation Tracking Unauthorized Access to Okta's Support System Go “Secure by Default” With Custom Admin Roles for IT support staff Cross-Tenant Impersonation: Prevention and Detection BYO Telephony and the future of SMS at Okta Saying “No Thanks” to nOAuth Telling More Okta Detection Stories with Google Chronicle An Unexpected Endorsement for WebAuthn Social Engineering is Getting More Extreme, but the Fixes Can Be Simple Study up on Okta Logs for Splunk’s Boss of the SOC! Keeping Phishing Adversaries Out of the Middle Using Workflows to Respond to Anomalous Push Requests Okta and Splunk Combine to Detect Common Attacks Setting the Right Levels of Assurance for Zero Trust Catch-All's and Canary Rules User Sign-in and Recovery Events in the Okta System Log Okta Code Repositories Detecting Real-Time Phishing Attacks Detecting Real-Time Phishing Attacks Okta’s Response to OpenSSL Security Update Monitoring for Abuse of Administrative Privileges System Log: a Window into Supporting the Okta Cloud The Human Factor in Phishing Resistance Auth0 Code Repository Archives From 2020 and Earlier Phishing Resistance and Why it Matters Detecting Scatter Swine: Insights into a Relentless Phishing Campaign Defending against Session Hijacking Unlocking the Mystery of 700+ Okta System Log Events Official Okta Statement on LAPSUS$ Claims Protection, without perimeters We (still) need to talk about RDP Just How Risky is Legacy Authentication?
CSO Conversations: Matthew Hansen, Regional CSO of Americas West
Matthew Hansen · 2025-03-19 · via Okta Security RSS Feed

CSO Conversations is a blog series interviewing Okta’s Regional CSOs supporting David Bradbury, Okta’s Chief Security Officer in providing the best service for our customers. Okta’s Regional CSOs are integral to Okta’s Security Trust and Culture team, building and strengthening trusted advisor relationships with global security thought leadership.

What motivated you to pursue a career in cybersecurity?

I started my career working in the risk consulting practice for a Big 4 firm and learned that cybersecurity was a critical component for customers in highly regulated industries. A significant influence on shaping my career in risk management was primarily focusing on the financial services, pharmaceuticals, aviation, and oil and gas industries, each of which has unique regulatory and security requirements.

How has your past audit and regulatory compliance experience shaped your approach to cybersecurity today?

My journey of risk management consulting and internal audit has given me broad exposure to a number of industries, frameworks, and regulations. But I believe it presents a common theme: companies have implemented the Three Lines of Defense framework. Often, operationally speaking, employees still overlook risk management as “not their problem.” I’m motivated to be an agent of change and help companies address their risk through an Identity risk-based lens.

What are your thoughts on the importance of vulnerability management in cybersecurity?

Like everything in the tech world, the vulnerability management landscape is constantly evolving. Organizations need to prioritize not only how they protect their businesses and stakeholders but also how they tactically respond to weaknesses before attackers can exploit them. With budget and resource constraints putting more emphasis on automation efficiency and AI, we see organizations scaling at incredible speeds in reducing their risk of exposure or attack.

If you could provide a few short cybersecurity words of wisdom to Okta customers, what would they be?

When looking at your organization's identity evolution, don't just “throw the kitchen sink” as the only solution. Instead, try to create specific, measurable, achievable, relevant, and time-bound goals to methodically tackle cybersecurity problems.

In your opinion, what is the impact of cybersecurity awareness in today’s organizations?

The First Lines of Defense in any organization are its people. Throughout my career, I’ve found that cybersecurity maturity and security awareness among your employees must be in unison for a strong fabric of cybersecurity DNA. You cannot have one without the other. The level of maturity and strength of your security culture can have a double-down effect on increasing accountability, promoting ownership, and strengthening how your organization manages risks. 

In what ways do you demonstrate Okta’s corporate values in your day to day?

Okta’s core values are deeply rooted principles that guide our day-to-day decisions and actions. This translates to a unique set of tenets that drive our interactions with customers to help build trustworthy relationships, uplift their identity posture, reduce security friction, and produce positive security outcomes. To make Okta and our customers the most secure companies in the world, we’re placing big bets to deliver on our OSIC initiatives and elevate Okta as the industry leader in Identity and cybersecurity.

In your opinion, does achieving compliance equate to a strong security posture?

Yes, and no! Let me explain… For SaaS companies like Okta, our maturity measurement is gauged both internally through various compliance frameworks like SOC2, ISO27001, NIST CSF, etc. and also by our customers.

But what you read and what you see can have disparities. For example, suppose your company completes a SOC2 attestation with a clean opinion and no control exceptions. In that case, it's a sign of success based on those controls your organization has defined and implemented. Or is it just a piece of paper that shows an independent audit firm assessed your controls based on prescriptive guidance but with no substantive value to the organizations receiving the report? Therein lies a core problem, your controls were assessed with a subjective assessor.

Regulators are starting to pick up on the quality of attestations and are putting more emphasis on third-party risk functions to objectively observe control execution with their own eyes. Attestations are still needed and are a great tool to measure your internal control effectiveness. But perception is a two-way street and if we want to elevate the measurement of success in the cybersecurity industry, we need to cast a broader net to our audiences to truly understand what a strong security posture should look like.

From your perspective, what is the most fulfilling part of your role as Regional CSO?

As a self-proclaimed ‘Agent of Change,’ the most fulfilling part of my role is participating in security and compliance discussions and helping our customers tackle the challenges head-on. While every customer engagement has a different look and feel, at Okta, we’re all working towards a common goal to elevate the Identity industry and make Okta and our customers the world’s most secure companies.

How do you describe your Regional CSO role to non-technical friends and family?

In the words of my amazing wife, “Matthew helps protect our daughters' data and privacy.” 

What key challenges do you predict the cybersecurity industry will face this coming year?

While Artificial Intelligence is buzzing in everyone's mind and will become a game changer for organizations, I believe the risk concentration in the cybersecurity supply chain will be the next layer of scrutiny organizations accelerate with. With the adoption of large enterprises investing more in Cloud-based solutions over the last 5-10 years, we’ve seen the evolution of attacks become more persistent and successful. While this reliance on Cloud-based tools can enhance operations, many of those tools depend on open-source components, opening the door to compromise thousands of users at once.

Concentrate that risk with large vendors, handling thousands of customers, and the attack vector can disrupt entire industries. For example, you buy a smartphone, and the supplier that manufactures the processor has identified a security flaw. The phone manufacturer can check its Software Bill of Materials (SBOM) to see which models use that processor and issue a fix or recall the device. 

Organizations need to work with their critical vendors and assess the supply chain. SBOMs are important tools in your risk management program that help improve transparency, so organizations know exactly what they’re using and can address security issues before they become problems.

Matthew Hansen is a Regional CSO for Okta’s Americas West region. As a leader in security risk management, his accolades include MBA, CISA, and CCSK. Backed by over 15 years of experience in consulting, internal audit, IT governance and risk management, Matthew provides security program support to Okta’s customers. During his downtime, he enjoys travelling the world, experiencing new cultures, and attending Formula 1 races.