Our guest this week is Doug Cox, Principal Security Architect for Salesforce. Doug reflected on the beginnings of cybersecurity with host Megan Garza, recounting how a youthful prank sparked his interest in technology. He also discussed the future of tech, particularly with the rising influence of AI, and shared why it’s so crucial to safeguard sensitive healthcare data.
Our guest this week is Doug Cox, Principal Security Architect for Salesforce. Doug reflected on the beginnings of cybersecurity with host Megan Garza, recounting how a youthful prank sparked his interest in technology. He also discussed the future of tech, particularly with the rising influence of AI, and shared why it’s so crucial to safeguard sensitive healthcare data.
#Cybersecurity #Salesforce #AI
[00:00:00]
Megan Garza: Welcome to Speed Data, quick conversations with cybersecurity leaders. I'm your host, Megan Garza. Today's guest is Doug Cox, a Principal Security Architect at Salesforce. Welcome to the show, Doug.
Doug Cox: Thanks. It's good to be here.
Megan Garza: Doug is an IT professional with over 20 years of experience in data warehousing, enterprise data, and cloud security.
Megan Garza: He's skilled in SaaS, security, encryption, and tokenization, and is a Salesforce Certified AI Associate. Doug currently works with account teams to focus on the Salesforce Principles of Trust. In his words, he enjoys helping customers unravel security and compliance to understand and meet their complex challenges.
Megan Garza: Doug, you studied communication and media in college. What made you want to go into cybersecurity?
Doug Cox: Well, I can tell you that in 1981, there was [00:01:00] no cyber security. So, you know, I wanted to be a DJ. You know, I wanted to go out and I wanted to talk to people, which I do today. It's kind of crazy. Like, I went to school to become a DJ and be in entertainment and media. And now I'm actually broadcasting all day from my house, so.
Doug Cox: But there really was no cyber security back then. I mean, when I was a kid in high school, we had one computer. I learned how to do a loop, and I was able to print out something bad about teachers a hundred times. Uh, I got in trouble, and then I had to pay for the paper. My parents grounded me, so I was in a lot of trouble.
Doug Cox: So it was like my first Hacking attempt. Um, you know, cybersecurity started to really kind of show up with the phone hacking, right? back in the day, you could, you could use this 2600 megahertz sound and open up a long distance call. and then, you know, as the grew, you know, we became more aware of cybersecurity, with every job I took.
Megan Garza: so how has the threat landscape changed since then?
Doug Cox: you know, back in the day, in the 80s, we were more concerned about physical security than we were anything else. We were literally bursting printouts, putting them in [00:02:00] these cubbies where people just take them. You know, just, oh, there's all this information, We were more concerned about the people getting in and Messing with equipment and things like that. you know, but, once I started getting into the, Unix world, I started to understand things like the change mod, you know, by giving access controls out to, people who actually needed them.
Doug Cox: basically my first, my first foray into least privilege, if you will. but then when I started to get into databases, which is the lion's share of my career, I was really starting to understand, access controls for data and who should have access to what, and trying to keep that all under control.
Doug Cox: So it was mainly, The threat landscape went from nothing to everything now. So it's, been quite a journey.
Megan Garza: And now you typically work with customers in the health and life sciences sector. What challenges do you see with HLS customers specifically?
Doug Cox: highly regulated industries, have a lot of extra stuff, you know, to worry about, mainly it's, about the landscape of regulations. HIPAA is something that I have to deal with on a daily basis and HIPAA tends to be a little bit of a [00:03:00] murky thing, you know, so our customers.
Doug Cox: can kind of interpret it the way they will, but there are some really hard, requirements that our customers have to face, when it comes to HIPAA and then as well as HITRUST as well, you know, understanding how to encrypt, understanding, you know, saving data, changes to data, that kind of thing.
Doug Cox: So, uh, our customers really need. struggle with that, the interpretation of HIPAA, but also things like this change healthcare issue that happened a few months ago. They really want to know about ransomware and how SAS environments are handling things like ransomware, how they can help prevent ransomware and other attacks at their org level, but also what SAS environments do at the infrastructure to head that kind of thing off and deal with it if it potentially happens.
Megan Garza: And speaking of ransomware, I would think that health and life sciences sector might have some of the most important or the most critical data that they certainly want to protect from ransomware.
Doug Cox: 100 percent and you know, and then company paying off that ransomware also [00:04:00] puts all the other companies at risk. So, you know, I didn't really get a lot of, interest, a lot of calls around that incident that happened a couple months ago until they paid it off and then everyone started to get a little nervous.
Megan Garza: Because they set a precedent
Doug Cox: they set a precedent, you know, and, and it's a lot of very, sensitive information that, contain in health records. So, big deal.
Megan Garza: And what do you think it takes to be a successful security leader?
Doug Cox: I mean, you have to stay, you have to be expert, you know, you have to stay informed of everything, cybersecurity, try to keep, you know, a grip on the news and, and what's going on out there. stay informed, right? Um, also, you know, having a good team around you helps, you know, we all have different domains and I'm, I'm an encryption guy.
Doug Cox: My last. A couple jobs for, starting in Salesforce for encryption vendors. Uh, I have, you know, a friend that worked at Oracle and my team, and he's really good with IDP and did it, you know, so we all have our own domains. So we all work together to try to help our customers. so, you know, it's important to be able to, to create teams that have vision as well.
Doug Cox: you know, what, is the next, you know, move speaking [00:05:00] for us, you know, and how can we help our customers adopt this kind of technology to, uh, create more secure environments.
Megan Garza: And what do you think is the most important thing to remember when working in cybersecurity?
Doug Cox: need to listen, uh, you need to understand, um, our customers all have different reasons why they're, upset right now cybersecurity in this world of ever, you know, ever changing landscape of security. Uh, so it's important to stay, you know, Proactive, so we don't have to react, right?
Doug Cox: So, you know, I always try to teach my customers stay proactive. And another thing is vision, right? You know, we want to understand the upcoming risks, and we need to be able to plan for it, And instill this onto our customers. Or, sometimes they instill it on me. You know, and my customers are telling me things that I don't even know.
Doug Cox: Which is, which is kind of crazy. So, you know, we all work together as a team, whether it's customers and Salesforce or, you know, my, team member. And then finally, you have to really understand things like ethical standards as well. [00:06:00] You know, we, we, we talk about this in our AI world, you know, like we want to make sure AI is done ethically and correctly for our customers as well as securely.
Megan Garza: it sounds very collaborative the way you describe it.
Doug Cox: 100 percent it has to be.
Megan Garza: And now I might know the answer to this question based on our previous conversation a little bit ago, but if you weren't in cybersecurity, what would you be doing?
Doug Cox: if I was not in cyber security, which, you know, could happen in the next 10 years I've been around a lot, uh, I'll probably be writing music, drumming, and producing music with my wife.
Megan Garza: I have always wanted to learn how to play the drum, but I don't have the hand eye coordination to where like I'm doing One thing with this hand, one thing with this hand, and then the foot, like, can't do it.
Doug Cox: The good thing is you can, you can actually close your eyes and do it, so you don't even need the hand eye coordination.
Megan Garza: good trick. I'll have to remember that. Well, thank you for joining me today, Doug. I appreciate you taking time out to chat with me and teaching me a little bit about the tricks to drumming, and for [00:07:00] joining me on this week's episode of Speed Data. Have a good one.
Doug Cox: Yeah. You too.