Join us for an in-depth discussion with Ryan Hebert, Head of Cyber Assurance at ICE, as they share insights from the RSAC Conference 2025. Hosted by Dave Vellante and John Furrier from SiliconANGLE Media, this session covers the latest strategies for data security and integration within the rapidly evolving landscape of cybersecurity.
Hebert brings extensive experience in cybersecurity strategy and leadership. At ICE, they oversee crucial areas such as governance, risk management, compliance, application security, and red teaming. They also collaborate with Anand Pradhan of ICE's artificial intelligence Center of Excellence, focusing on leveraging AI to enhance cybersecurity defenses. Moderated by theCUBE experts Dave Vellante and John Furrier, this conversation offers valuable insights into the integration of AI and innovative practices in cybersecurity.
Key takeaways include the importance of collaboration across sectors, as emphasized by Hebert. They explain ICE's approach to maintaining robust security protocols and fostering an environment of continuous learning and adaptation. According to Hebert, building trust communities and leveraging innovative technologies are instrumental in advancing cyber resilience and addressing challenges posed by social engineering and AI-driven threats.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC Conference 2025. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For RSAC Conference 2025
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for RSAC Conference 2025.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC Conference 2025. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to RSAC Conference 2025
Please sign in with LinkedIn to continue to RSAC Conference 2025. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Ryan Hebert, ICE
Join us for an in-depth discussion with Ryan Hebert, head of cyber assurance at ICE, as they share insights from the RSAC Conference 2025. Hosted by Dave Vellante and John Furrier from SiliconANGLE Media, this session covers the latest strategies for data security and integration within the rapidly evolving landscape of cybersecurity.
Hebert brings extensive experience in cybersecurity strategy and leadership. At ICE, they oversee crucial areas such as governance, risk management, compliance, application security, and red teaming. They also collaborate with Anand Pradhan of ICE's artificial intelligence Center of Excellence, focusing on leveraging AI to enhance cybersecurity defenses. Moderated by theCUBE experts Dave Vellante and John Furrier, this conversation offers valuable insights into the integration of AI and innovative practices in cybersecurity.
Key takeaways include the importance of collaboration across sectors, as emphasized by Hebert. They explain ICE's approach to maintaining robust security protocols and fostering an environment of continuous learning and adaptation. According to Hebert, building trust communities and leveraging innovative technologies are instrumental in advancing cyber resilience and addressing challenges posed by social engineering and AI-driven threats.
Ryan Hebert, head of cyber assurance at ICE, joins theCUBE’s John Furrier and Dave Vellante at the RSAC 2025 Conference to explore how collaboration and continuous learning are shaping next-gen cybersecurity strategies. The conversation highlights ICE’s efforts to integrate AI into its defense posture while maintaining rigorous governance and risk protocols.
Hebert explains how red teaming, compliance and application security come together under ICE’s broader cyber assurance strategy. He also spotlights the partnership with ICE’s AI Center of Excelle...Read more
exploreKeep Exploring
What is Ryan Hebert's new role at ICE and what is his previous experience in the cyber field?add
What was the process of forming the FS-ISAC group and how has it helped in building trust with other financial institutions?add
What conferences are the speaker referring to and how many people are they bringing to each one?add
>> Welcome back everyone to theCUBE's live
coverage here in San Francisco. I'm John Furrier, host of
theCUBE, with Dave Vellante, breaking down all the action. John Olson, Jack McGuire, our lead analyst in security out on the floor, putting in theCUBE. Of course, getting all the action. SiliconANGLE team is getting all the news. Great event, day three,
conversations across the board, re- platforming and how to defend. And of course, how do you
integrate all these products? Ryan Hebert is here,
back from last year ahead of Cyber Assurance. New role at ICE, the parent
company to the NYSC as part of the NYSC Wired community
and theCube partnership. Ryan, great to see you and welcome back. >> It's great to see you too.
Thanks for having me, guys.
Ryan Hebert
>> .
- Good to see you in your new role.
Ryan Hebert
>> I will, thank you. It's exciting, yeah,
Dave Vellante
>> I had a similar role about 10
years ago when we were tiny >> and had about 20 people in cyber. But now we have 195, so
I've got half of that. So went from being the
individual contributor as a business information security officer for New York Stock Exchange,
fixed income and data services. Fantastic experience. Now we've got a new person running that shop, Priya Kutcherlapati. She's wonderful, we got her
from our Ellie May acquisition. She's been running
strategy for all of cyber for the whole company
for about five years now. She's going to fit in perfectly. So now I'm back on the practitioner side. I've got half of cyber. So I've got GRC, AppSec, RedTeam and a little splash of
cloud. So, doing great. >> Yeah, talk about the
relationship with ICE. >> A lot of folks know this, some don't. ICE is the parent company of NYSC. It is a massive operation, billions of dollars in revenue. A lot going on, and you got a lot of data.
Ryan Hebert
>> Oh, my god.
- And everyone wants that data. >> The bad guys do. It's not an easy job. Talk about ICE quickly, and then we'll get
into some of the conversation. >> Sure, yeah. It was a beautiful play
Ryan Hebert
>> by our founder, Jeff Sprecher. So we started as a
derivatives trading exchange, brought a physical
exchange online in Atlanta. Enron went over, everybody came to us. They were knocking production
over probably three times a day for the first month. We got our wits about
us and figured it out. Then we built a clearing house, so a guarantee fund in the
middle if someone falls over, like an MF Global or a Lehman Brothers. We're able to have that cash
in the middle to pay out all of their options that they
had open to the other side. So that was a really good foray into the derivatives trading world. Based upon that, he
bought the New York Stock Exchange in 2013. So we went into equities, and then we've done a lot in
the mortgage technology space. So the average time for
a mortgage was 57 days. We brought that down to eight, from walking into the house
saying you want to buy it to executing the deed. >> So that built a ton of trust in that.
Dave Vellante
>> And that's 43 business units of data,
Ryan Hebert
>> and why not give it to everybody
that wants it in any facet or any capacity that they want, right? >> Yeah. And as they say,
bad guys want the cheddar. Or that they want the
cheese, which is the data. >> They want the cheese.
- And you have to defend on that. >> What's it like these days?
Ryan Hebert
>> Obviously AI is key to
success here at the show. What is your view on the landscape? You probably do, what, three or four jobs?
Ryan Hebert
>> Yeah. - That's a theme
here. AI is going to augment. >> What is your position on
this? What's your take on it? >> Yeah. So about 10 years ago,
Ryan Hebert
>> Jeff started this narrative
called Stay lean, stay ahead. So we're always looking forward. If you don't have three jobs at ICE, you're not doing your job. That's just how it goes.
So partnering a lot with Brian Bauman on our
NYC capital markets team to outreach to the VCs and the funds of what's coming out next. We had a guy who rebuilt the
entire infrastructure under NYC called Pillar into one clean infrastructure that
lives in our data center. He's now shift roles. He does that still in support, but he's running our AI
Center of Excellence. That's Anand Pradhan. And then my head of AppSec
and RedTeam, which we call ART because it is an art, APSEC RedTeam. Craig Lambert has been helping
us in this AI working group. So it's a quick and dirty
group of three people, Anand, Craig and myself.
Dave Vellante
>> What can you tell us about
your AI center of excellence? What is that, and what's
the genesis of it? >> So Anand's reaching out to
all of the different deep seek
Ryan Hebert
>> and he's building OpenAI and LAMA. He's working with Meta, everybody. So he's building out all
these air gaps, orchestral, underpinning language model builders, and he has a splash
page for every developer or user in the company to offer
up a productivity use case. So he sprints them in order of priority, builds the model directly
defined to what they need and the data classification
set that they need, drops it in our data center and off they're running. It's beautiful.
Dave Vellante
>> So this is for on-prem?
Ryan Hebert
>> On-prem only, for
only internal use cases. Right, but that gives us a good
playing ground to understand what we need to do to
provide for our customers on that data services side. >> Yeah. And also you're seeing that center of excellence from an
engineering standpoint, a leader steps up in our org, this is the pattern we're seeing. I was talking to John
Rose yesterday, he said, "Michael Dell said his job
might go out of business because he's also the CTO. " So a lot of people are stepping
up in these roles to lead, and be the threaded leader if you will, to use an Amazonian term. And then once that's done, then the theory is AI's everywhere. There's no real AI leader once it's done. What's your reaction to that? You agree?
Ryan Hebert
>> That's the goal. As you
said, three jobs at one time. I would love to have an agent doing half of the work that I need to do. Securing all of the
infrastructure at the endpoint, ensuring all of our ingress and egress controls are working properly. Taking down all these
horrible manual processes that are still at a
state of requirement from a regulatory standpoint. My SOC group has 750 AR
tickets to go through a day. On top of that, they're
getting 550 phish failures that are really a spam email. I want an agent to be able to curate and define all of these
easy, manual sub-five tasks, put a english-driven root
cause analysis into the cyber ticket and close it out so
it's ready to go for the SEC. >> Yeah. The phishing and the social engineering
proof point was just on theCUBE yesterday. They're growing rapidly, because social engineering
is on everyone's mind. It's what everyone's afraid of, because that is where the
attack vector to user piece... I know from getting emails from ICE and NYSC, you guys are
hardcore on the user piece. What's your take on this
whole social engineering category? Again, you got the data.
Ryan Hebert
>> Yeah. We had trouble providing
folks in our NYC office in San Francisco an
opportunity to demo for us because their emails
weren't coming through. So they all get mad at me
because the demo can't go through and I'm like, "Hey, you're welcome. " Yeah. As the agents are- >> They got to keep the data safe. >> That's right. So as these
agents are building these fear-
Ryan Hebert
>> phishing campaigns, it's
becoming really curated and directly attributed to the
user based on the information they can glean from the data online. But Proofpoint has been a
huge friend in this space. It feels like every time I have
a problem in any orchestral space with data, Proofpoint's
like, "We got you, buddy. " They're going to help
us with our DLP on Macs, which is a fifteen-year problem that no one's been able to crack. They're going to help us
on mobile DLP as well. And this fear-phishing has gone
down significantly based on them, so thank you to Suma
and Proofpoint for sure.
Dave Vellante
>> Going back to what you said about agents, what has to happen? What steps do you have to take such that you trust those agents?
Ryan Hebert
>> I made a joke yesterday that we need to build an agent that's
monitoring the agents. Someone laughed and I was
like, "I'm kind of serious. " Just the beautiful
thing that Anand's doing with this AI center of excellence. He's got six people that are
doing constant data analysis and RAG, confirming all the manual steps that they expect to see. And then I was concerned. My AppSec team was
champing at the bit to go and do a web application pen test and all of the models he was building. I was like, "Guys, you got
to wait, it's not built yet. " So I go down and I was like,
"Tell me when you're ready for us to pen test it." He
goes, "Let's go, right now." >> Yeah, really?
Ryan Hebert
>> I want that context, beat it up.
Dave Vellante
>> So we started doing prompt injections, forcing hallucinations. He's like, "Maybe I didn't
want this." But you know what? That's what you do. You kill it yourself. >> Stand down.
- Exactly.
Ryan Hebert
>> love to break
shit, they love to do that.
Ryan Hebert
>> Oh man, I love it.
- So red teaming has been >> the theme on the model side. >> I want to get your thoughts
on this. This is exactly
Dave Vellante
>> what the conversations
are in the hallways. Red teaming is not a new concept. But with models, red
teaming is a strategic piece of the puzzle because it's
generous, non-deterministic. So Red teaming is a critical
strategy. Explain that.
Ryan Hebert
>> I never thought, in 16
years as a practitioner, that I'd be doing as much business development as I'm doing now. But it's just organic, right? >> Yeah.
- You're talking to all the funders,
Ryan Hebert
>> and all the founders of
companies that are working >> through VCs, and you're getting that insight into what they're doing. And through NYSC Wired and working with you guys, I
have all that connectivity. So I've had four times this
week someone has asked me about one specific pen test company, and it's just been the
easiest response ever. They're doing exactly what
I expected them to do. It's a company called Expo. I don't know if you've heard of them yet, but four different VCs are asking about it because they want to jump in on it. What they're doing is they're
building an agent that'll drop into your internet, and we
will purposefully drop admin credential canaries throughout
our production iterations. So it has to navigate
through our infrastructure, quietly without blue team finding it, and pick up all those canaries. It's essentially an agent
to capture the flag. So we just push go and
back up, get the results. It creates an
english-curated, data-driven, regulatory-ready pen test
report in clear fashion of how the exploit
happened and how it worked. >> Back in the old days,
honeypots was the big thing. It was so easy to do.
This brings up a couple of things I want to get your thoughts on, because the NYSE wire
community is growing so fast because of trust networks being built. Because sourcing and discovering information around what's working is on
everyone's mind these days. So this idea of collaboration, security's always been a
collaborative team sport.
Ryan Hebert
>> Has to be.
- That's been talked about, >> it's just not really something that's new. But as the velocity of the
pace of play is so fast, how important are these relationships? And if you talk to other
practitioners, these trust networks that are forming, these watering holes of the tribe if you will-
Ryan Hebert
>> That's right.
- ... >> how important is this?
It's not like a LinkedIn. It's like everyone's on WhatsApp or Telegram, whatever
tools that they use, Slack or whatever, the communication's high velocity, high fidelity. What's your view on this whole wired wave?
Ryan Hebert
>> So when I started 16
years ago, there was an open email bridge with all the CISOs in the
financial services space. So my boss would just reply in, dropping in indicators of compromise. That's how they did
it. We called ourselves the CISO frenemies. Right, so we're talking CME, NASDAQ, all the financial services. Also, Bank of America, Visa, MasterCard. And that formulated into a
group called the FS-ISAC. So that's a huge threat intel feed for us, it's 12,000 banks. They made a subgroup called the ARK. It's the 19 critical
infrastructure, market utilities and financial services companies. So I'm on the risk committee,
I'm the PMO for the company. Through that relationship,
that's what's really drawn all of the institutions that are financially listed on
the New York Stock Exchange. Our exact, direct enemies
in terms of frenemies of the derivatives exchange. So using the threat intel
feed has built a lot of the trust to go beyond that. Let's say, "What kind
of tools are you using? What are you seeing?" We got
a response on a Sev2 from one of our enemies that
accidentally saw an IP address that was allocated to us. Save the bacon for us, and
we're doing the same for them. So using that, and then having you guys
on the floor meeting with all the CEOs of these
companies that are coming out, and Brian Bauman over
in our MIC wire group. We're bringing all the
founders that understand what our needs are together
with a list of companies and all the other financial institutions. >> Yeah. And you called it
a trust community, right?
Dave Vellante
>> It's a trust community, exactly.
Ryan Hebert
>> Yeah. And what's happening
is it's like a TLD. It's like a >> domain group of people on top of the IP addresses, their little LinkedIn's
or whatever tools they got. It's not like- >> And I don't have to use
my top secret clearance. >> Yeah, look at that, look at that.
Ryan Hebert
>> And again, this is the value
of the information economy, and we think a result of
that will be a marketplace of ideas, a marketplace of value. This is new. It's growing like a weed, and I can't be more bullish on it. And it's going to change
conferences, it's going to change relationships. Hiring, deals, business
growth, a huge opportunity.
Ryan Hebert
>> Getting all together in a room at RSA, and then going back over to Black Hat in the next couple of months. We're so excited to all
get in a room and just... Open dialogue. We've done it
forever with threat intel. Let's do it for what we're
using to beat the bad guys down. >> The security industry really
is a canary in the coal mine, to use that word you just mentioned. Because it's highly data
rich, data protection. Collaborative and sharing,
you mentioned that. And they're using AI practically.
They're not just suckers. Hey, shiny new toy. >> That's right.
- They want legit, proven... >> Yeah, the bar's high on
resilience. Okay, we get that.
Ryan Hebert
>> That's another AppSec
review kind of concept. But AI is definitely...
People are leaning into it. What's your reaction
to that? Do you agree?
Ryan Hebert
>> Yeah, absolutely. We use a Fibonacci principle for rolling
out different copilots. We started with Microsoft Copilot. Now it's fully out to
the entire enterprise. We have an 85% hit rate on
people using it in the company. Never expected that number
that high that quick. Now we're rolling out GitHub Copilot. We've gone 1%, 9% to
the development group. Now we're getting 65% use
out of the development team. They're arguing 75% productivity gains using a GitHub Copilot. But again, with Anand and the AI Center of Excellence, we're also beating down
individual contextualized models and agents for our developers' explicit use cases for building code.
Dave Vellante
>> Did you see Satya with Zuck? He said 30% of our code is
now being developed by AI.
Ryan Hebert
>> And I love it.
- That's a big chunk.
Ryan Hebert
>> And Peter Rakyat at
Sneak is taking it all in,
Dave Vellante
>> and giving me a recommendation
based on another agent. How to fix it. Automatic orchestral before it goes to QA fix
without a developer having to jump back in without my
AppSec team having to go and scream at them and say, "Please close this ticket for the love of god." >> I love this idea of a
physical event, digital first- party relationship with a network, where you're getting at it
with this now code assistance. It's a digital version
of sharing real product. That's right, so it's
impacting the product side.
Ryan Hebert
>> Yeah. We can all get together in a room and talk candidly about exactly
what's working, what's not. And how two different companies that are doing the same product, where one might be at NASDAQ, one might be with NYSC are in the room with both of us, and they're talking about
what they're trying to do to work together and work
with us to fit our needs. It's amazing, I've never
seen anything like it. >> I love that collaboration.
Dave Vellante
>> I don't think it would've
happened 15 years ago the same way anyway, although it's
interesting to hear that. >> I agree.
- But now,
Dave Vellante
>> the industry realizes
it's not a zero-sum game.
Ryan Hebert
>> The market's enormous,
so let's protect and win.
Ryan Hebert
>> Yeah. The goal here is to avoid the... We don't want to end up where
everybody's using the same three owners of every tool set. We want to have that sprawl. We don't want to have an
ancestral relationship, because that gives you resilience, right? >> Yeah.
- When you've gotten multiple platitudes
Ryan Hebert
>> of opportunity to use Agentic for secure, or to defeat the users of
Agentic on the outside, having multiple opportunities to do that with different companies where
they can all rise up in the harbor together is just table stakes >> At the same time, Ryan, are you trying
Dave Vellante
>> to at least somewhat reduce
the number of vendors and tools in your security stack, and to what degree are
you able to do that?
Ryan Hebert
>> That's the tough game we play. So I am always looking at the
things coming out of stealth, but I hope in some capacity
that they'll be able to fan out to three
different budget points. Three different threat objectives. So I do want to fan them out, but I also want to combine down where you've got six different vendors that are doing the same thing. Give them opportunities to do other things and then beat down that threat objective and move them to something else. >> Well Ryan, we really
appreciate your sharing and your leadership, and helping us with theCUBE get the data. Readiness is a big
topic. Are vendors ready? There's a lot of great
companies here at RSA. Everyone's here. It's got the business and the tech, it's got sandboxes. What's your view of the landscape, and what's your plan for the second half of the year in terms of
what you're looking to do, events you're going to be at? What's the landscape look like, and what's on your agenda
for the rest of the year?
Ryan Hebert
>> Yeah. RSA is more the CISOs Conference. Black Hat is the practitioner's one. Right, so I brought five people here. I have 36 people coming
with me to Black Hat. It's education, it's
informing their peers. It's doing Red teaming together. It's the collaboration on that side. So I'm excited to have hopefully you guys with us, in Black Hat. >> Oh, we'll be there.
- We'll be there.
Ryan Hebert
>> We'll have NYSE Wired as well.
Dave Vellante
>> Yeah, 100%.
- Introducing ourselves
Ryan Hebert
>> to all the new things
coming out of that summit
Dave Vellante
>> that's coming through Black
Hat with the Innovation Hub, >> and us having our own NYSE launchpad, bringing companies out into the forefront. >> And you guys got a lot of data. Is there plans to share some of that data? Because we're going to have
a big campaign in the fall around trying to squint through the fog and get data on what is readiness? What our benchmarks look like. I know Anand's got a lot of
data too, plans to share that.
Ryan Hebert
>> It's almost as if you read my mind. We're building an agent to
provide all of the data from all of these conversations that we're having, and provide it out to
everyone who wants to see it, especially through SiliconANGLE. >> Ryan, thanks for
coming on theCUBE. Really appreciate it. Great to see you again. >> Good to see you.
- Thanks you so much. >> I can see you there.
- Ryan Hebert here with
Ryan Hebert
>> cyber, assure that ICE...
Dave Vellante
>> A big operation. They got
a lot of data on-prem too.
Ryan Hebert
>> It's the crown jewels, of
course you got to protect them, theCUBE bringing all the data here at RSA, thanks for watching.
Dave Vellante