LAS VEGAS: Adobe chief security officer Brad Arkin is preaching a unique brand of education, which he says has helped to make his company's products more secure and given employees valuable professional skills.
Arkin, who joined the company in 2008, has overseen Adobe's move from offering its products as boxed discs and digital downloads to hosted cloud services.
“It has been a big thing for us, when you are putting software in a box, it is really just the code and you don't have any control over the environment they are putting that code on top of,” he told V3. “When we are writing code for our servers, we control in theory every aspect of it.”
With the transition from shipping products to hosting them on servers, the company has had to focus on new areas such as managing and securing servers, protecting infrastructure and preventing attacks on company systems.
To help guard the cloud infrastructure and improve the security of Adobe products, Arkin instituted a unique system based on a martial arts structure of "belt" ranks. By reading security materials and inline seminar material developed by security staff, employees earn a “white belt” ranking, a basic competency that can be obtained over a few days.
Further on, employees can spend more time studying materials and training over the course of several weeks to get a “green belt” certification, then a “brown belt” program designed to run for six months and a top “black belt” certification obtainable over the course of a year or more.
The structure then plays a vital part in how development teams are assembled. Arkin and his team mandate that each project has a certain amount of team members with green and white certifications as well as brown and black belt developers overseeing security.
In addition to making products more secure, Arkin says Adobe employees are teaching themselves valuable professional skills.
“We went from getting not just the security geeks to do the training, but also the career-oriented people,” he explained. “You go from a less sexy project to one that is more exciting.”
The formula has proven so successful that Adobe has exported its security programme to other firms. The company has joined the Safecast project, which is now offering Adobe's training materials free to other firms.
Arkin hopes that the model will help other firms to implement best practices and improve the security of their products, particularly those which interact with Adobe's own platforms.
He is also calling on the experience of other firms to help Adobe in its transition from software vendor to cloud provider. Arkin said that as he has encountered various hurdles in the company's efforts to take its products online, Silicon Valley neighbours such as Salesforce.com and Netflix have been valuable sources of information.
“The good news is we are not the first company to encounter these problems,” he said. “We talk with all these guys and we can cherry pick what works and put that in our environment.”
Australian government to require technology and communications companies to provide access to messages
New bill avoids demanding 'backdoors' in encryption, but includes measures to compel companies to provide access to encrypted communications
Indonesian overclocker Ivan Cupa (with the aid of a lot of liquid nitrogen) achieves record overclock on AMD's latest Threadripper
Ssupermassive black hole is so big it corresponds to four per cent of the galaxy's total mass
Imminent attack will target a single bank with cloned cards used to fraudulently withdraw millions over one weekend