4 days Ago
Phil Venables, an honoree of the 2024 Forbes CIO Next list, helps other companies safeguard their systems on Google’s cloud, acting like a “trusted advisor.” S itting in a brick-walled conference room on Election Day at Google’s office in Washington, DC, Phil Venables, Chief Information Security Officer of Google Cloud, runs through his recent to-do list: Earlier that day, he met with product teams getting ready to launch new security features meant to protect enterprise clients. Then he’d worked on a “significant upgrade” to Google’s broader technical infrastructure, beyond his normal purview of the cloud.
Now he was prepping for a talk on managing the risks of AI adoption in financial services to be delivered the next day at the International Monetary Fund. But top of mind throughout was another crucial task: meeting with customers piloting Google’s cloud service, who are trying the tech giant’s AI tools for the first time. Venables leads the division’s customer advisory board, where he works with the CISOs and CIOs of other companies to safeguard their operations while using Google’s services.
This year, Venables is an honoree on the 2024 Forbes CIO Next list , which spotlights the best and brightest C-level executives in the field of technology and security information. He’s also a bit more than that. As Google Cloud’s CISO, Venables has become a sort of AI and cybersecurity whisperer for colleagues in similar roles at other enterprises that rely on Google’s services.
He’s the CISO’s CISO. “I like to think of my role as not just CISO for Google Cloud,” Venables told Forbes . “But like a trusted advisor to 1,000s of other companies.
” His potential customer pool is massive, and growing. Almost two-thirds of organizations say they’re now using AI in at least one business function, up from a third last year, according to a May report from consulting giant McKinsey. And 67% expect their companies to invest even more in AI over the next three years.
But with more businesses experimenting with AI in the workplace, new security threats are emerging. Enterprises worry about AI models leaking their proprietary data, or the system being manipulated or abused by attackers. “The scale that we operate at is probably bigger than pretty much any other company in the world.
” With its high profile and vast reach, the stakes are even bigger for Google Cloud. Led by CEO Thomas Kurian, it’s the third largest cloud provider in the world, behind Amazon Web Services and Microsoft Azure, according to the research firm Gartner. In the third quarter, Google Cloud generated $11.
4 billion in revenue, up 35% year over year. Its heavyweight slate of clients includes Walmart, Uber, Major League Baseball and Mercedes-Benz; Google says some 600 of the world’s largest 1,000 companies are clients. For Venables, working on cybersecurity at Google is unlike working at any other place in the industry because its products are so far-reaching.
For example, Google Workspace, which provides enterprise versions of Google’s popular productivity apps like Gmail and Drive, has more than 3 billion users. “The scale that we operate at is probably bigger than pretty much any other company in the world,” he said. Google Cloud’s enterprise security platform, Google Threat Intelligence, is used by customers including the Spanish bank BBVA and consulting giant Deloitte to detect and prevent cyberattacks.
Google won’t disclose how many clients use the service, but said its adoption has grown fourfold in the last six quarters. Venables said Google Cloud also helps customers with long-held security issues, like enabling stronger authentication or deterring phishing attacks. Venables is Google Cloud’s first information security chief; the office of the CISO was created when he joined the company four years ago.
He’s also the only person with the CISO title at Google, though he has a handful of counterparts across the company who handle security for different parts of the tech giant, like Chrome security VP Parisa Tabriz, or Heather Adkins, VP of engineering and a founding member of the company’s security operations. Born in Leeds, UK, Venables spent two decades at Goldman Sachs before coming to Google, most recently heading cybersecurity efforts for the bank’s portfolio companies, and sitting on the Goldman Sachs board until 2020. To build out his team, Venables added key veterans of the security industry, including Taylor Lehmann, who led security engineering teams for the Americas at Amazon Web Services, and MK Palmore, a former FBI agent and field security officer at Palo Alto Networks.
“You need to have folks on board who understand that security narrative and can go toe-to-toe and explain it to CIOs and CISOs,” Palmore told Forbes . “Our team specializes in having those conversations, those workshops, those direct interactions with customers.” For example, he said the CISO office sprang into action to help clients after the 2020 breach of the networking company SolarWinds, which touched thousands of organizations including parts of the federal government like the U.
S. Treasury and Homeland Security. For Google, it’s not only about Venables and his team being able to personally consult with clients on security.
With thousands of corporate customers — with different needs and sometimes in highly regulated spaces — he works to ensure that all of their clients can get help as fast as possible, whether or not they have the pull to meet with Venables. Generally, a “CISO is going to meet with a very small subset of their clients,” said Charlie Winckless, senior director analyst on Gartner's Digital Workplace Security team. “But the ability to generate guidance on using Google Cloud from the office of the CISO, and make that widely available, is incredibly important.
” Google is trying to do just that. Last summer, Venables led the development of Google’s Secure AI Framework, or SAIF, a set of guidelines and best practices for security professionals to safeguard their AI initiatives. It’s based on six core principles, including making sure organizations have automated defense tools to keep pace with new and existing security threats, and putting policies in place that make it faster for companies to get user feedback on newly deployed AI tools.
To turn the SAIF principles into more than just a conceptual set of guidelines, last month Google released a free risk assessment tool for companies to evaluate their security situations. The tool is a survey that asks companies about their policies and development processes, like how they train and fine tune their AI models, or who has access and control of data. The service then creates a personalized report with potential threats, and suggestions on how to mitigate them.
Writing the SAIF guidelines led Google to help form the Coalition For Secure AI, an industry group that shares tools and methodologies for developing and deploying AI with stringent security standards. Members include OpenAI, Microsoft, Anthropic and Nvidia. More broadly in his capacity as Google CISO, Venables has been a member of President Joe Biden’s Council of Advisors on Science and Technology since 2021, which makes suggestions to the president on tech and innovation policy.
His tenure will be up when Biden leaves office. As more people begin using AI, new threats will emerge, Venables said. But he's optimistic the technology will also birth new ways for people to protect themselves from digital adversaries.
AI can help analyze malware or find and fix vulnerabilities, he said. “We're very realistic about how the attackers are going to use AI,” Venables said. “But we think AI benefits defenders more than attackers.
” Editorial Standards Forbes Accolades.
