Applied Artificial Intelligence and Modeling Division

Innovation and speed are the name of the game for SAS' AAIM division. These two words rarely play well with security. I am tasked with not only providing my teams security advice during their shortened development cycle, but also with creating new and innovative controls to make security work where there isn't a paved path.

This isn't an easy task, nor do I do it alone. I rely heavily on the excellent team of Product Security Architects from across the company, as well as the input from the many exceptional developers who make AAIM's products great. We all want to succeed, and we know that secure products will help us get there. My job is to continue to foster that spirit of secure development while working hard to accomodate new approaches to existing secure patterns.

Projects

• Agentic security: SAS is not missing the boat, the AAIM division is running quickly and effectively towards agentic products which can effectively meet our customers' needs. This requires a new type of cyber security, no longer focused on scans (because they don't exist yet), and instead focused on making applications truly secure from implementation onward. I use my experiences with the OWASP GenAI project, as well as my regular research into cutting-edge controls, to help guide our agentic security strategy and align our products with a secure by default mindset.
• Containerized architecture: SAS' newest products won't run on their existing platform solutions. Rather, they will take SAS' leading data analytics capabilities and run them in an out of the box container, ready to be spun up and return results. This requires a fresh security perspective, focused on trust and shared responsbility between our customers' secure implementation and the security of our products. My hard work has helped this product approach be both successful and secure, with our customers' secure implementation and our built-in security working in concert.