From Tokens to Passwordless: RSA CISO, Rob Hughes, On FedRAMP REV 5 and AI Risk

Show Notes

In this episode, hosts Mike Strohecker and Jason Shropshire sit down with Rob Hughes, CISO of RSA, for a deep dive into identity security, FedRAMP Rev 5, and emerging AI risk.

Rob shares his journey into the CISO role and how RSA has evolved from its early days of hardware tokens into a modern, cloud focused identity provider. The conversation covers real world lessons from RSA’s FedRAMP authorization experience, including navigating the JAB process, operating during the shift to remote work, and balancing compliance requirements with meaningful security outcomes.

The group also explores what FedRAMP Rev 5 changes actually mean for identity, phishing resistant authentication, and passwordless approaches, as well as how FedRAMP is moving toward more outcome driven security models. Rob offers candid insight into how these changes affect both federal and commercial environments.

The discussion wraps with a practical look at AI risk, including data leakage, shadow AI usage, and why identity and zero trust principles are becoming even more critical as AI tools become part of everyday workflows. A lightning round at the end adds a lighter close to the conversation.

Topics covered include:

Rob Hughes’ path to CISO and RSA’s identity evolution

FedRAMP Rev 5 and phishing resistant authentication

Lessons learned from the FedRAMP JAB process

Identity as the modern security perimeter

AI risk, data exposure, and shadow AI concerns

Lightning round questions

Subscribe for more conversations on cloud security, compliance, and the people behind the programs shaping federal and enterprise cybersecurity.

#FedRAMP  #CloudSecurity #FedRAMPRev5 #identitysecurity