Riot Games’ Chris Hymes on Cybersecurity for the Gaming Industry

Riot Games’ Chris Hymes on Cybersecurity for the Gaming Industry

September 17, 2020


Reading time
5 mins

Riot Games is perhaps best known for its popular game League of Legends. With about 100 million monthly players worldwide, the security team faces its own set of unique challenges when it comes to preventing fraud.

Recently, Riot Games’ Chris Hymes appeared on “The New CISO” podcast to discuss the company’s security measures, as well as his own thoughts on building a safe infrastructure. Hymes has a long history in the field, having served as head of information security at Hulu before joining Riot Games as CISO.

DDoS and gaming

In the gaming industry, cybersecurity analysts constantly strive to protect the user experience. If one player experiences latency due to a DDoS attack, that player will understandably be frustrated. To keep those issues at a minimum, Riot Games built its own fiber backbone called Riot Direct.

In addition to cyberattacks, Riot Games also has to be able to detect and prevent cheating. The process is similar to the threat-hunting techniques used in other environments.

“The anti-cheat team is actually part of security. You need people who deeply understand adversaries’ tactics. So in order to know how someone is cheating in the game, you need to deeply understand how players play the game and think about it, just like you need to understand how an adversary is going to move from workstation to workstation.” — Chris Hymes, CISO, Riot Games

Advice for aspiring anti-cheat professionals

Some cybersecurity analysts may have an interest in getting into the gaming industry. While there’s some crossover, Hymes stresses that anti-cheat analysis is closer to the skills required to reverse engineer malware.

“What I would say is for someone who’s really interested, I would first start kind of doing some investigation into why people cheat,” Hymes says. “You need to understand the deep technical aspects of how a computer works.”

Advice to his younger self

On each episode of our podcast, we like to ask the guest for words of advice to their younger selves. Interestingly, Hymes had advice unrelated to the security industry itself. He said he’d simply advise his younger version to slow down and enjoy life a little more.

“I would say that for a large chunk of my life, and even occasionally I fall back into this trap, I sometimes think that everything is critical,” Hymes says. “Everything needs to be solved immediately. Everything is just super important. And a lot of the times if you take a step back and you look at the bigger picture, you’ll realize that some of the things you think are critical and that you’re going to kill yourself over, possibly kill other people over, just aren’t that big of a deal. And if you’re able to step back and look at things with a calm perspective, especially in the security space or when you’re a leader in a company, that is a strength that other people will learn from, and as well as really appreciate.”

Looking to the future

In 2019, Zoom dealt with a security issue that had Mac users seeing their webcams compromised. Hymes points to that as an example of the importance of having a CISO on the leadership team. Often CISOs are seen as a hindrance to progress since the job, by definition, is to always proceed with caution.

“Imagine a world where startups said, hey, you know what? We believe fundamentally that security and feature development can live in harmony so we don’t end up in a place like this. Part of my founding board of executives is going to be a security person.” — Chris Hymes, CISO, Riot Games

Leading the next generation

Hymes believes in the importance of thinking long-term when building a security team. This, to him, means surrounding yourself with the right people and equipping those people to take over when you someday retire or leave. In fact, he feels like if he leaves and the team collapses, it’s a huge failure on his part.

“To me, a good CSO has the goal to be a calming voice in the organization, to build the strongest possible security team for what the company needs, to empower the people, to be a customer service person to the other executives at the company, to be a voice for my team and people and to build a sustaining team that’ll way outlast me at the company,” Hymes says. Building that team and empowering and growing the next generation of leaders in the team is one of his top priorities. He’s sad to see people leave but proud when they become CSO somewhere else. Again, Hymes, “I’m proud that they are now leading a security team at another company. And, and that is the type of thing I take more pride in that than I do fixing a security vulnerability in all honestly.”

As the head of security for one of the top companies in the gaming industry, Hymes has valuable insights into the challenges the industry faces. To hear the full episode, check out episode 25 of “The New CISO” podcast, Determining Risk Tolerance for a 100-Million-User per Month Organization.

Tags: For CISOs,

Similar Posts

The Rising Threat of Compromised Credentials in State and Local Governments: The Case for UEBA

Embracing Change and Growth in Cybersecurity Leadership: Insights from a CISO

Exabeam News Wrap-up – June 1, 2023

Recent Posts

The Rising Threat of Compromised Credentials in State and Local Governments: The Case for UEBA

What’s New in Exabeam Product Development – May 2023

Embracing Change and Growth in Cybersecurity Leadership: Insights from a CISO

See How New-Scale SIEM™ Works

New-Scale SIEM lets you:
 • Ingest and monitor data at cloud-scale
 • Baseline normal behavior
 • Automatically score and profile user activity
 • View pre-built incident timelines
 • Use playbooks to make the next right decision

Request a demo of the industry’s most powerful platform for threat detection, investigation, and response (TDIR).

Get a demo today!