SAN FRANCISCO — Southwest Airlines Cybersecurity Senior Manager Carrie Mills has a big ask for security vendors: “Help us get past agent fatigue.”

Mills joined VMware COO Sanjay Poonen and Patrick Morley, SVP and GM of VMware’s Security Business Unit, onstage during a keynote at the RSA Conference today. Southwest Airlines is a VMware customer, so her answer to Morley’s question about what advice she’d give to security vendors is going to be at least a little self-serving.

In this case, it’s worth noting that yesterday at the annual security event VMware announced that Carbon Black’s workload protection technology, which VMware acquired last year, no longer requires installing an agent to provide antivirus protection or endpoint detection and response because of a tighter integration with vSphere.

But self-serving or not, agentless security can make it easier to manage and improve performance, so Mills has a point. “We have all these agents that are running on all our boxes,” she continued. “It’s complex to manage. And when we talk about IT security, some of those agents don’t even work in our own environment.”

She had one more piece of advice for security vendors: “I’d also say think outside the box and be bold.”

Many of the problems chief information security officers face today stem from complex IT environments and too many security products spread across these environments, Mills said — echoing a common theme from this year’s RSA. And because it’s an airline, Southwest’s security spans both the traditional IT side of things as well as operational technology.

VMware calls the solution to this problem intrinsic security, or building security into the network as opposed to using a bunch of different point products.

“If you went to a doctor and you asked her, ‘How do you stay healthy?’ And she said, ‘Take about 5,000 tablets.’ You just couldn't do that,” Poonen said. Similarly, security requires a different approach, he added. “Not something that’s bolted on, or something that’s siloed, or something that’s very threat-centric. But something that’s fundamentally more built-in, more intrinsic.”

Mills had another word for this built-in, pared-down approach to security: simplification. “We’ve been trying to look for ways to shrink our cybersecurity footprint,” she said. “How can we leverage the platforms that maybe the networking team already has in place? And how do we get rid of some of the tools and bolt-on, cybersecurity-type technologies that we’ve implemented over the last 10 to 15 years? So really, for us, intrinsic security is all about simplification, and finding the correct balance of when we can leverage a platform that has security built in or we need to go buy that tool.”

And, Mills added, this requires more of a team approach to security where the infrastructure and application teams are equally as involved. “We have to learn how to work better together,” she said, adding that at Southwest Airlines she encourages her security team to build relationships with their infrastructure and application peers. “It’s just simple things. Swing by their office to say hello. It’s saying, ‘Hey, you want to go grab a cup of coffee?’ Security is a team sport.”