Security moving from Department of “No” to Department of “How”
Ziften sponsored a booth at the ISSA Los Angeles 5th Annual Information Security Summit on May 21, 2013. It was a great show for us, with booth visitors from Disney, Toyota, Honda, Sony, Warner Brothers, Northrop Grumman, and many others, including law firms and security consultants. We were unique at the event, being a young company with new technology to augment and improve existing security and system management approaches for the enterprise client. So we enjoyed that!
The event was a slam-dunk success for ISSA – I heard there were 780 attendees – truly amazing considering how busy everyone is in IT security, and considering Los Angeles traffic! The ISSA LA team did a great job marketing and promoting the event and attracting really interesting speakers.
One of my favorite presentations at the event was the CISO Panel, which included the CISOs from Visa, ADP, Mattel and PETCO. These CISOs gave frank insights into the challenges they face on a daily basis. Most of them report to the CIO, but one of them reports to the CFO. All of the CISOs indicated they must work cooperatively across departments, with legal moving to be more influential, which is no surprise. They all seemed to have relatively small teams, large influence with C execs, and the need to be in meetings a great part of their time to get the job done.
“Nobody likes surprises” was an observation from the Mattel CISO. Apparently the average CISO is faced with icky surprises like lost assets with PII, malware outbreaks and other urgent problems, and line of business requests at the last minute too much.
Ira Winkler did a lunch keynote on security awareness. A couple of key take aways I had:
- Might be good to measure your results of any security awareness program. After all, without metrics, how do we show results?
- Security awareness programs ought to consider the best way to communicate information to their constituents – Ira pointed out that younger employees might respond better to blogs and Twitter, whereas older employees might respond better to posters and documents
- Ira reinforced this: “create a positive security culture”. At the NSA and companies like IBM, it is for sure that following security policy is a condition of employment.
- Oops, antivirus works, like, 18% of the time. Yikes!
I heard a theme of understanding that depicting our situation with China should not be depicted as Cyber Warfare as the media seems to desire. Aaron Turner, President of InegriCell & IANS Research Faculty did a nice closing keynote and mentioned this. I’ve recently blogged (CLICK HERE) on the topic, and couldn’t agree more.
All in all, a Great Event!
Now, it was a madcap 12 hour day for us, and I feel like this write-up is missing so many key points from the event, so I encourage anyone with an opinion to add insights. Controversy welcome! I could not believe how well the event was managed and promoted- I’m going to have to share this with my local ISSA Austin chapter to encourage them to sponsor a similar event!
For more information on Ziften, check us out HERE