Security Experts:

Mark Hatton's picture

Mark Hatton

Mark Hatton is president and CEO of CORE Security. Prior to joining CORE, Hatton was president of North American operations for Sophos. He has held senior roles with companies ranging from venture capital-backed, early-stage software vendors to a Fortune 500 information technology services and distribution organization. Hatton holds an MBA from Boston University, Massachusetts and a BA Communication from Westfield State College, Massachusetts.

Recent articles by Mark Hatton

  • I am painfully aware that in business and in security, hope is not a plan. However, that doesn’t mean we can’t dream a bit about the best case scenario. In the spirit of the season, here are five things I’m hoping for in the security industry this year.
  • The oversight for the protection of healthcare information is only getting tighter, and it is incumbent upon the security teams to ensure healthcare professionals have all the tools necessary to improve patient outcomes, while we worry about keeping the bad guys away.
  • During the RSA Conference we heard a lot about the changing landscape of threats and how attackers are becoming more sophisticated and better funded every day. So naturally the debate ensued around whether keeping pace and ultimately closing the gap is a question of technology, spend or approach.
  • Here are five things I recommend security pros keep in mind when navigating the line between tight security and keeping the organization running at peak proficiency.
  • Predictive security narrows the scope considerably and helps IT and security pros zero-in on the most likely vulnerabilities and areas most-at-risk due to the sensitive nature of the data they hold.
  • One of my concerns heading into these Olympic Games is that the public has become somewhat desensitized to cyber-attacks and we may not have the same level of vigilance against cyber threats as we should.
  • Complacency is never a good thing, but in security it can have devastating effects. While it’s good to acknowledge progress, that should never stand in the way of staying ahead of the next potential threat.
  • If you are a CISO or director of security you already know that not everybody within your organization values security as much as you do, or perhaps as much as they should.
  • If Nostradamus had envisioned our networked world of 2014 and had written predictions about the security challenges that existed, I’d expect them to look something like this...
  • The best way to anticipate a move by an adversary is to put yourself in their position and ask, what would I do in the same situation? Studying the ways in which you would attack a given situation provides a strategic advantage when planning your defense.
  • While we haven’t yet suffered what could be considered a major infrastructure attack, the reality is that the number of attacks is on the rise. Can our defense respond to the challenge?
  • Just like football, security is a tough game and not for the faint of heart. There are threats lurking around every corner and it’s when you think you are in the clear that a blindside hit is most likely to happen.
  • As you set forth on the path to establishing your security budget for 2014, remember that receiving the budget that allows you to do what is needed from a technical standpoint often begins with a business discussion.
  • The following is a list of questions that I recommend everyone ask security vendors as an initial filter.
  • I believe that no other nation can match the capabilities of the United States military, but at the same time, matching the level of resources and investment in cyber being made by nation states such as China could prove impossible.
  • One of the biggest inhibitors to securing an organization’s most critical information is treating all data as if it had the same value. While it would be nice to be able to secure every bit of data or information on your network, that is a nearly impossible task.
  • At a time when many are questioning the need for continued spending on security, it’s time for us as security professionals to step up and meet these challenges and prove that it is money well spent.
  • There is one drawback in the security industry that mainly affects the business and marketing side of a security vendor: nobody really wants to buy security, they just know it’s necessary.
  • As security continues to evolve from an issue of IT to a matter of business risk, many leadership teams are struggling to understand it and to answer the fundamental question of, “Where am I susceptible to threats?”
  • When making the case for a security budget, don’t just provide numbers and statistics; lay out the business case and the importance cyber security plays in the protection of the brand.
  • They always say in the investment world that cash is king. We are now seeing that in terms of cyber as well. Stealing cash, it’s even better than stealing money.
  • As threats and vulnerabilities continue to evolve, it is incumbent upon organizations to empower all of their employees to take an active role in their own network security.
  • Despite the billions of dollars spent annually by government and private industry to protect their networks and critical data assets, the large majority of breaches can be tied directly to human error and/or a breakdown in protocol.
  • There is an old saying, that if you want to get ahead, don’t bring your boss problems, bring him or her solutions. The same can be said when it comes to investing in security solutions.
  • There is a term currently permeating the security industry that distracts everyone from the larger goals at hand of making networks safer, mitigating threats and protecting critical data. The term is hype.