Security Experts:

Mark Hatton's picture

Mark Hatton

Mark Hatton is president and CEO of CORE Security. Prior to joining CORE, Hatton was president of North American operations for Sophos. He has held senior roles with companies ranging from venture capital-backed, early-stage software vendors to a Fortune 500 information technology services and distribution organization. Hatton holds an MBA from Boston University, Massachusetts and a BA Communication from Westfield State College, Massachusetts.

Recent articles by Mark Hatton

  • it’s hard to build continuity under inconsistent leadership. It’s also really hard to beat the hackers when the person responsible for keeping them at bay has less job security than an NFL coach with a losing record.
  • You need to identify your security shortcomings before someone else does. Simulate attacks and tests to associate known vulnerabilities, previous attack patterns, and security/network data to identify potential attack paths to your company’s most important data.
  • Having a CISO not only solves the diffusion of responsibility problem by putting one person in charge, it also helps to transform the security culture in your organization.
  • So what does the World Cup have to do with cyber security? A great deal actually. Anytime there is a large-scale global event, there is a sharp spike in the number of cyber scams that are unleashed.
  • Are we doing enough to ensure that we are cultivating the next generation of cyber professionals? Do we invest enough in education programs that so that students go on to institutions of higher learning with a goal of becoming a cybersecurity expert?
  • The fall of a high-profile CEO due to security concerns makes me envision a scenario where security is now given a more prominent role on the executive team, with more emphasis placed on avoiding the breach in the first place.
  • The fact that you aren’t seeing or hearing about potential threats to the organization, or alarms aren’t being raised by the security team, shouldn’t make you feel better as an executive.
  • Security really is a marathon and there are no days off. Sacrifices are needed and tough decisions are required. The motto of our country’s most elite fighting force, the US Navy SEALs, is The Only Easy Day Was Yesterday.
  • I am painfully aware that in business and in security, hope is not a plan. However, that doesn’t mean we can’t dream a bit about the best case scenario. In the spirit of the season, here are five things I’m hoping for in the security industry this year.
  • The oversight for the protection of healthcare information is only getting tighter, and it is incumbent upon the security teams to ensure healthcare professionals have all the tools necessary to improve patient outcomes, while we worry about keeping the bad guys away.
  • During the RSA Conference we heard a lot about the changing landscape of threats and how attackers are becoming more sophisticated and better funded every day. So naturally the debate ensued around whether keeping pace and ultimately closing the gap is a question of technology, spend or approach.
  • Here are five things I recommend security pros keep in mind when navigating the line between tight security and keeping the organization running at peak proficiency.
  • Predictive security narrows the scope considerably and helps IT and security pros zero-in on the most likely vulnerabilities and areas most-at-risk due to the sensitive nature of the data they hold.
  • One of my concerns heading into these Olympic Games is that the public has become somewhat desensitized to cyber-attacks and we may not have the same level of vigilance against cyber threats as we should.
  • Complacency is never a good thing, but in security it can have devastating effects. While it’s good to acknowledge progress, that should never stand in the way of staying ahead of the next potential threat.
  • If you are a CISO or director of security you already know that not everybody within your organization values security as much as you do, or perhaps as much as they should.
  • If Nostradamus had envisioned our networked world of 2014 and had written predictions about the security challenges that existed, I’d expect them to look something like this...
  • The best way to anticipate a move by an adversary is to put yourself in their position and ask, what would I do in the same situation? Studying the ways in which you would attack a given situation provides a strategic advantage when planning your defense.
  • While we haven’t yet suffered what could be considered a major infrastructure attack, the reality is that the number of attacks is on the rise. Can our defense respond to the challenge?
  • Just like football, security is a tough game and not for the faint of heart. There are threats lurking around every corner and it’s when you think you are in the clear that a blindside hit is most likely to happen.
  • As you set forth on the path to establishing your security budget for 2014, remember that receiving the budget that allows you to do what is needed from a technical standpoint often begins with a business discussion.
  • The following is a list of questions that I recommend everyone ask security vendors as an initial filter.
  • I believe that no other nation can match the capabilities of the United States military, but at the same time, matching the level of resources and investment in cyber being made by nation states such as China could prove impossible.
  • One of the biggest inhibitors to securing an organization’s most critical information is treating all data as if it had the same value. While it would be nice to be able to secure every bit of data or information on your network, that is a nearly impossible task.
  • At a time when many are questioning the need for continued spending on security, it’s time for us as security professionals to step up and meet these challenges and prove that it is money well spent.