Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Do You Know Your ABCs?

Ah, RSAC 2017. Into the bowels of Moscone, I dove. Submerged in a calliopean frenzy of schwag hawkers and “where the world talks security” messaging. From the Marvel-esque call to “Be a hero!” to the more existential reminder that “Every moment counts!” I found myself drowning in a sea of Secure! Protect! Defend!

Ah, RSAC 2017. Into the bowels of Moscone, I dove. Submerged in a calliopean frenzy of schwag hawkers and “where the world talks security” messaging. From the Marvel-esque call to “Be a hero!” to the more existential reminder that “Every moment counts!” I found myself drowning in a sea of Secure! Protect! Defend!

From shiny object to shiny object, I waded. What’s new? What’s different? What’s the word?

The word, the buzz definitely centered around artificial intelligence (AI). But with so much focus on its potential to alleviate the current woes of not enough time or pros to combat a growing number of cyber aggressors using more and more diversified and automated attacks, it started to remind me of, years ago, when my friends would advise me to stop dating “potential.”

Potential isn’t something that can get you very far in the near term—if ever—so in my search for the magical security nostrum du jour, I decided to put aside thoughts of AI and its potential. And that’s when I discovered the true gospel of the conference. In a world where we recognize security shortcomings—too much data, too little time, too many bad guys, too few good guys—it’s increasingly critical to not forget the basics of defense. 

A, B, C Before D, E, F

On the odd occasion, I look for ways to relate work lessons to life lessons—for me, almost always to do with horses. And this time, my horse Arty came to mind. He was “born” to piaffe, passage, prance like a prima ballerina. Unfortunately, because of his innate talent, he was pushed a bit too far too fast as a youngster; and the basics were neglected. A trainer once said to me, “He knows D, E, F, but not A, B, C.”

Like AI, upper-level dressage movements are sexy. (No, really, they are.) But for them to even be possible—and correct—requires a commitment to building a solid A, B, C foundation. Sure, to analogize cybersecurity to dressage may seem a stretch. But, when you think about it, both require quotidian diligence. Both are fundamental to good health. And both require a helluva lot of time and money.

In cybersecurity, basic hygiene is a must. You can’t neglect proper testing, patching, encryption, segmentation, visibility, etc. You could implement every eye-catching security tool on the market, but without good, clean hygiene and the ability to deliver tools the right data at the right time, they’ll never shine their brightest. In short, you can’t go wrong investing time, energy, and capital in the basics.

Advertisement. Scroll to continue reading.

No Wine (or AI) Before Its Time

For anyone who remembers Orson Welles slinging the Paul Masson winery slogan . . . To push for something, like AI, before it’s ready could be a mistake. No doubt, you can still strive toward the promise of AI to aid with detection, prediction, and action, but in the meanwhile, get the most out of what you have before trying to overcomplicate an already hyper complex system.

Give the great pros and products you have in place today the best chance of doing their jobs. Enable them with as broad a view into data as possible (across physical, virtual, cloud infrastructures), but a view that is relevant to their purpose. That way, when AI’s time comes—and it will—it will be all the more effective and successful at Securing! Protecting! Defending!

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem