Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

“High Fidelity” – My Cybersecurity Holiday Top 5 List

Certain movies have a way of helping you frame a set of experiences, a period of time of your life. It creates a metaphoric, reflexive pattern for how to process and communicate conclusions you draw in your life.

Certain movies have a way of helping you frame a set of experiences, a period of time of your life. It creates a metaphoric, reflexive pattern for how to process and communicate conclusions you draw in your life. Now that we are coming up on the second “year of the hack”—who said good things only come around once, right?—I thought one of my favorite movies, High Fidelity, based on the Nick Hornby novel of the same name. One of the key leitmotifs is the movie is the top 5 playlists that pervade the film. Here is mine for the end of 2015

“Sentimental music has this great way of taking you back somewhere at the same time that it takes you forward, so you feel nostalgic and hopeful all at the same time.” —Nick Hornby, High Fidelity

1. “What came first, the music or the misery?”

Since the first days of computers, we have been worried about protecting electronic communications and data. As information transitioned from paper to bits, the ability to move or misappropriate data became apparent. Hence, the security industry was born. After we moved from mainframe computing to client server, security became its own silo, a separate discipline in computing

What if security was built into the application and computing cycle and not bolted on afterwards? Would we have fewer incidents and less pain?

2. “I don’t even feel as if I’m the center of my own world, so how am I supposed to feel as though I’m the center of anyone else’s?” 

For the longest time, the role of the security team—and its pinnacle in larger organizations, the Chief Information Security Officer—was perceived as a form of pesky oversight, an inhibitor to getting things done. Many hard-working security professionals are still considered a separate silo and not a core part of the application and infrastructure teams.

Advertisement. Scroll to continue reading.

What if security was invited to the application development and DevOps party from the start? Would they be able to help development teams innovate faster and be more secure?

3. “What went wrong? Nothing and everything.” 

One of the things we learned over the past year is when something bad happens, when an environment gets breached and data is stolen, it can happen very quickly and the damage can be severe. The sheer size and scope of breaches such as the ones that impacted Target and OPM were in the tens of millions of records stolen. Moreover, the time to discovery went from days to weeks to moments.

What if breaches were discovered shortly after they occurred? What if they were confined to smaller, more compartmentalized data segments? What if reducing the blast radius was as important as detecting bad actors?

4. “I’m thinking: am I supposed to fight, and what do I fight with, and whom am I fighting?” 

For information security and other IT groups to increase the enterprise focus on security, there needs to be an enormous mind shift across technical and business management on working together rather being at cross purposes on information security. Moreover, The asymmetry between the bad actors and the defenders in today’s cybersecurity battles raises many questions about how organizations can best prepare to deal with hackers—whether they should do it alone or work with others in their industry and the government.

What if IT and business leaders had common goals regarding cybersecurity? What if they were paid (e.g., bonus, salary increases) based on protecting core information assets? And what if there were well-established industry groups and government entities for both information sharing and best practices?

5. “I have made myself more complicated than I really am.” 

The surging complexity security faces—lots of non-coordinated point systems, thousands, even hundreds of thousands of rules and policies —has not only led to challenges in building applications, it created a herculean of task of understanding and protecting data assets. The avalanche of new security vendors as well as the proposed palliatives of infrastructure vendors that recommend upgrade cycles as the path to better cybersecurity actually work against the best interests of IT and security teams.

What if you were able to simplify your security? What if you did not not have to touch your applications or infrastructure to maintain and enhance your security posture?

Happy and cyber secure holidays to you all.

Written By

Alan has been a successful entre­pre­neur, technology executive, and board member for over 25 years for a range of iconic companies, including DCVC-backed Illumio, Nicira (acquired by VMware), Airespace (acquired by Cisco), Cisco (where he led the $25 billion enterprise marketing and solutions orga­ni­za­tion), General Growth Properties, and IBM. He has authored over 200 articles, undertaken over 1,000 press interviews, and delivered over 100 keynotes at industry conferences. He received a bachelor’s degree in English from SUNY Buffalo, a master’s degree in English from the University of Vermont, a master’s degree in inter­na­tional affairs and economics from the American University School of Inter­na­tional Service, and an MBA from New York University.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.