Security Experts:

Connect with us

Hi, what are you looking for?


Management & Strategy

Five Things I’m Hoping For in the Security Industry

Fenway Park at Night

Put me in coach, I’m ready to play today; Put me in coach, I’m ready to play today Look at me, I can be Centerfield… – John Fogerty

Fenway Park at Night

Put me in coach, I’m ready to play today; Put me in coach, I’m ready to play today Look at me, I can be Centerfield… – John Fogerty

Living in the Boston area, I find this to be one of the greatest times of the year. The Red Sox are back, fresh off another championship, and we are getting poised to enjoy a great New England spring that we really earned this year, after suffering through a brutal winter. As the saying goes, hope really does spring eternal. And while hope is everyone’s best friend come baseball season, or as they prepare to hit the links for the first time, I am painfully aware that in business and in security, hope is not a plan.

However, that doesn’t mean we can’t dream a bit about the best case scenario. In the spirit of the season, here are five things I’m hoping for in the security industry this year:

1. A more prominent seat at the table. Seems like we’ve been talking about this one for a while, but until the CISO and other top security officials start getting a more receptive audience within the C-suite, security is never going to become a priority . It seems like very few leadership teams want to engage in a security discussion prior to an event taking place, choosing instead to save the tough questions until after the fact. Management should start listening and posing questions as a regular part of running the business.

2. A fundamental shift in the way we approach security. Not sure how or when it was decided that we should take a strictly defensive posture and approach to our security programs. Yet for years that has been the approach, with all of us working to build up our defenses and hope we plugged all the potential holes before a hacker finds them. A better approach centers on being more aggressive and taking a proactive stance when it comes to security. Working to proactively uncover vulnerabilities in your organization rather than sitting back “waiting to be hacked” can eliminate a lot of pain and suffering down the road.

3. Users create stronger passwords. This probably seems like a lightweight point to make in a security publication, but the fact remains weak passwords continue to wreak havoc in organizations. Hackers will always look for the easiest point of entry and will move on when they meet resistance. This is a similar approach to how a car thief will look for an open door or keys in the car rather than trying to gain entry to a locked vehicle. By simply using a stronger password, a significant number of intrusions could be avoided.

4. A greater focus on the homeland. Potential cyber-attacks on our nation’s infrastructure represent one of the largest threats to our country’s security. Yet, very few people seem to want to talk about it. When a retailer is attacked and customer data is compromised it is front page news for weeks. Hearings are held, and CEOs are put out in front to answer some really tough questions about how this could have happened. Yet the possibility of the electrical grid or transportation system going down due to a large scale attack goes largely ignored. Perhaps this seems a bit too science fiction for the media to take seriously, but trust me on this one, the threat is very real.

5. Break the hype cycle. This is another one of my favorite topics and it will continue to be until we, as an industry, break the cycle. Security vigilance is always a good idea, however fear, uncertainty and doubt (FUD) is not, and distracts from the larger messages at hand. You can only “cry wolf” so many times before users and media begin to tune you out. By overhyping our products and technology, the important messages are lost in the static. As I’ve said previously, hype is the worst four-letter word in the security industry.

While I’m also hoping for a repeat for the Sox and to someday play Augusta National, the above are my current wishes for the security industry. Every year we make tremendous strides in technology and in the analysis of attacks, but we aren’t alone. Attacks, and attackers, are becoming much more sophisticated, and better funded by nation- states and criminal enterprises than ever before. If only a couple of the issues I outline above come to fruition, we’ll be that much closer to stronger security. It’s spring, so anything is possible right?

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

CISO Conversations

In this edition of CISO Conversations, SecurityWeek speaks to two city CISOs, from the City of Tampa, and from Tallahassee.