By Daniel Conroy
CISO Synchrony Financial
Things were simpler in the past. I know we hear that sometimes and to a certain degree this is true. It is also true that he who forgets the past is doomed to repeat it. In the world of information security (IS), both adages apply.
Back in ancient history – in this case the 1980s (ancient in terms of IT evolution) – information security was an afterthought. The focus was on building “simple” networks with business enablement and functionality as the primary concerns. Back in those early days, hacking was more of a hobby than a malicious activity.
Those of us old enough to remember the movie WarGames will note its stark warning of how quickly things can unintentionally escalate. The first “simple” computer viruses began to emerge at this time as well. During the 1990s, we started to see more advanced network-aware code with the potential to cause real disruption.
By Farhaad Nero
VP Enterprise Security Bank of Tokyo-Mitsubishi UFJ, Ltd.
According to ITRC (Identity Theft Resource Center), in 2015 thus far there have been over 450 breaches with over 135 million records exposed.
They define a breach as an event in which an individual’s name plus Social Security Number (SSN), driver’s license number, medical record, or a financial record/credit/debit card is potentially put at risk – either in electronic or paper format.
As a CISO, or a person in a position with CISO powers, your organization looks up to you to help protect its most important data. It’s a powerful position for certain. But with such power comes great responsibilities.
Sometimes politics gets in the way and hinders proper data protection. Sometimes complacency gets in the way too, even an inability to form real partnerships with stakeholders.
Vic Wheatman Speaks with Robert Ackerman of Allegis Capital
One of the primary exit strategies for security startups is to be acquired. Sometimes that's a good thing, other times, not so much.
Hear about some of the issues associated with acquisitions and where startups added value to a security platform or suite of a larger solution provider.
And get the inside scoop on what Allegis Capital's Founder and Managing Director Robert Ackerman sees as some of the most creative, innovative, and cutting edge information security ideas of today.
In part two of a three-part series, Ackerman discusses exits and technologies he is watching.
Listen to Part One of Our Investors Series -- Experience Matters for Security Startups
By John J. Masserini
CSO MIAX Options
So tell me - did you hear the news?? Apparently the rumors are indeed true.
2015 is the year of the Security Startup.
And in the words of the greatest British comedy troupe ever … and there was much rejoicing…
However, after meeting with dozens of startups at Black Hat a few weeks ago, I've realized that the vast majority of the leaders of these new companies struggle to articulate the value their solutions bring to the enterprise.
As many of us have, I have seen many new technologies in the security space that promise to ‘solve all of my problems’ or ‘revolutionize the space.’
Sadly, most of them have gone the way of the Betamax – superior technology that suffered from poor implementation.
I am fairly often asked a basic question by many vendors: “As a CISO, what does it take for a startup to get your attention?”
While it seems like an innocent question, the complexities of the answer typically result in glassed-over eyes, fidgeting, and even the occasional ‘hey. let me introduce you to…’ blow-off. Rarely will there be a person who wants to hear the real answer.
Will the next war be fought with bullets or mouse clicks?
Lendmark Financial Services VP of Information Security on Priorities when Starting a New Job
By Joel Rosenblatt
I recently saw an article stating that Chrysler is sending out USB drives to car owners to update the WiFi connect features in their Jeeps. For those of you that missed the story on the news, the article about it is in Wired magazine.
My guess is that this is being done to save the cost of sending out a recall letter to the million plus owners and having them bring in the cars for the software update.
The long-term effect of this short-sighted thinking is that they have now programmed these owners to accept updates to the software in their cars from the USPS, as long as there is an official looking letter included in the package – what could possibly go wrong?
By Ed Moyle
I happened to watch the movie “The Duff” recently. If you haven’t seen it, it’s a 2015 teenage comedy film with a plot along the lines of “The Breakfast Club” meets “Mean Girls.”
What struck me about this movie (and the reason I’m alluding to it now) was the fact that one of the main characters, a young woman named Casey, is a hacker. In fact, her hacking ability turns out to be a major plot point (no spoilers, I promise.)
This fact struck me for two reasons: first, the movie didn’t need to explain it. It was a given that everyone watching would understand what a hacker is, what it means that this character is one, and the potential impact of her skills.