Larry Clinton CEO, Internet Security Alliance (ISA)

Share this article:
Larry Clinton
Larry Clinton
How do you describe your job to average people?
I try to bring industry and government together to figure out how to secure all the digital devices we love to use.

Why did you get into IT security?
My degrees are in communications and I worked on Capitol Hill in the 90s on the Telecommunications Act of 1996, which began to address internet policy issues. It was clear to me that security was going to be a major issue.

What was one of your biggest challenges?
Making policy-makers understand that cybersecurity is not just an IT issue. It is also a strategic and economic issue.  We need to address this on an risk management basis across the enterprise.
 
What keeps you up at night?
The bad guys are getting better and the good guys are not properly organized or motivated to meet the challenge.  It is not that we don't know how to secure our systems, it is that we are not doing it.

Of what are you most proud?
In 2008, the ISA published the “Cyber Security Social Contract” demonstrating that government mandates would be ineffective and counterproductive. We outlined market-driven partnership that could create a sustainable system of cybersecurity. When President Obama published his “Cyberspace Policy Review,” the first and last source cited in the Executive Summary was the ISA.
 
For what would you use a magic IT security wand?
All the economic incentives favor the attackers. Attacks are cheap, easy to acquire and yield enormous profits. We have to defend a system designed for openness. It is hard to show ROI for prevention, and chances for successful prosecution are small. Plus, competitive pressures drive enterprises to adopt technologies that have unresolved security challenges. I would change the economic incentives to create clear economic motives for good cybersecurity.
Share this article:

Sign up to our newsletters

More in Features

Case study: Big LAN on campus

Case study: Big LAN on campus

A university rolled out a wireless network, but was hampered with a user-support problem...until a solution was found. Greg Masters reports.

2014 Women in IT Security: Stacey Halota

2014 Women in IT Security: Stacey Halota

When she stepped into the job of vice president of information security and privacy at Graham Holdings Company in 2003, Stacey Halota had to carve out new territory because her ...

What's sex got to do with it?

What's sex got to do with it?

Harassment has no place in the security industry. Neither do sexism or discrimination. But, there they are. It's time for infosec to just say no, reports Teri Robinson.