Larry Clinton CEO, Internet Security Alliance (ISA)

Share this article:
Larry Clinton
Larry Clinton
How do you describe your job to average people?
I try to bring industry and government together to figure out how to secure all the digital devices we love to use.

Why did you get into IT security?
My degrees are in communications and I worked on Capitol Hill in the 90s on the Telecommunications Act of 1996, which began to address internet policy issues. It was clear to me that security was going to be a major issue.

What was one of your biggest challenges?
Making policy-makers understand that cybersecurity is not just an IT issue. It is also a strategic and economic issue.  We need to address this on an risk management basis across the enterprise.
What keeps you up at night?
The bad guys are getting better and the good guys are not properly organized or motivated to meet the challenge.  It is not that we don't know how to secure our systems, it is that we are not doing it.

Of what are you most proud?
In 2008, the ISA published the “Cyber Security Social Contract” demonstrating that government mandates would be ineffective and counterproductive. We outlined market-driven partnership that could create a sustainable system of cybersecurity. When President Obama published his “Cyberspace Policy Review,” the first and last source cited in the Executive Summary was the ISA.
For what would you use a magic IT security wand?
All the economic incentives favor the attackers. Attacks are cheap, easy to acquire and yield enormous profits. We have to defend a system designed for openness. It is hard to show ROI for prevention, and chances for successful prosecution are small. Plus, competitive pressures drive enterprises to adopt technologies that have unresolved security challenges. I would change the economic incentives to create clear economic motives for good cybersecurity.
Share this article:

Sign up to our newsletters

More in Features

Following the framework: Government standards

Following the framework: Government standards

New government standards promise to address risk and improve online security for critical infrastructure, reports Karen Epper Hoffman.

HIPAA shake: Health care

HIPAA shake: Health care

Adherence to HIPAA, the national law that aims to protect patient information, is about to get trickier, reports Alan Earls.

Affecting the C-suite: The CSO's reputation in today's corporate environment

Affecting the C-suite: The CSO's reputation in today's ...

Those who occupy the C-suite all bow to one corporate god: Reputation, says Blackstone CISO Jay Leek. James Hale reports.