Me and my job: John Dickson, principal, Denim Group

Share this article:
John Dickson
John Dickson

How do you describe your job to average people?

I tell them we help big companies build software more securely so bad guys can't steal their information. I usually have to explain that I wasn't the one who wrote Stuxnet, too.

What do you think needs more attention?

Fixing software with identified vulnerabilities. Most application-level vulnerabilities persist for 30 to 100 days. That's a long time.

For what would you use a magic IT security wand?

I would go back nearly 10 years ago and try to tackle Senators Sarbanes and Oxley before they could enter the Senate chambers and vote on their accounting reform legislation that resulted in the Sarbanes–Oxley Act. This, and other compliance regulations for compliance sake, has done more to destroy societal resources than anything. I would convert these compliance activities into meaningful security investments that would materially improve the security posture of organizations in a measurable way.

What security threats are overblown?

APT. Do they have superpowers? Are they omniscient and omnipotent? No, no and no.

What annoys you?

Clichés. APT is my current favorite flavor of the month. I prefer sophisticated attacker, to be honest. Also, lazy language used by security pros is aggravating too. Referring to an automated scan as a penetration test, for example, drives me crazy. Third, the influx of certified practitioners with little hands-on experience. Remember the days when most good security folks had a UNIX system administration background? I worry that CISSP is becoming like the MCSE certification (Must Consult Somebody Else).

Of what are you most proud?

Second to family, I would say building Denim Group with my two business partners. 

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in Opinions

Falling off the 'Wagon of Things'

Falling off the 'Wagon of Things'

The Internet of Things promises so much. And so the question arises, how are we going to keep all this 'stuff' safe and secure?

Know your traffic: The case for egress monitoring and filtering

Know your traffic: The case for egress monitoring ...

Our networks are our field; no one knows our network better than us, the people who maintain it. We need to use that to our advantage.

Breach shaming and the need for a new model to discuss data breaches

Breach shaming and the need for a new ...

The breach shaming trend impedes forward progress in preventing such incidents in the future and leaves consumers worrying without educating them.