Security Consolidation & Beyond the CyberSec Motions – Malcolm Harkins, Paul McKay – BSW #267
There was a time when the perceived wisdom was to buy best of breed security technologies and that would do for your security program. Trouble of is, none of it integrates with each other or your wider IT. With budgets getting tighter, security pros are being asked to look again at big portfolio security providers and work out whether they can use their offerings to slim down. In this session I'll discuss what I'm hearing from our customers, and some of the things we are starting to see people do to balance the need to optimize cost and efficiency without compromising security protection.
Speed, Velocity, and Acceleration. The physics of motion are well documented, and we understand how these scalar and vector quantities differ. In information security and cyber risk management the dynamics are not as well understood which has confused our ability to distinguish between motion and progress. This confusion intensifies our escalating risk cycle by causing a mirage of control that continues to lead us to down a path of compromise and catastrophe, adding to our growing labor and skill deficit. This segment is meant to explore the existing physics and gravitational forces of how we have approached cyber risk management to date, discuss where we are stuck today as well as ideas for a path forward - a reorientation of security operations function so that it is optimized to handle the volume as well as reposition it from an anchor point of continual reaction to one where it can take proactive action in front of the cycle of risk. The heart of these changes is a redefinition of the risk equation we have been using for decades Risk = F (Threat, Vulnerability, Consequence) which while useful initially has created a spray and pray model across most of our organizations. I will explain how to redefine the equation to be Risk = F (Threat, Exploitability, Consequence).
Segment Resources: https://www.uscybersecurity.net/csmag/going-beyond-the-motions-of-cybersecurity/
Guests
Malcolm Harkins is the Chief Security and Trust Officer at HiddenLayer. In this role he reports to the CEO and is responsible for enabling business growth through trusted infrastructure, systems, and business processes. Malcolm is also responsible for peer outreach activities to drive improvement across the world in the understanding of cyber risks as well as best practices to manage and mitigate those risks. He is also an independent board member and advisor to several organizations and CISO Ambassador for Reveald. He enjoys being an executive coach to CISOs and others in a wide variety of information risk roles. Key areas of focus include the ethics around technology risk, social responsibility, total cost of controls, public policy, and driving more industry accountability.
Previously Malcolm was the Chief Security and Trust Officer at Cylance. Malcolm was also previously Vice President and Chief Security and Privacy Officer (CSPO) at Intel Corporation.
Paul is a principal analyst on the Security and Risk team. Paul’s research coverage includes cybersecurity risk ratings solutions and cyber risk quantification; CISO and security leadership research in the European market; and European security service providers, focusing on managed security service providers and security consultancies.
Paul is frequently asked to comment on areas relevant to his research coverage and has been quoted in publications such as the Financial Times, Wall Street Journal, Fortune, ZDNet, SC Magazine, Handelsblatt, City A.M., and Infosecurity Magazine.