While he may not be attending the RSA Conference this year in San Francisco, the Information Security Forum's Steve Durbin hopes that there will be an emphasis on discussions that lead to increasing shareholder value.
What events will you be attending this year in San Francisco?
This year I am not attending events in San Francisco; having a global role I am increasingly finding that the events calendar is becoming more and more packed with events that clash. That being said, my organization, the ISF, will be well represented at RSA as my colleague, Stephen Leipold who is our Chief Operating Officer, will be attending as will a number of my team including my Regional Directors from the USA, ANZ and the UK.
What influenced your decision?
My diary! I am in New York the week before RSA and then have speaking engagements in Asia before returning home, briefly, to the UK and then on to Finland. With the NIST cyber framework having been recently rolled out and the increased interest at executive level in what cyber resilience means to business, the cyber security space has certainly become one of the hottest areas around.
What do you anticipate the most as far as conference talks this year?
I'd like to see security folks talking about the business and what they're doing to increase shareholder value – this is a hobby horse of mine; all too often security conferences focus on the products and tools, the really practical stuff that of course is necessary but a more holistic approach to cyber security focuses on addressing the “so what” question. If my company has a breach impacting 70 million customers, what will that do for my brand, my reputation and the trust dynamic with customers, suppliers and the market – importantly, what can you security guys do to help prevent this happening in the first place and if the worst happens, how can you help our business get back up and running with minimal impact to these key areas. That's what I'd really like to see!
Given the RSA/NSA news, what kind of impact do you feel this will have on the show this year?
I'm sure there'll be lots of discussion, lots of debate, but it's a bit yesterday isn't it, or am I the only one getting bored with hearing about it? I'm sure there'll be some very insightful commentary and I hope some lessons from which we can all learn.
Lots to get our teeth into this year – privacy for me is a big issue, irrespective where you are in the world. Add to this the increasing attractiveness of personal data to the hacker and cybercriminal. We also need to get our heads around how we're going to combat the power of the bad guys to collaborate and produce denial of service attacks like we haven't seen before – and that's just one example of what we're seeing as cybercrime increases in sophistication and professionalism. Then we have the BYOx challenge, closely followed by the implications of the Internet of Things and of course I think the debate around role and behavior of government will still be around for some time to come.