With advanced cyber capabilities now widely available, cyber actors are increasingly taking an opportunistic approach to their targeting. Conducting scans of broad swaths of the internet, they exploit any vulnerable entity they can find, and then figure how to monetize any access they gain. Companies, institutions, and individuals that never imagined they would be cyber targets are finding themselves in the crosshairs.
Fortunately, there are steps we can all take to make ourselves and our companies harder targets and I am looking forward to talking about all of this at the Executive Alliance Security Leaders Summit on September 12th at the Grand Hyatt in New York. I came to the private sector two years ago after 15 years at the National Security Agency (NSA) where I spent nearly five years running NSA’s cyber exploitation operations mission. My job now is to leverage all of that offensive experience to help all of us play better defense. I look at networks, systems, and applications through the lens of the adversary, and identify attack scenarios to the business. For me, it’s never about checking the box or pushing the paper - it is all about measurable, demonstrable cyber risk reduction.
In my talk entitled “Cybersecurity in 2019: Threats, Risks and How to Protect Your Crown Jewels”, we will deep dive into many of the problems that are vexing to all cybersecurity professionals right now. How do I help my Board of Directors understand the current cyber risk environment? What does cyber resiliency really mean? Am I spending enough on cybersecurity, or am I perhaps spending too much? Are all of these buzzwords - blockchain, quantum computing, artificial intelligence - relevant to the security of my company? Is SecDevOps really a thing? We will talk about the pragmatic steps we can take to increase the efficacy of our existing controls while reducing business friction and employee pushback. We will expand on getting buy-in for the security program from the business, and on driving client and customer adoption of strong authentication technology.
From cyber strategy and governance, to “build versus buy”, to managing third party and vendor risk, to hiring and retaining a world-class cybersecurity team, I am excited to share with all of you the best practices that are working for me and for other experts.