The nuggets of wisdom coming from SecureWorld Chicago could probably pave a few streets with cybersecurity gold.
Well, maybe that's overstating it a bit, but you get the idea.
There are insights worth sharing and reading from conference sessions; here are just a few of them.
[RELATED: The rest of the 2019 SecureWorld Event Calendar]
1. Fred Kwong, Delta Dental Plan, Chief Information Security Officer (CISO), on cybersecurity leaders teaming up with marketing and communication:
"When you think about our incident response processes, when we do have an incident that is social media based or external to our organization based, these are our key partners that are going to help us through the situation.
For them to have an understanding of our world and us to have an understanding of their world, we can come together and have a response end-to-end, to address whatever that incident is. It is critical for the reputation of the organization.”
2. Ricardo Lafosse, Morningstar, CISO, on how to really cut down your breach potential:
“60% of data breaches are caused by a failure to patch. If you correct that, you’ve eliminated 60% of breaches. And I didn’t even have to say AI or Blockchain. See how that works?”
3. Gary Patterson, Home Partners of America, Director of Security Architecture, on developing a culture of security at your organization:
“Users are used to doing their jobs in a very specific manner. The closer you can align security to how they currently do their jobs, the less friction there’s going to be and the more they’re going to trust security is looking out for them. You also have to have executive support, buy-in from the senior leadership.
And you have to have the same lexicons, the same language. When I say risk or threat or vulnerability, they have to understand what I mean by that. Or I have to understand what they mean in their language. So one of us has to adapt, right?”
4. Col. Cedric Leighton (USAF Ret.), CNN Military Analyst, on how significant IT security leaders are for virtually every company:
“When you’re in the data business, you have to be in the data protection business. You are critical to all of this.”
5. Dr. Raj Sachdev, from his dissertation at Oxford University, on the legal issues in cloud security. This includes the use of AI which can run up against both privacy laws (GDPR, CCPA) and business objectives:
“When it comes to consumer consent, it needs to be informed consent. The AI problem you have now, in many organizations, is you have to explain how you’re using it. That could be an intellectual property issue. Or you may not even know how AI is really being used."
6. Chris Carlis, Zurich Insurance, who calls himself "Red Team Court Jester," on why he has the best job in InfoSec:
"Penetration testing, red team, is by far the best job I’ve ever had. You legally break the law, stuff other people would go to jail for. At the end, you know what you are doing is helping people. You get to do bad things but for a good reason.
For the right type of mindset and personality, that hits all the buttons. And it is something almost nobody does initially in their career, they move over from something else."
7. Austin Rappeport, Zurich Insurance, Head of Threat Defense Operations and Blue Teamer, on why his role is the best to have in InfoSec:
“Catching the bad guys, especially my red team! No, really, I like building out new security threat detections, seeing those work, and seeing those actually be successful at finding something I know we wouldn’t have found without it. Having that role in improving our security posture is my favorite part.”
8. Arvin Verma, InfraGard National Sector IT Subject Matter Expert, on third-party vendor risk management and how to simplify it:
"Utilize any security certifications vendors already have. In my case, I've seen that cut the required vendor questions by as much as 50% which saves a tremendous amount of time.”
Now that's business enablement brought to you by the security team!
[RELATED: Netflix DVD's Vice President of Information Security is passionate about business enablement.]
If you were part of creating SecureWorld Chicago, thank you.
And if you're somewhere else in North America, check out this year's cybersecurity conference calendar and get involved in your regional security gathering.
[RESOURCE: SecureWorld web conferences and online training]