How are you communicating security’s mission with evolving leadership and a changing workforce? How can you turn big data into actionable intelligence? How can enterprises leverage social media to provide better service and track potential incidents? How is the Internet of Things changing your cybersecurity responsibilities? There were a lot of big questions raised, and there were some very thoughtful answers as more than 140 security leaders gathered for the 2015 Security 500 Conference in Washington, DC, on November 16.
Dave Komendat, VP and CSO for The Boeing Company, told attendees that they should be prepared to act as both a CSO and a CMO – a chief marketing officer – within their enterprise. If you don’t have a two-minute elevator speech for your department and your initiatives prepared, you might miss your chance to communicate security’s value. He recommended that CSOs market their security mission statement not just to the C-Suite but to employees throughout the business. If they see how their role aligns with the security mission, they are more likely to see how it adds value, he says.
In a panel on finding uses for big data, former ConocoPhillips CSO Jim Snyder summed up the discussion: “Data isn’t intelligence until it’s actionable.”
Mary Welsh, Senior Director of Global Security & Strategic Projects for St. Jude Medical, Inc., added that the data security presents to board members should not be a repeat of what’s on the daily news. She suggests that security leaders provide the “What does it mean for us” information, not just the “what’s happening.” Adding the context that relates global events and incidents to impacts on the enterprise creates valuable, actionable intelligence and awareness from mere data.
When it comes to cybersecurity, panelists discussing the impact of the cloud and the Internet of Things on enterprise security tackled big issues like compliance, litigation risks and product development.
Security Cyber Tactics columnist and General Counsel and Chief Risk Officer for CrowdStrike, Inc. Steven Chabinsky noted: “Security failures happen all the time when nobody acted unreasonably.” He recommends enterprises focus on detection, attribution and penalty, not just the nigh-impossible goal of impenetrability.
Frank Cilluffo, Associate Vice President at The George Washington University and Director of the Center for Cyber and Homeland Security, added that enterprises should restructure their cybersecurity defenses around critical assets, not all assets equally. “Not everything is going to be equally critical,” he says.
Chabinsky’s metaphor compared cybersecurity defenses to speed bumps. Speed bumps on highways are not practical, and neither are strict controls on average data that is not mission-critical. Placing speed bumps around schools, government buildings and other areas where it is critical to manage vehicular speed makes more sense, as does adding additional controls around sensitive or enterprise-critical data, he says.
Our sincere thanks to our Platinum Sponsor Universal Protection Service; Gold Sponsors G4S and Geofeedia; and Silver Sponsors AlliedBarton Security Services, Arecont Vision, ASSA ABLOY, Concur, Dataminr, Samsung, SMR Group and Whelan Security.
Security magazine would also like to thank our keynote speaker, Brett Kingstone, author of “The Real War Against America,” and our Master of Ceremonies, Lynn Mattice of Mattice & Associates. Thank you.