To misquote William Gibson – security is already here it is just not evenly distributed. This is a great way to sum up my viewpoint over the last few months, culminating in my impressions from the Perth BSides security conference in September.
During the BSides talks I was pleased to hear about the great initiatives happening locally to strengthen governance, risk and compliance. We’re not just talking about initiatives such as policy adoption, attribute profiling, threat modelling and escalating risks to the board (not to diminish the value of any of these – in fact if you aren’t tackling these make sure you add them to your to-do list) but there are great strides happening with CI/CD pipelines, continuous testing and real-world incident response testing. (Note: torturing your work colleagues by running an unannounced red team disruption makes for a great talk but might find you drinking alone at the next work social event).
Our industry has come a long way over the last couple of years, and that transformation journey is being lived and reflected by the people on the frontlines. I spoke with many security professionals who are supporting their business and working with business leaders to identify the assets, the potential risks and the protection requirements. There are less murmurs from security professionals complaining that “the business doesn’t get it”, and “it’s all the fault of the end user.” It is refreshing to see this change. Thankfully, focus hasn’t just shifted to the latest shiny new tools that vendors promise will fix the business issues and sort out world hunger at the same time…Click here to read full article.