Once John Lithgow left the stage, Zulfikar Ramzan, RSA’s CTO, took the stage to talk about business-driven security. He implored the security professionals in the room to not draw lines between departments, but instead create connections for better collaboration and enhanced security. Sounds a lot like DevOps.
Ramzan then spoke a lot about how small events can create larger ripples that have lasting impacts on society. For example, he discussed how foreign governments were able to undermine the trust in our democracy simply by attacking the DNC. This created a ripple that may or may not have swayed voters on election day. The point is, while they themselves did not change votes, their actions may have caused others to vote differently. CA Veracode’s CTO Chris Wysopal spoke about this issue last fall.
Chaos theory is not just relevant in the technology world, Ramzan posited; technology amplifies its effects. The connections created by our digital world magnify the ripples and speed up the velocity at which they travel. Yet, we must embrace innovation to succeed in the digital world. And this is why we need what Ramzan calls “business-driven security” strategies. Business-driven security isn’t about how many firewall rules are in place, or how many vulnerabilities are fixed (although I think that is pretty important), it is about connecting security to the rest of the business.
How do we do this? Ramzan had four specific calls to action:
To start, Ramzan recommends consolidating security vendors. He suggests that having dozens of best-of-breed vendors makes it impossible to manage security. (Shameless promotion warning … That’s why CA Veracode offers end-to-end application security so you can work with one vendor to secure the entire software lifecycle. End promotion.).
This was another key theme I heard in several sessions. The job of the “bad guy” is easier than ours. It is easier to destroy than create or protect, and for every advance we make, the bad guys will find another way to get around it. This is why we need the brightest minds, regardless of race, gender, creed, culture and, yes, place of birth, working in cybersecurity.
Reach out to young students and encourage them to pursue careers and interests in cybersecurity. We need the next generation to take this challenge on full force, and we cannot underestimate the power of mentorship.
Stay tuned for more from RSA …