In this interview he talks about innovation in the information security industry, the job landscape, privacy solutions, and more.
If we look at the information security industry as a whole, what drives innovation besides the fast-paced threat landscape?
If you went back in time, 2 or 3 years ago there were two big drivers in innovation. One was compliance, and you rarely associate compliance with innovation, but in fact it did drive innovation in fields like cryptography and tokenization. There was real economic benefit in solving those problems.
The 2nd driver was the threat landscape, it was the attacks that were coming in, and those attacks were very high profile. Both of those drivers still exist today, but there is also another one, which is interesting and fairly new to security. The idea of security actually providing value by enabling the business to use consumer technology safely like BYOD, and allowing people to use both consumer and commercial cloud services. Is there a way we can safely let people use Google Docs for example, because they are using Google Docs anyway? The rapid adoption of personal devices and rapid adoption of public cloud services is definitely driving innovation in security today.
Looking beyond the buzzword, how important is big data for the future of information security? Can small companies really take advantage of it?
I think one of the biggest things working against us in IT security since the beginning of the field is the lack of good metrics. Many times we have had to work based on precedent, in some cases based on superstition around what makes us more secure or less secure. Big data and data analytics offers the promise of making security actually measurable. It may give us a ground truth around security. So when you look at analytics in that way, analytics then you would argue is perhaps the most important element in information security today. So I think that it's going to effect not just big enterprises who will be early adopters of those metrics but it will give us very actionable insight for small and medium size companies too.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.