Mark Bennet, Blustor: Cyber security pro-fessionals and the industry need to chal-lenge our current paradigms that often involve centralizing and attempting to control every element of data flowing in and out of the systems under our protec-tion. We are in a leaky ship and bailing the water out faster isn’t really solving the problem. We need to look closer at the underlying root issues, which include things like immutable human behavior and the inherent weakness of outdated security mechanisms such as usernames, passwords, and PINs. Until we do that, at best we are just keeping our heads above water.
Kenneth C. Citarella, Guidepost Solutions:
Be patient when reminding others, be vigilant, and hold on tight.
Mayur Agnihotri: “Keep seeking out new things to learn and master what you know.”
Wade Johansen, CouriTech LLC: You will never be right 100% of the time, don’t let it stop you from being right 1% of the ti-me. Also, if you have a one-in-a-million idea to improve something, then there are 8,000 other people on this planet thinking the exact same thing as you... be the first to say it out loud.
Rajeev Chauhan, Cyber Oxen: Be suspi-cious, but don’t be paranoid about securi-ty, the best approach is having preventive measures in place.
Amber Schroader, Paraben Corporation:
Vigilance to where we are leaving our di-gital identities. We are expanding out to more and more layers that hold informa-tion tied to who we are and not thinking how to protect and secure each of those layers. We need to focus on knowing what is where as we look at a cyber future with devices tied to ourselves at every corner.
David Coallier, Barricade: If you have to go to one conference this year, go to a confe-rence that's NOT about security. Maybe a software or cloud conference. Talk to peo-ple about security and note their eye-roll/
exasperation reactions. Security is scary, and it's adversarial. Let's break down the barrier and make security something mo-re natural.
Nick Prescot, ZeroDayLab: Talk security as a business issue and not an IT issue. IT creates the systems that process data, the business are the ones that process the data and the operations teams are the ones that are responsible for the data.
Mitchell Bezzina, Guidance Software: The
“assumption of compromise” mindset has been gaining notoriety within Security teams, it takes the active defense appro-ach where security teams consciously hunt for organization threats rather than rely on technology to alert. The personnel problem does not help this cause but buil-ding teams from parallel skillsets is the only way to ensure there are more securi-ty professionals, and don’t concern your-self with a flooded market – there will never be enough skilled cybersecurity specialists.
Roberto Langdon, Nicolas Orlandini, KPMG: Our vision of what will be going in 2016, is that there have been several ca-ses where the forensic investigation hel-ped to discard false hypothesis, false conclusions, and these aspects are sho-wing the importance of this discipline to be used strongly each time, and so on in the future. As the forensics doctors said
“a dead body can still tell information re-garding to resolve a murder”, the infor-mation technology recipients or devices can bring more than we can imagine, in order to resolve frauds or criminal cases.
Stephan Conradin: Learn, understand, have global view, learn again, understand again.
Alina Stancu, Titania: Keep on top of com-pliance, as that will remain important in ensuring baseline security. Certification against governmental or business accredi-tations will travel down the supply chain as more suppliers demand that businesses present some form of security assurance of their product and services.
Gerald Peng, Mocato: Your role is more broad and important that you may imagi-ne. Protecting the public from cyber-attacks on their IT infrastructure and devi-ces will help deter cybercriminals from
Paul Hoffman, Logical Operations: Jump in with both feet.
Dotan Bar Noy, Re-Sec Technologies: We live in exciting challenging times and are receiving public attention as well as enter-prises boards. We need to make sure the advice and solutions we are offering are not just adding layers of more of the sa-me, but substantially improve the overall enterprise security while keeping organi-zation productivity untouched.
A What advice would you give to fellow cybersecurity DVICE
professionals going into 2016?
Michael A. Goedeker, Auxilium Cyber Se-curity: LEARN HOW TO HACK THINGS, Be curious, always continue to learn new things and technology. Stay informed and aware, assume every OS, Application and piece of hardware can spy on you, has weaknesses and needs to be verified. Se-curity is a business process just as much as it is a technological one, never EVER forget this. Security protects IP, revenue and the business. Be creative, think outsi-de the box.
BroadTech Security Team: Stop hype. Le-arn your stuff. Know what you are talking about. Keep yourself updated daily & sha-re your knowledge with others. Stop using jargon and fancy words and explain things clearly to people. Our job is to keep things secure and not to show off our knowledge or expertise. One more prediction. Once Hammer2 is feature complete, Dragon-FLYBSD implements single sign on and redundancy using CARP, etc. The way of doing cloud computing will take a new turn.
Craig McDonald, MailGuard: The number one tip is to plan a 360 degree approach to cyber security. Understand all your bu-sinesses attack vectors and how these can be infiltrated by cyber criminals. Blocking threats through the use of cloud security services such as email and web filtering should be the first line of defence –
pro-David Clarke, VCiso: Keep Going. Keep the Passion.