It's time to celebrate our industry's successes.
Sometimes it takes a global industry gathering to open your eyes to an industry in which you are utterly immersed in. Despite reading and writing about information security day in day out, like many things in life, sometimes being completely engulfed in something means there is a danger of losing perspective.
The Infosecurity team, myself included, attended RSA Conference in San Francisco back in April. I’m always amazed at the sheer enormity of our industry each year as a significant portion of its representatives descend on the Moscone Center to analyze the year’s failings, to network and to celebrate the industry’s successes.
The latter, sadly, is more a pipedream of what I’d like to witness each annum, as opposed to something that actually happens beyond a few award ceremonies and the occasional optimistic keynote speaker (Rohit Ghai, president of RSA, I’m talking about you).
You’re infinitely more likely to stumble across a conference session dedicated to the industry’s failings and hear booth staff at the expo spouting propaganda about the number of companies that have fallen victim to cyber-attacks and data breaches and inevitably presenting their ‘perfect solution’ to the problem.
Information security professionals, the CISOs, CIOs, heads of information security, don’t react kindly to this sort of marketing. They deem aggressive marketing ‘snake oil’ and they make it their mission to avoid the expo hall(s) completely as a result. There is a tendency for CISOs to look down on the vendors that shape our industry, something which I put down to the aggressive sales and marketing tactics that are often deployed.
Of course, vendors are here to serve the information security community, so striking up a good relationship with industry end-users is paramount to their success. This complex, symbiotic relationship is explored in this issue by Jai Vijayan on page 36.
Some of the most impressive industry players that I met with in San Francisco were scathing about the state of our highly profitable and fast-growing industry. Dug Song, co-founder and CEO of Duo Security, was particularly cutting. “Security is a terrible industry,” he told me, laughing but perfectly serious. “The structure of the industry is all wrong. People don’t understand what they are buying and if the products they are buying will work or not. I want to tear down the whole industry and rebuild it,” said Song.
Information security is perceived by many as an industry born and existing purely to stop bad things happening. With this in mind, it is no wonder that it’s drowning in negative energy, in snake oil and in obsessions over its own failings. In a one-on-one interview with me, president of RSA Rohit Ghai said: “In information security, you can’t celebrate your successes. If you’re looking for explicit acknowledgement of your work, this is not the industry for you.”
We need to acknowledge – and promote – that this industry does not exist purely to stop bad things from happening. Information security, when done properly, enables businesses, increases profit and makes people fundamentally safer. That is something to celebrate, and that is the kind of work that needs to be acknowledged
I totally understand what he is saying – the headlines never reflect a data breach that was avoided or a cyber-attack that was stopped dead in its tracks. If we fill our industry with people in it for the passion, this would be a non-issue. These people are not motivated by money or by stardom; they are motivated by the mission, by making the world a safer place.
We need to acknowledge – and promote – that this industry does not exist purely to stop bad things from happening. Information security, when done properly, enables businesses, increases profit and makes people fundamentally safer. That is something to celebrate, and that is the kind of work that needs to be acknowledged.
That’s not to say this will happen in the national news anytime soon. What’s stopping us, as an industry, celebrating our wins? As an editor of a trade press magazine and website, I feel responsible for rejoicing in the things that the people and the companies in this industry do that deserve recognition. It’s why we continue our focus on people.
So as we come together as a united industry at conferences, exhibitions and networking events, let’s make sure that in addition to analyzing our failures in order to continue to improve, that we also celebrate our successes and raise a glass to our peers who are united in our shared mission.
The fact that you’re reading Infosecurity demonstrates that you care about your mission and that you want to be the best information security professional you can be. With over 90,000 Infosecurity readers, that’s a lot of you to celebrate. Cheers to you!