Today's guest editor Raj Samani faces the questions from the real Infosecurity editor Michael Hill.
What is your favorite thing about Infosecurity Magazine?
You have helped me in more ways than you know. My first talk was at the Infosec event, my first engagement with the media was with Eleanor Dallaway, editor and publisher. Infosecurity Magazine is a publication for the industry, by the industry. It is open, collaborative and was integral in my career and remains a key publication for me to this day.
If your job as guest editor of Infosecurity became permanent, what new content stream would you introduce?
One of the challenges we face as an industry is the apathy that exists. If someone steals your car you cannot get to work, if your data is part of a major breach there are no apparent losses felt to you, since the cause and effect of identity theft are incredibly difficult to prove. The term ‘breach fatigue’ is deeply disturbing since quantifying the impact of cybersecurity incidents requires transparency from victims (both data subjects and data processors/controllers), which does not exist to the extent we wish it did.
Articulating the real impact for such events is imperative to ensure that the value of our work can be truly appreciated. For example, if the loss of intellectual property from a breach can be quantified it allows each of us to assign budgets more effectively. A content stream focusing on quantifying the loss and impact in a case study approach is critical and currently lacking across our industry.
How do you describe to your (non-industry) friends what your job is all about?
The job I do matters. I ask people how they feel about autonomous vehicles and the response I often get are “but what about hackers” and it’s at that point that I show people the research we do to preserve the integrity of systems we depend on, from cars to medical equipment, financial systems and more.
Our industry is crucial, and ultimately cybersecurity is not just an IT issue, it is fundamental to the advancement of our society.
What makes you really angry about our industry?
The glass ceiling. We hear a lot of rhetoric, for example ‘security is an enabler’ or that we are a ‘department of yes.’ In the face of all of this investment, every day we hear about yet another monumental breach. As I write this, we have had three major breaches in the last three days, each greater than 100 million records. Beyond the breaches of course, there are multiple examples of attacks directly impacting the availability of critical services from healthcare to shipping, and almost every other sector.
Yet, in spite of this heightened awareness, what number of security professionals are part of the senior executive teams within the organizations we entrust every day? The CTO that was a CISO, or the CIO and perhaps even the CEO? I genuinely believe cybersecurity is integral to every modern business and has the potential to generate dramatic positive changes to all organizations.
What gives you hearts in your eyes?
The people. We are not a normal industry. When I consider the work that so many of us do outside of our working hours, it fills me with enormous pride. People like Frances Ashcroft, who works with the DELTA programmer to inspire young kids to seek out a career in cybersecurity. Brian Honan and the incredible contributions he has volunteered for the betterment of our society. Honestly, I can sit here and just list countless names of people I absolutely admire for their contributions: Eric Knapp, Christiaan Beek, Evelyn DeSouza, the late Paul Levy, Lee Munson, Rik Ferguson, Mikko Hyppönen, Troels Oerting, Stevie Wilson. I feel terrible because there are so many more people that I could name and I have not, but you know who you are and how much I admire you.
It is because of these remarkable people, who gave up their time to help me when I started in the industry, that I was able to become the person I am today. Edward Gibson, Howard Schmidt, Richard Starnes helped me so much. We are evolving as an industry because each of us are giving up our own time and resources to make our sector what it is and what it will become.
What’s the best conference talk/keynote/seminar you’ve ever attended?
Recently I attended a talk by one of my team, John Fokker. John has a very interesting background and detailed his former life in the Special Forces. In particular, he gave examples of his previous role where he combated modern-day pirates with some really remarkable video footage and how protecting an enterprise is akin to that of protecting a ship.
It was riveting, but also really very clever. For example, he discussed some meaty topics such as ‘hacking back’ but used examples of how some shipping companies are hiring outside security to protect their assets as just one example.
What infosec technology could you not live without?
Twitter! It sounds odd because strictly speaking it’s not an infosec technology. However, my timeline gives me an incredibly proactive view into the latest research, a pulse on what is hot in our industry and some light entertainment (see Adrian, Thom and Javvad’s discussion on Die Hard as a Christmas movie).
What’s your dream infosec job?
I love what I do. I am not just saying this, but I have been in my job and with McAfee for eight years now which is longer than anywhere else I have been in my career. With good reason, since I have the opportunity to work with people that have this shared passion for security. Not only that, but running the threat research team affords me the luxury to keep my technical skills engaged whilst at the same time giving me the biggest platform to present this to the widest possible audiences.
If you could have founded any information security vendor, which would you choose?
Safeguard Cyber. I really love what Otavio and Jim have created, so much so that I have collaborated on multiple research projects ranging from social media influence into our elections and the Cambridge Analytica issues. I genuinely believe that social media is one of the most remarkable tools we have, yet it’s nefarious use has proven time and time again how susceptible we are to outside influence.
What is the biggest unresolved information security challenge?
The industry remains on the periphery of many businesses. A close friend of mine was a CISO and was let go when a major breach occurred, despite him articulating the risk and requesting budget to address many of the issues. Is this department scapegoated? I read that the average tenure for a CISO is 17 months! This is ridiculous in my opinion; we are the key business partner and yet often the CISO is the first in the firing line regardless of how a breach occurred or who ultimately accepted the risk.
A change needs to happen and fast, because when all is said and done it is YOUR data, it is YOUR hospital appointment that is postponed, and in the future will be YOUR car, or perhaps even YOUR flight.
What’s your guilty pleasure?
Tottenham Hotspur. Although the term pleasure is not always the case.
What’s your favorite Christmas movie?
Oh that’s easy, Polar Express. In fact, every Christmas Eve, we have a little tradition, we sit down with the kids, put the movie on and eat very spicy food. The eating marathon starts early at our house!