Today's guest editor James Lyne faces the questions from the real Infosecurity editor Michael Hill.
What is your favorite thing about Infosecurity Magazine?
I always like reading about what my industry peers have been doing and finding out about interesting new initiatives and projects.
If your job as guest editor of Infosecurity became permanent, what new content stream would you introduce?
I’d want to introduce a stream that focused on building people’s understanding of how modern technologies work and how they’re secured. Modern technology is hugely complicated and yet so amazingly easy to use and intuitive. The layers upon layers of technology form an all-too-trusted stack which increasingly enables power users of technology who can do amazing things but don’t truly know the inner workings of their tools. I’d focus on building more low-level understanding of hardware, memory, operating systems – the fabric we need to secure to make the world more resilient and to drive security enhancement and innovation.
How do you describe to your (non-industry) friends what your job is all about?
Working with a team of very smart people, we find ways to legally break into applications, new products and businesses. We get to practice the same techniques as cyber-criminals in order to hack in and find vulnerabilities which we can exploit. We get to have all the fun of offensive security, but without going to jail, and best of all we help organizations find their flaws and fix them so they are more resilient, before the bad guys turn up and run off with your data or your money.
What makes you really angry about our industry?
A lot (laughs). I think the skills gap is one of the most frustrating parts of our industry – meeting smart and capable people who could have an incredible impact on building more secure technology but never recognized cybersecurity as a career path. I also sometimes find the level of hyperbole within the industry frustrating and dangerous. As an industry, it’s important that we fix both of these issues, given we support so much of the modern business and personal world.
What gives you hearts in your eyes?
Watching young adults that had never thought about a career in cybersecurity playing CyberStart Game or taking part in Capture the Flags and demonstrating exactly the skills we need to make society safer. More importantly, seeing the same excitement and passion when they find a flaw or capture some evidence that I had when I started my career. I vicariously reconnect with my own early passion in those moments.
What’s the best conference talk/keynote/seminar you’ve ever attended?
The big global TED – mind you, I’ve seen so many great talks in smaller venues too. Great speakers, great researchers and people with cool ideas are in abundance when you go hunting.
What infosec technology could you not live without?
Vi. Pfft, like anyone has enough RAM to use Emacs.
What’s your dream infosec job?
The one I have. I get to work with incredibly smart people doing world changing research, helping bring on an entirely new generation of people who will help us solve the security issues introduced by my generation and the one before. I genuinely love what I do and the people I work with.
If you could have founded any information security vendor, which would you choose?
Oh, there are so many. This industry is built on the shoulders of giants, some remarkable people and companies that have helped make technology more secure. I’m proud to have worked with some phenomenal ones over the years. I am extremely proud of my work with Sophos and with the SANS Institute, both of whom have impacted security in big ways. I think overall, if I had to pick one, I’d go back to the early days of crypto and the mainstream of capabilities we now depend on moment to moment, at RSA. That being said, the maths to make asymmetric crypto that works was sat in the vaults at GCHQ even before then!
What is the biggest unresolved information security challenge?
There are just too many, and with the creativity of cyber-criminals and new technology evolving at such a pace, there are always new problems too. I think one of the most recognizable is the difficulty of security education and helping users not fall victim to social engineering. Huge strides have been taken but it’s something every organization on the planet needs to continue to focus on and recognize the importance of continued investment in education.
What’s your guilty pleasure?
Perusing the boundless libraries of insanely bizarre and ‘should never work’ spam campaigns and malware – some of it is truly strange and jaw dropping.
What’s your favorite Christmas movie?
WarGames. I mean, we all watch it at Christmas, right?