RSS Alerts

Share

More services

Roger Halbheer

Job title:
Chief security advisor, Microsoft

Areas of expertise:
Policy, architecture, law enforcement, cybersecurity, processes

Biography:
Roger Halbheer joined Microsoft as Chief Security Advisor of Microsoft Switzerland in 2001 and was promoted to the role of Chief Security Advisor for Microsoft Europe, the Middle East and Africa (EMEA) in February 2007. Roger leads a team of national Chief Security Advisors across EMEA who work with organizations in the commercial and public sectors - including national governments, law enforcement and intelligence agencies - on information technology issues and strategies. He is a trusted advisor to C-level executives, governments and law enforcement agencies and has established relationships with security communities and government agencies across the region. Roger is a regular speaker at industry events and has worked with national and international print and broadcast media both to represent Microsoft and to provide expert comment on broader security issues. A Swiss national, Roger holds a Master of Computer Science degree from the Federal Institute of Technology in Zurich and is a Certified Information System Security Professional (CISSP). Before joining Microsoft, he was responsible for e-Business Risk Management at PricewaterhouseCoopers in Switzerland. He lives in Zurich and is married with two sons.

Tag Cloud

cloudMalwareDavid HarleyWiFiSecurityCompliancecloud securityhacking

Bloggers

Blog

Are You Focused On The Wrong Security Risks?

There is an good article on CIO Central: Are You Focused On The Wrong Security Risks?

An interesting discussion, and I partly agree that we have to challenge the way we look at the security risks. I would even broaden the questions he raises. When I talk about industry trends that impact your risk landscape, then include:

  • Users ask for more flexibility: For a lot of roles, it does not really matter when you work and where you work. I am fairly open when I work personally, from where and how I split my private and work life. This means that in my case, my notebook is not directly connected to the Microsoft corporate network more than once a month.
  • Cybercrime moved from “Cool to Cash”: This is not new but we have to understand that the real threats are the targeted threats and not anymore broad spread attacks like Blaster in the past. It is all about going for money and understanding the business case.
  • Consumerization of IT: That’s a tricky one. I am convinced that more and more consumers are making strategic IT decisions. You disagree? Give me the one single company who decided to use iPhone or iPad as a strategic device. It came in by the consumers as they love the device and wanted it to be integrated into the IT infrastructure. This will continue. When the younger generation is entering the business, the ones who grew up with Facebook and Twitter, they will ask to be as productive as possible using the tools they know – and we are giving them a one-size-fits-all and giving them a standard build. We even feel good by doing so and are not realizing that they will find ways around the security boundaries we are building – with the intention to do their job efficiently. We need to help them to work productively in a secure and safe way.
  • Security as a Business Enabler: We need to understand that our job is to help IT to help the business to be successful. We are not here to be the “no”-sayer.
  • Cloud: That’s obvious but we need to be part of these discussions in each and every IT. Again, not to say “no” but to help the business to understand the real risks, not just our gut-feeling of losing control.

And then, we probably should look into the way we do risk management overall:Fixing Risk Management

So, let us accept these trends. I do not think that there is disagreement on the trends above. If yes, we have to embrace them and especially move towards a business asset. I am tired of having the touch of being just the pain in the back and so are the CxO’s to pay our bill.

Let’s become a business enabler and not a disabler as in the past.

Roger

Posted 28/01/2011 by Roger Halbheer

Tagged under:Risk Management

Comment on this blog

You must be registered and logged in to leave a comment about this blog.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012