#infosec16: Levison Wood Urges IT Security Pros to Embrace Risk

Written by

Mitigating risk, building resilience and incident response, and tireless training have been at the heart of explorer Levison Wood’s success to date and he believes the same focus could help information security professionals.

Speaking at the opening keynote of this year’s Infosecurity Europe show, Wood – who has walked the length of the Nile and the Himalayas – claimed the motto of his old British army regiment could also stand the average cyber security pro in good stead: “Ready for Anything.”

Risk should be embraced rather than feared as long as one takes the appropriate steps to mitigate it,” the former Para claimed.

“People assume it’s too dangerous; that there are too many risks … But it’s about managing risk and improving resilience,” Wood argued. “You have to take risks. Risks are good. Only by taking risks will the business thrive and succeed in the marketplace.”

There’s a balance to be had between protection and operational efficiency, but only by embracing “measured risk” will individuals reap the rewards, he added.

Resilience, or the ability to rapidly recover from an incident, is also key, and rehearsing contingency plans play a major part in success here. In short, IT security teams need to accept that things go wrong and prepare for this eventuality, Wood hinted.

Humans can make or break these efforts, he claimed. The latter is certainly true if research on accidental insider breaches is to be believed. An Intel Security report from last year claimed 43% of such incidents are the fault of employees, with half of these unintentional.

However, it’s also true that a good infosec team is essential for security managers and CISOs.

“If you are to succeed and do great things you have to surround yourself with great people,” Wood argued.

As an explorer, he admitted to having little knowledge of cybersecurity despite the many parallels drawn with the industry during the keynote.

However, there were some anecdotal tech tips for attendees – the most useful being not to update one’s Twitter feed whilst trekking through potentially insurgent-infested territory.

What’s hot on Infosecurity Magazine?