What is your favorite thing about Infosecurity Magazine?
Infosecurity magazine has a human face and a community focus; it cares about the issues it reports on and makes a real and very appreciated effort to be a part of the wiser infosec community.
If your job as Guest Editor of Infosecurity became permanent, what new content stream would you introduce?
Well, over the last few years, video and in particular educational resources delivered using video has kind of become an area of expertise for me. I think Infosecurity magazine would really benefit from a revamp of its video strategy. High production value assets available as an educational resource for enterprises would be a unique offering, especially if they could solicit (non-commercial) materials from throughout the industry
How do you describe to your (non-industry) friends what your job is all about?
Oddly, in the past couple of years this has become less and less necessary, which is testament to the amount and quality of media coverage that online security and the associated threat landscape is getting. I find that “I work in internet security” is enough these days. Even more oddly it doesn’t lead to people wandering off with glazed eyes and a mumbled “interesting…”. People are genuinely interested in understanding what attackers are doing, how it relates to their lives and businesses and what they can do about it.
What makes you really angry about our industry?
Lack of diversity, women are clearly hugely underrepresented in information technology and that’s a problem, it’s not only women of course but also people of color. We need to make our industry representative and inclusive of society at large. The issue of getting more diversity and opportunity in employment though seems to be the simple part of the equation to address, what really makes me angry is the amount of abuse, both physical and verbal, that is being reported by victims both online and in person at events and conventions. There is no excuse and no place for this and we all need to vow to confront it whenever we see it. No more ‘laughing along’, no more conflict avoidance, no more failing to say what you see and no more tolerance. Zero, zero tolerance of divisive and hateful speech or behavior.
What gives you hearts in your eyes?
The flipside of that intolerance coin, the very real and welcoming atmosphere from the security community. The desire to foster and mentor new talent, to clearly articulate concepts and issues, to expand the infosec family. As an industry we seem to instinctively know (for the most part) that new solutions (or even new problems to solve) don’t solely come from established practitioners. One of the most valuable assets in security is your mind-set, the way one thinks and approaches technology and problems. If you have the mind of an infosec professional, regardless of your skills and experience, by and large you will be welcomed into the community, and made to feel valued and welcomed. Oh, and flapjacks. Alice Cooper too, and Butchery & Wine in Warsaw.
What’s the best conference talk/keynote/seminar you’ve ever attended?
Bruce Schneier, talking about the broad concept of privacy at the AISA event in Sydney in 2016. While I may not agree with everything Bruce says, here is a passionate and cerebral speaker, who provokes reconsideration of your own ideas. What more can you ask for?
What infosec technology could you not live without?
Me personally? Well I suppose that would have to be encryption, and by that I mean trustworthy encryption. The foundation of today’s commercial web, shopping, online banking and financial transfers all rely on this solid foundation, as does our right to have private and privileged conversations and interactions online.
What’s your dream infosec job?
I may already be in it to be honest! My career has been a series of mostly fortunate accidents, as opposed to something I determined years in advance and pursued with a singular purpose. My skills have developed over the course of my career in technical support, architecture and design, product engineering and for the past decade as VP security research at Trend Micro. Trend Micro is an exemplary employer, we are encouraged to explore the limits of the possible, both in our roles and outside of them. My role at Trend Micro has expanded over time to encompass public speaking (which I had never done before), media work (again, this was all new to me) and for the past few years writing and creating video assets. Trend Micro encourages its employees to “be yourself, be the best part of yourself” and to “dare to fail”; my role allows me to marry my technical side with my creative side, and it’s a pretty amazing place to work.
If you could have founded any information security vendor, which would you choose?
Oh wow, tough question! I guess it depends on your motivation. If I were motivated by money then my answer would no doubt be different, but I can only answer as myself, so that would have to be SANS.
What is the biggest unresolved information security challenge?
To my mind it is still authentication. The need for individuals to be able to assert an identity is already critical but as we move into an era where one person managing multiple different digital personae becomes commonplace, and with billions of connected ‘things’ and services, the need to authenticate is set to increase exponentially.
What’s your guilty pleasure?
Vanessa Paradis…
What’s your favorite Christmas movie?
It would be a toss-up between Trading Places and Planes, Trains and Automobiles, those two films assemble some of my favorite comedy actors and succeed in making a Christmas film without the cheese but with the cheer!