I hate to say it, but in my humble opinion, for the last decade or so the infosec and cyber security industry seems to have lacked vision, that is, the ability to look around the corner to visualise what the next attack vector or risk might look like. I feel that the industry as a whole, not to mention many of the organisations with which I’ve worked, have leaned too greatly on technological solutions, which on many occasions, I have observed, are bolted on top of flawed systems and architectures–solutions that ultimately do little except paper over the cracks and nevertheless leave the enterprise vulnerable.
On a similar note, we have at the same time been very accommodating to jump into bed with compliance, governance, and standards, all of which we have treated as demi-gods at the expense of practical security solutions and robust activities. There are too many examples of this to even mention.
Things that seemed obvious to me in the past are finally being picked up by others in the industry. For example, while reading the current issue of Infosecurity Magazine, I came upon an article relating to the balance of privacy and security. It’s funny, for when I raised this issue some years ago, I was shot down. But then I guess I should be grateful that at least the magazine in question has caught up, albeit a little late in the day.
Additionally, I recently read in Computing Security that anti-virus software is past its sell-by date, which many, including myself, have been saying for a number of years now.
Agreed, no one knows everything. However, we as an industry need to raise our eyes from the barriers of what we can see and as a group look beyond towards identifying the “unknown unknowns.”
Above all, as painful as it might be [and I know], we must not be afraid to speak out against mass opinion. Trust your instincts and know that the industry will eventually follow–even if it takes a number of years to do so.
[su_box title=”About Professor John Walker – FMFSoc FBCS FRSA CITP CISM CRISC ITPC
” style=”noise” box_color=”#336588″]
Visiting Professor at the School of Science and Technology at Nottingham Trent University (NTU), Visiting Professor/Lecturer at the University of Slavonia [to 2015], Independent Consultant, Practicing Expert Witness, ENISA CEI Listed Expert, Editorial Member of the Cyber Security Research Institute (CRSI), Fellow of the British Computer Society (BCS), Fellow of the Royal Society of the Arts (RSA), Board Advisor to the Digital Trust, Writer for SC Magazine UK, Originator of DarkWeb Threat Intelligence, CSIRT, Attack Remediation and Cyber Training Service/Platform, Accreditation Assessor and Academic Practitioner and Accredited Advisor to the Chartered Society of Forensic Sciences in the area of Digital/Cyber Forensics.
Twitter: @SBLTD
John Walker is also our Panel member. To find out more about our panel members visit the biographies page.[/su_box]
John is the Principle at Shadow-Intelligence (Si), partnering with PALISCOPE, BreachAware and iStorage. He is a Visiting Professor at the School of Science and Technology, Nottingham, Trent University (NTU) and holds the appointment of Editor in Chief for the International Journal of Cyber Forensics and Advanced Threat Investigations (CFATI). For the last decade he has delivered training courses in the Middle, and Far East to Commercial, Industrial, the Financial Services Sector, and Military Agencies, including the UAE, US, Pakistan, Saudi Arabia, Malaysia (KL), Singapore, Argentina, and Sao Paulo
He served in the Royal Air Force 22 years’, specialising in Counterintelligence, working with UK Agencies such as GCHQ/CESG, and others in the fields of SIGINT, COMINT and Satellite Communications, holding appointments such as System ITSO for a CIA SCIF.
In the commercials sectors of IT/Cyber he has worked for/with Logica, Bae, T5, GM, Experian, Betfair, Palace of Westminster, House of Lords/Commons, TSol (Treasury Solicitors) and provided Consultancy to the Saudi Arabian MOD, TRA (Telecommunications Authority (Dubai) and the Military Academy of Malaysia (KL) on SOC, CSIRT, Digital Forensics and OSINT. Within the last 5 years he has focused on Geopolitics, with global expertise around the UAE and Russia, Anti-Terrorist Operations (ATO), Cyber-Warfare, Dezinformatsiya (Disinformation) and Maskirovka (Military Deception).
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.