The IT security industry needs more balance between disclosure of threats and discussion of defense practices – and greater sharing of ideas

Tim Wilson, Editor in Chief, Dark Reading, Contributor

October 30, 2017

4 Min Read

For more than 11 years now, Dark Reading has annually reported major increases in cybersecurity spending, hiring, and technical innovation. Yet, almost every year, we have also reported more data breaches, of greater proportions, than the year before. And so the pattern goes on: defenders invest more budget and staff, yet they continue to lose data at an alarming rate.

It’s time to ask some hard questions. Are cybercriminals really ahead of the defenders? Or are there fundamental flaws in the strategies we’re using for defense?

These are among the core questions we’ll be exploring next month at Dark Reading’s INsecurity Conference, which will take place Nov. 29-30 at the Gaylord National Harbor near Washington, D.C. The conference -- which features 32 sessions led primarily by CISOs and former CISOs of major organizations, as well as roundtable discussions and an exhibit floor – is designed to help IT and security professionals rethink the way they approach everyday security tasks, and get them talking about new strategies.

At INsecurity, we’re hoping to break some of the "circular thinking" that keeps our defenses behind. For example, most of today’s IT security conversations – and most security conferences – focus on the emerging threats and vulnerabilities that have been newly-discovered by researchers. This information is valuable in its immediacy, but it tends to skew the defenders’ focus toward the newest threats, rather than the most relevant or impactful. And in many cases, the "new disclosure" conversation is focused only on the threat itself, rather than the best defense against it.

At INsecurity, we’ll be putting aside the "latest threat" conversations for a couple of days and focusing on the strategies and practices that IT and security teams use for defense. If defenders are going to get better, they need to talk about what’s working and what isn’t. INsecurity’s speakers are security veterans who have been fighting the online battle for years and can share their experiences. The content is focused not on what attackers might do, but what they actually do every day – and how you can shift your everyday practices to stop them.

Similarly, most of today’s IT security conversations – and most IT security conferences – tend to happen through one-way presentations or in silos of interested professions. In the enterprise, security teams sometimes spend more of their day talking among themselves than to those with whom they’re exchanging data. Security strategies also tend to be internal, rather than across supply chains or shared infrastructure. Likewise, security conferences tend to focus most of their content on one-way PowerPoint talks by researchers or experts, rather than two-way discussions among colleagues.

At INsecurity, we want to open up the flow of conversation. Yes, some of our sessions will be traditional single-speaker talks, but the other half will be group discussions moderated by experts and protected by Chatham House Rules, in which attendees agree not to share the identities of the participants outside the room. There will also be numerous small roundtables of eight or ten security peers, enabling participants to dig into their specific challenges with colleagues – in a setting that’s intimate and protected. Our goal is to get IT and security people to have real conversations about real problems, rather than just listening to presentations in a dark room.

Even INsecurity’s exhibit floor will offer a different type of conversation. In addition to showing some of the new and latest technologies, the INsecurity Business Hall will feature a theater in which technology providers are encouraged to discuss industry issues and foster discussion, as well as selling their wares. The goal is to get the defenders talking with the tool providers, in hopes that the conversation will help both sides to do better at what they do.

If you’ve been in the cybersecurity industry for any length of time, you’ve probably been to conferences where you stepped out of the sessions in order to have meetings with business partners or discuss a specific issue with colleagues. But what if those conversations were part of the conference – and what if you could have them with some of the top experts and security leaders in the country? That’s the concept behind INsecurity, and our lineup of speakers should make those conversations truly useful, offering ideas for defense that you never had before.

We hope you’ll think about registering for the INsecurity conference. We think it’s time to rethink the security conversation – and find better ways to improve data defense.

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

About the Author(s)

Tim Wilson, Editor in Chief, Dark Reading

Contributor

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers, conducted by the SANS Institute. In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights