Once upon a time—not that long ago—the Information Security field had no rules, definitions, tools, or framework, and it was a new frontier to be discovered and conquered. Now, looking back, we sure have come a long way.
Once upon a time—not that long ago—the Information Security field had no rules, definitions, tools, or framework, and it was a new frontier to be discovered and conquered. Now, looking back, we sure have come a long way.
In this episode of the Business of Security channel, we travel in time with Matthew Rosenquist. Together we take a look back to understand how we got to today and what the future of Security and the CISO role is going to be.
Back then, individuals and teams were undoubtedly working on risk mitigation, controls implementation, and fraud management, but it was a reactive and binary approach to problem-solving. As we compare and contrast the past to the present, it's hard to imagine the similarities from a security program definition and execution perspective; many today complain that their teams are overwhelmed with data, events, and incidents, creating burnout. Looking back, being overwhelmed by data wasn't really possible as the sources of data, types of data, and quantity of data can't even compare to what teams are dealing with today.
As complexity, experience, business models, and technology solutions grew, philosophy and methodology had to change and mature with the technology and the business drivers that have transformed the security field in today's reality.
Today's Security Management must be driven by business values and a proactive mentality. We are starting to see that in many industry verticals, advanced technologies, privacy, policies, etc.
We will never win or even catch up when we're reactive.
"That's the first challenge, I think, in anyone's career. Where are you passionate? What are you good at? How are you going to contribute? You're not going to solve the world. Right? But you play a role. You're a piece in a bigger puzzle; find out where you fit and go with it." —Matthew Rosenquist
"We never catch up when we're reactive. And, unfortunately, there's an axiom in our industry: security's never relevant until it fails. We need to break that axiom. We need to start thinking about the risks. And we're starting to do that." —Matthew Rosenquist
Guest
Matthew Rosenquist, CISO at Eclipz.io
This Episode’s Sponsors:
RSA Security: https://itspm.ag/itsprsaweb
____________________________
To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:
https://www.itspmagazine.com/redefining-cybersecurity
Are you interested in advertising on ITSPmagazine?
👉 https://www.itspmagazine.com/sponsorship-introduction
Are you interested in sponsoring an ITSPmagazine podcast?
👉 https://www.itspmagazine.com/podcast-series-sponsorships