Business driven perspectives to security

Amit Yoran President RSA – Rock Star presentation on Security topics. This is the second time I heard his presentation and as always its a passionate and motivating experience to hear him. He leave his audience confident and motivating and assure them that they have not made mistake to pursue  Information security.


  • Bad guys are more creative passive and persistent in their attacks.
  • We need to change our approach and choose to do things differently.
  • In light of current economic pressure and ever-changing security landscape, between 75 – 85% Chief Security officers are re-evaluating their enterprise’s security strategy over next year.
  • Clearly Board is not convinced of returns on security spending.
  • Business and security need to converge in their strategic discussions, decisions and directions for coming years.

    Do things differently as the existing strategies would not protect.

    So what are the new requirements and expectations:
    – Align to business priorities
    – Right visibility to security initiatives
    – Business context is understood
    – Efficient response
    – Rapid insight

    Board only cares about overall impact of security event, how does this result in depreciation of value to our shareholders.

    Important to provide comprehensive insight to business

    Business driven security

    Gone are days a point security product was considered sufficient in protecting a security layer.

    Visibility advanced analytics no magic solutions.

    Big data machine learning is future so adopt and learn about them.

    Tools won’t win battles for us. Tools won’t get us on TOP of mountain.

    We need Super smart humans to manage security.

    Always question – Why why why why

    Curiosity looks for anomalies

    Don’t be afraid to make a shift in your perspective and change your point of view. Stop relying solely on technologies trying to prevent attacks. It’s time to look at things from a different angle. It’s time to create a cybersecurity program that links breaches and threats with how they impact your business or government entity. It’s time to form a better strategy that’s driven by the organization’s business needs –
    Time to form a better strategies  driven by business requirements.

    Work we do matters as it matter to our customers partners and families.

    When you go back to work remember your work matters.

    Red tape in leadership is disappointing (he actually used the word sucks)

    Don’t be discourage and don’t give up.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s