Is Security Still an Opportunity in 2014?

This week we’re at the Westcon Security and Beyond Conference in Park City, Utah. I’ll be speaking first thing Wednesday morning, delivering a keynote session on Moving from Vendor to Adviser, in the world of security. 14 years ago, my then current employer asked me if I thought SECURITY was still an opportunity for technology companies moving into the new millennium. Not only is it still an opportunity…there’s a lot more out there for companies who understand the growing need and capitalize on it.

Digital Disruption Creates More Need

My session will focus on steps companies need to be taking to move up the ladder, accessing those responsible for the security and protection of company secrets, innovation, customer privacy, and the success of their 2014 initiatives…which will involve new trends in technology. Expect to see more and more companies moving to the cloud – in a recent WSJ survey, IT people guessed that larger companies were running up to 50 different applications in the cloud. When the WSJ went to the department level they discovered a much different story. On average, large companies were running over 350 cloud applications – and IT has no idea where. This is just one example that completely changes the security model and demands a look at the department level.

If your company engages in assessments, but is not spending a significant amount of time out in the departments, chances are you’re missing some of the biggest gaps.

CiSOs Are Becoming More Business Saavy

By business saavy, I don’t mean that CISOs are going back to school. I mean the old style CISO is being replaced by business minded security leaders. In my session we’ll be talking about what that means, and how solution companies should be changing their approach to align with these new business leaders.

Leveraging Assessments and Building Justification

Several related points will be covered – but one that stands out is the need to really understand the justification process. I just read a post updating the Target credit card thefts this past December. In it, John Stengel shares that this attack was done through a third party vendor. No surprise here – but in his post he also notes another company that refused to do an assessment due to cost. Whether you’re proposing an assessment, or following up with remediation recommendations – companies continue to delay due to budget. Learning how to create this justification is crucial. This is exactly what happened with TJM years ago. I personally know sales people who tried to warn TJM that their wireless networks were open – it took 100 million credit card loss to wake them up. The good news is, there are ways to build this justification and I’ll be covering some of them this week.

For a more detailed look at this process, join us in the SVLC Insider’s Circle and attend my session online on Feb 10th. For more details – (CLICK).