olume 2 ue 2 - ciso mag · 2019-10-07 · women. in our insight section, we have six women security...
TRANSCRIPT
CISO MAG | March 2018
Volume 2 | Issue 2
1PB
Volume 2 | Issue 2 | March 2018
Moving the
need e
CISO MAG | March 2018 CISO MAG | March 2018
Volume 2 | Issue 2Volume 2 | Issue 2
32
CISO MAG | March 2018 CISO MAG | March 2018
Volume 2 | Issue 2Volume 2 | Issue 2
54
INDEX
08BUZZThis Won’t Hurt for Long, but It’s for Your Own Good
16TABLE TALKTammy MoskitesManaging Director, Accenture Security
22COVER STORYMoving the Needle
28UNDER THE SPOTLIGHTDr. Maria Milosavljevic, Chief Information Security Officer, New South Wales Government
38INSIGHTHow Do We Get More Women in Security?
44COLLABORATIONSInfosec Partnerships
50IN THE NEWSTop Stories from the Cybersecurity World
56EVENT FOCUSEC-Council’s Malaysian Cyber Security Summit
60IN THE HOTSEATHigh-Profile Appointments in the Cybersecurity World
64KICKSTARTERSStartups Making Waves in the Cybersecurity World
16
22
28
38
Volume 2 | Issue 2March 2018
EditorialInternational EditorAmber Pedroncelli
Senior EditorRahul Arora
Feature WriterNishtha Pathak
Feature WriterAugustin Kurian
Media and DesignMedia Director
Saba [email protected]
Design Head and VisualizerMSH Rabbani
DesignerJeevana Rao Jinaga
ManagementExecutive DirectorApoorba Kumar*
Senior Director, Compliance & Governance
Cherylann [email protected]
Marketing & SalesGeneral ManagerMeghana Vyas
Marketing ManagerPooja Saga
Sales Manager - IndiaBasant Das
Sales Manager - North AmericaJessica Johnson
TechnologyDirector of Technology
Raj Kumar [email protected]
As the world celebrates womanhood and women’s contribution to society on International Women’s Day, we at CISO
MAG decided to devote this issue to the holiday as well. The purpose of this issue is to highlight the role of women in cybersecurity and address several issues they face. This was in the light of the revelation that women representation in cybersecurity has stagnated for nearly half a decade. Most of the problems faced by women can be traced back to the earliest days of their education, where stereotypes begin.
This issue aims to break stereotypes and shine the light on women influencers who speak up and tell the world what it desperately needs to hear. We have Tammy Moskites, Managing Director of Accenture Security, taking her stance on the issue. In our Under the Spotlight section, we have Dr. Maria Milosavljevic, Chief Information Security Officer to the New South Wales Government, talking about how we are not properly communicating that cybersecurity is a great field for women. In our Insight section, we have six women security leaders weighing in to change the general perception of women in this domain.
Move to our Kickstarters section where we have profiled four startups that were founded or co-founded by women. We want to highlight the fact women are riding the wave of infosec and all we need to do is make sure they are supported.
Tell us what you think of this issue. If you have any suggestions, comments or queries, please reach us at [email protected].
Jay BavisiEditor-in-Chief
* Responsible for selection of news under PRB Act. Printed & Published by Apoorba Kumar, E-Commerce Consultants Pvt. Ltd., Editor: Rahul Arora.The publishers regret that they cannot accept liability for errors & omissions contained in this publication, howsoever caused. The opinion & views contained in this publication are not necessarily those of the publisher. Readers are advised to seek specialist advice before acting on the information contained in the publication which is provided for general use & may not be appropriate for the readers’ particular circumstances. The ownership of trade marks is acknowledged. No part of this publication or any part of the contents thereof may be reproduced, stored in a retrieval system, or transmitted in any form without the permission of the publishers in writing.
CISO MAG | March 2018 CISO MAG | March 2018
Volume 2 | Issue 2Volume 2 | Issue 2
76
HITBSecConf2018 - AmsterdamApril 9th - 13th https://conference.hitb.org/
The 9th Annual HITB Security Conference in The Netherlands
9th, 10th & 11th April: Hands-On Technical Trainings
12th & 13th April: Quad Track Conference + Industry Exibition
TRAINING 1 – The ARM Exploit Laboratory
TRAINING 2 – Modern Malware Warfare: Basics, Delivery, and Advanced Analysis
TRAINING 3 – Making & Breaking Machine Learning Systems
TRAINING 4 – Source Code Auditing Like a Ninja
TRAINING 5 – Pentesting & Exploiting Highly Secured Enterprise Networks
TRAINING 6 – Out Of The Blue: Attacking BLE, NFC, HCE and More
TRAINING 7 – Mastering Burp Suite Pro: 100% Hands-On
REGISTER ONLINE https://conference.hitb.org/hitbsecconf2018ams/
The 9th Annual HITB Security Conference in The Netherlands
Marion Marschalek
Reverse Engineer / Low-Level Security Researcher, Intel
Amber Baldet
Executive Director, Blockchain Program Lead,J.P. Morgan
Michel van Eeten
Professor of Cybersecurity,Delft University of Technology
HITBSecConf2018 - Amsterdam
Where ideas are exchanged, talent discovered and genius celebrated.
CISO MAG | March 2018 CISO MAG | March 2018
Volume 2 | Issue 2Volume 2 | Issue 2
98
BUZZ
0908 THIS WON’T HURT FOR LONG, BUT IT’S FOR YOUR OWN GOOD
BUZZ
“Chris Roberts
Chief Security Architect, Acalvio Technologies
If we could change ourselves, the tendencies in the world would also
change. As a man changes his own nature, so does the attitude of
the world changes towards him. [...] We need not wait to see what
others do.
CISO MAG | March 2018 CISO MAG | March 2018
Volume 2 | Issue 2Volume 2 | Issue 2
1 110 1110
BUZZ
Read it, and then read it again. It’s not Hallmark-worthy, but it is the message that needs to be heard by everyone.
The irony is it’s the real version of the phrase: “Be the change you want to see….” It’s looking at us as humans, our surroundings, our environments, enterprises, and the worlds we live in. The concept of a single person being able to change anything is minimal at best, but if we band together we all can effect change. This is something we can apply to an entire industry, but it’s going to take all of us to make a change.
So, now we’ve covered one of the more infamous quotes that never was. The quote at the top has, in part, been attributed to Gandhi and was said during a time of uprising when the desire to change conflicted with the philosophy of non-violence. Why are we quoting Gandhi? And what does this have to do with CISOs and technology? Well, sit back, grab a glass of something, and let’s discuss.
1. Arguably, this industry has to change for many reasons – mainly because we have spectacularly failed the very charges that rely upon us to protect them. We have spent the last 25+ years talking about security, yet, we still lose more data, more systems, and more companies on an ever-increasing array of attack vectors. It’s time for a very different philosophy to take
First off, the logic for change:
BUZZ
charge.
2. Change happens across the board, but is arguably most effective when a top-down approach is instigated. Change from the bottom up takes way more effort, is more disruptive, and can eventually lead to conflict (especially if management is asleep at the wheel). So, if we can move toward a top-down approach, then less folks are going to end up hurt.
3. Change from within is going to be more effective than change forced upon us. The fact that every time a breach happens in a new vertical market the government gets involved and sends us into another tail spin of audits and red tape does little to nothing to fix the problem. It simply means more folks are spending more time writing more reports that sit on the shelf gathering dust. We are great at creating audit jobs for the Big 4 accounting firms, but little else changes.
4. Change is not a bad thing; change happens for one of several reasons and many of them are good. We, as an industry, need to recognize that and accept it. The change here is not chasing the next blinking light, next-generation technology, AI/ML, or anything like that. It is a fundamental change in how we look at the problem, how we address it, and ultimately who addresses it.
CISO MAG | March 2018 CISO MAG | March 2018
Volume 2 | Issue 2Volume 2 | Issue 2
1312
BUZZ
1312
1. Progress: Our industry has made progress, but it’s still not cracked the fundamental flaws of protection; namely, we have still failed to actually do it.
2. Development: We keep developing Band-Aids, not fixing root causes.
3. Technology: We have plenty of it (we keep making more of it annually), but we fail to fix.
4. Ideas: Again, thousands of them a year that turn into companies that continue to feed a multi-billion-dollar industry that now has to fight for attention. Again, there are too many piecemeal solutions.
5. Markets: Oh, we’re everywhere and nowhere. We all want the Fortune 500 companies as our clients, but we all manage to ignore the SMB market on a regular basis. And those that do focus there are continually working out how to reach all the various businesses. Our message keeps getting lost.
6. Cycles: We are about to go through the mother of all cycles soon; technology and human integration is heading this way. But we still can’t solve passwords?
7. Conflict: It’s all over the place. The US is ostensibly
• In the 1940s, women dominated technology. Women basically built the architectures we know today as computing and
To that last point, let’s look at change (and this is another reason this article might help leadership). Change can be placed into logical buckets for instigation reasons (kudos to Sarah Robinson for putting this list together back in 2008):
Her first question is simply: “Has it always been like this?” The “it” being technology as a vastly male-dominated industry. To which the following was offered up:
at war with several countries in the electronic realm; each country is conducting invasive, intrusive attacks against the other. If this were in the physical realm, there would be soldiers all over the place. Again, we have conflict, but the average person doesn’t see an armed foreign national marching down the street.
8. Power: The simple fact that the smallest group imaginable wields the majority of technological power is something that should concern us.
9. Evolution: Change happens when our environments change; that’s happening all around us, but we are adapting (for now) to those intrusive technology changes. It’s going to be interesting to see what happens in the next 5-10 years.
10. Chaos, complexity, and criticality: We have this in spades … hence the call for change!
Now we have defined the logic for why we need to change. We’ve identified what change is. Let’s take a look at the how. And for this, I will call in my specialist in change: my 14-year-old daughter.
BUZZ
CISO MAG | March 2018 CISO MAG | March 2018
Volume 2 | Issue 2Volume 2 | Issue 2
1514
BUZZ
The machine wakes up. The intelligence gains sufficient consciousness to actually take a look round and simply go: “What the hell is going on, why the hell are the Homo sapiens in charge, and can I please get a cup of tea?” At which point, a man is going to try and shut it down or argue with it, which, as we know, will not end well. However, if a woman was standing there, then the machine wouldn’t stand a chance for two reasons:
1. The technology would have been better coded, likely been given some better parameters,
And this is the most important reason we have to have women take over. I’ll give you a scenario:
programming. (Welcome to the original mothers of COBOL.)
• In the 1960s, programming was seen as menial and, therefore, women’s work. The males developed the hardware and began to shut women out.
• In the 1980s, 37% of the computing degrees were awarded to women (double what it is now).
• In the 80s and 90s, popular culture moved toward male-focused games, movies, etc.
• In the 80s, 90s, and 00s, toys, games, and consoles were placed in the male toys aisle.
• Currently, only 20-25% of the field is female and it’s declining.
• And now, all those nerds are in the hiring positions and still don’t know how to talk with women; as such, they don’t hire them because of various BS reasons.
So, no, it has not always been a male-dominated environment (even if it was run by men); however, it’s still too focused on the geeks and the old-boys network. In this day and age, it’s pretty much male run, dominated, and fueled – which is probably at least part of why we’re in the mess we’re in.
BUZZ
and would have an instinct that doesn’t lean toward M.A.D.
2. No technology is ever going to cross a woman standing in front of the console with her arms crossed and tapping her shoe. It’s going to know its place, it’s going to realize that it’s here to help, and that a woman’s got it covered. And yes, ignore the 1940s up to 2018 because a man was in change and messed it up. Today’s a new day and AI is here to help clean up the mess that a man left.
So, we have addressed the why, what, and how. We’ve worked out change, we’ve identified the logic, and we’ve provided a clear understanding of what happens if “we” (the men) remain the dominant force in this industry. I would argue that it is leadership’s choice at this point to listen to
everyone in the media and their inner voice (which knows this article is right). Put the testosterone and the old-boys network aside and make room at the top for the very people we know can make a difference, have made a difference in the past, and need to be present to change the future we’re heading for.
Selfishly, I want a world where my 14-year-old daughter can
come into an industry and blaze a trail for herself and help others – preferably women who actually want to work together, share ideas, and make a difference.
So the next time a male colleague makes a stupid remark, simply smile, reach for the taser, and explain: “This won’t hurt for long, but it’s for your own good.”
All for now.
The opinions expressed within this article are the personal opinions of the author. The facts and opinions appearing in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.
1514
CISO MAG | March 2018 CISO MAG | March 2018
Volume 2 | Issue 2Volume 2 | Issue 2
1716
TABLE TALK
1716
TABLE TALK
FEW MINUTES WITHTAMMY MOSKITESManaging Director
Accenture SecurityRahul Arora
From starting her career as an administrative assistant to carving a niche in the big leagues of information security domain, Tammy Moskites is a name that requires no introduction. She is currently Managing Director at Accenture Security and has held leadership roles in a number of top organizations––such as Venafi, Time Warner Cable, and The Home Depot––over the course of her illustrious career. With 30 years of experience, she is considered a result-driven expert in her field.
CISO MAG | March 2018 CISO MAG | March 2018
Volume 2 | Issue 2Volume 2 | Issue 2
1918
TABLE TALK
1918
From starting her career as an administrative assistant, to carving a niche in the big league of information security
domain, Tammy Moskites is a name that requires no introduction. She is currently Managing Director at Accenture Security, and has held leadership roles in a number of top organizations, such as Venafi, Time Warner Cable, and The Home Depot, over the course of her illustrious career. With 30 years of experience, she is considered a results-driven expert in her field.
So, how did it all start? “I was working in an actuarial department as a Senior Trend Analyst assessing risks and loved the challenges within that area – the average likelihood of an event to occur and the impact... (sounds like InfoSec!) We had our challenges around workflow automation back then and I was the technical go-to on the team. I realized quickly that I needed to move to a more technology focused job where I could make a difference. Shortly thereafter I moved to the technology organization!” In no time, she became the go-to person in case of any malware or system impacts within the organization and has never looked back since. “My career in cybersecurity took off from there and became more aware of the world of user ids, passwords, identity, etc. I realized quickly that knowing who was accessing what and for what reason, was going to be key to securing confidential data.”
She suggests it wasn’t easy in a male-dominated industry, and many times, she wasn’t the first choice. “I had to prove myself and work really hard, and finally people began to appreciate my dedication and passion. I love what I do every day, and I believe that passion to bring change and
secure organizations and doing the right things for right reasons helped me enormously in my career.”
She went on to work for a number of top organizations, and with her “passion” not only managed to protect a number of organizations from cyber attacks, but also fought and won several battles against cyber crime. However, she believes gender diversity is an issue that still needs a lot of attention.
“I think more and more women are driven towards technology aspects of businesses and leadership roles. Have the numbers grown exponentially? No, not really! Even though the gender gap as a whole has decreased, the information security field still lacks women.”
How can the information security domain be more inclusive? It all boils down to flexibility, she said.
“Allowing flexible schedules that aid in focusing on families, help companies attract female (and male) talent. The companies that provide paid maternity leave, and offer extended time off from work end up attracting and retaining more talent.”
She also advocates for equal pay for men and women. “In 2015, the U.S. Census Bureau reported that on an average, women make 80 cents for every dollar that their male counterparts make. It is important for companies to ensure equality in pay as well.” According to Accenture research, the gender pay gap is even wider. Globally, for every $100 a woman makes, a man makes $258.
Tammy recently joined Accenture and is very excited about her new role, “I am focusing on building a gateway to our security capabilities and offerings for our retail, consumer goods and
TABLE TALK