cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Interop 2016: Cyber Security Insights

Level 13

Interop 2016 kicked off the week with two days of IT summits that covered an amazing range topics, including cloud, containers, and microservices, IT Leadership, and cybersecurity, plus hands-on hacking tutorials. The following three days included the Expo floor opening as well as the session tracks.

Since the IT Leadership Summit was sold out, I decided to join the Dark Reading Cyber Security Summit Day 1. I was only planning on attending Day 1, but the content was so good that I eschewed Container Summit and attended Dark Reading's Day 2. To kick things off, the editors at Dark Reading shared some interesting insights followed by industry thought leaders.

DevOps-Sec.png

DevOps - SecOps Relational image via @petecheslock and his Austin DevOps Days 2015 presentation.

My top 10 takeaways from the Dark Reading Cybersecurity Summit Days are below.

  1. $71.1B was spent on cybersecurity last year.
  2. Security pros spend most of their time patching legacy stuff and fixing vulnerabilities versus addressing targeted, sophisticated attacks, which happens to be their primary security concern. Number two is phishing and social engineering attacks.
  3. Security is one of the most important priorities and one of the least resourced by IT organizations. Security pros make policy decisions, but non-security people make purchasing decisions.
  4. The weakest link is the end-user, who make up the surface area of vulnerability.
  5. There are not enough skilled security ops people. 500K to 2M more security pros are needed by 2020.
  6. The most talented security pros are hackers.
  7. The average time to detect an intrusion is 6-7 months.
  8. 92% of the intrusions, incidents, and attacks of the past 10 years fall into nine distinct patterns, which can be further reduced down to three.
  9. The cost of a breach is roughly $254 per record for breaches, including 100 records, while $0.09 per record for breaches involving 100M records. Note that the cost is a multi-variable function with many dimensions to factor in.
  10. Only 40% of attacks are malware, so stopping malware is not enough.

Attached below is my DART IT Skills Framework presentation from my Interop IT Leadership speaking session. One of the CIO's SLA is security, so the Cybersecurity Summit was timely.

Let me know what you think of the security insights, as well as my presentation below, in the comment section. I would be happy to present my DART session to our community if there is enough interest, so let me know and I will make it so.

5 Comments

The unicorn picture says it all. Security always gets in the way of the grand vision cast by development. DevOps bridges Development and Operations so that it inadvertently cheats the protocols in place for structure and standardization. We have it here in my company and I always have to be a party pooper.

Hmm.  I love working with switches, routers, firewalls, and especially Orion products!  But if there's that much demand for Security Professionals, it seems there should be greater incentives  offered to folks who leave their old jobs and become CISSPs.

pastedImage_0.png

pastedImage_1.png

Level 10

Interesting facts, thanks for sharing. I would definitely look forward to the DART session in case there will be..

Level 14

"The most talented security pros are hackers."  We teach potential police officers how to think like a criminal.  To catch a criminal, one must be able to think like one.  So, the best security pros have to be able to think a hacker.  To think like a hacker, is to be a hacker.

Level 20

that's so true the devops just spilling out more security leaks all over the place!

About the Author
Mo Bacon Mo Shakin' Mo Money Makin'! vHead Geek. Inventor. So Say SMEs. vExpert. Cisco Champion. Child please. The separation is in the preparation.