This was the breakfast keynote for the ISSA Women in Security SIG held at the Disney Contemporary in October, 2014. The session looks at the info security issues from what can be expected in the near and mid-term future, the challenges of management and leadership talent in this area, and how women can uniquely fill the leadership gap.
3. Setting the Context
• Early Morning
• Ten (10) Questions
• Many answers
• Answer Along: No right or wrong answers
• All relate to each other
3
4. Setting the Context
“The future isn’t what we thought it would be. We
don’t walk around in silver suits, travel to colonies
on Mars or drive in flying cars. Instead, we dress
casual, take selfies and communicate in 140
characters.”
~ Greg Satell
4
5. Setting the Context
“Always in motion is the future.”
~ YODA
Star Wars Episode V: The Empire Strikes Back
5
6. What are the Current Challenges of IS?
• Mobile: BYOD/BYON/BYOA/BYOW
• Hacker Sophistication
• Social Media/Online Activity
• Cloud/Data Storage
• User Denial/Resistance
• Privacy Standards (US & Global)
• Legislation/Regulation
• Business Operations - $$/Reputation
6
7. Four Possible Futures for IS
7
Increased:
• Options
• Business Opps
• Spending
• Quasi-Privacy
Transform:
• High Tech
• Integrated
• Shared
• Access
• Privacy
Collapse:
• Decline
• Hackers Rule the
World
• No Security
• No Privacy
Constraint:
• Heavy Regulation
• Undue Burdens
• No Privacy
8. What are the Future Challenges of IS?
• Authentication: Beyond Biometrics
• Pervasive Technology: Everywhere and Invisible;
Wearable, sensors, bicentennial man; The Circle: always
being recorded; “Privacy is theft,” etc.
• Internet of Things
• No Boundaries for Data: Drones, Private vs. Professional
• Generational: Beyond the Millennial Generation
• Insurance Maturity
• Business Operations: Beyond $$
8
9. What are IS Management Challenges?
• Get the right job done at the right place at the right
time.
– Assign the right people to do it
– Allocation of Resources: Structures/Systems
– Training/Update Systems/Update Training
• Shadow IT
• Enforcing Policy
• Security Implementation
• Recruiting/Retaining
– On the ground level
9
10. What are IS Leadership Challenges?
• Recruiting/Retaining
– Talent vs Knowledge Management
• Succession Planning
• Becoming a talent scout
• Developing Policy
• Developing Security Strategy
– Incorporating Security Strategy into Business Strategy
• Budgeting
10
11. What is Required for IS Leaders?
• Change management
skills
• Ability to influence
• Build coalition
• Critical thinking
• Problem solving
• Managerial ability
• Emotional intelligence
11
• Creativity & innovation
• Strategy execution
• Strategy development
• Ability for financial
analysis
• Have initiative
12. What is Required for IS Leaders?
• Fitting in with the organizational culture
• Cultural sensitivity and fitting have to be married with the
political and business savvy
• Linking security work to strategic objectives of the
company – need to learn to talk money
• Right Communication skills – comfortable with speaking
with the top
• Intelligence Community Skills: intelligence collection &
analysis
12
13. What’s Desired in an IS Leader?
• Accessibility
• Global and cultural acumen
• Transparency
• Authenticity
• Strategic Flexibility
13
• Interpersonal Agility
• Risk Leverage
• Rapid Decision
Making
• Technological Savvy
14. How Can Women Fill the Gap?
“Security is becoming less about technology and
more about people – understanding their behavior,
and protecting users as they do their work. The
study shows that women tend to value skills such
as communication and education – the skills that
are currently in short supply.”
~ Michael Kassner, 2013
14
15. How Do I Become that Ideal IS Leader?
• Commitment – accept the reality of what you are
about to embark on
• Preparation – create your vision & your plan; learn
• Alliances – beyond networking; establish your own
advisory board; be concerned of others
• Take calculated risks – initiate
15
16. How Do I Become that Ideal IS Leader?
• Communicate – your ideas and tout your successes;
the successes of other women; different mediums
• Maintain excellence & your integrity
• Persevere
• Give Back
– This generation
– Next generation
– Seven generations Forward
16
17. How Do I Create Other IS Leaders?
• Create Awareness of the Issues
– The problem: Blog, Write, Speak, Comment, etc.
– Successful Solutions: All of the above + Celebrate
• Resources
– Create
– Make Available
– Distribute Information About
17
18. How Do I Create Other IS Leaders?
• Get Involved
– Company Diversity Plan/Program
– Company Leadership Plan/Program
– Company/Community Mentor Programs
– Company/Community Internship Programs
– Company/Community STEM Programs
– Professional IS Associations (and not just SIGs)
18
19. Developing Women IS Leaders: Cases
• Hewlett Packard (HP) announced that it would finance a
scholarship program, Scholarship for Women Studying
Information Security (SWSIS), up to $250,000 (2014)
• Super Bowl 2014, GoldieBlox, a tech start-up that creates
engineering toys for girls
• Lego Releases Female Scientists Set (2014)
• Magazine Articles/Profiles
– InforSec Magazine (August 2014)
– SC Magazine (July-Aug 2014)
19
20. Why is this important?
“Our future will be shaped by the
assumptions we make about who we are and
what we can be.”
~ Rosabeth Moss Kanter
20
21. Why is this important?
"Future is not a noun, it's a verb.”
~Bruce Sterling
21
22. Conclusion
Remember:
It’s not just about the answers
you put on paper today;
it’s the actions you take as next steps
that make the difference.
22
24. Thank you and Contact Information
Deborah Gonzalez, Esq.
Law2sm, LLC
www.law2sm.com
@Law2sm
deborah@law2sm.com
Managing Online Risk: Apps,
Mobile, & Social Media
Security
www.managingonlinerisk.com
@DGOnlineSec
24
Notas del editor
Early Morning
Coffee, Wisdom, Inspiration, Call to Action
Ten (10) Questions
To pique our interest, our curiosity, our minds
Many answers
I present mine, but there are MANY others
No right or wrong answers
Unless your company/life/career depend on it
All relate to each other
Security challenges, esp. online, have proven we are in this together.
Hacker Sophistication: Generation of Cybercriminal
First Generation – to prove I can do it
Second generation – show me the money
Third generation – cybercrime goes big time with collaboration and teamwork
Fourth generation – malware markets; malware distribution services; websites to buy, sell and manage portfolios of stolen data
Fifth generation – today: social engineering; targeted hacks
Physical Theft – laptop, smart phone, tablet, etc.
International Travel
Identity Theft
Business operations: Investments in security products/risk assessments/security strategic plans; ROI; threat intelligence; business continuity
“The commercial drone industry is growing at a rate that greatly
exceeds the FAA’s current pace of regulation or enforcement capability.”
John Goglia from Forbes as quoted in: Kashmir Hill, “Drone Wars (Of the Legal Variety),” Forbes, http://www.forbes.com/sites/kashmirhill/2014/03/17/drone-wars-of-the-legal-kind/, Mar 17, 2014.
Data/Privacy: “If you aren’t paying for the product, you are the product.” Julia Angwin, “Has Privacy Become a Luxury Good?” The New York Times, http://www.nytimes.com/2014/03/04/opinion/has-privacy-become-a-luxury-good.html?nl=todaysheadlines&emc=edit_th_20140304, Mar 3, 2014.
Michael Kassner, “Gender gap: Why information security needs more women,” TechRepublic, http://www.techrepublic.com/blog/it-security/gender-gap-why-information-security-needs-more-women/, Nov 4, 2013.
Get Involved – We hear “be at the table” – what table? And what are you doing when you are at the table?
Get Involved – We hear “be at the table” – what table? And what are you doing when you are at the table?
Super Bowl 2014, GoldieBlox, a tech start-up that creates engineering toys for girls, offered up an advertising campaign to counter these images. The commercial, which to a catchy tune told girls to “ditch their toys and make some noise,” certainly did that on its own, bringing the controversy to light and serving as a catalyst for office discussions and reflection Kaye Toal, “Aren’t toys for everyone?” Goldie Blox, http://blog.goldieblox.com, Apr 1, 2014.
http://www.wbur.org/npr/337565016/lego-releases-female-scientists-set-may-appease-7-year-old-critic
http://www.infosecurity-magazine.com/magazine-features/lets-hear-it-for-the-ladies-women/
“Our future will be shaped by the assumptions we make about who we are
and what we can be.”
Rosabeth Moss Kanter, “Future Quotes,” http://www.notable-quotes.com/f/future_quotes.html (accessed April 6, 2014).
"Future is not a noun, it's a verb."
- Bruce Sterling
“Publications” Page, University of Hawaii, http://www.futures.hawaii.edu/publications.html (accessed April 6, 2014).