Blog
#ISC2CONGRESS ‘We Got This:’ Adaptability Is Nothing New to Cybersecurity
During her (ISC)2 Security Congress 2020 keynote speech , Juliette Kayyem used three words that tidily sum up the can-do spirit of the cybersecurity community: “We got this.”
Kayyem, a former assistant secretary at the Department of Homeland Security, was speaking within the context of society’s ability to adapt, learn and build resilience during the COVID-19 crisis. Still, her remarks reflect the general ethos of the cybersecurity profession. Cybersecurity professionals recognize that if they can’t say, “we got this,” the alternative is too alarming to fathom.
Cybersecurity workers have to adapt – all the time. Just like what society at large is experiencing during the pandemic, cybersecurity workers do in a continuum – protect, respond and adjust constantly. Achieving resilience is more than an aspiration; it’s a must.
Kayyem talked about an adaptive response to the “now normal” created by the pandemic. The now normal is something cybersecurity teams are intimately familiar with. They, perhaps more than anyone, recognize what is normal now is likely to be different tomorrow. And so you have to adjust in order to stay a step or two ahead of cyber adversaries.
Knowing what to do and how to react is critical. As (ISC)2’s new CEO, Clar Rosso, said in her opening remarks for the (ISC)2 Security Congress 2020 : “Information security skills are in higher demand than they’ve ever been before.”
Congress Themes
Adaptability was one of the primary themes of this year’s conference. The fact that Security Congress actually happened – virtually – is a manifestation of the theme. COVID-19, and the changes it has prompted in our daily and professional lives, was one of the most discussed topics during the sessions and presentations of the three-day event attended by more than 5,700 people.
During a panel discussion titled, “How I Am Surviving the Apocalypse,” participants talked about the adjustments they, their families and their companies have had to make during the pandemic. Brandon Dunlap, managing director of security consultancy Brightfly, and James Packer, head of cybersecurity at EF Education First, both moved from small apartments to larger spaces to get the room they needed to work at home.
Panelist Caroline Saxon, senior advisor to the CIO at TSYS, said one of the changes created by remote working is that now when searching for candidates to fill positions, the search is wider. Thanks to the ability to work and collaborate virtually, the focus is on talent rather than the location of the job or the individual.
It’s a reality echoed by a speaker at an earlier panel, Erik Von Geldern, CISO at FXCM, who said: “Everything has effectively become a global search. We are continually having to reassess the programs we have in place to find that talent.”
As a side effect of these expanded job searches, Michael Weisberg, who runs Information Security and Assurance at Garner River, said during the ‘Apocalypse’ panel that jobseekers living in markets with lower salaries are now applying for remote work positions in cities where employers pay more. They see an opportunity to boost their compensation.
Opportunities and Challenges
Another change Weisberg has noticed is that organizations are moving away from VPNs in favor of zero trust security models. “We want to be able to secure an application at the endpoint regardless of the endpoint,” he said. “Our management responsibility for your device is extended through the endpoint client, not the device itself.”
Despite the challenges created by the pandemic, Weisberg sounded optimistic, saying he is seeing an increase in productivity. As a result of working remotely, people are accomplishing tasks that he thought they never would. Coworkers and clients have forged relationships that would never have occurred without the pandemic, he said. “We are at a moment of opportunity. Change always gives us a moment of opportunity.”
Faranak Firozan, who works on incident response for NVIDIA, said during a presentation on post incident reviews (PIR) that with people working at home, it’s easier to get a hold of them when preparing a PIR.
But of course there are challenges as well. Firozan said that the number of PIRs has risen because of increased hacker activity.
During the ‘Apocalypse’ panel, Saxon spoke about supply chain disruptions that have made it difficult to purchase monitors and other equipment to set up home offices. She also talked about how bandwidth is a problem in communities where broadband isn’t easily available, and stressed the need to work at a community level to improve internet access.
So there are challenges and opportunities – and both are being met with the adaptability and the resilience embedded within the fiber of cybersecurity. Early in the pandemic, there were concerns that cyber incidents would skyrocket. And while some companies have seen increased risks, the situation overall hasn’t changed much. That’s both according to (ISC)2’s 2020 Cybersecurity Workforce Study and security expert Graham Cluley, who delivered one of the keynotes .
Cluley, like Weisberg, Kayyem and so many other Congress presenters, acknowledged that we are living through strange, challenging times, but wanted to leave a hopeful message. Yes, things will remain challenging in the near future, but when it’s over we can expect to come out stronger on the other side. We have adaptability and resilience working for us. So remember, “We got this.”