CyberMaryland 2016 offered an assortment of panels and breakout sessions to improve overall awareness around cyber security policies, defense, investment strategies, and risk management.
The central theme of the two-day conference revolved around the importance of people. Technology alone isn’t enough to thwart attacks. People present both an opportunity and vulnerability when it comes to cyber security. As Admiral Michael S. Rogers, US Navy Commander, pointed out during his opening keynote address, “Human capital is the biggest challenge in cyber security.” He emphasized the need to raise awareness of every individual to drive a workforce that’s motivated to think about security.
Here are some of the noteworthy points from the panels and keynotes I attended:
Educating Executives and Board Members
It’s been a popular point that educating the C-suite and board is essential for improving the cyber security posture of businesses. However, one of the more interesting observations made by the panel that presented on the topic of Top Cyber Concerns in the C-suite (Joanne Martin, Gary Merry, Christopher Helmrath) was that the knowledge level of the C-suite is taken for granted. For instance, CEOs may not know much about cyber security. Just because they are CEOs, everybody expects them to know about cyber security, but they don’t necessarily have that expertise. You need to give CEOs a chance to learn.
It’s also critical that when presentations are made to the board, security professionals speak the board’s business language, and they also pay attention to details they may normally overlook (grammar, look and feel). Don’t let formatting issues and grammatical issues take away from the salient points of your presentation.
Lastly, it’s also important to tell the truth instead of stating what you think the board wants to hear. If the company isn’t secure, tell them.
Lieutenant General Lynn’s Keynote Address
Lieutenant General Alan R. Lynn, Director of the Defense Information Systems Agency (DISA), discussed the diverse technologies and tactics DISA has used to protect the nation. Among the stats that stood out in his address is that DISA has blocked 1.1 million operational events.
He also painted a picture of future protection practices, including software-defined networking and identity recognition. Software-defined networking will present an opportunity to replicate multiple networks to evade advanced persistent networks. On the identity front, General Lynn pointed to our data patterns potentially taking the place of ID cards. Your phone, your emails, and your call logs will make up your personal identity.
Secretary Chertoff’s Keynote Address
During his address, the former Secretary of Homeland Security touched on trending issues in the cyber security space, including the rise of the Internet of Things as a prime target for attackers, and the penetration of sensitive documents to embarrass prominent organizations.
According to Secretary Chertoff, there are three critical issues the general public needs to be concerned with to protect themselves:
1. Reasonable Expectations. Just as doctors can’t stop all infections from occurring, you can’t stop all attacks. You need to make sure you minimize and mitigate the damage, though.
2. People. Again, we get back to the central theme of the CyberMaryland conference. Technology alone isn’t a cure-all to deal with cyber defense. People and governance play a crucial part.
3. Architecture. Not all critical systems are created equally. You must take different architectural approaches to build unique critical systems.
Overall, between the ClearedJobs.Net and CyberSecJobs Job Fair, and the main conference, CyberMaryland2016 was highly engaging and enlightening. It was exciting to see so many passionate cyber security professionals come together for the singular purpose of advancing cyber security as a shared responsibility. We’re looking forward to attending CyberMaryland 2017.