Cybersecurity community must make some changes to truly be effective
Share intelligence, hire more women, design technology for how people use it, expert says
By Byron Acohido, ThirdCertainty
Theresa Payton honed her cybersecurity skills as the White House’s first female chief information officer, under President George W. Bush.
Payton is now president and CEO of cybersecurity consulting company Fortalice Solutions. I had the chance to interview her at the recent Enfuse 2017 cybersecurity conference in Las Vegas.
We discussed how digital attacks have increased, what strategies embattled organizations should embrace and why über-competitive tech security vendors need to learn to share threat intelligence more readily. Here are a few top takeaways:
DIY hacking increases
When Payton was at the White House, she says cyber criminals and terrorists had to have skill and talent to break into digital systems. Now, with emerging technologies, “it’s never been easier and inexpensive to actually create mayhem.”
All the old-school security problems from years past are still issues, and new ones are being added. Criminals can outsource cyber attacks, or learn how to do it on a YouTube video.
“It used to be sort of cyber criminal syndicates, and state-sponsored crime, but it was really hard for just the average evildoer to break in and do cyber criminal activities,” she says. “Now, it’s never been easier.”
Seeking new approaches
Payton says the security community needs to pay more attention to how people use cyber solutions, instead of focusing only on their creation and design. “We need to start designing for the human, vs. telling the human to conform to the technology.”
She also believes that sharing intelligence helps strengthen everyone’s defenses, something that a highly competitive industry is reluctant to do.
“Some of that true actionable intelligence—‘I just got hit, and this is how they did it, and this is what I need to share with other people so they’re not victims’—that’s not happening in real time as actionable intelligence, and that’s what we have to fix,” she says.
Closing the gender gap
“We need everybody—we need male, female, we need minorities—we need everybody to fight this good fight,” Payton says. “But I continue to be dismayed at the inability for us to recruit more females.”
The industry has a problem with messaging, she says, in that the traditional image of a cyber expert, “a dude in a hoodie in the dark, hunched over a computer,” makes it hard for women to see themselves doing cybersecurity work.
She says more emphasis needs to be placed on the industry’s ability to help people retain their identities, or to save a business from having its data stolen. Women need to hear, “This is a fight, and you can be on the good guys’ side, and you can really help.”
For a deeper drill down, please listen to the accompanying podcast.
More stories related to the evolving cybersecurity industry:
How to grapple with the growing gender gap in cybersecurity
Silence isn’t golden: Information sharing is key to combating cyber attacks
Why studying human behavior could be the key to securing networks