In recent years the annual Infosecurity Europe conference has been accused of being too tech heavy. And while that is still certainly the case on the main floor, this year there was a fresh approach to holding such a huge and overwhelming event with a host of interesting talks, panel discussions and presentations that focused on the challenges and pain points, and future ideas rather than just heavy going marketplace. This year hot topics ranged from cyber resilience, threat intelligence and AI and machine learning.
I headed to the Information Security Exchange room to hear a panel discussion on Cyber Resilience In The Face of Human Error, chaired by Lindsay Jack, VP of Security Services at Mimecast. Joining him were Advanced Malware Scientist Meni Farjon, Security Researcher Sevtap Duman and Paul Watts, CISO of Domino's Pizza, UK & Ireland.
The talk focused on the new trend for cyber criminals, making un-targeted threats by packaging up old malware and sending it to everyone in your company. Supply chain has also been hit with this and it is affecting enterprises, with Mimecast researcher Sevtap suggesting that staff at all levels of the enterprise need to be resilient. “[We need to have the mindset of] a hacker: it's not your data I want, it's who I can access through you.”
Domino’s Pizza UK & Ireland CISO Paul Watts warned that we are now in a new era of enterprise-wide accountability: "If users want flexibility then they need to realise it comes with responsibility."
I then headed to the Pillar Hall for a debate on how to build the security team of the future. Hosted by Tom Hickling, Head of ARM Cybersecurity, four heads of security got together to discuss skills and how to attract (and retain) talent.
Lee Barney, former Head of Information Security at Marks & Spencer took a slightly different slant on the idea of an industry-wide skills shortage: "I don't actually think that there is a shortage. There is an industry we work in and there are lots of other industries out there. The successes that I have had, even in the deep technical areas, have been looking outside of security into other technical roles.
Emma Smith, Global Cyber Security Director at Vodafone said there are benefits to complete novices joining her team: “We had four apprentices last year who were mind-blowing. They had no security expertise whatsoever three of them were school leavers one was starting a second career in his mid-20s. One is now running a course for us.
“But we are struggling with people who have real experiences and I don’t agree entirely with Lee that there is no skills shortage."
After lunch I found my way to the Technology Showcase for a presentation by James Chappell, CIO at Digital Shadows on Beyond the Castle Walls: How do we protect in a de-perimiterised world?
“Deperimiterisation - it is absolutely here,” said James. “Digital Transformation is driving a lot of it with cloud. It’s not a disaster, like all other risks it needs to be managed and we are going to need to evolve with it.”
He added that enterprises need to think strategically and be proactive rather than reactive. “If we can all talk a common language like the Rosetta Stone then we can do a decent job of aligning controls and mapping out our weaknesses. It’s about understanding the later stages of the kill chain - learning about the tactics and techniques of the behaviours that take place against organisations."
And, keeping on theme Jochen Kressin, Co-Founder & CTO of floragunn led a talk about Zero Trusted Networks: Why the Security Perimeter is Dead at the Cyber Innovation Showcase.
Jochen recognised the need for a new approach: “You have to assume the attacker is already inside the network and you have to move the security to where the data is.”
I finished the day with a walk around a few stands, ready for a beer and a play on some of the more interactive stands such as White Source's space invaders game. Having a breather and reflecting on everything that I'd listened to, watched or discussed with peers, I realised that actually, despite so much murky talk of change, fear, disruption, shortage, invasion, even death! there is actually much to be chirpy about. In the unsteady world of info security, events like this really demonstrate just how tooled up and ready for battle our industry is. A few rousing speeches next time certainly wouldn't go amiss.