The Three Stages of Cloud Transformation: Application, Network, Security

Secure Cloud Transformation: The CIO’s Journey

Cyber Defense

With known adversaries from foreign governments to domestic surveillance the security challenge has changed from one of proper configurations and operational procedures to on of countering targeted attacks. In this presentation Stiennon describes the world’s best practices for thwarting sophisticated attackers.

How to create and staff a cyber defense team. Continuous monitoring coupled with security analytics is an additional required layer of defense. Lockheed’s cyber kill chain is the right approach, for now. Autonomous attacks will arise soon and the tools needed to thwart them are not even on the horizon.

The Revolution in Military Affairs Has Given Rise To The Real Threat of Cyberwar

Expanding on the topic of his Master’s dissertation at King’s College London Stiennon relates the history of the Revolution in Military Affairs within the major military organizations of the world and how the rush to Network Centric Warfare has laid the groundwork for cyber attacks and the incorporation of cyber weapons into each military’s battle plans.

Military preparedness is focusing on cyber offense to the detriment of defense. The rapid adaption of Network Centric Warfare has left most militaries vulnerable. The next war will be multi-domain, led by cyber.

How The Surveillance State Has Changed IT Security Forever

The rapid rise of surveillance by the NSA and other government spy agencies poses a new threat to every IT security department. Gone are the days when hackers, cyber criminals, or even espionage by foreign governments were the major driver of IT security investments. Since the 2013 revelations that the NSA had successfully executed on a mission of “information dominance” and “collect everything,” the new driver is massive data collection and how to counter it. Stiennon predicts that the IT security industry will respond quickly to this new threat with increased investments in encryption, key management, and the defenses required to protect the means of encryption. This will mean a tenfold increase, to $632 billion, in security spending by 2023.

IT Security spending is already growing at 24% a year. Four times what most analysts predict. Employment in IT security will grow tenfold The NSA is a threat that will be countered by a revolution in IT security technology.

Why Risk Management Fails

The three tenants of IT Risk Management are asset identification, value assessment, and vulnerability management. In this provocative presentation Stiennon demonstrates that all three are impossible and therefore time, money, and effort expended on risk management are misplaced. He advocates for a threat centric approach to IT security.

Take aways:

Most risk management programs are impossible to achieve and they do nothing to protect an organization from targeted attacks. Only by incorporating threat management can an organization counter advanced targeted attacks. In battle situations, leaders focus on threats, not risks.