I was in my 36th floor hotel room in Las Vegas one afternoon last week, after a day of presentations at EMC World, when I was startled by something banging the side of the building above my window. A man in a rope sling winched slowly into sight, swaying from side to side, twirling slightly. He grinned and waved, and then, while I watched in astonishment and admiration, he set to work with squeegee and brush on the 3-panel, 8- by 6-foot window of the hotel room. When he finished, he waved again and then lowered himself nonchalantly down to the next window.
I had a great view from that window, looking northeast to Sunrise Mountain, and I appreciated the great job that this intrepid individual did. I'm sure I couldn't have taken his place, no matter how secure a rope descent system I had! But it did occur to me that in some ways our work isn't so different.
It used to be that the role of a security professional was to build walls and lock doors, to scrutinize signatures and troll through logs. We certainly still need to do that investigative work, at least. But an increasingly important part of what we do is to enable organizations to see opportunities, to give insight into risk and visibility into the business. As my colleague Steve Schlarman said in his EMC World presentation on Risk Intelligence, cybersecurity enables the "Advantaged" organization to focus on business opportunity.
(Image from "Risk Intelligence" session at EMC World 2016)
All too often in our work in cybersecurity, we focus on on the mechanisms and strategies of our attackers and our responses to those threats. The role of protecting the organization is an important one; seeing ourselves as protectors and defenders of the enterprise is certainly valid. But perhaps it's worthwhile to think of ourselves as window washers, too. Supported by the ropes and "Bosun's Chair" of shared knowledge and expertise, we can clear away the dust of old ideas and give the organization the sharp insight into risk that it needs. At our best, we can enable the enterprise to see opportunity as clearly as I can see Sunrise Mountain.
Category: RSA Point of View
Keywords: Cybersecurity, EMC World, Risk Intelligence