Sometimes being part of a minority gender in IT is really beneficial. There’s always plenty of people wanting to talk to you at conferences (and never a queue for the toilets!) and it can be quite nice being a novelty. Also, on just about every business trip I go on, I’m reminded of the fact that when people see me, they don’t expect me to be in IT, let alone have a senior position. Today, I had to laugh as a couple of businessmen on the table next to me gave me a lot of detail about their company confidential research that is directly useful to what I’m doing.
Fistly, I didn’t need over 5 years as CTO/CIO to learn the basics of business security. Anyone in the industry knows that you don’t go blabbing confidential information in public, or do they? It’s one of the easiest ways of social engineering – hang around in bars, coffee shops etc near an office that interests you and overhear what you can. Some of it may be useful.
The first session kicked off with Kevin O’Brian from GreatHorn. There are 3 major problems facing the infosec community at the moment:
- Modern infrastructure is far more complex than it used to be – we are using AWS, Azure as extensions of our physical networks and spaces such as GitHub as code repositories and Docker for automation. It is very difficult for any IT professional to keep up with all of the potential vulnerabilities and ensure that everything is secure.
- (Security) Technical debt – there is too much to monitor/fix even if business released the time and funds to address it.
- Shortfall in skilled people – there is a 1.5 million shortage in infosec people – this isn’t going to be resolved quickly.