Next-gen infosec pros will come from diverse backgrounds
Despite a major theme of the (ISC)2 Security Congress EMEA 2016 in Dublin being what the next generation of information security (infosec) professional might look like, Richard Nealon, director, (ISC)2 Ireland, highlighted the infosec lessons that we could have, and in some cases, should have, learned from the 1916 Rising.
Nealon highlighted the failures in communication, command structures and resourcing in particular, as being analogous with the struggle faced by organisations in combatting cybercrime today. He also highlighted how, in hindsight, the official reaction to the Rising, being somewhat ill-judged, led directly to developments that ultimately resulted in the Free State, aptly demonstrating that the follow up to an incident can be almost as important as the incident handling itself.
“The Industrial Age is over. The Digital Age is not the industrial age on steroids — it is a fundamental change,” was the stark statement by Ade McCormack, futurologist, author and digital strategist.
McCormack said that in our hunter/gatherer past, we were highly mobile, highly social and cooperative as a species, enjoying great creativity while also being reactive and predictive. The Industrial Revolution took much of that away, but the Digital Age is, culturally, returning us more to that mode of behaviour.
This new age requires a new style of leadership, one that facilitates people, not commands them, he said. The new breed of worker will be a “HR nightmare”, said McCormack, as we are now seeing “blue-collar-isation of white collar work”. These new workers will be highly creative, highly individual and disruptive in how they work. They will bring back human skills and values to industries that have lost them, such as banking.
The power axis is shifting from the employer to the employee, said McCormack, and talent will come from unusual areas. Much of that talent, he predicts, will come with a “jagged résumé” of eclectic skills and experience.
“Leaders now exist to support talent,” said McCormack.
We have all been encouraged to succeed, and so have become afraid of failure, he warned. We need to be willing to experiment, accepting failure and learn from it.
“In the Digital Age, risk management means risk acquisition,” he said.
But while talent and skills will come from an ever more diverse pool, McCormack said that we are on a convergence course with technology, heading for what he termed “Homo Extensis”, or the extended human.
He advises people, in this new environment, to “treat your career as a lean start-up.”
“Practice deliberately,” he said, “re-engineer your brain.”
“Lead anthropologically,” too, always encouraging movement, flexibility and productivity. “Let nature lead your approach.”
In the Digital Age, said McCormack, leadership does not come with your job title, it comes from the people who are willing to follow you.
With such a potentially chaotic threat landscape as faces organisations these days, comprised of so many varied threats, a key exercise is to think the unthinkable, advised Barrie Millett, board member, Cyber Rescue Alliance.
We have to be imaginative in our thinking, said Millett, understanding the risks that are possible, but also shaping potential responses to situations.
Citing the book by Ted Koppel, “Lights Out” about the potential devastation of a critical infrastructure attack on the US, Millett said that the US had sent a team to Ukraine to understand what happened there in its cyberattack — so important were these events as a pointer to potential future attacks.
In contemplating threats, and thinking the unthinkable, Millett warned that communication is still key in developing plans to cope. Communication must be appropriate for the audience, he said. Warning against a “bits and bytes conversation,” he reminded “it’s got to be in the business language”.
Today’s hyper-connected world, said Millett, requires a similarly connected approach that is both strategic and operational, but above all, highly coordinated.
“But keep it simple, keep current and test, test, test,” said Millett.
We are very narrow minded about what we define as a security professional, said Brian Honan, independent security consultant, founder and head, IRISSCERT, special advisor, Europol’s Cybercrime Centre EC3.