Information security organizations sure are attracting more attention than they used to 5, 10 years ago. Given the rising occurrences of cyber threats and publicly declared breaches, media has glommed onto anything it thinks will attract mainstream interest. Though the security community has spent many years trying to convince non-security coworkers to care about security, the media scrutiny is something many security practitioners feel they could do without. Media often gets the details wrong or jumps to hasty conclusions, and the misinformation turns into additional work for the security team—something no one needs during an incident.
Not all security practitioners feel this way, though. Mark Butler, CISO at Qualys, says that “the media has changed security for the better,” as they serve as a sort of external “watchdog and oversight layer,” holding security organizations accountable for accurately reporting on and handling incidents and breaches that affect the public. More importantly, Butler says, the public exposure forces organizations to improve upon preparations for the next cybersecurity go-around.
Butler says that security teams should “take advantage of situations when they occur,” using media reports on cybersecurity to “accelerate awareness” and “illuminate risk.”
In this video taken during Black Hat in July, Butler explains why he thinks the media has helped the security industry and offers advice to cybersecurity leaders about best practices for stepping into what’s become a very public position.
Mark will join fellow industry experts to lead the Cloud Security Summit at InfoSec World 2018 in March. Register to participate in a day-long discussion about cloud threats, opportunities, and transformation.