What do you wish security professionals would start/stop doing?
Sort By:
Oldest
Head of Information and Data Analytics in Software3 years ago
I am absolutely passionate about both AI and cybersecurity, and the community. There's quite a few opportunities in terms of building a community around cybersecurity, where for the most part, things have been siloed and more so the enterprise-centric old way of doing things. Obviously, as you just catch up, the world keeps changing. With the amount of change that is happening, it's hard for everybody to stay up to date. So I have a few thoughts in terms of creating a community for incident responders. Like we have tried with threat intelligence. It was good, but that's not actionable. So when we talk about specific incidents and sharing that knowledge among peers, that is actionable, which makes more sense.Director Of Technology in Education3 years ago
Stop acting like they have a law enforcement background. Unless the security professionals have genuine experience at the CIA, FBI, or NSA it’s often a bit of an dog and pony show that turns off the audience. Be approachable rather than appearing knowledgeable.Principal Information Security Officer in Education3 years ago
Stop spreading FUD (Fear, Uncertainty and Doubt) to get increases in budgets and head count (rather than using real metrics, historical quantifiable risk data and fact-based evidence).Director of Information Security in Manufacturing3 years ago
STOP thinking about security as some kind of super exclusive club, where you need to have a kazillion certifications to even get started into a career. Most of it is common sense and can be learned by doing!
On another note, my doctorate was on AI-based agents for large scale institutions. Today, I say stay away from agents if you can, because with API's, you really don't need agents. Everybody has real estate today, and their own assets. Whether you're an IoT or whether you're traditional with your MDR, EDR, you name all the three-letter acronyms, you have real estate. You can use API's, and you don't have to reinvent the wheel by installing yet another agent. I'm a firm believer in using what you have. Don't reinvent it.