This event has ended. Visit the official site or create your own event on Sched.
Welcome to The Eighth Annual Information Security Summit presented by ISSA Los Angeles
View analytic
Friday, May 20 • 10:00am - 10:50am
InfoSec’s Credibility Crisis is also our Biggest Opportunity

Sign up or log in to save this to your schedule and see who's attending!

 Anyone who has been in Information Security for any length of time knows the difficultly of getting people to listen — the frustrating challenge in convincing people to take security seriously. In the enterprise, every single InfoSec budget dollar is painfully scrutinized. Every security decision resisted. Many feel that no matter what InfoSec pros say or do, those they’re responsible for protecting prefer to wait for something bad to happen first. In the meantime InfoSec laments how no one listens, and when an incident eventually does happen, it will ambulance chase and cry “told you so!”


Maybe the resistance is warranted though. Maybe after the world spends $75 billion annually on InfoSec, only to see the hacks large and small continue on, become more damaging, and threat actors more brazen, people are justifiably skeptical of our value. In the eyes of many, InfoSec at best is seen as a necessary evil. InfoSec’s performance (or lack thereof) and this skepticism is why we now see billions of dollars flowing toward cyber-insurance premiums to cover breach costs, dollars NOT going directly toward preventing break-ins. This is a wake-up call and clear signal that InfoSec is in the midst of an credibility crisis, a crisis that puts everyone at risk.


It also doesn’t help when the websites of security certification providers are laced with malware, when popular security software packages such as anti-virus are riddled with vulnerabilities that make customers less safe, or when major incident response vendors themselves suffer their own data breaches. Our work is too important to continue with the status quo. We need to turn things around, and as such, InfoSec has an important choice to make. InfoSec can either choose to continue pointing fingers, complaining about the same things over and over year after year, or as an industry we can take responsibility and do something about it.


First and foremost, we must find ways to improve InfoSec’s credibility and measurably prove its worth. One way to do that, a way that stands above all others, is for security vendors to contractually guarantee that their products and services will perform as advertised. Guarantees like we see and expect from every other major industry in the world. InfoSec is an incredibly confusing space, littered with snake-oil and charlatans, so when security vendors are willing to provide guarantees and SLAs, it builds trust that differentiates them like nothing else can. Security guarantees are the biggest opportunity for every security practitioner and vendor to make a real difference and everyone needs to get involved.


avatar for Jeremiah Grossman

Jeremiah Grossman

Founder & CEO
World-Renowned Professional Hacker. Brazilian Jiu-Jitsu Black Belt. Published Author. Influential Blogger. Off-Road Race Driver.  Jeremiah Grossman's career spans nearly 20 years and has lived a literal lifetime in computer security to become one of the industry's biggest names. And since Jeremiah earned a Brazilian Jiu-Jitsu black belt, the media has described him as "the embodiment of converged IT and physical security.&rdquo... Read More →

Friday May 20, 2016 10:00am - 10:50am
Ballroom A