I recently attended the Zero Day Con that was held at the Convention Centre which was hosted by Smarttech 247. The event brought together leading technology firms, industry professionals and government officials in exploring the emerging technologies within the security landscape.
Ronan Murphy, CEO of Smarttech 247 opened the event with a recap of the previous year and the morning session saw representatives from security firms like Palo Alto, Trend Micro and IBM talk about what they are doing to combat the skills shortage and the latest tools and technologies that are brought to market to combat this. Companies are moving towards offering more integrated products like Palo Alto XDR and Platform as a Service (PaaS) offering in IBM Connect, all in an effort to drive integration between products to uncover new risk and strength security programs for organizations.
“Security doesn’t make money for the company but secures the company’s ability to make money” remarked Markus Winkler – European Director for Cloud & DevOps from Trend Micro.
We took a short break after which the room was split into those who attended the Boardroom Insights and Technical Workshops. I chose the former which featured a series of 3 panel discussions.
DRIVING FUNDAMENTAL AND DISRUPTIVE SHIFTS WITH AI
Andreas Grzess (CTO at Smarttech247), Carmina Lees (Managing Director, Financial Services Technology Consulting Lead at Accenture), Tracey Pretorius (Director, Global Partner Business Strategy at Microsoft), Robert Sedman (Director UKI, IBM Security), Jonathan Healy (Moderator)
Key highlights from this session:
- All sectors are vulnerable to attacks, it just depends on what adversaries. For example, Critical National Infrastructure are high priority as they provide us with our daily necessities such as electricity and water. Healthcare sectors hold patient records, medical history etc..
- Cyber breaches affect the companies not just financially, there is also a trickle down effect to the brand image and staff retention etc.
- There is still a certain level of disconnect between the boards and security. There should be more focus on C suite and bringing the two functions closer.
- Companies are now hiring more business level CISOs who can have conversations with the board committee rather than the technical jargons.
- What we see today is just the tip of the iceberg, there is still a massive lack of understanding of the extent of potential impact, and lack of readiness for when it happens. Aside from having an incident response playbook, culture also plays an important part in companies dealing with cyber crisis.
SECURITY BY DESIGN IN A DIGITAL WORLD
Derek Coetzee (CTO Getvisibility), David Cahill (Security Strategy and Architecture Manager, AIB), Alan Giles (CTO Boxever), Mike White (CTO Zutec), Jonathan Healy (Moderator)
- Companies are increasingly adopting a data centric approach to their design.
PRIVACY AND DATA SECURITY IN THE AGE OF CYBERWARFARE
Tony Clarke (Head of Information Security at ICON plc), Donna Creaven (Head of Supervision, Multinational and Technology), Pat Lordan (Detective Chief Superintendent), Todd Renner (FBI), Nicole van der Meulen, Senior Strategic Analyst (Europol)
- From 2017 to 2018, the DPC saw an increase in the reporting of cyber related incidents from 45 to 225. Most of this were credited to human error.
- Sharing of information should be more proactive and become more transparent. Collaboration between the public and private sector is crucial.
- There is a different between privacy by design and privacy by default.
- Reporting of data breaches early on is very important. These reports also serve as use cases for when other similar attacks happen.
- Data is both an asset and a liability. Always be asking yourself who do you need those data. “Data is the new oil” remarked Donna Creaven, Head of Supervision at the DPC.
Throughout the day, there were a few topics that were brought up repeatedly. And there are my key takeaways from the day
Collaboration is the key to disruption.
- Technologies are built so that humans can leverage on them. At the end of the day, it is still the individual’s responsibility to assert vigilance.
- Artificial Intelligence and Data continue to play a crucial part in enhancing the security landscape.
- Security should be embedded early, not just in the workplace but also outside. A number of key executives mentioned about early education at home for their children. Start early with educating our next generation about security, increase awareness and embed this at a young age.
- Data Breaches happen mostly due to human error.
- It comes down to the basics of Cyber Hygiene, you don’t really need fancy tools to do the job though they do help to make your job more efficient.
- It is important to keep making noise about security, make it become a common theme. Drive it into the company culture.
- There is a massive shortage of talents in the cyber world, in particular women. There is often a misconception that you have to be an engineer to get into security. Security is a dynamic field and we need people from all walks of life to bring a different perspective.
- Pursuing Cyber related certifications and educations are as important as getting hands on experience.
Ian Brennan, Director of IT & Cyber from Laya Healthcare also took home the Inaugural Cyber Leader Award.
This was my first security event since I arrived in Dublin and certainly not the last! It is great to see more initiatives and interest in this field. I am very excited to see what the rest of 2019 has to offer.
The next security conference, Security BSides takes place on the 23rd March also at the Convention Centre, and tickets are already sold out!
To find out more about the job market or candidates market, please do not hesitate to get in touch with me.