Taking Back the Security Initiative

Threat agents maintain the initiative and we respond to restore balance. The bad guys innovate, find exposures, and use technology which they can leverage to achieve their objectives.  They take the first step, set the tempo, and lead this wicked dance.  The security industry normally operates in a responsive manner, closing the door behind successful attacks to prevent further loss and scrambling to prepare for the next issue.  But every once in a while, the security community comes up with a predictive and proactive idea which has sweeping effects against attackers and their future likely methods, and we show true leadership in innovation.

These golden nuggets can change the initiative and give an advantage to the defenders. Sadly, it is rare.  In most instances it is difficult to justify expenditures for capabilities which may or may not interdict future potential attacks.  Our industry cannot confidently measure and substantiate such innovation to determine which will leapfrog us ahead of the bad guys and those which fail miserably.  Without clear value, those holding the purse strings are not very motivated to blindly invest.  It reverts back to the age old security problem of measuring attacks which are avoided.

How will we ever change our industry to support security taking back the initiative?  First we must devise a good way of measuring innovation.  We have much better metrics for how good the bad guys succeed, and are blind on how to measure the value of security ideas.  This must change in order to facilitate the financial support necessary for investment.  The value is there, we must adjust our focus to see the opportunity.  Otherwise, the enemy will maintain the advantage as we continue to follow behind the attackers, cleaning up messes, and forever responding to their ingenuity.

Published on Categories Archive
Matthew Rosenquist

About Matthew Rosenquist

Matthew Rosenquist is a Cybersecurity Strategist for Intel Corp and benefits from 20+ years in the field of security. He specializes in strategy, measuring value, and developing cost effective capabilities and organizations which deliver optimal levels of security. Matthew helped with the formation of the Intel Security Group, an industry leading organization bringing together security across hardware, firmware, software and services. An outspoken advocate of cybersecurity, he strives to advance the industry and his guidance can be heard at conferences, and found in whitepapers, articles, and blogs.