Friday, 01 October 2004

I didn't know I was going to be asked to speak, but Chris roped me into participating in a panel session first thing this morning, the topic of which was “the future of security.” It was an honor to do so, and the conversation was a good one. The audience was involved and had great questions and comments. The participants on the schedule were:

  • Chris DiBona (moderator)
  • Neil Wyler aka Grifter
  • Fred Felman of Zone Labs
  • CJ Holthaus
  • Nico Sell
  • Dan Appleman - whose book, Always Use Protection, should be read by every teen (and adult) who uses a computer
  • Robert Scoble joined in
  • and me
  • Picture below thanks to noded.com

    Being involved up on the stage, I don't clearly remember everything we talked about in detail. I used/borrowed/stole the “PPT” mantra often used one of my friends and mentors, Jim, in my words during the panel discussion: “Security is about three things - People, Process and Technology.”

    Security as a topic of conversation or debate, especially when discussed among geeks, seems always to attract such a strong technology focus. But the other two aspects of security - process and people - cannot be ignored. If you remove any one part from a security effort, it cannot ultimately succeed. If you have a successful security strategy and program already up and running, you cannot afford to forget to address and maintain all three components. If you do, again, it's bound to fail eventually.

    Technology is important, though. You can't discount the fact that when you run computers and networks, technology is what you're securing, so you'll almost certainly use more technology to help you.

    The panel discussed hardware security technology, and (as expected) the “patch and fix” and other typically Microsoft-centric topics and questions came up.

    My response to the Microsoft-Security debate: Think about football teams. The team that plays tough games season after season and gets its butt kicked over and over will eventually learn the basics, and then will evolve into a mature powerhouse of a team. You just hope the other teams (the ones that had been kicking your team's butt) don't get too lazy or take any thing for granted. Or, if they do, that you have not made an investment in that team.

    Three years ago, I was looking at Microsoft as a team I had a relationship with, but who I could not count on to win the game. Today my position is just the opposite: Microsoft has learned the hard lessons, has had their butts kicked, and has emerged from the fray a stronger, better and more mature company in the security arena. They may only be 60% there, as Scoble noted on the stage, but this is a team that I feel I can count on to do the right thing and fight the good fight.

    This was a good session, covering a lot of ground. Feedback from audience members afterward was positive, which was cool. Security has become a hot topic in the past year or so in the user world, and will become even bigger in the future.

    Again, because it bears repeating: Always Use Protection - buy it now. <eom>



    Add/Read: Comments [0]
    GnomeDex | IT Security
    Comments are closed.