2017 has been yet another year full of widespread, highly disruptive ransomware attacks, data-destroying malware outbreaks and other headline-grabbing security incidents. However, with more organizations increasing their level of security awareness, sharing threat intelligence, achieving regulatory compliance, and recruiting more women and new collar workers to launch cybersecurity careers, there is plenty to be thankful for this Thanksgiving.
To celebrate, we asked some of our top contributors what they’re thankful for this holiday season. Below are their reflections on the past year in cybersecurity and predictions about the bright future ahead.
Security Earns Its Seat at the Table
Neil Jones: Since I was a little boy, Thanksgiving has consistently been one of my favorite holidays. In our time-pressed society, we seldom take the chance to appreciate all of the abundance that we’re blessed with. For example, a passenger might become frustrated when his or her ride-sharing service arrives a couple of minutes late, without appreciating the fact that he or she is able to have dependable transportation show up within minutes at a fraction of the cost of transportation alternatives.
I recently celebrated a special birthday, which reminded me that I should routinely celebrate “las cosas pequenas” — the little things — that shape my day-to-day experiences. Examples of those items include the following: my mother’s and father’s caring voices on the telephone, a special hug from a friend, a significant lesson learned and enjoying favorite delicacies, such as Peruvian food in my case.
With regard to IT security, I’m thankful that security is no longer viewed by business leaders as an organization populated by geeks and scorekeepers and has finally earned primo seating at the proverbial Thanksgiving table. Security protection can empower your organization’s digital business transformation, safeguard your expanding business this Small Business Saturday and incorporate application security testing protection into your organization’s citizen developer initiatives.
Finally, we’re thankful for you! Without our readership base, we could never communicate our important thought leadership content to the world.
Kevin Beaver: I’m thankful for all of the IT, security and business professionals who “get” security. If it weren’t for their understanding of what’s really going on with security, combined with what it takes to make things happen in business, I’m confident the level of breaches would be much greater.
I haven’t yet figured out whether this group is in the majority or the minority in terms of true security support. In the end, that doesn’t matter. What does is what they’re doing. Whoever you are — and you, no doubt, know who you are — I salute you. It’s great seeing people take the time to truly make things happen to keep the cybercriminals and wayward users under control.
Regulation, Collaboration and the Human Side of Security
Doug Bonderud: This year, I’m thankful for the increased recognition of human intelligence in the security process. While advanced tools and services are making it easier to deploy basic protections, any solid security policy starts with on-board employees. On the flip side, I’m also thankful for advancements in security cognition and AI, which both improve incident response times and give IT staff the ability to focus on other mission-critical efforts.
Cindy Compert: I’m thankful for the EU’s General Data Protection Regulation (GDPR). They give organizations the opportunity to handle privacy and security in a thoughtful manner. In the process of understanding the data they collect, process and keep, it provides the ability to build trust with individuals and then leverage that information to provide more tailored products and services.
Put it this way: Would you rather be creepy or cool? Being cool is respecting an individual’s privacy and data use choices. No matter where you live on the globe, that’s something everyone can be thankful for.
Koen van Impe: I’m thankful for the great opportunity to work in a community that believes collaboration and exchanging threat information is the way forward. Threat sharing with our peers, contributing to the work of others and getting constructive feedback helps us improve and respond faster to security incidents.
I’m happy to see that security tools that have been built by the community, such as the Malware Information Sharing Platform (MISP) and Fast Incident Response (FIR), are now being actively used and further developed by that same community. Widespread adoption of these tools will allow us to increasingly shift our focus from protection to prevention and detection.
Lastly, it is reassuring that the European Commission called for building stronger cybersecurity for the EU. The fight against cybercrime can only be successful if the public and private sectors work together and improve mutual collaboration.
Increased Security Awareness Through Education and Thought Leadership
Chris Veltsos: When thinking about what I was thankful for in 2017, I have to say that, as I reflected on October 2017, my mind was devoid of positive items, thinking instead about what a disaster the month was in terms of cybersecurity. But once I got past the initial shock, I realized there is quite a lot to be thankful for.
I’m thankful for the National Association of Corporate Directors (NACD) and the World Economic Forum (WEF) for their January 2017 publications that have helped push the needle in terms of the role of board directors in improving oversight of cyber risks and deepening consideration of cyber resilience across the globe. More CFOs and CEOs are asking about cybersecurity and more CISOs are reporting directly to CEOs or boards than ever before. I’m thankful for IBM’s vision in putting together the X-Force Command Center to provide business leaders with a simulated breach response experience like no other.
I’m thankful for the many conversations I’ve witnessed and taken part in about ways to get into the field of cybersecurity — whether through formal education channels, special programs such as IBM’s P-TECH program, new collar jobs or retraining — and the value of certifications. I’m also glad those discussions included a more open mindset when it comes to the value of non-IT/cybersecurity degrees, because there is untapped value in liberal arts degrees.
I’m thankful for the invitation to record podcasts, including a nine-part series with Paul Ferrillo and IBM’s Mitch Mayne about our book, “Take Back Control of Your Cybersecurity Now,” and the ongoing opportunity to help decipher the headlines and boost security awareness. Last but not least, I’m thankful for the amount of energy and positivity shown by female cyber thought leaders to inspire and guide a new generation of women in cybersecurity.
The Growing Role of Women in Security
Anna Seacat: I am fortunate to be surrounded by intelligent and talented women at IBM who skillfully serve in both individual contributor and leadership roles. These women foster a positive environment where everyone around them can achieve mutual success. High-pressure situations are a natural part of any workplace, but the women I admire remain calm and calculated in their actions and always, always demonstrate patience and compassion for others. I am thankful for the women of IBM.
Limor Kessem: As a champion for women in security, this year I have been increasingly exposed to different programs IBM leads to help more women join cybersecurity. Seeing the company I work for put its money where its mouth is makes me an extra thankful, proud IBMer.
I am grateful to work for a company that leads the charge in driving meaningful programs to attract and retain more women in technology, and the cybersecurity industry specifically. IBM also recognizes that the future has to change and is taking steps to drive that change ahead of time. Part of addressing the gender gap in security is raising awareness of cybersecurity as a career option for women, starting at the younger ages.
I am thankful to be a woman in a company that supports women in a career entry path. In 2015, the Society of Women Engineers (SWE) and iRelaunch partnered to launch the STEM Re-Entry Task Force with seven founding member companies to make rejoining the tech industry easier for skilled employees who have been out of the workforce, which happens more often to women who take time off to care for children. IBM designed a program that used the best of existing returnships and tailored it to the specifics of working in technology, another example of the company’s investment in fixing one of the specific problems known to affect women on the workforce.
Another thing I am very thankful for is an internal group called Women in Security Excelling (WISE), which is a community that brings women together from all parts of IBM. One of my favorite parts of being part of WISE is exposing women to stories of other female executives, the trending themes in security and ways to get into the field.
IBM further fosters mentoring and support for those wishing to transition into security roles, and all these initiatives and care bring a ton more awareness to the subject, which are sure to drive change in the years to come.
Here’s to another wonderful holiday and a time to be grateful for the good things we are fortunate to have and the good times we are fortunate to see.
Pass the Gravy: IBM’s Continued Commitment to Enterprise Security
Pam Cobb: I’m thankful that we’re starting to see the same sort of collaboration in cybersecurity that we see around the Thanksgiving dinner table: Cisco passes us the gravy and IBM shares the stuffing!
Brooks Miller: It is a great source of pride to represent products that deliver a holistic fraud prevention platform that protects financial institutions and their customers around the world. On a weekly basis, I talk with non-IBMers about the kind of fraudulent attacks they encounter on a daily basis. Whether they are prompted to download something that doesn’t seem legitimate or a long-lost cousin wants to send them millions of dollars, IBM can help protect them and their bank accounts.
As cybercriminal activity evolves, so do our products. I am thankful that I can represent a company at the forefront cybersecurity.
Salwa Rafee: This year, I am incredibly thankful for the significant increase in awareness around medical data value among our clients. The digital transformation in health care has fueled the exponential growth of data volume and breadth across the entire health ecosystem, thus increasing the complexities of interoperability, data communication and vulnerabilities for cyberattacks. The innovative cognitive layer in our solutions is a critical component, enhancing the scale, speed and accuracy of data, network and app security in health care, and helping clients remain compliant, secure and private.
Michelle Alvarez: Each and every year, I’m thankful for the gift of life. On the cybersecurity front, I’m thankful for all the positive momentum toward mitigating threats this year. From collaborative partnerships that have wielded advances in protection, such as the Quad9 DNS Service and the Check Point SmartView Application for QRadar, to security operations centers (SOCs) getting cognitive with Watson for Cyber Security, 2017 gave us a number of breakthrough security solutions.
And where would these solutions be without the hardworking individuals behind them? I’m thankful for the malware analysts, incident response and intelligence professionals, penetration testing teams and many other groups at IBM that work tirelessly to protect our customers and the public from cyberthreats.
Security Intelligence Staff