Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives //

Carbon Black

9/13/2016
01:01 PM
Rick McElroy
Rick McElroy
Partner Perspectives
50%
50%

Lets Get Smarter About Security By Working Together

We all need help, and only by working together can we move the needle on security.

I know, I know. It’s another teamwork quote.

As a collective information security group, we know that we need teamwork, but it often feels like we aren’t a single team rowing together. We have a common cause. We preach working together with IT and the business to achieve security goals. But we still aren’t working together as well as we could be.

I travel all over the country and meet with information security teams on a regular basis. From large to small, companies are struggling to do everything. It amazes me how often we are not talking to each other. Within verticals, information security teams still are not working together to solve shared security problems. We are solving the same problems and challenges that have been solved hundreds of times by other teams, yet we try to solve them alone.

Why do we choose to silo information so that our individual programs can “ensure” security, but we’ve given nothing back to the community as a whole? We’ve done nothing to drive down shared risk of similar business models. When one of us gets better, all of us should get better.

CISOs have gotten better about meeting to discuss challenges. They have roundtables and meet on a regular basis. This needs to trickle down to team members; individual team members are still assigned work that they are expected to solve alone.

My question to all of us is “Why?”

Why are we still not talking to teams from competitors and others with the same challenges? Is it that we are too paranoid? Is it that we are afraid we will get fired for talking to “the other team”? Or is it that we put blinders on, put our heads down, and solve things alone to be the hero?

Unlock The Collective Brainpower

I am not quite sure what all the reasons are, but I do know it’s hurting us. I learn things whenever I meet with teams. Very cool things. Things I never would have thought of when I was leading programs. I see unique solutions that solve real challenges, but they remain inside the walls of the individual organizations. It’s been said before, but if we are not unlocking the combined brainpower of all individuals in our profession, we will continue to lose.

We pay “experts” crazy amounts of dollars to advise and architect, but maybe the architects at the company that shares a parking lot have free advice that is just as effective (maybe more so since they sit in the same seat as you). A cup of coffee, lunch, or a beer are really cheap ways to entice teams to meet up.

We spend so much time with our heads down working or studying for the next certification that we aren’t taking to time to talk and share. We think that ISACs (information sharing and analysis centers) and vendors will solve this problem for us, but they won’t. Until we adopt a better mindset as information security professionals, we will continue to lose.

We need to talk to each other. We need to share good processes. We need to talk about what tech works and what doesn’t. We need to share our fixes, our code, our wisdom and experience.

I challenge all of us to open up a bit. You don’t need to talk about business strategy or the next product your organization is putting out. Talk about the challenges that are the same. Talk about the threats, the risks, and the solutions. Share more and open up.

It’s what I love about events like Black Hat and DEF CON -- sitting around talking to people smarter than me who have solved challenges in really interesting ways. Talk about how you solved a problem or where your head is as you look toward the needs of your organization. Maybe you wrote a cool parsing script or some rad automation. That’s awesome. Pass the knowledge on. We all need help, and only by working together can we move the needle on security. I almost guarantee the struggles are real and generally the same. Let’s all wise up together.

Rick McElroy, Head of Security Strategy for Carbon Black, has 20 years of information security experience educating and advising organizations on reducing their risk posture and tackling tough security challenges. He has held security positions with the US Department of ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.