Security Leaders Convened in NYC for Second Annual Cybersecurity Summit

At our second annual NYC Cybersecurity Summit in Manhattan, Gigamon hosted more than 150 security professionals and 10 of our top ecosystem partners for a program that focused on the latest cyberthreats and how companies can best tackle them.

KrebsOnSecurity Keynote: Assume Compromise

After a welcome by our CMO Kim DeCarlis, Brian Krebs of KrebsOnSecurity took the stage to present a keynote on the current security threat landscape. Krebs, who has broken hundreds of data breach stories through his in-depth research on the darknet, put forward the hypothesis: “What if the only way to win a war is to assume you’ve already lost?” In other words, what if the only way to achieve the next level of security maturity is to assume system compromise?

Audience engagement was high, with many attendees asking questions on how to apply his findings to their particular situations. One of Kreb’s best responses, for example, came during a section on compliance when he said that companies must meet and get beyond compliance given they “ain’t gonna outrun the bear.”

Krebs also suggested that companies:

• Foster more on cybersecurity talent. Currently, only 10 percent of security professionals are women – and this needs to change.
• Drill, baby, drill. Security awareness drills are important.
• Secure what you have. The more you add to the network, the more attack surface you have.
• Know your employees. Identify baseline behavior so that you can uncover anomalies.

Time for a New Approach to Cybersecurity Education

Following the keynote, our CTO Shehzad Merchant delivered a presentation on the Defender Lifecycle Model before joining an engaging panel discussion that featured some of the brightest minds in the industry, including Krebs, AT&T CISO and Tag Cyber CEO Dr. Edward Amoroso and former CIGNA CISO Craig Shumard.

Highlights from their conversation:

• Shumard: “It is key for organizations to make sure their board of directors are engaged regarding security. If there is an issue, don’t sugar coat it for them.”
• Amoroso: “Companies should brief their board on security issues and risk, not train them. Briefings are much more effective and impactful.”
• Amoroso: “Fix the architecture of your network, not the processes. If your architecture is wrong, you are dead. I prefer distributed networks layered with virtualization.”
• Krebs: “Companies are like people – they learn from their mistakes. Hire people who have been through a breach.”
• Krebs: “I wonder if #IoT security is an oxymoron.”

All panelists agreed that the U.S. must take an entirely new approach to cybersecurity education and exchanged ideas on what that might look like. To hear their entire conversation, please check out the full panel video.