JavaDevelop

In January 2019, I had the honor of joining industry colleagues in an open webcast discussion on Cybersecurity predictions for 2019. Vito Sardanopoli, Gary Hayslip, CISSP, Scott King

With the ever-changing threat environment and increasing prevalence of data breaches, today’s CISOs face a daunting task of securing their organization from a variety of threats. But, with so many priorities and a finite budget, it can sometimes feel like an impossible task to decide where to focus. So, what does 2019 have in store for cybersecurity and what are CISOs’ top priorities?

Join Rapid7 and our panel of expert CISOs for our 2019 predictions. Some of the topics our panel will cover include:

1. What are the top cybersecurity predictions for 2019?
2. How will CISOs’ priorities change in 2019? What will become new areas of focus and what will decrease in priority?
3. How will CISO’s investments change in 2019? What areas of cybersecurity do they see receiving more funding?
4. Actionable insights for how to improve your organization’s cybersecurity strategy in 2019

Webcast here: https://www.brighttalk.com/webinar/what-does-2019-have-in-store-for-cybersecurity-a-cisos-perspective/

This month marks the completion of my twenty-second professional year in the technology industry. From days of system/network/IT work, in the worlds of AS400, UNIX, Novell, Windows NT, and Domino; moving into software development in Notes, Java, web; and into the human facing roles of technical professional services / consulting / training. All that before I dove head first into Information Security 12 years ago & never looked back.

Now, entering year 23, I look back on a career that was never a predetermined path. A kid with little direction, poor grades, initially flunked out of college, introverted & self-conscious; really only good at delivering newspapers, playing the drums, and finding ways to edit/break software on Atari floppy disks. I am fortunate for where my career has taken me, & thankful to the people I’ve met along the way; many who have helped guide me in a path of positivity & prosperity, where several alternative paths would have been easier to take.

I have ideas where the future will take me, but I’ll have to continue on this ride to see where it goes from here.

Thanks to family, friends & colleagues along the way, who have either joined me on this ride, hopped on for a stop or two, or just pointed in a direction that looked interesting enough to explore.

A bunch of industry friends and colleagues were asked to provide security predictions for 2019. Here’s what we each had to say:

Excerpt from Rapid7 Blog: https://blog.rapid7.com/2019/01/02/facing-the-future-rapid7s-2019-security-predictions/

Happy New Year! Whether you’re feeling rattled or relieved to leave 2018 in the rearview mirror, now is your moment to take one deep (and deserved!) breath before launching into 2019. Though the flip of your desk calendar might not exactly result in a discernible change in your day-to-day, the fact is that each new year brings with it shifting opportunities, challenges, trends, and areas of focus.

Fortunately, we at Rapid7 have adhered to one of our favorite seasonal traditions and rounded up some of the best minds in the security industry to predict what they expect to see in 2019. Rapid7’s CEO, Corey Thomas, predicts that people next year will become more aware of mobile spying and compromise, while other predictions revolve around policy changes, breach fatigue, automation, and the need for better security defenses, among other topics.

Shawn Valle, Chief Security Officer, Rapid7

Three things come to mind when I envision 2019. First, more breaches are on the top of my list. We have a long ways to go before we reduce this statistic.

Second, I believe operational security teams will look to leverage automation wherever they can apply it to help monitor, notify, and respond to threats. Automation has existed in multiple forms for many years, but in recent years, many security-focused solutions have launched in the automation space. Automation can be brought into existing security engineering and security operations teams to reduce considerable minutia and administrivia in initial investigations and responses. As this newer capability starts to get better known, I predict more teams will start to dip their toes in the automation waters.

My third prediction is around the cloud security community working with their primary customers and stakeholders to be more transparent and work toward building and continually growing trust. We in cybersecurity (or infosec, as I still often say) are more and more protecting employee and customer data/assets in publicly facing environments (you have all heard of this internet thing, right?) As this data is more easily exposed than ever before and industry regulations are financially/legally requiring us to rapidly acknowledge data losses, the best approach is to transparently communicate with both internal and external stakeholders about what steps we take to protect their sensitive data and how we plan to work with our stakeholders in the event that data is exposed or lost. Providing stakeholders some visibility into how data is protected will lead to more conversations, which is a key piece to building trust. Let’s talk outside our teams a bit more.