The Rise of the Cyber Industrial Complex
Malcolm declares the security industry is not to be trusted because it profits from insecurity.
- 00:23 Non-traditional beginnings to a CSO career.
- 02:02 The unusual role of a CSO in a vendor.
- 02:24 Security needs to crawl out from under IT because it touches every aspect of the business.
- 04:04 The security industry is not to be trusted because it has no economic incentive to solve the problem.
- 06:12 Business wants three main things: the risk managed, the cost lowered, and the friction controlled. CISOs need to be measured on that.
- 8:59 The rise of the cyber industrial complex: defense and depth has actually turned into expensive depth
- 11:19 The cybersecurity industry is not economically motivated to solve the problem. We need to demand attribution to the controls that failed and hold the industry accountable.
- 13:27 The role of security in M&A processes: build the cost of remediation into the acquisition budget and this should be bidirectional.
- 16:24 Selling on fear is like eating junk food: short-term satisfaction, long-term ruin.
- 17:36 Please don’t ask me for my risk register.
- 20:21 If we focus on protecting our customers to the best of our ability, the result will be the limitation of liability.
- 23:36 We focus on the fact that technology done right can connect and enrich lives and can create social and economic benefit.