In this episode we sit down with Mark Simos to dive into his RSA Conference talk "You're Doing It Wrong - Common Security AntiPatterns" to dig into several painfully true anti-patterns in cybersecurity and how we often are our own worst enemy.
-
- First off, for those not familiar with you or your background, can you tell us a bit about that.
- So you delivered this talk at RSA, focused on Cybersecurity "Anti-Patterns". How did the talk come about and how was it received by the audience?
We won't be able to name them all, but I would love to discuss some of them.
- You talk about the technology-centric thinking, and how folks believe security is about technology instead of business assets. Can you explain this one?
- The silver bullet mindset was another that jumped out to me. This is thinking a single solution can 100% solve complex and continuous problems. What ways have you seen this one play out?
- The paradox of blame is one that made me laugh because I have seen this play out a lot. You talk about the CYA mentality, how security warns about issues, they are skipped and then security is blamed. This one really stings because I have seen it happen, and in fact, I feel like we're seeing it play out with some of the CISO liability cases and regulations that are emerging.
- Perhaps one of the most well known anti-patterns of security being the office of no or resisting trends. I feel like we saw this with Cloud, Mobile, SaaS and now AI. Why do we keep repeating these mistakes?