Can we have a sneak preview of what you’ll be talking about at the panel discussions?
I think provocative would be the word. All of us have attended conferences; we hear from the same people about the same things. Each panel member has so much experience that it will not be the same discussions about how we can boil the ocean and make the world a safer place.
It will be about things we can all do. One of the major problems is that people attend conferences and leave saying, ‘the world is falling apart – what can I do about it?’. We want to leave the audience with an idea of one thing they can do when they get home to help make their own environment more secure.
That sounds a bit different from the usual fear, uncertainty and doubt that you get from many conferences. This sounds much more practical.
Yes, and you often hear about how it must be the Chinese or North Koreans that are stealing all out IP… Well, maybe they are contributors but I think we need to get our minds set toward being more open. If we focus on one or two particular countries we are going down the wrong track. I think that will draw a fair bit of discussion.
Any time we deal with something we are not entirely familiar with there is a fear factor built in. If that’s not handled properly we can drive ourselves into a death spiral. I’m not sure we should be doing that. Yes, there are people out there who can exploit technology for the purposes of whoever they are acting on behalf of, but I’m not sure that’s different from other industries. And I think there are more people out there who want to make things better than want to destroy them. There are people out there with thoughts other than doom and gloom.
I think every day there are people making things better – whether that’s through law enforcement, security services or a combination of commerce and government agencies working together or informal CISO to CISO level at businesses.
You have held a number of fascinating roles in the security industry, working with the likes of Microsoft and the FBI over a long career. How has the industry changed over that time?
Sometimes I have to smile at what’s happened. I was talking about these things back in 2000, 2001 and 2002. Anyone who had some foresight back in 2000 into the security problems that could and indeed have developed was extremely frustrated because no one wanted to listen; we as consumers demanded that things just worked.
So in conclusion, what do you hope attendees will get out of the RANT conference?
You have to question why you really want to attend a security conference. There are hundreds of stands of people selling their security technology, how do you make a decision as to what security product is best for your environment? If so, how do you make that determination? Networking? Seeing what others are buying? The same way I buy wine – cheap and with a nice label?
I think what the organisers have done is a pretty spectacular thing; they’ve developed a forum that enables and facilitates different thoughts – maybe those thoughts that people want to say but haven’t said in public. Here’s an opportunity like no other to change our thought process and perception and understanding and maybe walk away with a different and more truthful understanding of what’s happening in the world.