|Name:||Dan H.||Years in Security Industry:||17|
|Title:||Security & Identity Architect||RSA Conferences Attended:||12|
Biggest security concern:
Web-based e-mail is the soft underbelly of identity, since it's the most significant means for password resets, and is prone to exploits. We have to transition to better identity models in the future.
Big Data – hype or not?
Not. Big Data is as unavoidable as cloud and BYOC. We must adapt security models to Big Data… and it's a complete paradigm shift. In Big Data, it's no longer just about the data, which becomes less interesting, it's the information, data in context, the answers to the questions within Big Data analytics. Those are gold.
Why do you attend RSA® Conference:
The RSA Conference is more than just a conference, it is a catalyst event that enables new innovation, measures the pulse of the industry, has trained a million professionals, and continues to reinvent itself to keep content, format and keynotes fresh.
Biggest professional challenge?
Creating comprehensive key management process for software-based key protection sufficient to pass rigorous requirements.
What industry-wide changes need to happen in order to improve how security organisations work together?
We must come up with a means of sharing real attack information in such a way that it can be sanitised enough to share, but without stripping out the meaning behind the information that allows us to respond. We can no longer afford the luxury of not sharing attack, compromise, breach and incident data.
Top two reasons for attending RSA Conference:
Best Expo Hall in the industry and networking of the highest calibre.
All-time favourite RSA Conference keynote:
When Microsoft announced their Application Security program, based on Writing Secure Code.
What does "Security in knowledge: Mastering data. Securing the world" mean to you?
Knowledge is power. Our profession protects vital information and capabilities that power information-driven economies. I won't quote the entire Sneakers rooftop monologue by Cosmo, but it's not about who has the most bullets any longer, but about who controls the information.
Most memorable career moment?
August 2002, we did the first real-world federated transaction using SAML 1.0 in our testing lab, and first 3-way handshake a few minutes later. That was awesome.
Favourite session topic:
"Die Script Kiddy, Die, Die, Die!" – but that was my talk, so that's cheating a bit, but it was fun for all. "Hacking Consumer Electronics" put on by Cryptography Research two years in a row was very good and engaging.
What aspect of your job gets you up in the morning?
Information Security is a fascinating field, where we are just figuring out the answers to an ever-changing problem set. My job title didn't exist 20 years ago, and the work we're doing is carving out new territory all the time. We're a young science, and just figuring out future patterns that will be taught as dogma 10 years from now. Being involved with InfoSec over the past 15 years is to have a small feeling of what it was like to be Oppenheimer, Edison, Curie, or Grace Hopper – a continual sense of unexplored country just beyond today, standing on the shoulders of giants to see over this next challenge to what lays beyond.
Most important mentor and why:
John Hage, who taught me what it means to be engaged as a professional and how to give back to my colleagues to advance the profession.
Perfect day off:
Spending the day with my wife and kids at the pool.
Why you're in the security industry:
InfoSec is my chosen profession for a lot of reasons. The most significant is that this is the front lines in the battle against cybercrime and for protection of Critical Infrastructure.
PC or Mac?
Recent Mac convert.
Blackberry, Android or iPhone?