|Name:||Davi O.||Years in Security Industry:||18|
|Title:||President, Security Consultancy||RSA Conferences Attended:||8|
Best advice ever received:
John Kent, my Master's thesis advisor at LSE. He told me to take my passion for security and technology and make it a profession.
Big Data – hype or not?
Not hype. More people have access to more data at a faster rate with more detail than ever before. This brings some very new and real security problems.
Why you keep coming back to RSA® Conference:
Real stories and down-to-earth perspectives on the latest challenges in information security. It's a great chance to meet and work with the people who really make a difference in finding solutions and reducing risk.
Most important mentor and why:
Bruce Schneier. He challenges me, along with everyone, to think a little harder about human risk, dig a little deeper into the technical details and achieve more than we might have thought possible.
I'm excited to help find new flaws, develop new fixes, publish new results and help make technology safer.
Biggest professional challenge?
Mentoring and helping others to be more effective.
Most memorable career moment?
Sat down on a plane and the person next to me said "flying penguin"?
As a child, what did you want to be when you grew up?
Someone able to overcome difficulty and improve the lives of others, per our state motto "Ad Astra Per Aspera."
Why you’re in the security industry:
I love to help others and make things better by finding flaws.
First real job was when I moved from London to Orange County and looked in the yellow pages. I found a small Digital Equipment Corp (DEC) value-added reseller so I walked in and asked if they were hiring anyone. They hired me three days later. We specialised in LAN/WAN and distributed systems (Apple, Microsoft, Novell, DEC) and security was a big concern for our (gov) customers. I was like a kid in a candy store.
PC or Mac?
Blackberry, Android or iPhone?
Biggest security concern:
A pre-mature shift to point/product solutions and not enough investment in research, process and people improvements. The Maginot Line worked in the sense that it forced the Germans to redirect their attack. It failed in the sense that the French relied upon their "product" so much that they stopped listening, misallocated resources and didn't believe the obvious signs of an end-run breach until it was far too late.
Favourite session topic:
What industry-wide changes need to happen in order to improve how security organisations work together?
1) Collaboration on detection. More timely and more accurate reporting of breach data will help formulate more effective responses.
2) Collaboration on response. Even trained attackers will find it hard to profit or even survive in an environment that works together to defend itself. The barriers to collaboration in these two areas are not technological; they are mainly issues of economics and politics. Therefore regulatory oversight is likely to be the best way to compel breach reporting and to help coordinate an appropriate response (e.g. define acceptable defines levels and reduce vigilantism).