Security Blogger Q&A - Phil Kernick

Posted on by Ally Lorentson Dunn

RSA Conference partners with the Security Bloggers Network to bring great industry content to the forefront both online and in person at our events.  Building on this partnership, we’re pleased to kick off a new blog series where we’ll highlight security bloggers as they’re added to the network.

For this first edition we bring you a few thoughts from an Australian security blogger who has recently been added to the SBN Feed.

Phil Kernick, CQR Orange Blog:

Describe your blog in one sentence: Independent Information Security advice for business.

How did you become interested in information security?

I’ve always had a passion to know how things work.  Security is the logical extension of this passion.

Why did you decide to blog about security?

My favorite quote from The Usual Suspects: “The greatest trick the Devil ever pulled was convincing the world he didn't exist.”  There is not enough awareness in the business world about the threats that they are facing, and how ineffective their IT defenses are.  The aim of the blog is to cut through the vendor hype, and tell business owners and executives what they really need to know. 

What do you think is the greatest misconception about the security industry?

That technology can solve technical security problems.  Security is a people problem, not a technology one, and the real issues are related to how people design, build and manage systems.

What advice would you give a young person who is thinking about entering the security industry?

My favorite quote from Arthur C Clarke: “Any sufficiently advanced technology is indistinguishable from magic”.  Before trying to be the best hacker, they need to become great at building systems otherwise they are just technomages using technology they don’t understand.

What’s the difference between white hats and black hats, and who’s to decide?

Intent.  White hats are doing it for the good of the world black hats are doing it for their own good.

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community