In his role as Cyber Intelligence Services Manager for Lockheed Martin's EMEA Cyber Intelligence Practice, Chris Coryea oversees the U.K. Security Intelligence Centre (SIC) and is responsible for leading a team of Cyber Intelligence, Open-source Intelligence (OSINT) and Information Assurance (IA) analysts. He will be speaking at RSA Conference Asia Pacific & Japan 2016 in Singapore on how to build a world-class network defense organization. In advance of his talk, we caught up with him to ask him about the future of the cybersecurity industry, intelligence sharing and what he loves about working in the industry.
RSAC: What excites you the most about working in the information-security industry?
Coryea: We face an ever evolving threat landscape, which means the significance of our role as defenders is growing exponentially. It is exciting (and scary) to see that the warnings we gave 10-15 years ago about the future of cybersecurity are now taken seriously by stakeholders at all levels—from the Board of Directors to the leaders of our nations.
RSAC: What would you like to see change/happen in the industry over the next 12 months?
Coryea: Within the industry there are three areas that I would like to see defenders focus on. The first is basic security hygiene (e.g. asset inventory and change management). If you can’t block and tackle, you’ll never be in a position to stop the advanced threats. Second, I would like to see a tighter integration of security programs within the business. All too often, network defenders lack a true understanding of how the business operates, what’s most important and where the money is made. Finally, I would like to see organizations improve their ability to measure and rationalize the effectiveness of their security investment against the threat landscape. Key to this is that all defenders consistently follow the same analytical framework in everything they do—from attack analysis to implementing mitigations.
RSAC: If you could pick one thing that has made the most impact on your career and where you are today, what would it be?
Coryea: Curiosity. I grew up in a very small town in the middle of rural America where big business, IT and security were not (and to this day are not) part of the daily vernacular. As such, I could have never even imagined I would be living in London, working in the field of cybersecurity. It was my curiosity to experience new environments and learn about things I did not understand which has had the largest impact on my career and where I am today.
RSAC: How do you think the industry can come together even better to share ideas and innovations?
Coryea: It should be a strategic goal of every organization’s cybersecurity program to establish the sharing of meaningful threat intelligence (i.e. intelligence with detailed context) within a trusted community of peers. Furthermore, there should be continued proliferation of major CERT organizations who exist to help companies understand the state of the threat and establish defensive profiles against those threats.
RSAC: Explain what your session will be about at RSA Conference 2016 APJ in three words.
Coryea: Myths, Truth, Enlightenment.