Name: John Scimone
Title and company: Senior Vice President & Chief Security Officer, Dell Technologies
Number of years in the information security industry: 15
RSAC: What was your first job in the infosec industry?
My first job that involved security was actually as a software developer for a software company while in college. During my lunch breaks, I found myself investigating ways to break the codebase and get the application to perform in unexpected ways. The value of this sort of testing quickly became evident to the management team, who began formally allocating time for me to perform security reviews on our product prior to release.
RSAC: If you weren’t working in the infosec world, what would you be doing?
I always wanted to be either a pilot or a doctor. I toured universities and interviewed professionals in both fields and learned pretty quickly my fear of heights and sensitivity to the sight of blood didn’t lend well to either profession. I enjoy boating in my free time, so perhaps I would have become a boat captain.
RSAC: What does the RSA Conference 2019 theme of “Better” mean to you?
In my role, I spend a significant amount of time thinking about how current “best practices” in cybersecurity are largely ineffective in adequately managing the risks posed by modern threats, which makes clear we must do Better than what “best” is today. With this in mind, I interpret the “Better” theme as a challenge to myself, and every other security professional, to transform the way we approach this profession, and to find better ways to manage security risks for the organizations we are charged to protect.
RSAC: What is the biggest challenge facing the infosec industry right now?
By almost every measure, the historical asymmetry between offense and defense is widening even further – whether measured by threat sophistication, workforce ratios, actor costs, or attack surface size and complexity. If I were to try to put my finger on any one challenge amplifying the consequences of this asymmetry though, it would be that the world has increasingly built societal dependence on an Internet that was designed for anonymity and is lacking accountability. This means that there is no disincentive for the offense to do anything but further accelerate their efforts.
RSAC: Complete this sentence: 2025 will be the year of __.
Societal support for the creation of an accountable Internet to host the future of humanless networks and critical data/applications!
RSAC: In our Advisory Board predictions blog this year you said 2019 holds “the potential for a large-scale attack on IoT with physical world ramifications.” What might the real-world ramifications of an IoT attack look like?
My hope is the relevance would primarily derive not just from the specific nature of the attack itself, but rather, a broadly increased societal awareness of digital risk and the implications for individuals, not just businesses. Digital transformation is set to be the greatest phase of human evolution in the history of mankind, but only if pursued prudently with eyes wide open to the risks involved.