Matthew Alderman, Vice President, Global Strategy for Tenable Network Security is an information security and compliance veteran with more than 20 years of industry experience. We met up with Alderman to talk about what has influenced his career and what he sees as being the biggest challenges the security industry faces today. You can see Alderman’s keynote, The Transformation Equation: Defining a New Security Roadmap, at RSA Conference Asia Pacific & Japan 2016 in Singapore on July 20, 2016.
RSAC: What would you like to see change/happen in the industry over the next 12 months?
Alderman: Acknowledgement amongst analysts, practitioners, and vendors that point solutions and layered security is not protecting organizations. It’s time to work together as an industry to realize that integrated, holistic security is our best chance in effectively detecting and responding to attacks. We need collaboration, not competition, as we all will benefit from an integrated security ecosystem.
RSAC: What info security goals would you like to accomplish in the next three years?
Alderman: I would like to truly address security gaps, especially as organizations adopt emerging technologies such as cloud, mobile, and applications to reap their benefits. Information Technology is going through a radical shift, and security needs to catch up. The migration of data centers to the cloud changes the way we think about network and perimeter controls. The use of containers in application development changes they way we protect applications. These are the problems we need to solve to protect organizations.
RSAC: If you could pick one thing that has made the biggest impact on your career and where you are today, what would it be?
Alderman: Leaving traditional security for five and a half years to build ControlPath, one of the early GRC solutions. Back then, compliance was the driver for security. It’s how we ended up with all of these disconnected point solutions with nothing to tie them together. It was the hope that GRC would tie it all together, but that never became the focus. Soon after, I realized compliant did not equal secure. My vision ever since has been to truly integrate the needs of both security and compliance. We still have some work to do...
RSAC: How do you think the industry can come together even better to share ideas and innovations?
Alderman: That’s tough, as most of us see each other as competition, not partners. We are all fighting for the same security budget, which is a small subset of the IT budget, and we all want our fair share. Leadership and guidance will have to come from an objective third party, possibly the analyst community, working closely with the technology vendors to truly solve the broader security problem. This will require an integrated, holistic approach—not a market segment approach. That is the underlying problem we face in the industry.
RSAC: Explain what your session will be about at RSA Conference 2016 APJ in three words.
Alderman: The Journey Ahead.