Name: Todd Inskeep
Title and company: Principal, Booz Allen Hamilton
Number of years in the information security industry: 34 years
RSAC: What was your first job in the infosec industry?
Inskeep: Summer Intern at the Naval Research Labs working on Radio Voice Security
RSAC: What does the RSA Conference 2017 theme, “The Power of Opportunity,” mean to you?
Inskeep: For me, the Power of Opportunity theme really resonates because we have seen so much change the last couple years, and expect so much more in the next few years. There are tremendous opportunities to improve security as we look for architectures across the new technologies. After spending years doing perimeter security based on data centers and device centric security, we literally have new opportunities to think about what information security means when our networks are defined by software; when our data centers live as a set of platform, infrastructure and applications distributed via clouds; when we need to pay more attention to defense because we know adversaries are getting into our networks and systems and moving data around. We’re at inflection point where we need to hypothesize and test new models – not just replay the last 30+ years of network and system defense. There’s Power in the Opportunity to build entirely new models and rethink what defense, offense, and cyber operations mean in the evolving environment.
RSAC: What is the #1 trend infosec professionals need to be paying attention to right now?
Inskeep: Bringing a business perspective to their conversations – CEOs, COOs, and Business Executives know cyber is a thing, but they need Infosec professionals who can translate the language of cybersecurity into business terms. Almost as important, they need to help better define and enrich our terminology. Even the language of threat and risk is so vague we often confuse ourselves…is that an attack, a vulnerability, a threat, or a risk? Sometimes the terms seem interchangeable, but they shouldn’t be. “Threat Intelligence” has several meanings depending on the context and audience. We need to translate the impact of cyber into business terms for the business leaders, and enrich our own language to improve clarity.
RSAC: How can the industry balance the opportunities with new and growing technology with keeping our data (and people) secure?
Inskeep: Business pressures from competition to cost management to profitability and beyond are driving the adoption of new technologies at an accelerating pace. We need to recognize for ourselves and business leaders that we are managing risk and impact – reducing the likelihood of incidents, reducing the impact of those incidents and speeding the resolution of impacts when they happen. New technologies increase risk and likelihood, security involvement in architectures, processes, and throughout the adoption lifecycle help manage risk.
RSAC: When you taught security and risk management classes at UNC, what area in infosec were students most interested in?
Inskeep: Students are always interested in the things that feel cool and immediate – hacking and war stories. Their interests also vary widely – some are interested in policy, while others are focused on code; some want to build applications, others want to break into them. And they are interested in career paths and the wide range of possibilities for their next 30 years.