ISSA Middle Tennessee Chapter
John Pironti Calls Risk Management Key to Successful Cyber Security
Risk management and cyber security are high-stakes, high-pressure responsibilities against constant invisible enemies determined to steal your secrets.
Rather than worry about the new daily challenges, John Pironti reslishes them.
“Information security is amazingly interesting because it’s all about change,” said Pironti, who
will deliver the opening keynote presentation at the upcoming InfoSec Nashville conference on September 7, 2018. “Every time I come up with something, the adversary comes up with a way to get around what I come up with. That’s what makes it fun. That’s what makes it challenging.”
Pironti is president of risk-management firm IP Architects LLC, which keeps clients large and small safe from nimble adversaries. He draws upon 28 years of experience in the industry.
His consultancy focuses first on minimizing risk, then on providing security. This approach helps clients large and small, in industries from high-tech to health care, energy to education, government to entertainment.
His keynote, entitled “The 5 Key Components of Information Security Hygiene,” covers baseline fundamentals of risk management. He wouldn’t give away all of his secrets before the keynote, but he did share a factor that turns up in nearly all publicized data breaches: patching and configuration management.
“Patching is not something that we have to think about as hard,” Pironti said. “You’ve got to realize that when a vendor puts out a patch, they’re basically telling you that they have a problem.”
Pironti says that studies show that even when presented with the patch information, many organizations take at least 38 days to install the most critical patches to the most critical systems.
Inaction, he warned, leads to bigger problems.
“The adversary is not waiting 38 days,” he said. “The adversary isn’t going to listen to all of your concerns about people having vacations, or having to schedule maintenance times or interruptions to business. They’re coming after you, and they’re coming after you hard.”
He also warned against chasing “shiny objects,” his description for a new solution that claims to be able to take care of any security issues. His advice is to first have a foundation of managing risk and taking care of the fundamentals.
“Chasing that shiny object, listening to the media attention, listening to the vendors, the analysts come out, the Gartners of the world saying you just do this it’s all going to be better, well, we know it’s not true,” he said. “We know the adversaries navigate and move faster than we’re going to be able to, and another shiny object will come in for the last one that didn’t work so well.
“I’ve been working on that problem for 28 years now, and I haven’t found a product yet that solves all of our problems,” he said.
John Pironti will be giving a keynote address at InfoSec Nashville on September 7, 2018, at the Music City Center.